Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I'm trying to troubleshoot where or not osquery is sending info to a kinesis stream, but there doesn't appear to be anything in `/var/log/osquery`.  Running the `osqueryd` command with `--ephemeral` doesn't clearly say there is anything wrong, but it seems to chock on loading extensions and creating a socket.  Is that expected behavior?

That can be expected if the extensions autoload file doesn't exist and/or the process doesn't have permissions to create the socket.

I would try running your exact same osqueryd command with `--verbose` added and see what the output looks like.

Consider making `--logger_plugin=aws_kinesis,filesystem` so that you get logging also to the filesystem.

So that means that an extensions file needs to exist somewhere? I don't see a reference inthe docs

It doesn't need to, you'll just get an error about autoloading extensions if it doesn't.