How to use ntfs_journal_events to monitor file operations？

https://gist.github.com/woodruffw/ea5a80de23a190bac165785fe07299b2#file-queries-sql these are some example queries

I use this query without any results SELECT * FROM ntfs_journal_events WHERE path LIKE "C: \\ Program Files \\ osquery \\%";

@xiaoliuzi make sure that your

osquery.conf

contains the file patterns that you want to query