Merge pull request #1977 from Security-Onion-Solutions/fix/zeek_log_inode_cleanup

Change clean_removed to true to clean up tracking of Zeek logs removed fr…

salt/filebeat/etc/filebeat.yml

@@ -115,7 +115,7 @@ filebeat.inputs:
       fields: ["source", "prospector", "input", "offset", "beat"]
  
   fields_under_root: true
-  clean_removed: false
+  clean_removed: true
   close_removed: false
 
 - type: log