Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

or do I have to write some db script to do so?

Generally people use the logging functionality to export query results (to ELK for example)

For live queries? You can redirect stdout from `fleetctl query` to save them to a file or send them wherever you want.

queries in general, I thought `fleetctl`  was a wrapper for the API

so people use something like syslog to export the queries out, and queries live in `/tmp`?

You may want to take a look at <https://github.com/kolide/fleet/blob/master/docs/infrastructure/faq.md#where-are-my-query-results>

this is one key difference between fleet and our saas app K2. In the latter the results of live queries are stored so you can retrieve them later with an API (and multiple people can view the results in the UI at the same time).

In addition, K2 allows you to take an adhoc query and run it "continuously" by inserting it in the schedule and will keep the results up to date accordingly.