Upgraded from 2.5 to 3.0 today and all is mostly working fine. However, I’m pulling syslog from a Sonicwall device which has been working fine, even for a short period following the upgrade. Now I’m getting errors suggesting it cannot run data conversion as part of an extractor:
2019-02-18T12:49:30.699Z ERROR [Extractor] Could not apply converter [DATE] of extractor [a929827b-de1a-49e9-ac31-9bd81bd320a1].
java.lang.IllegalArgumentException: Invalid format: “id=firewall sn=2CB8ED054567 time…”
Nothing has changed with the message format, or the regex for parsing the date, I can confirm these work manually.
Any ideas where to look?