filebeat: fix typos in crowdstrike, o365, okta, and santa modules

[strawgate]

Summary

Fix spelling and grammar typos in filebeat module documentation and field descriptions.

• x-pack/filebeat/module/crowdstrike/_meta/docs.md: formated → formatted
• x-pack/filebeat/module/o365/_meta/docs.md: recomended → recommended, endponts → endpoints
• x-pack/filebeat/module/okta/system/_meta/fields.yml: occured → occurred, informaton → information (×3), identifer → identifier
• filebeat/module/santa/_meta/config.yml: remove duplicated word the the
• Corresponding generated docs and field assets updated

Closes #49082
Closes #49156
Closes partial #49496
Closes partial #49335

Test plan

• Verify corrected text in each _meta source file
• Verify generated docs match source fixes

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[coderabbitai]

Warning

Rate limit exceeded

@strawgate has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 34 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e90fedaf-c68b-4bff-a79d-053783d36d13

📥 Commits

Reviewing files that changed from the base of the PR and between d3f7e4c and 879ccb8.

📒 Files selected for processing (3)

• docs/reference/filebeat/exported-fields-okta.md
• docs/reference/filebeat/filebeat-module-crowdstrike.md
• docs/reference/filebeat/filebeat-module-o365.md

📝 Walkthrough

Walkthrough

This change corrects multiple spelling and wording errors across Filebeat module documentation and field descriptions. The fixes address typos in Okta field documentation (correcting "informaton" to "information," "identifer" to "identifier," and "occured" to "occurred"), CrowdStrike module docs ("formated" to "formatted"), Office 365 module docs ("endponts" to "endpoints" and "recomended" to "recommended"), and Santa module comments (removing duplicated "the the"). A changelog fragment documents the bug fix. Updates are applied consistently across reference documentation files, field definitions in YAML and AsciiDoc formats, module configuration files, and reference YAML templates. No functional code or configuration logic is modified.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR addresses all typo fixes from #49082 (occured→occurred) and #49156 (informaton→information, identifer→identifier) in Okta module metadata and regenerates corresponding documentation. Additional typo fixes in CrowdStrike and O365 modules and Santa module comment duplications are included.
Out of Scope Changes check	✅ Passed	All changes are within scope: typo corrections in Filebeat module documentation and metadata files (CrowdStrike, O365, Okta, Santa), plus regenerated docs and field assets. No unrelated functionality modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

• 🛠️ Update Documentation: Commit on current branch
• 🛠️ Update Documentation: Create PR

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[efd6]

crowdstrike, o365 and okta changes LGTM

(sad that the informatons (atomic units of information?) are going away)

[vishaangelova]

Actually, this needs to be backported to 9.3 for the changes to be published to the docs site (we publish from the latest minor branch).

[vishaangelova]

LGTM!