Found and fixed another multi-level nested field

refers to #16

doc/30-namingscheme.md

@@ -82,7 +82,7 @@ grep -Pho "\[icinga\]\[[^\[]*?\]" filter-* | sort -u | sed -e "s@\[icinga\]\[@@;
 
 These are all fieldnames in use for filter-50-configs to date:
 
-*agent, apirequest, apiuser, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, code, command, component, configfilecount, connectedendpoints, context, count, currentepoch, currentmaster, date, dateend, datestart, dbinstance, detail, direction, endtime, epochcurrent, epochreceived, errorcode, eventtype, exitcode, facility, filecount, filterversion, fstate, ftype, hostname, hostport, httpclientip, httpclientport, httpmethod, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, period, pid, pluginexitcode, pluginoutput, pluginpath, pluginpid, port, puginarguments, query, receivedepoch, remainingclients, severity, signal, sslerrorcode, sslerrordetails, starttime, state, statefile, statefilter, statefilterid, stride, timerange, timestamp, typefilter, typefilterid, user, username, weekday, workerdetail, workerfacility, workerid, zone*
+*agent, apirequest, apiuser, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, code, command, component, configfilecount, connectedendpoints, context, count, currentepoch, currentmaster, date, dateend, datestart, dbinstance, detail, direction, endtime, epochcurrent, epochreceived, errorcode, eventtype, exitcode, facility, filecount, filterversion, fstate, ftype, hostname, hostport, httpclientip, httpclientport, httpmethod, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, period, pid, pluginexitcode, pluginoutput, pluginpath, pluginpid, port, puginarguments, query, receivedepoch, remainingclients, severity, signalcode, signaldetail, sslerrorcode, sslerrordetails, starttime, state, statefile, statefilter, statefilterid, stride, timerange, timestamp, typefilter, typefilterid, user, username, weekday, workerdetail, workerfacility, workerid, zone*
 
 ### Arrays
 

filter-50-process.conf

@@ -2,7 +2,7 @@ filter {
   if [icinga][facility] == "Process" {
     if [message] =~ /^PID/ {
       grok {
-        match => ["message","PID %{POSINT:[icinga][pid]} (\(%{DATA:[icinga][command]}\) )?(was )?terminated (by signal %{NUMBER:[icinga][signal][code]} \(%{WORD:[icinga][signal][detail]}\)|with exit code %{NUMBER:[icinga][exitcode]})"]
+        match => ["message","PID %{POSINT:[icinga][pid]} (\(%{DATA:[icinga][command]}\) )?(was )?terminated (by signal %{NUMBER:[icinga][signalcode]} \(%{WORD:[icinga][signaldetail]}\)|with exit code %{NUMBER:[icinga][exitcode]})"]
         id => "icinga_process_pidterminated"
         add_tag => "icinga_process_pidterminated"
         tag_on_failure => ["_grokparsefailure","icinga_process_pidterminated_failed"]