[Cisco Nexus] Improve timezone and timestamp handling

packages/cisco_nexus/_dev/deploy/docker/sample_logs/test-nexus.log

@@ -70,3 +70,4 @@
 <187>Jun 14 11:34:35 ac45ce-sr1 AEST: %SFF8472-3-THRESHOLD_VIOLATION: Te2/0/17: Rx power high warning; Operating value: -0.8 dBm, Threshold value: -1.0 dBm.
 <189>Jun 14 12:00:59 ac2109-sr2 AEST: %SEC_LOGIN-SW2-5-LOGIN_SUCCESS: Login Success [user: srvc_a005a7_000] [Source: 10.218.144.16] [localport: 22] at 12:00:59 AEST Wed Jun 14 2023
 <190>Jun 14 12:04:05 ac500a-sr1 AEST: %SYS-SW1-6-LOGOUT_C6K: User srvc_a005a7_0001_prd has exited tty session 2(10.218.144.32)
+<187>: 2025 Jun 25 12:41:12 MST: %DAEMON-3-SYSTEM_MSG: error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[8480]

packages/cisco_nexus/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.1"
+  changes:
+    - description: Fix bug that did not recognize timestamps to use tz_map override.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14504
 - version: "1.4.0"
   changes:
     - description: Support stack version 9.0.

packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-common-config.yml

@@ -6,3 +6,9 @@ fields:
   tags:
     - preserve_original_event
     - preserve_duplicate_custom_fields
+  _conf:
+    tz_map:
+      - tz_short: MST
+        tz_long: "America/Phoenix"
+      - tz_short: AEST
+        tz_long: "Australia/Sydney"

packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus-tz-mapping.log

@@ -0,0 +1,2 @@
+<187>: 2025 Jun 25 11:36:10 MST: %DAEMON-3-SYSTEM_MSG: error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[23986]
+<187>: 2025 Jun 25 12:41:12 MST: %DAEMON-3-SYSTEM_MSG: error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[8480]

packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus-tz-mapping.log-expected.json

@@ -0,0 +1,108 @@
+{
+    "expected": [
+        {
+            "@timestamp": "2025-06-25T11:36:10.000-07:00",
+            "cisco_nexus": {
+                "log": {
+                    "description": "error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[23986]",
+                    "facility": "DAEMON",
+                    "priority_number": 187,
+                    "severity": 3,
+                    "time": "2025-06-25T11:36:10.000-07:00",
+                    "timezone": "America/Phoenix",
+                    "type": "SYSTEM_MSG"
+                }
+            },
+            "ecs": {
+                "version": "8.17.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "code": "SYSTEM_MSG",
+                "kind": "event",
+                "original": "<187>: 2025 Jun 25 11:36:10 MST: %DAEMON-3-SYSTEM_MSG: error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[23986]",
+                "severity": 3,
+                "timezone": "America/Phoenix",
+                "type": [
+                    "connection"
+                ]
+            },
+            "log": {
+                "level": "error",
+                "syslog": {
+                    "facility": {
+                        "code": 23
+                    },
+                    "priority": 187,
+                    "severity": {
+                        "code": 3
+                    }
+                }
+            },
+            "message": "error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[23986]",
+            "observer": {
+                "product": "Nexus",
+                "type": "switches",
+                "vendor": "Cisco"
+            },
+            "tags": [
+                "preserve_original_event",
+                "preserve_duplicate_custom_fields"
+            ]
+        },
+        {
+            "@timestamp": "2025-06-25T12:41:12.000-07:00",
+            "cisco_nexus": {
+                "log": {
+                    "description": "error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[8480]",
+                    "facility": "DAEMON",
+                    "priority_number": 187,
+                    "severity": 3,
+                    "time": "2025-06-25T12:41:12.000-07:00",
+                    "timezone": "America/Phoenix",
+                    "type": "SYSTEM_MSG"
+                }
+            },
+            "ecs": {
+                "version": "8.17.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "code": "SYSTEM_MSG",
+                "kind": "event",
+                "original": "<187>: 2025 Jun 25 12:41:12 MST: %DAEMON-3-SYSTEM_MSG: error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[8480]",
+                "severity": 3,
+                "timezone": "America/Phoenix",
+                "type": [
+                    "connection"
+                ]
+            },
+            "log": {
+                "level": "error",
+                "syslog": {
+                    "facility": {
+                        "code": 23
+                    },
+                    "priority": 187,
+                    "severity": {
+                        "code": 3
+                    }
+                }
+            },
+            "message": "error: kex_exchange_identification: Connection closed by remote host - dcos_sshd[8480]",
+            "observer": {
+                "product": "Nexus",
+                "type": "switches",
+                "vendor": "Cisco"
+            },
+            "tags": [
+                "preserve_original_event",
+                "preserve_duplicate_custom_fields"
+            ]
+        }
+    ]
+}