MSSQL incorrect timestamp parsing #1331
Description
I have a raw MSSQL ERRORLOG file. Parsing this file using the existing MSSQL plugin results in an issue with the timestamps. The timestamps do not match the message as they do in the raw log.
$ rg xp_cmdshell fs/C\:/Program\ Files/Microsoft\ SQL\ Server/MSSQL15.MSSQLSERVER/MSSQL/LOG/ERRORLOG
4987:2025-09-15 09:49:56.54 rpid03 SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', search for 'xp_cmdshell' in SQL Server Books Online.
4989:2025-09-15 09:50:37.20 rpid03 Configuration option 'xp_cmdshell' changed from 0 to 1. Run the RECONFIGURE statement to install.
4994:2025-09-15 11:26:01.31 rpid03 Configuration option 'xp_cmdshell' changed from 1 to 0. Run the RECONFIGURE statement to install.
$ target-query -f mssql.errorlog TARGET > mssql_errorlog.rec
$ rdump mssql_errorlog.rec ~~f '{ts} -~~> {message}' | grep xp_cmdshell
2025-09-15 09:50:28.880000+00:00 --> SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', search for 'xp_cmdshell' in SQL Server Books Online.
2025-09-15 10:15:02.320000+00:00 --> Configuration option 'xp_cmdshell' changed from 0 to 1. Run the RECONFIGURE statement to install.
2025-09-15 11:26:06.290000+00:00 --> Configuration option 'xp_cmdshell' changed from 1 to 0. Run the RECONFIGURE statement to install.