I'm using splunk 8.0.3 on a Linux machine.
It seems a tar.gz file with the same hash gets re indexed by Splunk.
The only difference that I see is that when I do a 'stat <file>', it shows as Changed. The Changed means metadata has changed.
Is this behavior documented somewhere?
How do I stop Splunk from re indexing this file if only the metadata changed?