Since the update to 2.2.3 some udp syslog message from a specific source is always showing the timestamp as 00:00:00.000 for all received messages for a specific extractor:
The extractor is a comma delimited CSV extractor as shown here:
dateheure,milliseconds,unused21,application_name,log_level,unused22,unused23,client_ip,server_ip,vendor_event_type,vendor_action_id,vendor_action,vendor_action_description,session_id,actor_guid,unused27,unused28,user_name,user_first_name,user_last_name,agent_guid,unused210,agent_ip,agent_name,agent_type,unused214,authentication_type,unused215,authentication_description,argument1,argument2,argument3,argument4,argument5,argument6,argument7,argument8,user_email,argument10,argument11
The first field used to be called ‘timestamp’ so I figured this might cause an issue so I replaced it with ‘dateheure’ and rotated index but the issue remains.
This used to work fine prior to upgrading the OVA to 2.2.3 last week. Any leads on what is causing this issue and how to fix it? Thanks
P.S. The time config on the server is fine. All other sources have correct timestamps.