How are other people handling the log size?

We ship the logs off the system to a centralized logging platform. You want to do this for many reasons, but to start: Manually inspecting the logs on each host is a headache and if the box is compromised, the attacker can just delete the logs and you’ve lost all your data to use in forensics.

Yah I'm using filebeat to ship the log off but how are you reducing the size of the osquery log?