Ok, I actually believe those are separate issues as I have other box where file was removed from registry, but this time registry file was updated all the time.
2016-10-03T16:18:18Z Filebeat started
2016-10-03T16:18:19Z INFO Harvester started for file: /problematic
[...]
Somewhere in between "/problematic" file disappeared from registry file, without any mention in logs.
Process was running all the time.
[...]
2016-10-03T17:21:28Z INFO filebeat stopped.
2016-10-03T17:21:43Z Filebeat got restarted
2016-10-03T17:21:43Z INFO Harvester started for file: /problematic
File was also re-added to registry
[root@host2 filebeat]# grep -l /problematic /var/lib/filebeat/registry
/var/lib/filebeat/registry
In less than 10 minutes file disappeared from registry. There is no mention of that operation in filebeat's logs.
[root@host2 filebeat]# grep -l /problematic /var/lib/filebeat/registry
[root@host2 filebeat]#
This is completely repeatable.