actually I should be able to do the work if I get a hint like ‘use the corrupted porpoise method’ or ‘count the nose hairs in a video of Jordan Peterson crying’

Adam, where are you running the Fleet backend? Knowing that would open up some options. If you are on VPS or self hosted, then setting up results logging destination as the file system plugin, then using something like Filebeat to ship logs to elastic search can work really well. If you are running in AWS, you can use the Firehose plugin, and then wire up firehose to deliver to managed OpenSearch. Like I said lots of options and some easier than others depending on your hosting situation.

Hi @Benjamin Edwards thanks for the reply. I have it running as a VPS with a local provider, non AWS/ GCP. Right now I’m trying to do everything ‘cheapest way possible’ until I am more confident and will switch to ‘best way possible’ I set up another VPS with Elastic and Kibana last night, then realised I had no idea how to get them to talk…

@Adam Connor My approach to this is to set the Fleet logs to be stored in a local file and use a Fluent Bit (or some other log processor tool) to read from this file and send the lines to your ElasticSearch

Fluentbit, Vector, Filebeat all great tools

Yea! Sorry, Benjamin, I hadn't finished reading your answer before writing mine. I ended up repeating everything lol

cool, thanks @Benjamin Edwards and @Saulo Guilhermino - I really appreciate the replies, and any example configs are welcome!