Are there any reference docs to troubleshoot osquery performance issues on a Windows box? We have a user complaining that osquery is spiking cpu at max but I'm having hard time figuring out where to look for logs I'm reading thru osquery docs but haven't found answers yet

https://dactiv.llc/blog/osquery-performance-at-scale/ might be helpful for you.

Thanks, I'll take a look. I'm trying to find where would I find watchdog events on a system locally so I could take a look

Just fyi - I had a case with Windows servers on AWS where an old version of cloudwatch log agent interacted poorly and caused high CPU. So like, major shot in the dark but... if you happen to have circumstances that line up like that, try updating the cloudwatch log agent. 🤷

Thanks for the comment, I'll check it out

Hey @nyanshak this presentation specifically calles out the profile.py script to profile queries but that is not functional for Windows. Do you know a good alternative?

I'm not super familiar with Windows-specific osquery issues. Would probably do better to post a question about profiling to #general or #windows. Maybe include why it's "not functional for Windows" 😕

It is just execution errors.

What ^ does that mean? Did you manage to get profile.py working on Windows?

no, it means when you run profile.py on windows it throws errors during execution