osquery-1/tools/tests/test_inline_pack.conf

{
  "options": {
    "enable_monitor": "true"
  },
  "packs": {
    "kernel": {
      "version": "1.5.0",
      "queries": {
        "process_events": {
          "query": "select distinct path, cmdline, uid, euid, environment from process_events;",
          "interval": 3600,
          "version": "1.5.1-26",
          "removed": false
        }
      }
    },
    "foobar": {
      "platform": "darwin",
      "version": "1.5.0",
      "discovery": [
        "select pid from processes where name = 'foobar';"
      ],
      "queries": {
        "kernel_modules": {
          "query": "select * from kernel_modules;",
          "interval": 3600
        },
        "totally_fake": {
          "query": "select * from kernel_modules;",
          "interval": 3600,
          "platform": "lol"
        }
      }
    },
    "foobaz": {
      "version": "9.9.9",
      "queries": {}
    },
    "baz": {
      "discovery": [
        "select * from osquery_info;"
      ],
      "queries": {
        "kernel_modules": {
          "query": "select * from kernel_modules;",
          "interval": 3600
        }
      }
    }
  },
  "schedule": {
    "launchd": {
      "query": "select * from launchd;",
      "interval": 3600
    }
  }
}