@koba live query or scheduled query results? (or both?)

just for scheduled...is fine.

The typical backend would my something like Elasticsearch, Splunk etc. You can use SQL-esque langauge with Elasticsearch if that is what you need (https://www.elastic.co/what-is/elasticsearch-sql). Probably the best way to do what you are asking is to either write a logger plugin (https://osquery.readthedocs.io/en/stable/development/logger-plugins/) or build a pipeline off the schedule queries results file.