[Suricata] Use ECS definition for fields where possible

[andrewkroh]

I noticed that many of the dns.* fields declared within the suricata.eve data stream are not importing the ECS definition. To ensure consistency across packages the data stream should use external: ecs for each of the fields that are available in ECS.

• dns.answers
• dns.answers.class
• dns.answers.data
• dns.answers.name
• dns.answers.ttl
• dns.answers.type
• dns.header_flags
• dns.id
• dns.op_code
• dns.question.class
• dns.question.name
• dns.question.registered_domain
• dns.question.subdomain
• dns.question.top_level_domain
• dns.question.type
• dns.resolved_ip
• dns.response_code
• dns.type
• event.created
• event.ingested
• event.original
• log.file.path
• related.ip

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)