[8.17](backport #42356) Increase Osquery max timeout limit to 24 hours (

#42967)

* Increase Osquery max timeout limit to 24 hours (#42356)

Increasing the osquery max query timeout will allow users to run longer running queries that can be done with osquery.

Although osquery only supports running one query at a time, and this may block others from running, it will allow users to decide for themselves if they want to run long-running queries, and opens new use-cases.

(cherry picked from commit 7a48e15)

* Update CHANGELOG.next.asciidoc

Remove unrelated changes from backported changelog

---------

Co-authored-by: Michael Wolf <michael.wolf@elastic.co>

CHANGELOG.next.asciidoc

@@ -44,8 +44,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 
 - Add action responses data stream, allowing osquerybeat to post action results directly to elasticsearch. {pull}39143[39143]
 
-*Osquerybeat*
-
 
 *Packetbeat*
 
@@ -296,6 +294,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 
 *Osquerybeat*
 
+- Increase maximum query timeout to 24 hours {pull}42356[42356]
 
 *Packetbeat*
 

x-pack/osquerybeat/beater/osquerybeat.go

@@ -46,7 +46,7 @@ const (
 	configurationRefreshIntervalSecs = 60
 
 	osqueryTimeout    = 1 * time.Minute
-	osqueryMaxTimeout = 15 * time.Minute
+	osqueryMaxTimeout = 24 * time.Hour
 )
 
 const (

x-pack/osquerybeat/internal/osqdcli/client.go

@@ -25,7 +25,7 @@ const (
 	defaultTimeout = 1 * time.Minute
 
 	// The longest the query is allowed to run. Since queries are run one at a time, this will block all other queries until this query completes.
-	defaultMaxTimeout     = 15 * time.Minute
+	defaultMaxTimeout     = 24 * time.Hour
 	defaultConnectRetries = 10
 )