…ltoNetworks#287)

PR PaloAltoNetworks#287

#Field Aliases to match corrected Transforms extracts from https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields

pan:system corrected dvc coalesce, added description extracts

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields

…onfig data

Removed "devicegroup_level3" and "devicegroup_level4" fields, which do not exist in the config data, and cause all later fields to parse incorrectly.  

Added PanOS 11 updated fields at end

extract_threat, extract_traffic, extract_globalprotect, and extract_hipmatch all contain the fields "host_id" and "host_serial" - this is extremely useful for asset correlation, and needs to be consistently named for analysis.   In extract_globalprotect, the old version uses 'serial_number' for this field, which collides with field 3, which is the 'dvc_serial', not the serial of the src/user asset being described in the log

"high_res_timestamp"

hipmatch fieldalias & eval updates for CIM consistency

field aliases and evals added for CIM compatibility