hello,I found a problem and need help: the result of the query on the terminal is normal, but when running through a scheduled task, the result is different from the display on the terminal. Why?

osqueryi is meant to be used in an exploratory fashion, so the results are 'pretty printed' to be human readable. The scheduled query results are returned in a more machine-readable json format.

The

soft_limit

and

hard_limit

are most likely different because of how osquery is being run. When you run a process in a shell it inherits the limits from that shell, however if it is run with root (or similar) privileges then that process may change its limits. When a process is run from systemd or similar then it will inherit different limits, most likely more conservative values. I think this is expected, as these limits are applied per-process. https://ss64.com/bash/ulimit.html What are you trying to achieve with that query?

Ah, I didn't read the screenshots closely enough, my apologies 😅