I have a question that I thought will be better if I add it here, rather than creating a new one. My questions are as the following:
With the eNcore Add-on already installed on a Heavy Forwarder, wouldn't deploying an updated Add-On via a Deployment Server makes the existing "data" directory becomes empty again since it will be overwritten by the copy from the Deployment Server?
How can I do so without affecting the existing "data" directory or it doesn't matter since the logs had been ingested?
Lastly, what's the impact of the "data" directory becomes empty? Will the logs be downloading in real-time from the FMC or does the Add-on download logs that had been in the FMC for x number of hours (example)?
you should use the Deployment Server to deploy the eNcore Add-on to heavy forwarder (for the data input/collection), as well as indexer and search head (since the add-on contains field extractions)
