The file beat offset value refers to the pointer of how much of the current log file have been read.
My understanding of what happens i the following scenarios are:
- A log file is rotated (zipped) and archived -> offset 0
- A log file is truncated -> offset 0
- A log file is partially edited, someone removes a couple of lines or restores an older log file -> offset ???
In the last scenario I want to find out what the file beat client will say, will it detecting this as someone tampering with the file or will it silently decrease the offset pointer to the max offset available in the file?