[Auditd_Manager] fixing wrong field type for auditd.data.exit

[P1llus]

What does this PR do?

Fixes wrong field type for auditd.data.exit. It was keyword in auditbeat and seems to convert to a keyword/string value if the integer value is known, or the exit code is a string by itself.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [auditd_manager] Integration can throw illegal_argument_exception #4860

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[taylor-swanson]

LGTM

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-05-09T14:11:58.195+0000

• Duration: 18 min 16 sec

Test stats 🧪

Test	Results
Failed	0
Passed	21
Skipped	0
Total	21

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (1/1)	💚
Files	100.0% (1/1)	💚 50.0
Classes	100.0% (1/1)	💚 50.0
Methods	88.889% (8/9)	👍 19.658
Lines	90.206% (175/194)	👍 19.836
Conditionals	100.0% (0/0)	💚

[efd6]

Needs a test expectation update.

[BenB196]

(FYI) This looks like it will resolve #4860

[andrewkroh]

The exit code is always a string in the JSON from auditbeat. go-libaudit translates numbers to named POSIX exit codes if possible.

[elasticmachine]

Package auditd_manager - 1.7.1 containing this change is available at https://epr.elastic.co/search?package=auditd_manager