Readers may also enjoy Steampipe [1], an open source tool to live query 140+ services with SQL (e.g. AWS, GitHub, CSV, Kubernetes, etc). It uses Postgres Foreign Data Wrappers under the hood and supports joins etc with other tables. (Disclaimer - I'm a lead on the project.)
I thought NoSQL was supposed to take over? Noooooooo :( why learn complex queries when I can spawn unstructured and unrelated json blobs? It's easier! Or so I was told?
If you're looking at this, you might want to also look at fleetdm (https://github.com/fleetdm/fleet), from which hosts that have osquery installed, can be queried.
We use FleetDM extensively. The community version is a bit limited (and I'm lazy to close all those Jira tickets coming from the integration) but it's really a big help.
Get all laptops with failing batteries - done
Sweep the endpoints for any indicators of suspicious activity (if you know what you're looking for) - done
Monitor policy compliance (or stuff like the /boot partition filling) done
It will never replace a true monitoring solution (like Grafana+Prometheus), but we don't need that on endpoints.
1 - https://github.com/turbot/steampipe