https://github.com/osquery/osquery logo
Join Slack
Powered by
Hey everyone! I am getting an error stating that (...
# general
a
Hey everyone! I am getting an error stating that (replaced HostID & Query ID with 0): Starts with:
Copy code
{
  "hostID": 0,
  "level": "error",
  "message": "distributed query is denylisted",
  "query": "fleet_detail_query_scheduled_query_stats",
  "ts": "2024-09-17T15:13:17.063308609Z"
}
Then I get 100's of pages stating:
Copy code
{
  "err": "overwriting query result rows: overwriting query result rows: deleting query results for host: context canceled",
  "host_id": 0,
  "level": "error",
  "msg": "overwrite results",
  "query_id": 0,
  "ts": "2024-09-17T14:54:35.857990474Z"
}
This goes on for a few minutes before FleetDM crashes. has anyone experienced this before?
I came across this and increased the distributed_interval and applied the config but that didn't seem to resolve the issue. https://github.com/osquery/osquery/issues/7768
10 Views
Open in Slack
PreviousNext
Powered by