It’s easy to run expensive queries. One thing to look at is the

osquery_schedule

table. https://blog.kolide.com/profiling-osquery-performance-with-kolide-cloud-8e01097469db has some info (and there are probably other blog posts about)

This post references wall_time, is wall_time the cumulative time the query has run across all executions? Or is this the time spent per each execution?

@Woogs hey, i wrote that blog post - wall time is based on the last run you can verify this by scheduling something expensive with a short interval, and querying

select name, executions, wall_time, user_time from osquery_schedule

you’ll see executions and user time increasing, and wall time should remain about the same

awesome! Thanks for taking a look, been trying to figure out how to interpret that data

i actually asked that same question a while ago and nobody picked up the nuance - i just wrote that knowing it was ‘milliseconds of execution time’