Any idea why the "system-info" search would generate two events when it runs? I see one action=added event and one action=removed event with identical timestamps and identical data except for memory. The action=removed event shows 16 MB less memory than the action=added event... Any ideas?

Does it do this every time it runs?

It sounds like osquery and this table are behaving as expected. Any change in the output will trigger a added/removed event. The question is then why is 16MB being added and removed from available DRAM? My wild guess is the system has multiple video cards, an onboard (provided by motherboard southbridge) and discrete, where the discrete card has dedicated memory and the onboard reserves from system. You then notice the change when moving from one powered state to another when the system changes from a high-power discrete card to low-power onboard.