Probably when the log rolls, the new log is created with the wrong ownership or permissions so that user splunk cannot read it but then there is a housekeeping ( probably cron-based) job that comes around once a day and deleted old files and fixes ownership and permissions. This should be easy to check, just keep doing this until you see it rotate and look:

ls -altr /Your/Path/To/Files/Here

You probably have too many co-resident files. At hundreds of files (whether or not Splunk is supposed to forward them or not, or whether it already has or not), things slow down (like you are seeing). At thousands of files, things pretty much completely stop. A good test is that if you get a significant surge just after restarting the forwarder and then it goes back to really, really slow, then this is your problem. Do proper OS-level housekeeping to move/archive/delete older files and things will go back to snappy again.

I found a similar issue here : https://answers.splunk.com/answers/680732/splunk-skips-or-delays-indexing-of-the-log-file-du.html

Made the change as specified : time_before_close = 1

But doesn't look like it helped. Forwarder version is 7.0.3

Unless I need to wait until the log rolls again at midnight tonight?