👋 is there any way to know “remotely” if the watcher stopped the query because of memory or CPU limit? Locally I can see the log

osqueryd worker (11044) stopping: Maximum sustainable CPU utilization limit exceeded

but I cannot find that info on the status logs neither the

osquery_table

on blacklisted ones. That will help us on further tuning the watcher config in the daemons.

Does that appear in the osquery_schedule table? (I'm not near a real computer) You can parse logs remotely.

This is probably best to be a feature request against osquery.

@seph can you provide more details on the parse logs remotely? @zwass I will also share it on the general channel, thanks