[integrations][keycloak] - Fixed parser config default value and updated GROK pattern to account for multiline error logs

[ShourieG]

Type of change

• Bug

Proposed commit message

1. The default parser regex pattern was faulty based on the parser requirements, hence updated it accordingly.
2. The existing GROK pattern did not pick up multiline error logs, hence updated it accordingly and regenerated tests reflecting the change.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• URL extention detections seems to have stopped after the change, and the extention is part of the url now.

NOTE:

I revisited the url extention issue and seems even after a revert the extension field is no longer generated. This seems it might not be related to this change but rather how url extensions are now handled in ecs. It seems only file extensions are parsed now instead of a ".path". (could be wrong)

How to test this PR locally

Related issues

Screenshots

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
37.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c29c435

cc @ShourieG

[kcreddy]

LGTM

[elasticmachine]

Package keycloak - 1.22.1 containing this change is available at https://epr.elastic.co/search?package=keycloak