Description
[0] parsing field value failed: field "event.type"'s value "process" is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user)
"process" => use "event.category: process" instead?
Part of #3016