Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hello,  if someone run the performance related query which hit the threshold and killed by watchdog, In UI we got the message "	distributed query is denylisted"  is there any way to track how many query or host have this issue? how to rectify this ?

In the Fleet logs, you can see denylisted distributed queries, including the host id.

Typically, I'd expect this to be a bigger concern with scheduled queries since you don't get that error in the Fleet UI for those. There, you can query the osquery_schedule table to get a good picture:SELECT * FROM osquery_schedule WHERE denylisted=1