I have osquery agent returning results but the result page keeping saying "1 agent has responded, no osquery data has been reported."
Hey @meni0n, thanks for reaching out to us.
I am working on the Osquery Manager integration at Elastic, I will try to help and figure out what is happening. But first, I would need to get more context.
- Could you specify where you're seeing these results? Is it Osquery manager, or any other kibana functionality?
- How does the query look like?
- Also, what version are you on?
Thanks in advance
Usually when i have seen this behavior it means the agent is unable to ingest the documents to elasticsearch but is able to reach the fleet servers.
So from a fleet perspective it lets you know it executed but due to a connection error, firewall blocks or ingest failures the documents don't show up in elastic.