How often is Osquery updated for Osquery Manager?edit
When a new version of Osquery is released, it is included in a subsequent Elastic Agent release and applied when the agent is upgraded. After that, when running queries from Osquery Manager in Kibana, the updated Osquery version is used. Refer to the Fleet and Elastic Agent Guide for help with upgrading Fleet-managed Elastic Agents.
To check what Osquery version is installed on an Elastic Agent, you can run SELECT version FROM osquery_info; as a live query in Kibana. The version in the response is the Osquery version installed on the agent.
My question simply is why the actual version we have (Cluster is 8.14.2) is 5.10.1 instead of 5.12.1?
@daniel-san The latest agent has osquery 5.10.2 distribution packaged with it.
We will update to 5.12.1 for the next agent release which at the moment I believe is going to be 8.16.
Thanks for your response! So i guess this is then somehow tied to upgrade the cluster to 8.16.x when its available?
Then we'll stay tuned. The thing is we're experiencing a pretty annoying bug in the Kibana Osquery UI interface that randomly shows Live Querys expiering due to no reason (the data is viewable in discover).
We had a ticket open due to this and they are working on a fix still to be released.
That the overall reason why i stumbled upon that version difference and wanted to be informed
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
