Hi, I'm using decorator queries in my osquery.conf to log some data. The fields are appearing in log as child of "decorations" key and not as top level fields. I tried to set "decorators_top_level" to true in my flagfile but it didn't work. I also tried to set the same through "options" in osquery.conf but it gave following error: W0710 063400.652961 5765 options.cpp:90] Cannot set unknown or invalid flag: decorators_top_level Can someone help in this regard ? How can I make these fields as top level fields. Thanks

Hi @Prakhar, the flag should be

decorations_top_level

as opposed to

decorators_top_level

. I see this is wrong on the documentation, I'll send a PR for that. Let me know if that works.

Thanks , I figured it out and was able to use correct flag to make it work.