I'm not sure if this an issue that belongs on github or more of a question, so I'm starting here. I'm seeing this issue where over time, osquery will start to utilize a lot of CPU. We have observed that when this happens, it is typically after osquery has been running for several months. We also observe that when this happens, there are 50k+ sst files under /var/osquery/osquery.db! Couple of questions: - Is it normal to have so many files under there? - Is it safe to purge old files based on mtime? or atime? - Has anyone else observed so many files and/or a high spike in CPU after running for several months? osquery info:

osquery_version = 2.8.0
     os_version = 14.04, Trusty Tahr
       os_build =
    os_platform = ubuntu

some bash showing the files and that they're all accessed within the last few days (this is on a host that is not yet observing the high CPU, but sure has a lot of sst files): https://pastebin.com/pvaxwdPm

2.8 is pretty old! I think this was a known issue that got resolved in later versions

@clong ++ thanks! Do you have a pointer to an issue or PR that describes the issue/fix?

i dont unfortunately — just anecdotal experience. im not 100% that will resolve the issue, but i seem to recall having similar issues in earlier versions that got cleared up with newer releases