you have to forward them to your own integration

understood. we're sending them to our siem now. I guess I was just hoping that something was coming. It seems like y'all thought id be beneficial to send logs to fleet. Currently, there isn't a lot of benefit to sending logs back to fleet over sending them directly to the siem from the nodes.

For a lot of folks this is a benefit. No need to have log forwarding agents on every single node when you can just have it on the fleet server. If it's not a benefit for you, you can configure your nodes to use another logger plugin and handle the logs however you like.

oh i def prefer forwarding to fleet. im just trying to maybe read between the lines. fleet's definitely poised to add some really valuable features down the line if it has access to query results.

While that's indisputably true, we're trying to steer away from adding log analytics to fleet. The value we see for fleet is in managing your osquery fleet, not necessarily in looking through your results and giving you insights.