Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

If I only set certain keys in my Fleet osquery conf file (e.g.; sysmon.conf), does that remove the current configs for the other keys?
I'd like to add  `windows_event_channels: 'System,Application,Setup,Security,Microsoft-Windows-Sysmon/Operational'`

No, it should only overwrite values that are set. 

Should this be working? :thinking_face:
I'm not getting any new `source` in Fleet when I query my host, so I figured I might have done the config wrong.
```
apiVersion: 1
kind: options
spec:
  config:
    options:
      windows_event_channels: 'System,Application,Setup,Security,Microsoft-Windows-Sysmon/Operational'
```

I may have missed some other config.
`System,Application,Setup,Security` are under 'Windows Logs', while `Microsoft-Windows-Sysmon/Operational` is under 'Applications and Service Logs'