Minor fixes to fortinet and threatintel to pass tests

While testing those modules in 7.11-compat mode, the tests would fail
because the pipelines leave some unexpected fields behind. This cleans
them up.

This is caused by the uri_parts processor being removed and leaving
behind a temporary field that is cleaned up by the
`remove_if_successful` flag.

x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml

@@ -414,17 +414,18 @@ processors:
 - remove:
     field:
       - _temp
+      - host
       - syslog5424_sd
       - syslog5424_pri
-      - fortinet.firewall.tz
+      - fortinet.firewall.agent
       - fortinet.firewall.date
       - fortinet.firewall.devid
-      - fortinet.firewall.eventtime
-      - fortinet.firewall.time
       - fortinet.firewall.duration
-      - host
+      - fortinet.firewall.eventtime
       - fortinet.firewall.hostname
-      - fortinet.firewall.agent
+      - fortinet.firewall.time
+      - fortinet.firewall.tz
+      - fortinet.firewall.url
     ignore_missing: true
 - script:
     lang: painless

x-pack/filebeat/module/threatintel/abuseurl/ingest/pipeline.yml

@@ -105,6 +105,7 @@ processors:
 - remove:
     field:
     - threatintel.abuseurl.date_added
+    - threatintel.abuseurl.url
     - message
     ignore_missing: true
 on_failure:

x-pack/filebeat/module/threatintel/anomali/ingest/pipeline.yml

@@ -131,6 +131,7 @@ processors:
     field:
     - threatintel.anomali.created
     - message
+    - _tmp
     ignore_missing: true
 on_failure:
 - set: