osQuery Management Server (Prime).Osquery All Container Processes (SQLite SQL Statements)
SELECT
name,
path,
state,
strftime('%Y-%m-%d', datetime(start_time, 'unixepoch')) AS start_time
FROM
processes
WHERE
(strftime('%Y-%m-%d', datetime(start_time, 'unixepoch')), name, path, start_time) IN (
SELECT
strftime('%Y-%m-%d', datetime(start_time, 'unixepoch')) AS day,
name,
path,
MAX(start_time)
FROM
processes
GROUP BY
day, name, path
);