Change log for SERVICENOW_AUDIT

Date Changes
2025-05-21 Enhancement:
- Added Grok pattern to provide support for SYSLOG logs.
- Extracted the `User` from the log using the Grok pattern, which is mapped to `event.idm.read_only_udm.principal.user.userid`.
- `event.idm.read_only_udm.principal.ip`: Newly mapped "statprin_ipus" raw log field with `event.idm.read_only_udm.principal.ip` UDM field.
- `event.idm.read_only_udm.principal.asset.ip`: Newly mapped "statprin_ipus" raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field.
- `event.idm.read_only_udm.additional.fields`: Newly mapped "exportByteSize" and "exportRecordCount" raw log field with `event.idm.read_only_udm.additional.fields` UDM field.
- Set `event.idm.read_only_udm.metadata.event_type` to `STATUS_UPDATE` when `event.idm.read_only_udm.principal.ip` is getting populated.
2025-05-16 Enhancement:
- Added Grok pattern to provide support for SYSLOG logs.
- `event.idm.read_only_udm.security_result.action_details`: Newly mapped "status" raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field.
- If `status` is equal to `successful` then set `security_result_action` to `ALLOW`.
- If `status` is equal to `failure` then set `security_result_action` to `BLOCK`.
- `event.idm.read_only_udm.security_result.action`: Newly mapped "security_result_action" raw log field with `event.idm.read_only_udm.security_result.action` UDM field.
- `event.idm.read_only_udm.security_result`: Newly merged "security_result" to "event.idm.read_only_udm.security_result" UDM field.
2025-01-15 - Newly created parser