I have the same issue. I opened a case at software support.

I received the following information:

- the problem is due to a change in timestamp format on certain fields coming from Office 365 (for example hasExpired, contentExpiration). Previously the format went to only seconds, now it includes milliseconds ;

- we have an existing bug open for this, with refernece CON-18868.

- it looks like this cannot be fixed with an override, because it requires a fix to the framework (software)

I also opened a case at Microsoft. I will keep you updated.

Thanks Sander,  I opened a ticket also with HP and got the same feedback.

This issue has been fix now with ArcSight-7.5.1.7998.0-Connector.

Hi Richel,

Thank you for sharing this. I just updated to parser 7.5.2.8001.0 and the same error about parsing the date still appears. I also tried 7.5.1.7998.0. The parser update to 7.5.1.7998 resolved the issue for you? I opened a ticket with Microsoft in the meantime.

Thanks!

I received the same fix from HPE. From what I was told, the next framework release will have this fix embedded.

Contacting Microsoft resulted in the following comment:

"From our side we have always used the milliseconds on the timestamps of the logs, although this may be a change to that specific log that still was not implemented, this type of increment will not be erased and it is not possible to change, as this is a configuration on the API which is available to everyone."

@Katherine Riley parser updates will not solve this issue. You can contact HPE support and ask for the fix as a temporary solution.

Thank you for the update, ! Much appreciated.

HP provided me with a version of the SmartConnector framework (7.5.1.7998.0) that is not currently posted on their downloads page or in the Marketplace. After installing it, the date issue has been resolved.

Thanks again!

The officially fix will be the  new framework 7.6 that will be release end of month I think.