[anonymousDan]

But do you need an installation of osquery on the remote machines too? Or some kind of remote agent? Or does it just try to login to each remote machine over e.g. SSH?

[coredog64]

It's a remote agent. If you want the scheduled execution, you install the program and configure it internally to run on a schedule.

I haven't finished the work yet, but my employer will be feeding the log results into our ELK stack.

There are other frontends like 'doorman' which allow for ad hoc queries. That is a little more work to stand up.