restore the blank line

Author: gogochan

packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log

@@ -55,3 +55,4 @@ date= desc="Object update request from device of FortiClient received" msg="Send
 <185> date=2024-02-26 time=11:10:55 devname="FW-INT_01_01" devid="FG1K5DKKKKKK" eventtime=1708942255551034463 tz="+0100" logid="0100032002" type="event" subtype="system" level="alert" vd="Int" logdesc="Admin login failed" sn="0" user="name.lastname" ui="https(192.168.1.1)" method="https" srcip=192.168.1.1 dstip=10.10.10.10 action="login" status="failed" reason="passwd_invalid" msg="Administrator name.lastname login failed from https(192.168.1.1) because of invalid password"
 <189>date=2024-05-23 time=15:20:07 devname="SMBFT......." devid="FGVxxxxxxxxx" eventtime=1716470406883543012 tz="+0200" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=10.101.102.103 srcname="skoda.host.name" srcport=62430 srcintf="port2" srcintfrole="lan" dstip=10.250.186.99 dstname="clientservices.googleapis.com" dstport=80 dstintf="port3" dstintfrole="wan" srccountry="Reserved" dstcountry="United States" sessionid=1588040660 proto=6 action="deny" policyid=3 policytype="proxy-policy" poluuid="a783fde6-3a69-51eb-2d9e-4b559e26de3f" comment="PXIAA000" service="PRX-ALL" trandisp="noop" url="http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=124" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high" msg="Traffic denied because of explicit proxy policy" clustername="PROXY-xxx"
 <185>date=2025-02-05 time=00:19:02 devname="FortiGate02" devid="FGVMSLTM12345678" eventtime=1738739943102530459 tz="-0700" logid="0987654321" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=10.2.4.9 srccountry="United States" dstip=10.7.3.6 dstcountry="United States" srcintf="port2.800" srcintfrole="wan" dstintf="port2.824" dstintfrole="lan" sessionid=123454321 action="dropped" proto=6 service="HTTP" policyid=222 poluuid="abcdef00-1234-5678-9012-aabbccddeeff" policytype="security-policy" attack="PHP.CGI.Argument.Injection" srcport=55650 dstport=80 hostname="10.7.3.6" url="/%70%68%70%70%61%74%68/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%3d%6f%6e+%2d%64+%73%61%66%65%5f%6d%6f%64%65%3d%6f%66%66+%2d%64+%73%75%68%6f%73%69%6e%2e%73%69%6d%75%6c%61%74%69%6f%6e%3d%6f%6e+%2d%64+%64%69%73%61%62%6c%65%5f%66%75" agent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" httpmethod="POST" direction="outgoing" attackid=31752 profile="dps.ips.outbound" ref="http://www.fortinet.com/ids/VID31752" incidentserialno=987654321 msg="web_server: PHP.CGI.Argument.Injection" crscore=30 craction=8192 crlevel="high"
+

packages/fortinet_fortigate/data_stream/log/_dev/test/pipeline/test-fortinet.log-expected.json

@@ -5001,6 +5001,19 @@
  "user_agent": {
  "original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"
  }
+ },
+ {
+ "ecs": {
+ "version": "8.17.0"
+ },
+ "observer": {
+ "product": "Fortigate",
+ "type": "firewall",
+ "vendor": "Fortinet"
+ },
+ "tags": [
+ "preserve_original_event"
+ ]
  }
  ]
 }