Using fleet with OSQuery and queries seem to run correctly for regular OSQuery. However have added the cloudquery extension (https://github.com/Uptycs/cloudquery) to some cloud hosts and results do not come back for the extension, but regular queries still seem to work just fine. Ran a query from the actual host using osqueryi and the extension shows results, for some reason just fails to be reporting results back to fleet. Unsure what would be causing this type of issue, assume if it was a connectivity issue or something all queries would fail, just not queries for the extension.

osqueryi doesn't connect to osqueryd, which is what would be serving the requests to fleet. Silly question, but have you tried restarting osqueryd in the hosts?

correct, was more using osqueryi to make sure the extension it self was working correctly and able to get results. Assume osqueryd would would run the query the same way except also report back to fleet. Yep I did try restarting osqueryd on the effected hosts.

could you share the logs while launching osqueryd with --verbose?

sure thing

hm, weird, it loads the extension properly

I do not see any errors on the fleet server ... using fleet v4.2.2

do you mind sharing those logs?

I see

Fix bug in which live queries would stop returning results if more than 5 seconds goes by without a result.

in the notes for the 4.2.3 release ... guess I can try upgrading and see if that fixes my issue haha

all right, glad 4.2.3 works!