Anyone have the osquery service on windows stop after a day or two?

yes we've had similar issues. i don't believe anyone has been able to pin down the exact problem though. Does this issue seem related to what you're seeing? https://github.com/facebook/osquery/issues/4433

Might be, I'm going to check the logs. Last time I saw the Windows machine as available in fleet was on the 3rd at like 11:30 PM (EST). Last time Elastic heard from the device was at midnight. Elastic and I didn't see it again until I restarted the service. TLS would make perfect sense seeing as it is a TLS Device.