Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I'm trying to figure out why osquery isn't sending events to kinesis like it should be doing.  Is there anyway I can kick this into debug mode or something that provides relevant logs?

You could write some code / scripts to query rocksdb for cached kinesis log items.  That would tell you which results and status items are cached and ready to send.

If you turn on --verbose and --tls_dump you might get more.

We ended up writing a new logger that caches results and status in files, so it's easier to see the backlog and not contend for DB.  It's for 3.3.1 codebase.  If you want to take a crack at porting it to 4.x, let me know.