Broken kibana dashboards: missing .keyword in the fields

[marcinhlybin]

• Version: 8.14.0
• Operating System: Ubuntu 22.04.4 LTS
• Discuss Forum URL: https://discuss.elastic.co/t/auditbeat-broken-kibana-dashboards-missing-keyword-in-the-fields/361350
• Steps to Reproduce:

Load the dashboards as recommended in the documentation:

auditbeat setup -e \
  -E output.logstash.enabled=false \
  -E output.elasticsearch.hosts=['http://log-server:9200'] \
  -E output.elasticsearch.username=${ES_USERNAME} \
  -E output.elasticsearch.password=${ES_PASSWORD} \
  -E setup.kibana.host=http://log-server:5601

Sample broken dashboard: Process OS Distribution [Auditbeat System] ECS Starts working after editing and changing fields:

• host.id -> host.id.keyword
• host.os.name -> host.os.name.keyword
• host.os.version -> host.os.version.keyword

By the way, path to auditbeat kibana dashboard in the package still include number 7: /usr/share/auditbeat/kibana/7/{dashboard,search,visualization}

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)