Change log for SWIFT_AMH

Date	Changes
2025-09-23	Enhancement: - Enhanced grok pattern to parse `operator` username to event.idm.read_only_udm.src.user.userid mapping to output 'ADMIN' when operator is 'administrator'. - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `createdAt` raw log field to event.idm.read_only_udm.metadata.collected_timestamp. - event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._file_inode.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels. - event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._ecs_agent_version.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `parentSpanId`, `data.spanId`, `data.traceId` and `offset` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels. - event.idm.read_only_udm.security_result.severity: Newly mapped `data.level` raw log field to event.idm.read_only_udm.security_result.severity. - event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.hostname. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.asset.hostname. - event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `uumid` raw log field to event.idm.read_only_udm.principal.user.product_object_id. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `product_object_id` raw log field to event.idm.read_only_udm.metadata.product_log_id. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `product_event_type` raw log field to event.idm.read_only_udm.metadata.product_event_type. - event.idm.read_only_udm.additional.fields: Newly mapped `_id` raw log field to event.idm.read_only_udm.additional.fields. - event.idm.read_only_udm.principal.asset.creation_time: Newly mapped `data.creationDate` raw log field to event.idm.read_only_udm.principal.asset.creation_time.
2024-03-14	- Newly created parser.

Date

Changes

2025-09-23

Enhancement:
- Enhanced grok pattern to parse `operator` username to event.idm.read_only_udm.src.user.userid mapping to output 'ADMIN' when operator is 'administrator'.
- event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped `createdAt` raw log field to event.idm.read_only_udm.metadata.collected_timestamp.
- event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._file_inode.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels.
- event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `data.properties._ecs_agent_version.str` raw log field to event.idm.read_only_udm.intermediary.resource.attribute.labels.
- event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `parentSpanId`, `data.spanId`, `data.traceId` and `offset` raw log field to event.idm.read_only_udm.principal.resource.attribute.labels.
- event.idm.read_only_udm.security_result.severity: Newly mapped `data.level` raw log field to event.idm.read_only_udm.security_result.severity.
- event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.hostname.
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` raw log field to event.idm.read_only_udm.principal.asset.hostname.
- event.idm.read_only_udm.principal.user.product_object_id: Newly mapped `uumid` raw log field to event.idm.read_only_udm.principal.user.product_object_id.
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `product_object_id` raw log field to event.idm.read_only_udm.metadata.product_log_id.
- event.idm.read_only_udm.metadata.product_event_type: Newly mapped `product_event_type` raw log field to event.idm.read_only_udm.metadata.product_event_type.
- event.idm.read_only_udm.additional.fields: Newly mapped `_id` raw log field to event.idm.read_only_udm.additional.fields.
- event.idm.read_only_udm.principal.asset.creation_time: Newly mapped `data.creationDate` raw log field to event.idm.read_only_udm.principal.asset.creation_time.

2024-03-14

- Newly created parser.