Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
n
Nabil Schear
03/30/2021, 8:03 PMhi, is there a way to have all scheduled queries run once on boot (or shortly thereafter) and then back off to a less frequent differential/snapshot interval? Trying to solve the problem of visibility into short-lived cloud instances without overloading the query interval for ones that live longer.
my only idea here is to have an aggressive query schedule and then a cron job that reconfigures the scheduled queries after some time has passed to something less frequent
z
zwass
03/30/2021, 8:04 PMThis is something we discussed recently and I've been meaning to file an issue for. Would you mind filing an issue to explain what the problem and desired behavior are?
n
Nabil Schear
03/30/2021, 8:06 PMsure can.
will link here when i write it up
:ty: 1