Merge pull request #261 from splunk/fix/zscaler

Add timestamp parsing to zscaler log path

package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl

@@ -12,6 +12,7 @@ log {
     source (s_ZSCALER_NSS);
 {{- end }}
 
+    parser { date-parser(format("%Y-%m-%d %H:%M:%S") template('$(substr "$LEGACY_MSGHDR$MSG" "0" "19")')); };
     rewrite {
         set("zscaler_nss", value("fields.sc4s_vendor_product"));
         subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));