Change log for EPIC

Date Changes
2025-07-24 Enhancement:
- Added a new grok pattern to support for CEF format logs.
- Included additional date formats for timestamp parsing.
- Added gsubs to handle "" and convert "AUDIT SESSION" to "AUDIT_SESSION".
- Refactored key-value splitting logic in `kv_data` to handle space-separated keys using gsub.
- Added 'on_error' for KV filter.
- Rearranged the conditions for determining `event.idm.read_only_udm.metadata.event_type`.
- Extracted `severity` from raw log and renamed it to `sev` if `sev` raw log field is empty.
- event.idm.read_only_udm.additional.fields: Newly mapped `act` raw log field to `event.idm.read_only_udm.additional.fields`.
- event.idm.read_only_udm.additional.fields: Newly mapped `cnt` raw log field to `event.idm.read_only_udm.additional.fields`.
- event.idm.read_only_udm.additional.fields: Newly mapped `end` raw log field to `event.idm.read_only_udm.additional.fields`.
- event.idm.read_only_udm.metadata.product_version: Newly mapped `product_version` raw log field to `event.idm.read_only_udm.metadata.product_version`.
- event.idm.read_only_udm.principal.asset.asset_id: Newly mapped `workstationID` raw log field to `event.idm.read_only_udm.principal.asset.asset_id`.
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `shost` raw log field to `event.idm.read_only_udm.principal.asset.hostname`.
- event.idm.read_only_udm.principal.hostname: Newly mapped `shost` raw log field to `event.idm.read_only_udm.principal.hostname`.
- event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `suser` raw log field to `event.idm.read_only_udm.principal.user.user_display_name`.
- event.idm.read_only_udm.principal.user.userid: Newly mapped `suser` raw log field to `event.idm.read_only_udm.principal.user.userid`.
- event.idm.read_only_udm.target.asset.ip: Newly mapped `IP` raw log field to `event.idm.read_only_udm.target.asset.ip`.
- event.idm.read_only_udm.target.ip: Newly mapped `IP` raw log field to `event.idm.read_only_udm.target.ip`.
2024-07-01 Enhancement:
- Changed mapping of "metadata.event_timestamp" from "devTime" to "timestamp" by extracting year from the field "devTime".
- Mapped "devTime" to "additional.fields".
2022-10-31 Bugfix- Added support for multiple events.
2022-06-09 Bugfix - added support for multiple events containing center dot "·".
Added conditional checks for field "devTime", "usrName", "shost", "sev", "IP".
2022-04-14 Bugfix-added support for multiple events