Hello all. I'm trying to stand up osquery on-prem. How many servers would I need for about 30,000 endpoints? I understand that I can use Scale Sets in Azure but am trying to set up a test environment with a budget of $0. Any advice would be appreciated.

for 30k endpoints you'll need a handful of servers and a beefy mysql. For setting up a test env, check out https://github.com/dactivllc/osquery-in-a-box

Thanks for your quick response. Can you estimate the number of servers I may need? I will check out that link.

4-6 perhaps? Depends on so many factors.

@zwass What are some of those factors?

Intervals set for logging, config retrieval, and distributed query checkins will play a large role. Also how many distributed queries you actually run, how many labels you create, the volume of logs being pushed from scheduled queries.