New GC Recipe gcp_logging_l2t_ts

[tmoney-coder]

Added a new recipe that will collect the logs from GC, and then parse them with Docker Plaso, and then submit to Timesketch.

The current gcp_logging_ts doesn't process the data via Plaso. As such, the data is in a different format then with other gcp log collection options. This resolves that issue.

[ramo-j]

This new recipe is very similar to data/recipes/gcp_logging_cloudaudit_ts.json - The only difference I can see is that there is a fixed query in the existing, and no fixed or default query in the new. It is probably better to update the existing to allow the user to specify a query, with the one that is currently hardcoded in used as a default if the user provides no query. WDYT?

[tmoney-coder]

@ramo-j I moved it to a new file as there could be folks that use the existing format for their workflows and I didn't want to intrudce an error existing users would encounter. I am more then happy to update the existing flow.

[ramo-j]

@ramo-j I moved it to a new file as there could be folks that use the existing format for their workflows and I didn't want to intrudce an error existing users would encounter. I am more then happy to update the existing flow.

If the previous fixed query is provided as a default, then existing workflows shouldn't be affected. Updating the existing would be a better way to go I think.

[tmoney-coder]

Moved back to original recipe and then tested working as of 11/20/24