Hi community, I have a customer who recently deployed Netwitness 11.4.1 and he is retrieving windows events using WinRM. Almost all events were retrieved just fine except those within the System Channel with ID 7036. The raw of the event is as follows:
%NICWIN-4-System_7036_Service Control Manager: System,rn=4845808 cid=2104 eid=716,Thu Jul 30 14:50:16 2020,7036,Service Control Manager,,,host.domain.net,0,,
This kind of event, obviously isn’t correctly parsed causing the existence of the "word" meta key.
Maybe we are missing something on the windows server side, but I don't know how to pinpoint this issue