[Winlogbeat] Convert dashboards for Kibana 8.x

[andrewkroh]

Proposed commit message

I loaded the dashboards into Kibana 8.11.0 and then exported them. This removed the migrationVersion which was causing problems for users of multiple Kibana spaces. I had to fix one visualization on the overview dashboard. Other than that, I did not make any changes to the dashboard visualizations or layouts.

These are the commands that I used:

elastic-package stack up -d -v --version 8.11.0

cd x-pack/winlogbeat

export KIBANA_INSECURE=true 
export KIBANA_URL="https://elastic:changeme@localhost:5601" 

mage -v dashboards:import

for module in powershell security sysmon; do
  for id in $(jq -r .id module/$module/_meta/kibana/7/dashboard/*.json); do 
    MODULE=$module ID=$id mage dashboards:export
  done
done

git add module/*/_meta/kibana/8
git rm -r module/*/_meta/kibana/7

cd ../../winlogbeat
go run ../dev-tools/cmd/dashboards/export_dashboards.go -kibana="https://elastic:changeme@localhost:5601" -folder . -insecure -dashboard Winlogbeat-Dashboard-ecs
git rm -r _meta/kibana/7

I discovered that libbeat has hard-coded the Kibana dashboard directory to 7. So after exporting the visualizations I renamed the directory from 8 back to 7 so that Winlogbeat will continue to load the dashboards on setup.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• Fixes [BEAT] Winlogbeat in 8.9.2 / multiple Spaces / Dashboard same in Winlogbeat 8.10.0-8.10.1 #37080

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @andrewkroh? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-11-10T19:56:50.172+0000

• Duration: 138 min 58 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28668
Skipped	2015
Total	30683

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[efd6]

It would be good to explain what the issue was with the "Number of Events Over Time By Channel" visualization.

[andrewkroh]

I wanted to include a copy of the error, but I forgot to copy it before fixing it. But it was something about a property of the x-axis not being valid. When I edited and resaved it went away.