Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Does anybody have an idea on how to use where along with time
Eg
```
SELECT atime FROM file WHERE path LIKE '/usr/bin/%' WHERE atime &gt; date('now', '-30 days');
```
Above will work only if atime is a sql datetime field, but it seems like it is not

atime is the epoch time stored as a bigint data type so you need to convert it to use it date functions like that. Try this: ```SELECT path, datetime(atime,'unixepoch') FROM file WHERE path LIKE '/usr/bin/%' AND  datetime(atime,'unixepoch') &gt; date('now', '-30 days');```