work in progress for idaholab#395, malcolm reporting capture statisti…

…cs from zeek/suricata

logstash/pipelines/zeek/12_zeek_mutate.conf

@@ -2485,7 +2485,7 @@ filter {
     mutate { id => "mutate_add_field_ecs_event_kind_alert"
              add_field => { "[event][kind]" => "alert" } }
   } else if ("_zeekdiagnostic" in [tags]) and ([zeek][stats]) {
-    mutate { id => "mutate_add_field_ecs_event_kind_event"
+    mutate { id => "mutate_add_field_ecs_event_kind_metric"
              add_field => { "[event][kind]" => "metric" } }
   } else {
     mutate { id => "mutate_add_field_ecs_event_kind_event"