Currently, the script will look at an entire log file for a string. If found, it alerts. This doesn't work well in cases where a log will continue to have hits on a search, but the issue corresponding to that match is resolved.

The Linux counterpart has logic built in so that it doesn't read beyond a certain point. Appears to use a state file to do so.

https://github.com/sensu-plugins/sensu-plugins-logs/blob/master/bin/check-log.rb

The script needs something like this or something time based, i.e. only search in the past hour.

Since stashes have been a thing for a while so building a new check I would suggest that it be leveraged over a local temp file. But I have no idea if that makes sense in a windows world running on read only and temp filesystems available causing you to have to read the whole file again.

Stashes require API access, which agents won't always have. Further more, my understanding is that stashes are not part of the Sensu 2.0 API. In light of this, I think it's reasonable to use a local state file as the Linux plugin does.

Hmm thats sad to see stashes not be a thing in 2.x especially since everything is supposed to be api based rather than files. It does make sense about not wanting to requiring API access.