yes but i do not understand the process that is created when i stop the osquery service

It doesn't look like a new process is created. The PID is 2608 in both the images. So it seems the earlier termination of osquery didn't clean its child process. BTW, I am yet to get hands on with 3.3.0..so osquery creating a child osquery is something I have not seen yet. Is there wait in between service start and stop?