can we send directly osquery log to destination tcp port (logstash)?

I don’t think is possible. Traditionally if you wanted to use logstash to forward logs, you would have osquery to log locally, and the logstash agent would pick those up