Hello,
We are trying to use the CEF integration to parse syslogs sent over from SentinelOne, but are getting an error message on processing which appears to be due to the date format.
Error - Text '2022-02-09 00:25:02,862' could not be parsed, unparsed text found at index 10
Is there a simple fix to parsing this correctly that I could try?
Also, any plans on adding the ability to specify an event dataset name other than cef, like with other integrations (UDP).
Thanks
How did you configure it? Integration from Kibana or from Beats?
This is using the integration from Fleet. Using the logs-cef.log-1.3.1 pipeline.
{
"index": {
"default_pipeline": "logs-cef.log-1.3.1"
}
}
Yea I can but is there something I can do now to get it working?
Well, you can try to edit manually the Ingest pipeline to parse the timestamp correctly, but reporting the bug should be a simpler solution.
Created an issue Fleet CEF Integration Parsing Timestamp Error · Issue #2676 · elastic/integrations (github.com)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.