@groob Here is my case - I want to extend osqueryd with my logger that read windows events and execute sql query like select * from windows_events where time >(select time from windows_events where eventid = xxx). So, I want to find some several particular event following each other. E.g. they can be next to other or separated by other events. First, I see that osquery sql does not have TOP 1 statements like regular sql (or, how can I return latest raw?). Second, no idea how to call sql statement from osquery logger. I ended up using the config file and specifying there several queries for each event. Then, in logger, I receive each raw and process it. Would be great if it wold be possible to run sql query from the logger. Any solution or advise?