Add panw.panos.endreason field (#18705)

PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <andrea.dainese@gmail.com>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

CHANGELOG.next.asciidoc

@@ -63,6 +63,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Adds Gsuite Groups support. {pull}19725[19725]
 - Move file metrics to dataset endpoint {pull}19977[19977]
 - Add `while_pattern` type to multiline reader. {pull}19662[19662]
+- Tracking session end reason in panw module. {pull}18705[18705]
 - Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
 
 *Heartbeat*

filebeat/docs/fields.asciidoc

@@ -105251,6 +105251,16 @@ type: long
 
 --
 
+*`panw.panos.endreason`*::
++
+--
+The reason a session terminated.
+
+
+type: keyword
+
+--
+
 [float]
 === network
 

x-pack/filebeat/module/panw/panos/_meta/fields.yml

@@ -61,6 +61,11 @@
               description: >
                 Post-NAT destination port.
 
+    - name: endreason
+      type: keyword
+      description: >
+        The reason a session terminated.
+
     - name: network
       type: group
       description: >

x-pack/filebeat/module/panw/panos/config/input.yml

@@ -101,6 +101,7 @@ processors:
         source.packets: 44
         server.packets: 45
         destination.packets: 45
+        panw.panos.endreason: 46
         observer.hostname: 52
 
   - extract_array: