From e9a77cc64a0525c2cb0ad9542b3617cf566efc1a Mon Sep 17 00:00:00 2001
From: noahtalerman <47070608+noahtalerman@users.noreply.github.com>
Date: Wed, 16 Dec 2020 16:20:38 -0800
Subject: [PATCH] Add information on datastore options in Fleet to FAQ. (#136)

---
 docs/infrastructure/faq.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/infrastructure/faq.md b/docs/infrastructure/faq.md
index cd21c83d54..76006cdf34 100644
--- a/docs/infrastructure/faq.md
+++ b/docs/infrastructure/faq.md
@@ -26,6 +26,12 @@ Scheduled query results (queries that are scheduled to run in Packs) are typical
 
 It is possible to configure osqueryd to log query results outside of Fleet. For results to go to Fleet, the `--logger_plugin` flag must be set to `tls`.
 
+### What are my options for storing the osquery logs?
+
+Folks typically use Fleet to ship logs to data aggregation systems like Splunk, the ELK stack, and Graylog. 
+
+The [logger configuration options](https://github.com/fleetdm/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#osquery_status_log_plugin) allow you to select the log output plugin. Using the log outputs you can route the logs to your chosen aggregation system.
+
 ### Troubleshooting
 
 Expecting results, but not seeing anything in the logs?