The following message is from Launcher:

Buffered logs limit exceeded. Purging excess. purge_count = 400

The following message is from osqueryi:

4924 events.cpp:312] Expiring events for subscriber: windows_events (overflowed limit 50000)

Based on my initial investigation, I believe they indicate the same issue - the evented table has filled its buffer and logs are being expired. Is this accurate?