From 548878d9bd949f5e22af27db0baa17efebcf510e Mon Sep 17 00:00:00 2001
From: Brian Grabau <brian_grabau@cargill.com>
Date: Mon, 19 Aug 2024 17:29:04 -0500
Subject: [PATCH] Added addtional date parsing for SWG formats

---
 config/processors/syslog_security_skyhigh.swg.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/processors/syslog_security_skyhigh.swg.conf b/config/processors/syslog_security_skyhigh.swg.conf
index 298c181a..6a8c1e7d 100644
--- a/config/processors/syslog_security_skyhigh.swg.conf
+++ b/config/processors/syslog_security_skyhigh.swg.conf
@@ -157,7 +157,7 @@ if [tmp_csv] !~ "\w,\w" {
     date {
       # "26/aug/2020:19:35:09.533 +0000"
       # ts=[12/oct/2020:17:24:01 +0000]
-      match => ["[event][created]", "ISO8601","MMM dd HH:mm:ss","dd/MMM/yyyy:HH:mm:ss ZZ"  ]
+      match => ["[event][created]", "ISO8601" , "dd/MMM/yyyy:HH:mm:ss Z", "MMM dd HH:mm:ss","dd/MMM/yyyy:HH:mm:ss ZZ" ]
       timezone => "GMT"
       locale => "en"
       target => "[event][created]"