Proofpoint POD parser update.

2022-08-11 17:23:44 +05:30 · 2022-08-11 17:23:44 +05:30 · 965e391304
--- a/Parsers/ProofpointPOD/ProofpointPOD
+++ b/Parsers/ProofpointPOD/ProofpointPOD
@ -21,7 +21,7 @@ let ProofpointPOD_maillog_view = view () {
                SmXdelay=column_ifexists('sm_xdelay_s', ''),
                SmCtladdr=column_ifexists('sm_ctladdr_s', ''),
                EventUid=column_ifexists('sm_msgid_s', ''),
-                NetworkBytes=column_ifexists('sm_sizeBytes_s', ''),
+                NetworkBytes=toreal( column_ifexists('sm_sizeBytes_s', '')),
                TlsEstablished=column_ifexists('sm_tls_verify_s', ''),
                SrcNatIpAddr=column_ifexists('sm_relay_s', ''),
                ProcessName=column_ifexists('sm_daemon_s', ''),
@ -173,7 +173,7 @@ let ProofpointPOD_message_view = view () {
                SrcGeoCountry=column_ifexists('connection_country_s', ''),
                NetworkProtocol=column_ifexists('connection_protocol_s', ''),
                NetworkConnectionState=column_ifexists('connection_resolveStatus_s', ''),
-                NetworkBytes=column_ifexists('msg_sizeBytes_d', ''),
+                NetworkBytes=toreal( column_ifexists('sm_sizeBytes_s', '')),
                NetworkDuration=column_ifexists('filter_durationSecs_d', ''),
                EventStartTime=column_ifexists('filter_startTime_t', ''),
                NetworkDirection=column_ifexists('filter_routeDirection_s', ''),
@ -296,4 +296,4 @@ let ProofpointPOD_message_view = view () {
                SrcUserUpn,
                EventType
 };
-union isfuzzy=true ProofpointPOD_message_view, ProofpointPOD_maillog_view
+union isfuzzy=true ProofpointPOD_message_view, ProofpointPOD_maillog_view