My understanding of

wall_time

from

osquery_schedule

table is that it’s the unix time difference between the start and end of a query. However, does that imply it’s the difference of when the query was last executed? Further,

system_time

&

user_time

are both milliseconds and I would have to divide by

executions

to understand its performance profile?

Wall time is the period from the start of executing a query until the end, not last executed.

Makes sense now