Hi, is there a way to omit first scheduled query execution? (to avoid false positives when onboarding a host) For example, I don't want to log all existing users, so the first results with ~30 "added" rows are not interesting to me. The first "added" row I want to see is a creation of a user after the osquery installation. Thanks!

Check out https://osquery.readthedocs.io/en/stable/deployment/logging/#schedule-counter

Thank you a lot! That's exactly what I need 🙂