storage-to-hec (nsg): how to handle multiple file updates

[rangers-bnc]

How to handle the fact that the blob input get updated once every minute, so 59-62 times per hour. Then a rollover file is created.

Doesn't it create duplicate entries in Splunk ?

It documented that NSG flow log files are created in blocks:

[0] {"records":[ (12)
[1] { ... },{ ... } => after 1 minute
[2] ,{ ... },{ ... } => after 2 minutes
...
[n] ]} (2)