We have a case where we want to monitor a specific file on a lot of hosts enrolled in our fleet and we want to read the entire file every time it changes. Currently we are struggling with the custom log ingest since it ingests only the delta in case of a file change. Is there a solution to ingest a full snapshot of a file each time the file changes?
More tech details: the file in practice is an XML with a very irregular layout. To process it properly in a pipeline, the incoming document should always be the full document, not just the delta of recent file updates.