Hi, I'm running osquery on linux with process auditing via eBPF enabled. I've been using https://github.com/hillu/edr-loadgen/blob/master/edr-loadgen.go to check performance stats and I'm getting the same ~20% cpu usage results regardless of how many execs/s I run. I'm unsure if I'm missing something but I can't find any documentation that suggests CPU usage is limited to max 20%? I'm not very knowledgeable on Linux performance testing so it's quite possible I may have something configured wrong.

cc @alessandrogario

There’s a pretty large performance bug around ebpf in 5.0. Checkout https://github.com/osquery/osquery/issues/7310

I didn't phrase that question very well. My confusion lies around the fact that the CPU usage is consistently 20%, give or take a few 10ths of a percent if the number of execs/s is 100 or 1000. Is there a hard limit on resource usage for osquery? I get the same results with

--disable_watchdog=false