docs: adding a note about osquery scheduler behavior (#3305)

2024-11-07 09:58:54 +00:00 · 2017-06-02 21:03:56 -07:00 · 2017-06-02 21:03:56 -07:00 · ab6a148a6c
commit ab6a148a6c
parent f2ed11c0ca
1 changed files with 7 additions and 0 deletions
--- a/docs/wiki/deployment/configuration.md
+++ b/docs/wiki/deployment/configuration.md
@ -76,6 +76,13 @@ stored in RocksDB. On subsequent runs, only result-set-difference (changes) are
 Scheduled queries can also set: `"removed":false` and `"snapshot":true`. See
 the next section on [logging](../deployment/logging.md), and the below configuration specification to learn how query options affect the output.

+**Note** that the `interval` time in seconds is how many seconds the _daemon_
+itself has been running before the scheduled query will be executed. If the
+system is suspended or put to sleep the progression of time "freezes" and
+resumes when the system comes back online. For example a scheduled query with
+an interval of `84600`, or 24 hours, running on a laptop system could take
+a few days before the query executes if the system is suspended at night.
+
 ## Query Packs

 Configuration supports sets, called packs, of queries that help define your