Add 16 new experimental packages (#181)

This adds the following packages:
 - tomcat (fileset tomcat.log) version: 0.1.0
 - netscout (fileset netscout.sightline) version: 0.1.0
 - f5 (fileset f5.bigipapm) version: 0.1.0
 - bluecoat (fileset bluecoat.director) version: 0.1.0
 - citrix (fileset citrix.virtualapps) version: 0.1.0
 - cylance (fileset cylance.protect) version: 0.1.0
 - imperva (fileset imperva.securesphere) version: 0.1.0
 - infoblox (fileset infoblox.nios) version: 0.1.0
 - juniper (fileset juniper.junos) version: 0.1.0
 - kaspersky (fileset kaspersky.av) version: 0.1.0
 - tenable (fileset tenable.nessus_security) version: 0.1.0
 - rapid7 (fileset rapid7.nexpose) version: 0.1.0
 - radware (fileset radware.defensepro) version: 0.1.0
 - sonicwall (fileset sonicwall.firewall) version: 0.1.0
 - squid (fileset squid.log) version: 0.1.0
 - zscaler (fileset zscaler.zia) version: 0.1.0

packages/barracuda/0.1.0/docs/README.md

@@ -16,6 +16,9 @@ The `waf` dataset collects Barracuda Web Application Firewall logs.
 | dataset.name | Dataset name. | constant_keyword |
 | dataset.namespace | Dataset namespace. | constant_keyword |
 | dataset.type | Dataset type. | constant_keyword |
+| datastream.dataset | Datastream dataset. | constant_keyword |
+| datastream.namespace | Datastream namespace. | constant_keyword |
+| datastream.type | Datastream type. | constant_keyword |
 | destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword |
 | destination.bytes | Bytes sent from the destination to the source. | long |
 | destination.domain | Destination domain. | keyword |