Integration Name

Cisco Secure Email Gateway [cisco_secure_email_gateway]

Dataset Name

cisco_secure_email_gateway.log

Integration Version

1.28.1

Agent Version

9.2.1

Agent Output Type

elasticsearch

Elasticsearch Version

9.2.1

OS Version and Architecture

Ubuntu

Software/API Version

No response

Error Message

Fields getting parsed incorrectly due to colon in file name

Event Original

<166>Mar 17 18:24:37 amp: Info: Response received for file reputation query from Cache. File Name = Test,December 1, 2025 at 01:47:02 AM.svg, MID = 17, Disposition = LOWRISK, Malware = None, Analysis Score = 0, sha256 = 16454aff5082c2e9df43f3e3b9cdba3c6ae1766416e548c30a971786db570bfc, upload_action = Recommended to send the file for analysis, verdict_source = CLAMAV

What did you do?

I installed the out of the box integration and sent data to the ingest pipeline.

What did you see?

I saw random field names being generated such as 2025 at 01 which is causing a mapping explosion.

What did you expect to see?

I expect the File Name to be properly parsed when a colon is present in the file name.

Anything else?

No response