OsQuery not giving json or csv output in window

Question

Osquery not giving JSON or CSV output in a window I have tried these, but unable to produce CSV or JSON output.

osquery> --csv select * from time;
osquery> --json select * from time;
osquery> --csv 'select * from time';
osquery> select * from time --CSV;
osquery> 'select * from time' --CSV;

Answer 1

It looks like you already started osqueryi in shell mode, so it is not parsing the flag you are trying to pass.

What you are looking for is probably (from your cmd.exe shell):

C:\Program Files\osquery>osqueryi.exe --json "select * from time"
[
  {"datetime":"2020-07-15T16:02:33Z","day":"15","hour":"16","iso_8601":"2020-07-15T16:02:33Z","local_time":"1594828953","local_timezone":"PDT","minutes":"2","month":"7","seconds":"33","timestamp":"Wed Jul 15 16:02:33 2020 UTC","timezone":"UTC","unix_time":"1594828953","weekday":"Wednesday","year":"2020"}
]
$ osqueryi --csv 'select * from time'
weekday|year|month|day|hour|minutes|seconds|timezone|local_time|local_timezone|unix_time|timestamp|datetime|iso_8601
Wednesday|2020|7|15|16|2|37|UTC|1594828957|PDT|1594828957|"Wed Jul 15 16:02:37 2020 UTC"|2020-07-15T16:02:37Z|2020-07-15T16:02:37Z

Your other option is to set the "output mode" while in the osqueryi shell:

$ osqueryi.exe
Using a virtual database. Need help, type '.help'
osquery> .mode csv
osquery> select * from time;
weekday,year,month,day,hour,minutes,seconds,timezone,local_time,local_timezone,unix_time,timestamp,datetime,iso_8601
Wednesday,2020,7,15,16,4,33,UTC,1594829073,PDT,1594829073,"Wed Jul 15 16:04:33 2020 UTC",2020-07-15T16:04:33Z,2020-07-15T16:04:33Z
osquery>

I am not sure why, but JSON is not supported as a format with the .mode command.