Added support for F5 ASM Bot Defense logs

Fixed array handling for host.ip and observer.ip fields

Improved event severity mapping based on Vendor.severity field

Fixed source.ip extraction in APM invalid host header detection

Enhanced event type categorization for APM non-existent session events

Added lowercase normalization for network.transport field

Fixed field mapping to use direct assignment instead of rename function for better performance

Fixed VLAN ID parsing in connection error and SSL handshake failure events

Added support for F5 BIG-IP logs in Splunk format (HTTP traffic, load balancer failures, DNS requests/responses)

Fixed IP address field mapping to correctly populate source.ip, destination.ip, and server.ip fields

Improved timestamp parsing to support additional formats

Enhanced key-value parsing with better handling of empty fields

Added support for F5 Advanced Firewall Module (AFM) logs

Improved ASM event categorization for better threat detection

Updated ECS version to 8.17.0

Updates initial regex to accept events without processid

Improves the field extraction and performance.

Update invalid values for event.type field to comply with ECS.

Bumps ecs.version to 8.16.0.

Now supports all BIG-IP events: ASM, APM, DNS, LTM as well as BIG-IP System and OS logs.

Improves CPS categorization and normalization.

Bumps the minimum LogScale version to 1.142 to support assertions in yaml files.

Adds new event.module and Cps.version fields

Removes the Product field

Sets following tags: Cps.version , Vendor , ecs.version , event.dataset , event.kind , event.module , event.outcome , observer.type