This is on a Windows Server.
If we do an uninstall of the UF on the server and then reinstall a newer UF version on the server, when it gets its apps pushed back down to it from the deployment server; will it reread all of the logs that it might have already processed before?
Things like the Windows Eventlogs System/Security/Application logs?
I am working with one of our teams that is building out a method of request for getting agents onto a new server and then pushing out the inputs it will collect. One of the steps utilized from other agents (different tools) that this process would emulate is for when a new request to make a change to an existing server would be to uninstall an existing agent and then install the latest version we have in our build process.
I am worried that if this is done then it would go back and reread all of the log events in any logs that the server would have setup for reading.
I have currently had them not do this process for Splunk UF and am looking to have them just do a check on the currently installed Splunk version and only run an upgrade if needed (not uninstall/reinstall).