Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I have a question about supporting decorators cross-platform &lt;thread&gt;

I want to pull a value from environment variables, and use it as a decorator.

However, Linux / macOS use `process_envs` table and Windows uses `default_environment` (as far as I can tell).

I tried to do something like:

```SELECT COALESCE(
  (SELECT value from process_envs where key = 'OSQUERY_ENV'),
  (SELECT variable from default_environment where key = 'OSQUERY_ENV'),
  null
) AS env where env != '';```


However, perhaps predictably this failed because macOS / Linux can't run query against `default_environment` and Windows can't run queries against `process_envs` table

So I'm wondering if it's safe / sane to do this instead:

```{
  "decorators": {
    "load": [
      "SELECT value as env from process_envs where key = 'OSQUERY_ENV';",
      "SELECT variable as env from default_environment where key = 'OSQUERY_ENV';"
    ]
  }
}```

Or if there's a better way to do what I'm trying to do :neutral_face: