Add images to docs

googlecloud/audit was missing docs so I added them.

filebeat/docs/modules/aws.asciidoc

@@ -156,6 +156,9 @@ The `cloudtrail` fileset does not read the CloudTrail Digest files
 that are delivered to the S3 bucket when Log File Integrity is turned
 on, it only reads the CloudTrail logs.
 
+[role="screenshot"]
+image::./images/filebeat-aws-cloudtrail.png[]
+
 [float]
 === cloudwatch fileset
 

filebeat/docs/modules/googlecloud.asciidoc

@@ -12,7 +12,7 @@ This file is generated! See scripts/docs_collector.py
 
 beta[]
 
-This is a module for Google Cloud logs. It supports reading VPC flow
+This is a module for Google Cloud logs. It supports reading audit, VPC flow,
 and firewall logs that have been exported from Stackdriver to a
 Google Pub/Sub topic sink.
 
@@ -22,10 +22,58 @@ include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
-:fileset_ex: vpcflow
+:fileset_ex: audit
 
 include::../include/config-option-intro.asciidoc[]
 
+[float]
+==== `audit` fileset settings
+
+[role="screenshot"]
+image::./images/filebeat-googlecloud-audit.png[]
+
+Example config:
+
+[source,yaml]
+----
+- module: googleclcoud
+  audit:
+    enabled: true
+    var.project_id: my-gcp-project-id
+    var.topic: googlecloud-vpc-audit
+    var.subscription_name: filebeat-googlecloud-audit-sub
+    var.credentials_file: ${path.config}/gcp-service-account-xyz.json
+    var.keep_original_message: false
+----
+
+include::../include/var-paths.asciidoc[]
+
+*`var.project_id`*::
+
+Google Cloud project ID.
+
+*`var.topic`*::
+
+Google Cloud Pub/Sub topic name.
+
+*`var.subscription_name`*::
+
+Google Cloud Pub/Sub topic subscription name. If the subscription does not
+exist it will be created.
+
+*`var.credentials_file`*::
+
+Path to a JSON file containing the credentials and key used to subscribe.
+
+*`var.keep_original_message`*::
+
+Flag to control whether the original message is stored in the `log.original`
+field. Defaults to `false`, meaning the original message is not saved.
+
+:fileset_ex!:
+
+:fileset_ex: vpcflow
+
 [float]
 ==== `vpcflow` fileset settings
 

x-pack/filebeat/module/aws/_meta/docs.asciidoc

@@ -151,6 +151,9 @@ The `cloudtrail` fileset does not read the CloudTrail Digest files
 that are delivered to the S3 bucket when Log File Integrity is turned
 on, it only reads the CloudTrail logs.
 
+[role="screenshot"]
+image::./images/filebeat-aws-cloudtrail.png[]
+
 [float]
 === cloudwatch fileset
 

x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc

@@ -7,7 +7,7 @@
 
 beta[]
 
-This is a module for Google Cloud logs. It supports reading VPC flow
+This is a module for Google Cloud logs. It supports reading audit, VPC flow,
 and firewall logs that have been exported from Stackdriver to a
 Google Pub/Sub topic sink.
 
@@ -17,10 +17,58 @@ include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
-:fileset_ex: vpcflow
+:fileset_ex: audit
 
 include::../include/config-option-intro.asciidoc[]
 
+[float]
+==== `audit` fileset settings
+
+[role="screenshot"]
+image::./images/filebeat-googlecloud-audit.png[]
+
+Example config:
+
+[source,yaml]
+----
+- module: googleclcoud
+  audit:
+    enabled: true
+    var.project_id: my-gcp-project-id
+    var.topic: googlecloud-vpc-audit
+    var.subscription_name: filebeat-googlecloud-audit-sub
+    var.credentials_file: ${path.config}/gcp-service-account-xyz.json
+    var.keep_original_message: false
+----
+
+include::../include/var-paths.asciidoc[]
+
+*`var.project_id`*::
+
+Google Cloud project ID.
+
+*`var.topic`*::
+
+Google Cloud Pub/Sub topic name.
+
+*`var.subscription_name`*::
+
+Google Cloud Pub/Sub topic subscription name. If the subscription does not
+exist it will be created.
+
+*`var.credentials_file`*::
+
+Path to a JSON file containing the credentials and key used to subscribe.
+
+*`var.keep_original_message`*::
+
+Flag to control whether the original message is stored in the `log.original`
+field. Defaults to `false`, meaning the original message is not saved.
+
+:fileset_ex!:
+
+:fileset_ex: vpcflow
+
 [float]
 ==== `vpcflow` fileset settings