Make CEF key name mapping case-insensitive

There's some case inconsistency in CEF docs (i.e. C6a4Label). Better to
ignore case when mapping keys to full names.

x-pack/filebeat/processors/decode_cef/cef/cef.go

@@ -124,7 +124,7 @@ func (e *Event) Unpack(data string, opts ...Option) error {
 	}
 
 	for key, field := range e.Extensions {
-		mapping, found := extensionMapping[key]
+		mapping, found := extensionMappingLowerCase[strings.ToLower(key)]
 		if !found {
 			continue
 		}

x-pack/filebeat/processors/decode_cef/cef/keys.go

@@ -4,6 +4,8 @@
 
 package cef
 
+import "strings"
+
 type mappedField struct {
 	Target string
 	Type   DataType
@@ -657,3 +659,11 @@ var extensionMapping = map[string]mappedField{
 		Type:   TimestampType,
 	},
 }
+
+var extensionMappingLowerCase = map[string]mappedField{}
+
+func init() {
+	for k, v := range extensionMapping {
+		extensionMappingLowerCase[strings.ToLower(k)] = v
+	}
+}

x-pack/filebeat/processors/decode_cef/testdata/samples.log.golden.json

@@ -948,7 +948,6 @@
         "agentType": "agent_ac",
         "agentVersion": "7.1.7.7602.0",
         "assetCriticality": "0",
-        "c6a4Label": "Agent IPv6 Address",
         "categoryBehavior": "/Access/Stop",
         "categoryDeviceGroup": "/Firewall",
         "categoryDeviceType": "Firewall",
@@ -958,6 +957,7 @@
         "deviceAddress": "111.111.111.99",
         "deviceAssetId": "5Wa8hHVSDFBCc-t56wI7mTw==",
         "deviceCustomIPv6Address4": "ffff:0:0:0:222:5555:ffff:5555",
+        "deviceCustomIPv6Address4Label": "Agent IPv6 Address",
         "deviceCustomNumber1Label": "ICMP Type",
         "deviceCustomNumber2Label": "ICMP Code",
         "deviceCustomNumber3Label": "DurationInSeconds",