Hi everyone! I'm currently experiencing some problems with windows hosts where some scheduled queries with large result sets (e.g. "select * from startup_items") and differential result logging seem to start "from scratch" whenever the query is run. The result is that all results are logged all the time as added, the counter stays at 0 and if I look at osquery_schedule I see that executions and last_executed stay at 0. I'm pretty certain that it's not a problem with the query or configuration as it works fine on other hosts. What I noticed is that if I change the path for the rocksdb on the client it sometimes fixes the problem, however this isn't feasible on a large setup. Did anyone of you experience something similar or can give me a hint on how to debug this problem?

You might get more responses to this in #general or #windows. It doesn't sound like a Fleet specific problem.

You're right, will try it over there. Thanks!