Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Is there a different way I can approach troubleshooting this?

Use `--tls_dump` on the osquery invocation and see what config it is pulling down.

so it looks like there was a typo in the decorator query (my b), but somewhere between `fleetctl apply` and the host instance getting the config, it silently fails.

Only after I was able to fix the incorrect query did the host instance pull down the config. :thinking_face:

Have you checked the osqueryd logs? Seems like it would show up there, especially if you add the `--verbose` flag

I did, didn't seem to see anything there, could be that the config doesn't get pulled down right away after every service restart, and is defined by `config_refresh`