Error Create Custom Parser

Hello everyone,
I have tried to create a parser without success
Can anyone help me identify the error?

Reference Log:
<190>1 2024-11-11T20:24:37.752440+00:00 CoreX tpmd 655 - - Event|13601|LOG_INFO|||TPM_Sign requested by hpe-restd was successful

filter {

mutate {

replace => {

"event.idm.read_only_udm.metadata.event_type" => "tpmd"

"event.idm.read_only_udm.principal.process.pid" => "655"

"event.idm.read_only_udm.metadata.product_event_type" => "Event|13601|LOG_INFO"

"event.idm.read_only_udmmetadata.description" => "TPM_Sign requested by hpe-restd was successful"

}

mutate {

replace => {

"event.idm.read_only_udm.metadata.event_type" => "%{event_type}"

"event.idm.read_only_udm.principal.process.pid" => "%{product_name}"

"event.idm.read_only_udm.metadata.product_event_type" => "%{product}"

"event.idm.read_only_udmmetadata.description" => "%{description}"

}

grok {

match => {

"message" => [

"%{SYSLOGTIMESTAMP:2024-11-11T20:24:37.752440+00:00} %{HOST:CoreXBTJ2}

]

}

on_error => "grok_message_fail"

}

#Parse date format: 2019-06-18T15:31:57.5530000Z

date {

match => ["syslogtime", "RFC3339"]

}

mutate {

merge => {

"@output" => "event"

}

+4

You have several issues

Missing close quote on line 22
Undeclared variables with missing on_error in replace statement on line 12
metadata.event_type is a UDM enum field, "tpmd" is not allowed (https://cloud.google.com/chronicle/docs/reference/udm-field-list#Metadata.EventType)
Your grok pattern is incorrect (https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html), variable names go after the : in the grok pattern shorthand notation. Like this: %{SYSLOGTIMESTAMP:syslogtime}

Here are some docs on parsing, I recommend reviewing these and making sure your code is compliant with the parser language and UDM.