0380-windows_decoders.xml issue matching spaces in dhcp log

[fredtj]

Hello,

Using wazuh-logtest to check log lines in our Windows Server 2016/2019 DHCP server log, it seems those lines with spaces in the event are not matched correctly, but those lines without spaces are?

Note that the logs come in the format with spaces.

With spaces:

Type one log per line

13,03/15/24,11:47:19,DNS Update Request,172.0.0.0,,123ABC345AAA,,0,6,,,,,,,,,0

**Phase 1: Completed pre-decoding.
    full event: '13,03/15/24,11:47:19,DNS Update Request,172.0.0.0,,123ABC345AAA,,0,6,,,,,,,,,0'

**Phase 2: Completed decoding.
    name: 'ms-dhcp-ipv4'

**Phase 3: Completed filtering (rules).
    id: '6300'
    level: '0'
    description: 'Grouping for the MS-DHCP ipv4 rules.'
    groups: '['windows', 'dhcp']'
    firedtimes: '1'
    mail: 'False'

Without spaces:

**Phase 1: Completed pre-decoding.
    full event: '15,03/15/24,11:47:19,DNSUpdateRequest,172.0.0.0,,123ABC345AAA,,0,6,,,,,,,,,0'

**Phase 2: Completed decoding.
    name: 'ms-dhcp-ipv4'
    extra_data: 'DNSUpdateRequest'
    id: '15'
    srcip: '172.0.0.0,,123ABC345AAA,,0,6,,,,,,,,,0'

**Phase 3: Completed filtering (rules).
    id: '6309'
    level: '7'
    description: 'MS-DHCP: A lease was denied.'
    groups: '['windows', 'dhcp', 'dhcp_lease_action']'
    firedtimes: '1'
    gdpr: '['IV_35.7.d']'
    gpg13: '['4.12']'
    hipaa: '['164.312.b']'
    mail: 'False'
    nist_800_53: '['AU.6']'
    pci_dss: '['10.6.1']'
    tsc: '['CC7.2', 'CC7.3']'
**Alert to be generated.

Is this a bug, or am I overlooking something?

Thanks!