Hi Fleet peeps! I spotted after upgrading to Fleet 4.22.1 that our custom osquery extension (which provides a new virtual table called

de_metadata

) stopped working, in queries where we try to use it, we get an error

vtable constructor failed: de_metadata

Is there a known issue with custom extensions for osquery? We’re using osquery 5.3.0.

Hey @Ryan! The osquery logs on your hosts might have some helpful information here about why that extension isn't loading properly. Here's a debugging guide for osquery that should be helpful: https://fleetdm.com/docs/deploying/debugging#osquery

This seems unlikely to be related to the Fleet update... Nothing has changed recently about how a live query would be sent to osquery. Has anything changed about your osquery version, your extension, or how you deploy them recently?

Hi, yeah I wasn’t sure if it could be, but then I wondered if it was trying to look up metadata about the virtual table but not finding it since the table isn’t part of the normal osquery schema