I have a WEC serveur with the last version of Nxlog installed on it. I forward these logs to a Qradar SIEM with the to_syslog_snare(); function in the output module. Everything is working fine in QRadar and the parsing is good.
But when the SnareCounter value exceeds 9999999 in the log, I saw a "Tab" or a "space" and my log is not parsing well anymore in my QRadar. This modification appear between the SnareCounter and the Date value