should osquery be sending results from different queries in

Question

should osquery be sending results from different queries in one request to the logger endpoint on TLS If so is there a flag to stop this behaviour

zwass · Answer

Yes The results are batched up and sent together

zwass · Answer

I suppose you could set ` logger tls max lines` to 1 to get this but then you d likely be accumulating logs faster than they were flushing I don t think it would work well

zwass · Answer

What are you trying to achieve

asparamancer · Answer

only just saw this it was an issue with our endpoint parsing things strangely