Description of problem:

Node audit logs from /var/log/audit do not have an opensihft cluster_id field.

This field should be populated with the same cluster-id value that is provided on other log types.

Version-Release number of selected component (if applicable):

5.6.6

How reproducible:

Steps to Reproduce:

Detailed customer reproducer:MEAKV-1615.md.docx

Summary of steps:

1. Install cluster logging, create a CLF to forward audit logs
2. Generate node audit events (e.g. use ssh to log into a cluster node directly)
3. Find the resulting audit log in stored logs, check if it has openshift.cluster_id

Actual results:

cluster_id should be set to openshift cluster uuid.

Expected results:

no cluster_id field

Additional info: