Feat: make Haproxy captures ECS compliant

[kares]

The naming is, yet again, inspired by Beats' haproxy module. As usual Beats can do more using the whole pipeline but we're pretty close, notable differences:

Nov 4 08:28:42 debian10 haproxy[3666]: 127.0.0.1:34278 [04/Nov/2020:08:28:42.475] front bnodes/node1 0/0/0/0/1 200 10956 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"

• Beats matches the debian10 part as haproxy.source while LS goes with IPORHOST:[host][hostname]
• Beats does not capture [haproxy][total_time_ms] -> this fields ends up as event.duration (after being * 1000), represents the %Tt field from haproxy's log line format
  • LS also does not type-cast this field on purpose as it might be + prefixed in which case it indicates an "inaccuracy"
• Beats does not parse out the raw request line ("GET / HTTP/1.1" part) while LS will do into: http.request.method, http.version and url.* fields

[kares]

@ebeahan @webmat if you guys find time to have a look, as outlined in the PR's description it's close to what Beats does - with the few differences noted. the HAPROXYTCP is a stripped down :scissors: version of HAPROXYHTTP so it's mostly about matching the http log, sample match: https://github.com/logstash-plugins/logstash-patterns-core/blob/f4e7242e47a9b11c4bb482078811c6603ebf8250/spec/patterns/haproxy_spec.rb#L9-L35

[webmat]

I have a complaint about the title of this PR 😂