diff --git a/docs/sources/Citrix/index.md b/docs/sources/Citrix/index.md
index 3c2fc13..3dedf1a 100644
--- a/docs/sources/Citrix/index.md
+++ b/docs/sources/Citrix/index.md
@@ -29,7 +29,7 @@ MSG Parse: This filter parses message content
 
 * Install the Splunk Add-on on the search head(s) for the user communities interested in this data source. If SC4S is exclusively used the addon is not required on the indexer.
 * Review and update the splunk_index.csv file and set the index and sourcetype as required for the data source.
-* Follow vendor configuration steps per Product Manual above. Ensure the data format selected is "MMDDYYYY" 
+* Follow vendor configuration steps per Product Manual above. Ensure the data format selected is "DDMMYYYY" 
 
 ### Options
 
diff --git a/package/etc/conf.d/filters/citrix/netscaler.conf.tmpl b/package/etc/conf.d/filters/citrix/netscaler.conf.tmpl
index 81fd636..57a1dbf 100644
--- a/package/etc/conf.d/filters/citrix/netscaler.conf.tmpl
+++ b/package/etc/conf.d/filters/citrix/netscaler.conf.tmpl
@@ -10,13 +10,13 @@ filter f_citrix_netscaler_message {
 
 parser p_citrix_netscaler_date {
 {{- if (conv.ToBool (getenv "SC4S_SOURCE_CITRIX_NETSCALER_USEALT_DATE_FORMAT" "no")) }}
-    #01/10/2001:01:01:01 GMT
-    date-parser(format('%d/%m/%Y:%H:%M:%S %Z')
-                template("$2"));
-{{- else }}
     #10/01/2001:01:01:01 GMT
     date-parser(format('%m/%d/%Y:%H:%M:%S %Z')
                 template("$2"));
+{{- else }}
+    #01/10/2001:01:01:01 GMT
+    date-parser(format('%d/%m/%Y:%H:%M:%S %Z')
+                template("$2"));
 {{- end }}
 };
 
diff --git a/tests/test_citrix_netscaler.py b/tests/test_citrix_netscaler.py
index e73b191..a382acf 100644
--- a/tests/test_citrix_netscaler.py
+++ b/tests/test_citrix_netscaler.py
@@ -20,7 +20,7 @@ def test_citrix_netscaler(record_property, setup_wordlist, setup_splunk, setup_s
     host = "test-ctitrixns-{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
     pid = random.randint(1000, 32000)
 
-    mt = env.from_string("{{ mark }} {% now 'utc', '%m/%d/%Y:%H:%M:%S' %} GMT {{ host }} ABC-D : SSLVPN HTTPREQUEST 1234567 : Context username@192.0.2.1 - SessionId: 12345- example.com User username : Group(s) groupname : Vserver a1b2:c3d4:e5f6:a7b8:c9d0:e1f2:a3b4:c5d6:123 - 01/01/2001:01:01:01 GMT GET file/path.gif - -\n")
+    mt = env.from_string("{{ mark }} {% now 'utc', '%d/%m/%Y:%H:%M:%S' %} GMT {{ host }} ABC-D : SSLVPN HTTPREQUEST 1234567 : Context username@192.0.2.1 - SessionId: 12345- example.com User username : Group(s) groupname : Vserver a1b2:c3d4:e5f6:a7b8:c9d0:e1f2:a3b4:c5d6:123 - 01/01/2001:01:01:01 GMT GET file/path.gif - -\n")
     message = mt.render(mark="<12>", host=host, pid=pid)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])