Change log for SPLUNK

Date Changes
2024-05-01 Update the mapping for deprecated UDM field.
2023-11-29 - Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping.
- Modified logic to map "security_result.action_details" UDM field even if the values of "action" raw log field does not match the logic.
2023-05-17 Added "auth.type" for login events.
2023-01-04 - Handled error and changed mapping for "Authentication" datamodel, if "user_id" variable is empty then "user" variable will be mapped to "principal.user.userid". Also, event_type is now mapped to USER_LOGIN.
- Handled unparsed log for "Endpoint" datamodel.
- Modified mapping for "Change" datamodel. The "user" field is mapped to "target.user.user.userid", the "user_name" field is mapped to principal.user.user_display_name for tag `change` and `account`, the "src_user" field is mapped to principal.user.userid. Also, event_type is mapped to "USER_UNCATEGORIZED".
- Modified mapping for the fields "result" and "result_id" in the "Change" datamodel to metadata.description and metadata.product_event_type.
- Changed mapping for the "Network Traffic" datamodel. If "user_id" variable is empty then the "user" variable is mapped to "principal.user.userid".
2022-11-09 Newly created parser.