👋 Hi everyone! how many instances of OsQueryd should be running on a Linux? like when I do ps -ef |grep OSqueryd, how many should it return?

That depends a little on the setup, but osquery can be started in shell or daemon mode (using the same binary). In shell mode (

-S

or

osqueryi

which is just a symlink), it's interactive and it's a single process. In daemon mode by default it's 2 processes, a watchdog that starts a worker. It's possible (although not suggested) to

--disable_watchdog=true

so also in daemon mode you end up with one process. So the counts depends on how many instances of one of the two modes are running.