diff --git a/config/processors/syslog_security_skyhigh.swg.conf b/config/processors/syslog_security_skyhigh.swg.conf
index 298c181a..6a8c1e7d 100644
--- a/config/processors/syslog_security_skyhigh.swg.conf
+++ b/config/processors/syslog_security_skyhigh.swg.conf
@@ -157,7 +157,7 @@ if [tmp_csv] !~ "\w,\w" {
     date {
       # "26/aug/2020:19:35:09.533 +0000"
       # ts=[12/oct/2020:17:24:01 +0000]
-      match => ["[event][created]", "ISO8601","MMM dd HH:mm:ss","dd/MMM/yyyy:HH:mm:ss ZZ"  ]
+      match => ["[event][created]", "ISO8601" , "dd/MMM/yyyy:HH:mm:ss Z", "MMM dd HH:mm:ss","dd/MMM/yyyy:HH:mm:ss ZZ" ]
       timezone => "GMT"
       locale => "en"
       target => "[event][created]"