Proposed commit message

This PR improves the Cisco IOS ingest pipeline to properly handle hostnames that begin with digits. Even though such hostnames do not strictly conform to the Cisco IOS naming specification, hostnames starting with digits are commonly used in real-world configurations.

To do this we modified the grok pattern to allow such hostnames, e.g.

<190>3132811: 3router 3132807: Jul 14 2023 08:23:43.398 UTC: %FOO-6-BAR: Numeric hostname with sequence

Due to the limitations of the grok parser's regex support, this also allowed all-digit hostnames, which caught cases like

<190>2361044: Jul 14 2023 08:23:43.398 UTC: %FOO-6-BAR: Test header format

where 2361044 is in the same place as the hostname but is instead a sequence number (compare

<190>sw01: Jul 14 2023 08:23:43.398 UTC: %FOO-6-BAR: Test header format

). We had to special-case this processing with additional ingest processors.

Another problem was created by timestamps like this

<46>: 2023 Aug 27 21:40:50 PDT: %...
<46>: 2023host Aug 27 21:40:50 PDT: %...

where 2023 is in fact part of the timestamp but 2023host is a valid hostname (and the timestamp does not contain the year at all). We fixed this issue by making sure that there is an additional attempt to recognize the timestamp pattern before proceeding with recognizing it as a hostname.

These cases are covered by new tests in test-numeric-hostname.log. Note that @timestamp is a dynamic field (the timestamp without a year refers to a current year), so correctness of some tests is not checked automatically.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices