In order to make it easy to continuously import data from files in a given directory, we would like to make it possible to "tail -f" all files in it. The desired UX would be along the lines of:
- [ ] Define the operator UX
- [ ] Implement it in the `file` connector
- [ ] Test with Zeek's spool directory (by default `$PREFIX/logs/current`)
- [ ] Test with a Suricata EVE log
In order to make it easy to continuously import data from files in a given directory, we would like to make it possible to "tail -f" all files in it. The desired UX would be along the lines of:
We can employ fswatch to implement this feature.
💯 Definition of Done