We are also searching for more information regarding the usage of persistent queues for splunktcp.
We want to avoid for example data loss during splunk update, where you need to stop the index cluster in case of major version update.
So you will loss "live data" like it comes for excample fron the windows_TA and or unix_ta (CPU, Ram, disk, etc.)
According to http://docs.splunk.com/Documentation/Splunk/latest/Data/Usepersistentqueues:
Persistent queues are not available for these input types:
File system change monitor
splunktcp (input from Splunk forwarders)
Is the above mentioned option recommended, documented and supported from splunk?
... View more