Authentik parser filter is too strict for Docker deployments

[srcLegend]

Describe the bug

The Authentik log parser (parsers/s01-parse/firix/authentik-logs.yaml) uses a hardcoded filter that only matches logs where the program name is exactly "authentik":

filter: "Lower(evt.Parsed.program) == 'authentik'"

This prevents parsing of logs from standard Authentik Docker deployments where containers are tagged separately (e.g., authentik-server, authentik-worker, authentik-database, etc.).

To Reproduce

# Fails to parse (program: authentik-server)
cscli explain --log '2025-12-29T21:34:41-05:00 docker-desktop authentik-server[124]: {"action": "login_failed", "client_ip": "12.34.56.78", ...}' --type syslog --verbose

# Parses correctly (program: authentik)
cscli explain --log '2025-12-29T21:34:41-05:00 docker-desktop authentik[124]: {"action": "login_failed", "client_ip": "12.34.56.78", ...}' --type syslog --verbose

Expected behavior

The filter should match any program name starting with "authentik" to support common Docker logging setups.

[LaurenceJJones]

From your example (don't know if ai was used) they both show the same failed login at the same timestamp (unless the server is authentik in docker). If we do what your asking a failed login would count twice which we don't want to happen.

[srcLegend]

Not from an AI, it's an actual line from the logs generated by my Authentik container.

The original log line is the first one (with docker-desktop authentik-server[124]). I manually removed the -server part to test if that would be parsed correctly (which it was)

[LaurenceJJones]

Not from an AI, it's an actual line from the logs generated by my Authentik container.

The original log line is the first one (with docker-desktop authentik-server[124]). I manually removed the -server part to test if that would be parsed correctly (which it was)

Okay so in docker the container name has -server?

[srcLegend]

Exactly, yes. I can upload my compose and configuration files if they can help?

[LaurenceJJones]

Exactly, yes. I can upload my compose and configuration files if they can help?

all good, I just got confused by the explain, but once I asked more questions it became clear 👍🏻