Regression to #19627 for Security Events with Source IP "LOCAL"

[MakoWish]

There is a regression to #19627 in Winlogbeat versions 8.x after moving from .js parsing to Ingest Pipeline.

• Version: 8.x
• Operating System: Windows (all)
• Steps to Reproduce: Install Winlogbeat and monitor console output for failure to ingest do to source.ip: "LOCAL" or source.ip: "Unknown" not being valid IP addresses.

I have submit PR #34252 which would validate "LOCAL" to a valid and synonymous IP "127.0.0.1". Values of "Unknown" would be skipped from being copied to source.ip.

Eric

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

This was fixed by #34295 which incorrectly marks itself as fixing #19627.

@MakoWish Please comment here if you believe this is incorrect.