Hello, I have CPU 100% osqueryd issue within ~5% of my linux servers. I see messages like “osqueryd worker (31531) stopping: Maximum sustainable CPU utilization limit exceeded: 12” every ~15 seconds and distributed query not working. I try to add “watchdog_memory_limit: 550", “watchdog_utilization_limit: 720”, “watchdog_delay: 480" and even “disable_watchdog: true” parameter, but nothing changed. How can I fix the issue?

I saw similar when the local database was corrupted. Stopping the service, deleting the local

osquery.db

, and restarting the service resolved the issue

@Konstantin i'm guessing you have auditing and/or file events enabled?