Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<https://osquery.slack.com/archives/C1XCLA5DZ/p1573002989209400> - posted question to <#C1XCLA5DZ|kolide> since it's probably more relevant, but maybe you know the answer anyways. thanks for the help either way :slightly_smiling_face:

I don't know kolide. Look at the logger_plugin and logger_min_status settings.  Sometimes there are two loggers such as `logger_plugin=aws_kinesis,filesystem` if logger_min_status=1, only WARN and ERROR logs go to first logger.