What would you like to be added:
Splunk Forwarder performs CRC checks against the first 256 bytes of a file. This behavior prevents the input from indexing the same file twice, even though you might have renamed it, as with rolling log files, for example.
With splunk-connect-for-kubernetes, it doesn't work that way, as far as I can see.
My situation:
Containers which write separate log to NFS
Log path pattern: /var/log/nfs/*/mylog.log
Fluentd allows solving this problem with follow_inodes parameter.
This parameter is not present in fluentd config, but it doesn't seem really hard to add it.
Why is this needed:
This allows working with files which are being rotated and avoid duplicated events in Splunk
What would you like to be added: Splunk Forwarder performs CRC checks against the first 256 bytes of a file. This behavior prevents the input from indexing the same file twice, even though you might have renamed it, as with rolling log files, for example.
With splunk-connect-for-kubernetes, it doesn't work that way, as far as I can see. My situation:
Fluentd allows solving this problem with follow_inodes parameter. This parameter is not present in fluentd config, but it doesn't seem really hard to add it.
Why is this needed: This allows working with files which are being rotated and avoid duplicated events in Splunk