@gguli @fmanco i noticed this PR that recently removed an alias to a flag which enabled the event format for differential query logs: https://github.com/facebook/osquery/pull/4970 the motivation of the PR is said to simplify the logger, but is one LoC removed worth causing an API change? i don’t think there’s a huge problem with leaving aliases for as long as possible, but if we are introducing potentially unnecessary api changes, they shouldn’t be patch releases. also, the event format is awesome, i just wanted to chime in that, at work, i use it exclusively for our logging pipeline because of some distinct consistency guarantees you can provide with it vs the default format.

Hi, I think the intent was to start cleaning the interface, not to remove features. We won't remove any features in the near future and we will submit blueprints if we intend to do so.

again, one LoC removed isn’t worth the breaking API change.