Hey, I'm testing following query with osqueryd conf : "query" : "SELECT *,REPLACE(path, (SELECT REGEX_SPLIT(path, \"[\.\w-]+$\", 0)), '' ) AS name from process_events;"

From just eyeballing this I think you need to escape the backslashes, i.e. from

\.

to

\\.

and

\w

to

\\w

.

Thanks, I was able to make it work by escaping \w which I was not doing initially