github-actions[bot]
commented
2 years ago This issue is stale because it has been open for 30 days with no activity.
Closed vzabawski closed 2 years ago
github-actions[bot]
commented
2 years ago This issue is stale because it has been open for 30 days with no activity.
github-actions[bot]
commented
2 years ago This issue was closed because it has been inactive for 14 days since being marked as stale.
What would you like to be added: Splunk Forwarder performs CRC checks against the first 256 bytes of a file. This behavior prevents the input from indexing the same file twice, even though you might have renamed it, as with rolling log files, for example.
With splunk-connect-for-kubernetes, it doesn't work that way, as far as I can see. My situation:
Fluentd allows solving this problem with follow_inodes parameter. This parameter is not present in fluentd config, but it doesn't seem really hard to add it.
Why is this needed: This allows working with files which are being rotated and avoid duplicated events in Splunk