Hey @Vikram, let me know if I understand the situation.
osquery is running and collecting events, for example from ntfs_journal_events, for a period of 12 hours. Specifically, the machine is on, and being used, and generating events - but the machine does not have internet access. Thus a large amount of events are cached for logging.
When internet access is restored osquery will start logging all of the cached events. But since there are many, and since logging happens in batches, it might take a while to log everything that cached over that 12hour period.