You could use the filesystem logging plugin for osquery logs.
If you also need to forward them to a centralized location, you can set up a file watcher locally.
We did a workshop at DEF CON where we did something similar this with Filebeat and Greylog:
https://github.com/ksatter/fleet-docker/tree/defcon30
There, we were still sending the logs to Fleet using the TLS logger plugin in osquery, so the watcher is set up on the server. You'd want to use the filesystem plugin for osquery logs and set up the watcher on each host.