Hi All Can I make a specific decorator query be platform spe

Question

Hi All Can I make a specific decorator query be platform specific I want to provide the same decorator but have it supplied through a different query for windoze as opposed to linux mac

nyanshak · Answer

I asked the same question <https osquery slack com archives C08V7KTJB p1597099205230900> No answers but I maybe found a workaround for my use case two separate queries Maybe you could take advantage of COALESCE if all the tables are supported by all platforms though shrug

fritz · Answer

< Chris Benninger> I do not believe this is possible due to column name collisions can you share the two queries you are trying to have populate the same decorator and I can attempt to assist

fritz · Answer

I know that you cannot use CASE COALESCE logic to platform scope output unless the table is available for both platforms as mentioned by < nyanshak> even if the condition is never met eg `WHEN platform = darwin THEN SELECT local hostname FROM system info WHEN platform = windows THEN SELECT value from registry ` the query planner will issue an error if a table is specified in the query plan that is not compatible with the host device

seph · Answer

Feels like we should support discovery queries on decorators

fritz · Answer

That s definitely a thought < seph> and sounds like the cleanest solution I wonder if there are any reasons not to

seph · Answer

I ve been trying to come up with a clean syntax for it

seph · Answer

I think this is probably a reason people have platform specific condors

seph · Answer

Configs

Chris Benninger · Answer

Thanks folks