If you run the query like that with

osqueryi

it's going to try to get the results immediately which means there will be no events.

@zwass so how should I query for ?