can i log live query resault?

Hi @nick fury. Live query results are not logged at this time. You can export the results as a CSV after running the query. We're working in some improvements to workflow for live queries, including an option to store recent query results. What would be the main benefit to you of logging those results?

I want to forward them to Splunk so I can analyse the results there

You could use fleetctl to live query and pipe results to splunk or to a file and have some collector pick up the file and send to splunk. Just spitballing.