I have a use case in which, multiple large files are pushed on a server. These are read by Filebeat and sent to Logstash.
I have written a script to read the registry file and get the filenames that have been acknowledged by Fielbeat.
My question is, if it is safe to delete these files? When is a file actually updated in the registry? Are the files updated after they are completely processed by beats or are they updated when beats starts to process them?