From 8eb5616d1c117a40a4e76c680ba29e85361b9de7 Mon Sep 17 00:00:00 2001
From: Mathieu Martin <mathieu.martin@elastic.co>
Date: Tue, 24 Nov 2020 14:26:38 -0500
Subject: [PATCH] Remove an incorrect `event.type` from this guide

---
 docs/converting.asciidoc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/converting.asciidoc b/docs/converting.asciidoc
index b4edd76e1d..3a7fdfd72e 100644
--- a/docs/converting.asciidoc
+++ b/docs/converting.asciidoc
@@ -35,8 +35,10 @@ Here's the recommended approach for converting an existing implementation to {ec
 
   - Review your original event data again
   - Consider populating the field based on additional meta-data such as static
-    information (e.g. add `event.type:syslog` even if syslog events don't mention this fact),
-    or information gathered from the environment (e.g. host information).
+    information (e.g. add `event.category:authentication` even if your auth events
+    don't mention the word "authentication")
+  - Consider capturing additional environment meta-data, such as information about the
+    host, container or cloud instance.
 
 . Review other extended fields from any field set you are already using, and
   attempt to populate it as well.