Hey Team, we have been load testing with osquery and this extension and it seems that using this extension makes osquery run and peak with a much higher cpu% than our normal osquery configurations. We were wondering if this normally makes osquery use a lot more cpu% or if this could just be resolved with tweaking our configs.

I've been through this and I found with enough filters to weed out the noise you can get from t to run with acceptable parameters

@Shane Sanborn, as @lvferdi mentioned, with the right set of filters as part of the config, the performance can be tuned. Additionally you could also control the depth of the event cache maintained by the Extension. If you are queries are high frequency, then its best to have the extension keep a low depth of the event cache.