Change log for QUEST_AD

Date Changes
2025-08-13 Enhancement:
- Added gsub for `message` to parse the logs in proper format.
- Added gsub for `kv_data` to parse the logs in proper format.
- Added a grok pattern for `message` data field to parse new format of logs.
- Added new kv filter for `kv_data` field to parse the logs in proper format.
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.event_timestamp`.
- Modified the drop condition to drop logs only if `not_json` is true and `not_json_error` is true.
- Added conditional check for `Source_Network_Address` to not be empty, "N/A", "null", or "-".
- Added conditional check for `Source_Port` to not be empty, "N/A", "null", or "-".
- event.idm.read_only_udm.target.user.userid: Newly mapped `ComputerName` raw log field with `event.idm.read_only_udm.target.user.userid` when `description` contains "logged on".
- event.idm.read_only_udm.target.user.product_object_id: Newly mapped `Environment` raw log field with `event.idm.read_only_udm.target.user.product_object_id` when `description` contains "logged on".
- event.idm.read_only_udm.metadata.event_type: If `description` contains "logged on", then set the `event.idm.read_only_udm.metadata.event_type` UDM field as USER_LOGIN.
- event.idm.read_only_udm.security_result.about.resource.attribute.labels: Newly mapped `Logon_Process` raw log field with `event.idm.read_only_udm.security_result.about.resource.attribute.labels`.
- event.idm.read_only_udm.metadata.event_type: If `has_principal_user` is true, then set as USER_UNCATEGORIZED.
- event.idm.read_only_udm.metadata.event_type: If `has_principal` is true, then set as STATUS_UPDATE.
2024-11-07 Enhancement:
- Added a Grok pattern to parse "suser" from the log.
2024-10-21 Enhancement:
- Added support for new format logs.
2024-02-09 - Added support for JSON format logs.