Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

image.png

Hi, has somebody been able to gather `Microsoft-Windows-DNSServer/Analytical` events with osquery? I have added the channel to the config but i do not seem to be able to get results. If i get the evenlog list via PS, the log does not show in the list but it does show in the Event Viewer UI.

&gt; W0916 12:54:29.664392  1368 windowseventlogpublisher.cpp:129] Failed to subscribe to microsoft-windows-dns-server/analytical: 15007
&gt; W0916 13:03:58.686229  4564 windowseventlogpublisher.cpp:129] Failed to subscribe to microsoft-windows-dnsserver/analytical: 50
Tried both ways of typing based in the channel name or the "Log" field in the viewer, and i got the above errors