osquery sends snapshot queries as an array to the snapshots.log file - is there a way to make it not do this?

@asparamancer check out the

--logger_snapshot_event_type=true

flag from here: https://osquery.readthedocs.io/en/stable/installation/cli-flags/#loggingresults-flags (edited)

thanks @defensivedepth that was it, conversely mac does this by default it seems do you know of a way to make it not. Changing the flag to false - even though it would be the default - doesn't have an effect

hmmm, that seems odd. Will have to test it out on a mac

fyi turns out it the =true was in the options of the pack the query was coming from, all normal