(improve network traffic DM for Fortinet and Netscaler)
app may contain / and space
new regex for *_interface, rule and session_id

- Adds output to show the base search (constraints) of the data model objects to help users know what base tags and filters are in place.
- Includes a table level or event output for the sample events collected.  These can be displayed in either normal mode (all results) or in cluster mode (collapse grouping of similar events into a single sample event.)
- Adds a "Breakdown by eventtype" panels shows related eventtype, their base search, and tags.  (Helpful when trying to determine how/why certain events match the sample data.)
- Adds a "Breakdown by sourcetype and index" panel showing how the events are distributed across these two common fields.

… into lowell-feature

Fix Visualization drop-down default value (which kept the search results from showing up)

- Fixed issue where the "datamodel" dropdown option was not selectable.  (Not sure this ever worked correctly, but it seems to now.)  This hides the eventtype breakdown (since eventtype is not included in the CIM models.)
- Show the datamodel label instead of the internal name in the drop-down.  This allows things like the phrase "(Deprecated)" to be visible to the user.

Found this laying on my hard drive from Dec 2017.   Let's let others test it out.

- Fixed up titles for the event viewer
- Add some descriptive text to the bottom two breakdown tables.

- CIM Validator now honors the "Show only recommended" input selection.
- Limit the number of values for the 'app' field in the "Breakdown by
  sourcetype and index" panel

- Ran 'ksconf xml-format' on all dashboards (normalize XML)
- Hand formatted the most massive searches for readability