Hello, I’m looking to ship the kolide-fleet logs from the filesystem using Fluent and into my ES cluster. Does kolide have that capability to use Fluent to ship logs off?

Fleet doesn't have any log-shipping built in. Typically you would use fluentd to ship logs of the Fleet server filesystem(s).

And I would assume it’s the same with OSQuery if I’d like to use Fluent?

Yup, that sounds about right. If you're logging to filesystem, I think it's assumed that you'll configure something to ship it separately.

Ahh. Okay! Thank you!

If it's easy enough for you to get fluentd on all your osquery nodes, you might as well log to the filesystems and ship from there. Sometimes it can be easier to just run the log forwarder on the Fleet server and let Fleet aggregate the logs on its own filesystem.

Ohh! I see. Thank you!