https://issues.apache.org/jira/browse/METRON-1257
________________________________ From: Otto Fowler <[email protected]> Sent: Tuesday, October 17, 2017 1:16 PM To: [email protected]; ed d Subject: Re: Fireeye "unable to find timestamp" Would it be possible for you to create a jira, which included the ‘raw’ data ( anonymized )? If this is a problem that we need to fix, it would be good to have a test case for the code etc to prove it. On October 17, 2017 at 13:03:11, ed d ([email protected]<mailto:[email protected]>) wrote: Apache metron 0.4.1, git cloned. Not sure they version of Fireeye, but its NX data. Timestamp in the log is this format: "rt=Sep 25 2017 19:53:35" Basic fireeye parser does not seem to be parsing the NX timestamp. Snippet: o.a.m.p.f.BasicFireEyeParser [WARN] Unable to find timestamp in message:
