Hi team, have a question on osquery distributed write interface. (I am a beginner, so please excuse me if this is a naive question) so I am using following interfaces to communicate with osqeryd process, I am getting the result returned by osqueryd, and sending it to an api. whenever post to api fails, next time I read results it will accumulate previously failed results even though I am just feeding in 1 query. I want to know is it caching those results, and if yes, can I configure the caching on osqueryd side? Thanks.

GetQueriesFunc
WriteResultsFunc

When you say you’re using those interfaces, what exactly do you mean?

using GetQueriesFunc interface to send queries to osqueryd service to process, and calling WriteResultsFunc to get results back from the daemon

What library? What SDK? What software?

I am using

osquery-5.1.0_1.linux_x86_64.tar.gz

I have no idea what interface you’re using.

oh bdw I am running simple

select *  time('now)

query

How are you communicating with osquery?

so I am using my own extension to run with osqueryd. which basically communicates with osqueryd using extensio socket.

What SDK was my next question.

Thanks for explaining this Seph, let me check more on my side, ang will get back to you if needed. thanks.