The Elasticsearch and Kibana Filebeat modules both collect audit logs, these logs contain events of a certain type as outlined by [1] and [2]. We need to ensure that these events are all represented properly in the final event and that the success/failure states are correct as handled by https://github.com/elastic/beats/blob/main/filebeat/module/elasticsearch/audit/ingest/pipeline.yml#L31-L45

[1]
[2]