fix event.type have incorrect value in system/syslog (elastic#20390)

event.type was being set to event.  event is not one of the allowed
values for event.type in ECS.  Changing field to event.kind, where
event is an allowed value.

Closes elastic#20365

(cherry picked from commit 6843c55)

CHANGELOG.next.asciidoc

@@ -266,6 +266,7 @@ field. You can revert this change by configuring tags for the module and omittin
 - Fix `fortinet` setting `event.timezone` to the system one when no `tz` field present {pull}20273[20273]
 - Fix `okta` geoip lookup in pipeline for `destination.ip` {pull}20454[20454]
 - Fix `cisco` asa and ftd parsing of messages 106102 and 106103. {pull}20469[20469]
+- Fix event.kind for system/syslog pipeline {issue}20365[20365] {pull}20390[20390]
 
 *Heartbeat*
 

filebeat/module/system/syslog/ingest/pipeline.yml

@@ -49,7 +49,7 @@ processors:
 - remove:
     field: system.syslog.timestamp
 - set:
-    field: event.type
+    field: event.kind
     value: event
 on_failure:
 - set:

filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json

@@ -1,9 +1,9 @@
 [
     {
         "event.dataset": "system.syslog",
+        "event.kind": "event",
         "event.module": "system",
         "event.timezone": "-02:00",
-        "event.type": "event",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
         "input.type": "log",
@@ -18,9 +18,9 @@
     },
     {
         "event.dataset": "system.syslog",
+        "event.kind": "event",
         "event.module": "system",
         "event.timezone": "-02:00",
-        "event.type": "event",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
         "input.type": "log",
@@ -32,9 +32,9 @@
     },
     {
         "event.dataset": "system.syslog",
+        "event.kind": "event",
         "event.module": "system",
         "event.timezone": "-02:00",
-        "event.type": "event",
         "fileset.name": "syslog",
         "input.type": "log",
         "log.offset": 1176,