its the default

https://osquery.slack.com/archives/C1XCLA5DZ/p1573002989209400 - posted question to #C1XCLA5DZ since it's probably more relevant, but maybe you know the answer anyways. thanks for the help either way 🙂

I don't know kolide. Look at the logger_plugin and logger_min_status settings. Sometimes there are two loggers such as

logger_plugin=aws_kinesis,filesystem

if logger_min_status=1, only WARN and ERROR logs go to first logger.