Are you really just reading one file or are you reading a set of files that is changing over time. I am wondering if you are seeing inode re-use. That's where you read a file and delete it, then create a new file with a different name but the same inode. logstash will start reading the file at an offset equal to the length of the previous file.
If you enable '--log.level trace' then filewatch will log messages about each file that it discovers and the associated sincedb entry.