Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
osquery_schedule
osquery_schedule
Information about the current queries that are scheduled in osquery.
| Column | Type | Description |
|---|---|---|
| average_memory | bigint | Average of the bytes of resident memory left allocated after collecting results |
| denylisted | integer | 1 if the query is denylisted else 0 |
| executions | bigint | Number of times the query was executed |
| interval | integer | The interval in seconds to run this query, not an exact interval |
| last_executed | bigint | UNIX time stamp in seconds of the last completed execution |
| last_memory | bigint | Resident memory in bytes left allocated after collecting results of the latest execution |
| last_system_time | bigint | System time in milliseconds of the latest execution |
| last_user_time | bigint | User time in milliseconds of the latest execution |
| last_wall_time_ms | bigint | Wall time in milliseconds of the latest execution |
| name | text | The given name for this query |
| output_size | bigint | Cumulative total number of bytes generated by the resultant rows of the query |
| query | text | The exact query to run |
| system_time | bigint | Total system time in milliseconds spent executing |
| user_time | bigint | Total user time in milliseconds spent executing |
| wall_time | bigint | Total wall time in seconds spent executing (deprecated), hidden=True |
| wall_time_ms | bigint | Total wall time in milliseconds spent executing |
Example
Identify scheduled queries that have been denylisted by the osquery watchdog. This could indicate queries that required a lot of resources to be executed. They will not be executed again until osquery restarts.
SELECT name, query FROM osquery_schedule WHERE denylisted='1';
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
