[system] Windows Security - Use Managment Events dashboard missing forwarded events

[nicpenning]

It seems that the windows.forwarded is missing from some visualizations resulting in missing data:

Exploring these visuals in discover look something like this:

Note that the dataset is set twice. Likely the solution is to remove the search query in the bar with the dataset since it is redundant.

Removing that part of the search filter provides results like so:

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)