Okay, so it would make more sense to schedule this query to run; then use ELK or something to view the aggregation that I want to view?

Possibly, or use

fleetctl

piped into unix utilities like

jq

,

sort

and

uniq

to do the aggregation.

I’ll look into doing it this way as well, thanks!

So am I to understand here that the purpose of Fleet itself does not cover viewing the results of the scheduled queries themselves? I'm guessing yes based on I don't really see any way to specifically view the historical data in Fleet, but figured I'd ask for confirmation

Correct. Scheduled query results are intended to be pushed into logging pipelines and consumed from log aggregation platforms like Splunk or ELK.