Does anyone know the functionality for the Universal Forwarder and its caching of logs if its disconnected from the indexer. Specifically, what is the functionality of caching a file when it gets rotated to a zipped file while its still disconnected from the indexer?
Do we lose everything that got rotated to a zipped file? Or did everything still get cached, regardless of the log rotation happening or not?
↧