I've been running some tests with splunk forwarder oneshot and noticed that if I issue a splunk forwarder one shot CLI command on a huge file (3 gb), the command finishes instantly. Then I immediately delete the file. Much to my surprise, splunk forwarder still is able to send the file data to the server receiver. I thought it would complain that the file was missing since I deleted it.
What is going on behind the scenes here?
BTW, the reason I'm asking is because I am have a requirement to delete files after calling oneshot, but I want to make sure that the files are completely received by the server prior to deleting. If someone could help me with that, much appreciated.
... View more