Does anyone know if osqueryd can be configured to send results to different logging backend/targets depending on the query pack? For example a compliance related query pack results go to compliance kafka queue, system info query pack results go to a different queue.

I don't believe that is possible. Best to do the split at your cloud edge.

you could probably implement a custom logger plugin to do this, but yea, probably better or easier to do this split elsewhere.

This what my research has led me to as well, nice to have the sanity check. Thanks.