Hello

I am trying to get oracle unified logs into Splunk using Splunk DB connect and Oracle Add-on for Splunk.
oracle:audit:unified has default template with sql query :

SELECT *
FROM 
    (SELECT CAST((event_timestamp at TIME zone 'UTC') AS TIMESTAMP) EVENT_TIMESTAMP_UTC,u.*
    FROM UNIFIED_AUDIT_TRAIL u)
WHERE EVENT_TIMESTAMP_UTC > ?
ORDER BY  EVENT_TIMESTAMP_UTC ASC 

But it's giving java.sql.SQLException: ORA-12801: error signaled in parallel query server PPA7, instance -- (2) ORA-01843: not a valid month

I tried changing checkpoint value multiple times but its giving same error.

I get results when I run

SELECT *
FROM 
    (SELECT CAST((event_timestamp at TIME zone 'UTC') AS TIMESTAMP) EVENT_TIMESTAMP_UTC,u.*
    FROM UNIFIED_AUDIT_TRAIL u)
WHERE EVENT_TIMESTAMP_UTC > ?

but when I am adding order by its giving error. I am not sure if its a bug or I am doing something wrong.