Cherry-pick #21454 to 7.x: Update Filebeat module expected logs files

[andrewkroh]

Cherry-pick of PR #21454 to 7.x branch. Original message:

What does this PR do?

Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

Why is it important?

Fixes broken Filebeat module.

Checklist

• My code follows the style guidelines of this project
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• Relates add country_name to the default properties of geoip ingest processor elasticsearch#62915.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Pull request #21526 updated]

• Start Time: 2020-10-07T18:27:45.082+0000

• Duration: 69 min 34 sec

Test stats 🧪

Test	Results
Failed	0
Passed	4414
Skipped	570
Total	4984

[andrewkroh]

run tests

[andrewkroh]

This is failing because elastic/elasticsearch#63257 is not merged yet.

[andrewkroh]

run tests

[andrewkroh]

run tests

[kaiyan-sheng]

Thank you for fixing this!

[andrewkroh]

The build is failing with errors like

2020-10-07T10:48:29.658-0200 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(http://elasticsearch:9200)): Connection marked as failed because the onConnect callback failed: 1 error: Error loading pipeline for fileset cyberark/corepas: couldn't load pipeline: couldn't load json. Error: 400 Bad Request: {"error":{"root_cause":[{"type":"script_exception","reason":"compile error","processor_type":"append","script_stack":["... ains(ctx?.host?.hostname server?.domain)) || ctx?. ..."," ^---- HERE"],"script":"ctx?.host?.hostname != null && ctx.host?.hostname != '' && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname server?.domain)) || ctx?.related?.hosts != ctx?.host?.hostname server?.domain)","lang":"painless","position":{"offset":150,"start":125,"end":175}}],"type":"script_exception","reason":"compile error","processor_type":"append","script_stack":["... ains(ctx?.host?.hostname server?.domain)) || ctx?. ..."," ^---- HERE"],"script":"ctx?.host?.hostname != null && ctx.host?.hostname != '' && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname server?.domain)) || ctx?.related?.hosts != ctx?.host?.hostname server?.domain)","lang":"painless","position":{"offset":150,"start":125,"end":175},"caused_by":{"type":"illegal_argument_exception","reason":"invalid sequence of tokens near ['server'].","caused_by":{"type":"no_viable_alt_exception","reason":null}}},"status":400}. Response body: {"error":{"root_cause":[{"type":"script_exception","reason":"compile error","processor_type":"append","script_stack":["... ains(ctx?.host?.hostname server?.domain)) || ctx?. ..."," ^---- HERE"],"script":"ctx?.host?.hostname != null && ctx.host?.hostname != '' && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname server?.domain)) || ctx?.related?.hosts != ctx?.host?.hostname server?.domain)","lang":"painless","position":{"offset":150,"start":125,"end":175}}],"type":"script_exception","reason":"compile error","processor_type":"append","script_stack":["... ains(ctx?.host?.hostname server?.domain)) || ctx?. ..."," ^---- HERE"],"script":"ctx?.host?.hostname != null && ctx.host?.hostname != '' && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname server?.domain)) || ctx?.related?.hosts != ctx?.host?.hostname server?.domain)","lang":"painless","position":{"offset":150,"start":125,"end":175},"caused_by":{"type":"illegal_argument_exception","reason":"invalid sequence of tokens near ['server'].","caused_by":{"type":"no_viable_alt_exception","reason":null}}},"status":400}

[marc-gr]

Seems to be an error introduced in the last changes I did to some of the pipelines, will check if there are others and open a PR fixing it.

[kaiyan-sheng]

CI is green 👍