-
Problem report
-
Resolution: Unresolved
-
Trivial
-
None
-
6.0.6, 6.2.0
-
None
Steps to reproduce:
- Create an eventlog item for Windows. Incoming events are correct for now in latest data.
- Add preprocessing to this item.
$AUTH.LOG.ALLOW = '.+' # Any $AUTH.LOG.DENY = '(?!)' # Nothing
Result:
In latest data the attributes Local time, Source, Severity, and Event ID are empty. Although the content is not even changed or overwritten by the RegEx, instead it is only checked for validity. Nevertheless, this seems to have an impact on these additional attributes.
Expected:
The attributes Local time, Source, Severity, and Event ID should remain available despite preprocessing.