Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
Shane Sanborn
07/27/2022, 2:29 PMHey Team, we have been load testing with osquery and this extension and it seems that using this extension makes osquery run and peak with a much higher cpu% than our normal osquery configurations. We were wondering if this normally makes osquery use a lot more cpu% or if this could just be resolved with tweaking our configs.
l
lvferdi
07/27/2022, 11:23 PMI've been through this and I found with enough filters to weed out the noise you can get from t to run with acceptable parameters
o
OpenPlgx
07/28/2022, 6:50 AM@Shane Sanborn, as @lvferdi mentioned, with the right set of filters as part of the config, the performance can be tuned. Additionally you could also control the depth of the event cache maintained by the Extension. If you are queries are high frequency, then its best to have the extension keep a low depth of the event cache.