i m kind of confused by gt events only expire when the table osquery #general

Join Slack

i’m kind of confused by: > events only expire w...

# general

clong

05/14/2018, 8:25 PM

i’m kind of confused by:

events only expire when the table is queried

Do events which are considered “expired” get logged to results?

zwass

05/14/2018, 8:39 PM

Events that are "expired" are cleared from rocksdb and will no longer come up when the table is queried. Events are only logged if they are selected in a query before they are expired.

⭐ 1

clong

05/14/2018, 8:44 PM

Thank you!

3 Views

Open in Slack

Previous Next