[Filebeat][Fortinet] Remove pre populated event.timezone (elastic#20273…

…) (elastic#20347)

* Remove pre populated event.timezone

* Add changelog entry

* Remove  processor instead of the field

(cherry picked from commit 61b0730)

CHANGELOG.next.asciidoc

@@ -128,6 +128,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Ignore missing in Zeek module when dropping unnecessary fields. {pull}19984[19984]
 - Fix millisecond timestamp normalization issues in CrowdStrike module {issue}20035[20035], {pull}20138[20138]
 - Fix support for message code 106100 in Cisco ASA and FTD. {issue}19350[19350] {pull}20245[20245]
+- Fix `fortinet` setting `event.timezone` to the system one when no `tz` field present {pull}20273[20273]
 
 *Heartbeat*
 

x-pack/filebeat/module/fortinet/firewall/config/firewall.yml

@@ -24,7 +24,6 @@ tags: {{.tags | tojson}}
 publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
 
 processors:
-  - add_locale: ~
   - add_fields:
       target: ''
       fields:

x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml

@@ -178,4 +178,4 @@ processors:
 on_failure:
 - set:
     field: error.message
-    value: '{{ _ingest.on_failure_message }}'
+    value: '{{ _ingest.on_failure_message }}'

x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json

@@ -96,7 +96,6 @@
         "event.module": "fortinet",
         "event.outcome": "success",
         "event.start": "2020-06-24T01:16:08.000Z",
-        "event.timezone": "-02:00",
         "event.type": [
             "connection",
             "end"