hi are there any reliability concerns of message delivery if we choose to ship client osquery logs via osquery -> Fleet -> pubsub as opposed to using something like Filebeat to read logs from the client and ship them to logstash and then pubsub?

We use the former and had no issues. We did have to update some parsing logic in our logging system though, as GCP Pub/Sub adds metadata for its system to the osquery results

I've had no dropped logs yet with GCP PubSub (pubsub code is here, as you can see it uses Google's official package to handle the pubsub - https://github.com/kolide/fleet/blob/master/server/logging/pubsub.go )