Instead of file being appended, if the file gets overwritted or rewrited, does splunk re-evaluates the entire file data and figure-out whether to index the already indexed data?
I'm not sure of the exact scenario you have in mind:
In the first case, Splunk will have no problems detecting the new data. In the second case, unless the old data is written faster than Splunk can detect that it has been changed/deleted, it will probably wind up double-indexing the old data. If the old file is rewritten fast enough (or moved/renamed over the old one) then there won't be any problems.