The Auto Timestamp function tries to automatically figure out the time format. Part of that could be a timezone, which is often something like UTC, EDT or PST. All uppercase letters! So the INFO term immediately following the timestamp is mistakenly seen as a timezone, but then fails to parse because it isnt.

The work arounds:

• Remove or modify the log level
• Use the "Additional timestamps" area to explicitly declare your format
• Modify the existing timestamp to include an explicit timezone
• My preferred: Extract the text timestamp into a new field without the term following it, then run Auto Timestamp on that field as below:

Regex Extract: ^(?<__mytime>[0-9\/]+\s[0-9:]+)
Auto Timestamp: Source Field __mytime