Modify structure and names for Windows eventchannel fields

[cristgl]

Wazuh version	Install type	Install method	Platform
3.9.0-3904	Manager/Agent	Packages/Sources	Linux, Windows

At the moment, there are two main fields that cover the more specific ones inside the EventChannel field, they are System and EventData. To filter by Channel, it is necessary to go through EventChannel: data.EventChannel.System.Channel.

The proposal is to replace the EventChannel field for win and to write each field with an initial lowercase letter. This would be an example of alert:

** Alert 1551172890.230448: mail  - windows,
2019 Feb 26 10:21:30 (win) any->EventChannel
Rule: 20047 (level 5) -> 'Windows: Application Installed '
{"win":{"system":{"providerName":"MsiInstaller","eventID":"11707","level":"4","task":"0","keywords":"0x80000000000000","systemTime":"2019-02-26T09:21:30.000000000Z","eventRecordID":"7467","channel":"Application","computer":"pcname","severityValue":"INFORMATION","message":"Product: Dr. Memory -- Installation completed successfully."},"eventData":{"binary":"7B36373637354144362D314642302D344445312D394543462D3834393937353135303235457D","data":"Product: Dr. Memory -- Installation completed successfully."}}}
win.system.providerName: MsiInstaller
win.system.eventID: 11707
win.system.level: 4
win.system.task: 0
win.system.keywords: 0x80000000000000
win.system.systemTime: 2019-02-26T09:21:30.000000000Z
win.system.eventRecordID: 7467
win.system.channel: Application
win.system.computer: pcname
win.system.severityValue: INFORMATION
win.system.message: Product: Dr. Memory -- Installation completed successfully.
win.eventData.binary: 7B36373637354144362D314642302D344445312D394543462D3834393937353135303235457D
win.eventData.data: Product: Dr. Memory -- Installation completed successfully.