Logprep

Improvements

* Replace rule_filter with lucene_filter in predetector output. The old internal logprep rule
representation is not present anymore in the predetector output, the name `rule_filter` will stay
in place of the `lucene_filter` name.
* 'amides' processor now stores confidence values of processed events in the `amides.confidence` field.
In case of positive detection results, rule attributions are now inserted in the `amides.attributions` field.

Bugfix

* Fix lucene rule filter representation such that it is aligned with opensearch lucene query syntax
* Fix grok pattern `UNIXPATH` by internally converting `[[:alnum:]]` to `\w"`
* Fix overwriting of temporary tld-list with empty content

Bugfix

* Fix creation of logprep temp dir
* Fix `dry_runner` to support extra outputs of the `selective_extractor`

Improvements

* Make the `PROMETHEUS_MULTIPROC_DIR` environment variable optional, will default to
`/tmp/PROMETHEUS_MULTIPROC_DIR` if not given

Bugfix

* All temp files will now be stored inside the systems default temp directory

Improvements

* Bump `requests` to `>=2.31.0` to circumvent `CVE-2023-32681`
* Include a lucene representation of the rule filter into the predetector results. The
representation is not completely lucene compatible due to non-existing regex functionality.

Bugfix

* Fix error handling of FieldManager if no mapped source field exists in the event.
* Fix Grokker such that only the first grok pattern match is applied instead of all matching
pattern
* Fix Grokker such that nested parentheses in oniguruma pattern are working (3 levels are supported
now)
* Fix Grokker such that two or more oniguruma can point to the same target. This ensures
grok-pattern compatibility with the normalizer and other grok tools

Features

* Extend dissector such that it can trim characters around dissected field with `%{field-( )}`
notation.
* Extend timestamper such that it can take multiple source_formats. First format that matches
will be used, all following formats will be ignored

Improvements

* Extend the `FieldManager` such that it can move/copy multiple source fields into multiple targets
inside one rule.

Bugfix

* Fix error handling of missing source fields in grokker
* Fix using same output fields in list of grok pattern in grokker

Features
* add `timestamper` processor to extract timestamp functionality from normalizer

Improvements
* removed `arrow` dependency and depending features for performance reasons
* switched to `datetime.strftime` syntax in `timestamp_differ`, `s3_output`, `elasticsearch_output` and `opensearch_output`
* encapsulate time related functionality in `logprep.util.time.TimeParser`


Bugfix
* Fix missing default grok patterns in packaged logprep version