Just checking to see if my steps are correct so far: 1. After Creating a bundle using fleetctl package 2. Installing Debian package and enabling service 3. Confirming host was enrolled into Fleet through the console 4. Was able to run one off queries from the Fleet web console After running the queries, there are no entries within osqueryd.results.log on the endpoint? Would I need to package in some osqueryd.flags to configure logging? Should the results of the queries from the Fleet web console be saved under /logs/osqueryd.results.log (This is logging location set within the docker-compose file)? As mine seems to be empty

Hi @Saliaga, great question! So your queries aren't automatically saved in a file unless you manually save them or they're scheduled. I think this FAQ should be helpful: https://fleetdm.com/docs/using-fleet/faq#where-are-my-query-results Let us know if you have more questions!

Thank you @Rachel Perkins

Depending on what you're trying to do. Schedules is definitely better if you want a snapshot of all your hosts. You can also change the logging type, interval, etc so you don't end up with too much unwanted data