parse_cef where extension value contains an unescaped "=" character

[aacgood]

Hi,

I am trying to parse the following using the parse_cef function however it returns error[E000]: function call error for "parse_cef" at (15:35): Could not parse whole line successfully

Note: I've stripped and anon'd the log but the offending part seems to be is in cs67 as it contains a url with an unescaped equals character.

{"message":"<114>2024-01-01T00:00:00.000Z MYHOST01 CEF:0|Vendor|Product|2024.7.0.2|DETECT_AND_RESPOND|ENDPOINT|9|cat=\"Endpoint\" cs2Label=incidentID cs2=00000000-0000-0000-0000-000000000000\" cs67Label=callbackURL cs67=\"https://my.domain.goes.here.com/#/incidents?incidentID=000000000-0000-0000-0000-000000000000\" cs68Label=tenantID cs68=INTERNAL "}

When I manually update incidentId= to be incidentId\\= then the parse_cef function works as expected, Whilst the value for cs67 is contained within quotes, it appears to be a bug where it doesnt parse.

As a side note, using the parse_key_value() function is able to extract the unescaped value correctly. This was tested using Vector 0.36.1 and can be replicated in VRL playground

Cheers