Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
Shawn
11/20/2018, 6:23 PMi'm having an issue with distributed queries & kinesis streaming. when I run a distributed query from the kolide UI, osquery does not send the results to the configured kinesis stream (results are successfully returned in kolide, tho). Interestingly, the same osquery instance will run a scheduled pack and those results are sent to kinesis. thoughts?
z
zwass
11/20/2018, 6:24 PMThat is the intended behavior. Distributed queries are not logged like scheduled queries, they just output results to the UI/CLI.
s
Shawn
11/20/2018, 6:25 PMok. is there any way to have the distributed queries logged to kinesis?
@zwass ideally, I'd like to allow users to run distributed queries as needed & pull the results from kinesis in splunk.
z
zwass
11/20/2018, 6:27 PMThat is not supported by osquery... The distributed query system is independent from the scheduled query system and the logging plugins that go with it.
s
Shawn
11/20/2018, 6:35 PMgot it. thanks.