I ve run into an odd issue where my scheduled query to retri

Question

I ve run into an odd issue where my scheduled query to retrieve installed packages `select from deb packages ` is not logging any results Other queries in the same pack with the same platform targets and schedule return results Additionally the `osquery status` log confirms the query is executing on the intended schedule Running the same query against the same host in the Fleet UI works Does anyone have any ideas what may be wrong or where I can look for more info to troubleshoot this

sundsta · Answer

Figured it out Seems to be a size limit in GCP Pub Sub Their documentation indicates a max message size of 10MB though which my `select from deb packages` should be way under

zwass · Answer

Or is it possible that you scheduled it in differential mode and nothing is changing

sundsta · Answer

No it is snapshot

sundsta · Answer

Ah turns out to be an undocumented ingestion limit on our logging platform Not an issue with Fleet or PubSub