Would it be possible for you to create a jira, which included the ‘raw’ data ( anonymized )? If this is a problem that we need to fix, it would be good to have a test case for the code etc to prove it.
On October 17, 2017 at 13:03:11, ed d ([email protected]) wrote: Apache metron 0.4.1, git cloned. Not sure they version of Fireeye, but its NX data. Timestamp in the log is this format: "rt=Sep 25 2017 19:53:35" Basic fireeye parser does not seem to be parsing the NX timestamp. Snippet: o.a.m.p.f.BasicFireEyeParser [WARN] Unable to find timestamp in message:
