Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi, how can I forward logs generated by osqueryd to Splunk using 'http event collector'. I'm aware of using splunk universal forwarder which can be configured to read logs from file and forward to splunk server. But I'm interested in using http event collector to send logs to splunk . Any pointers ?

This seems like a Splunk specific question. I've never done this, however maybe check out their docs? I find that Splunk docs are pretty good

I'll also add that at one point someone was talking about creating a SIEM forwarding channel, where people could discuss such topics.