Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/451
The joys of international date parsing, right? Seems like a the CEF
standard is not the most well read among device vendors. A number of the 'from
the wild' examples we've got in the tests already violate the rt standard set
down by HPE, hence the DateUtils class separating the list of "according to the
standard" and "found in the wild".
This feels like a much wider issue we should handle elsewhere, maybe in the
new DateUtils class I introduced here. To do so properly we would have to have
a way of feeding the source locale for the log feed into the parser. We should
really open a discuss on the best way to do that in general, but maybe it's
something bound to a general parser config (i.e. each parser can specify date
locale) and this can be propagated on a general basis rather than parser to
parser.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
