What operating system and version are you using? OS: Darwin Version: MacOs Sonoma What version of osquery are you using? version = 5.9.1 What steps did you take to reproduce the issue? SELECT type FROM crashes What did you expect to see? The crashes table github schema says that the crashes table displays application crashes, system crashes and mobile crashes. Therefore, I expected to see some system crashes. What did you see instead? However I pulled the master code from osquery and could only see the code for types "application" and "mobile", and not for system. Here are the lines from the code that I've pasted.

if (context.constraints["uid"].notExistsOrMatches("0")) {
    process_crash_logs(kDiagnosticReportsPath, "application");
  }

  // As of macOS 12, also check the subdirectory, /Retired
  auto systemRetiredPath = fs::path(kDiagnosticReportsPath) / "Retired";
  process_crash_logs(systemRetiredPath, "application");

  // Process user logs
  auto users = usersFromContext(context);
  for (const auto& user : users) {
    auto user_home = fs::path(<http://user.at|user.at>("directory")) / kDiagnosticReportsPath;
    process_crash_logs(user_home, "application");

    // As of macOS 12, also check the subdirectory, /Retired
    auto userRetiredPath = user_home / "Retired";
    process_crash_logs(userRetiredPath, "application");

    // Process mobile crash logs
    auto user_mobile_root =
        fs::path(<http://user.at|user.at>("directory")) / kMobileDiagnosticReportsPath;
    std::vector<std::string> mobile_paths;
    if (listDirectoriesInDirectory(user_mobile_root, mobile_paths)) {
      for (const auto& mobile_device : mobile_paths) {
        process_crash_logs(mobile_device, "mobile");
      }
    }
  }

So do you display system crashes at all? I've attached this issue in osquery github issues as well Below is the link. https://github.com/osquery/osquery/issues/8422