Hi,

I am using NXlog to fetch events from Windows server to a SIEM. But in some Events, it is adding an extra "white space" before the timestamp. Due to the extra white space, SIEM fails to parse the log.

Here are some samples

Log with extra white space, please look after "EventTime": it has an extra space before the time stamp

2020-05-20T14:10:39.984056+05:30 10.7.24.101 {"EventTime": "2020-05-20 14:10:59","Hostname":"Monsoon.LTDIC.com","Keywords":-

A standard log which gets parsed

2020-05-20T14:10:39.984056+05:30 10.7.24.101 {"EventTime":"2017-09-05 10:11:10","Hostname":"

Below is my conf file

#============ Define ROOT here ===================
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
#============ NXLog Machine Log info =============
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

#=========== For Windows Event Log ===========
<Extension json>
Module xm_json
</Extension>

<Input MSEvtIN>
# For windows 2003 and earlier use the following:
#Module im_mseventlog
# For windows 2005 and later use the following:
Module im_msvistalog
Exec to_json();
</Input>

<Output MSEvtOUT>
Module om_udp
Host DNIF-Adapter-IP
Port 514
</Output>

<Route 1>
Path MSEvtIN => MSEvtOUT
</Route>