Closed as program error.
It has been identified that DNS event logs from 32 bit versions of the Microsoft Windows server operating system, gathered using WinCollect, can be missing some payload data.
No workaround available.
WINCOLLECT PULLS INCOMPLETE PAYLOADS FROM 32 BIT VERSIONS OF MICROSOFT WINDOWS SERVER OS DNS EVENT LOGS
This issue is resolved with the release of WinCollect 7.2.7 7.2.0-QRADAR-720_QRadar_wincollectupdate-18.104.22.1681.sfs 7.3.0-QRADAR-730_QRadar_wincollectupdate-22.214.171.124.sfs
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
08 September 2017