Open
Description
The current approach [1][2] to converting extension fields that have an array-like syntax (e.g changing fieldname[0] to [fieldname][0]) can lead to conflicts or data loss if a key with the same fieldname exists elsewhere in the event.
To decrease the risk of conflicts or data loss, the resulting converted key could use a different syntax that increases the likelihood of being unique (e.g fieldname__0)
[1] https://github.com/logstash-plugins/logstash-codec-cef/blob/master/lib/logstash/codecs/cef.rb#L200-L204
[2] https://github.com/logstash-plugins/logstash-codec-cef/blob/master/lib/logstash/codecs/cef.rb#L296-L297