[7.15](backport #27672) Re-apply fix for auditd dashboard (#27673)

Re-applies the fix introduced by #27646, as it's been reverted in #27636. This is caused by merging PRs in a different order than in master. (cherry picked from commit a389f38)
elastic · Aug 31, 2021 · c5df499 · c5df499
1 parent 3631f7e
commit c5df499
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -193,6 +193,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix s3 input when there is a blank line in the log file. {pull}25357[25357]
 - Fixes the Snyk module to work with the new API changes. {pull}27358[27358]
 - Fixes a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
+- Auditd: Fix Top Exec Commands dashboard visualization. {pull}27638[27638]
 
 *Heartbeat*
 

diff --git a/.../module/auditd/_meta/kibana/7/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json b/.../module/auditd/_meta/kibana/7/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json
@@ -7,7 +7,7 @@
                 "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
                 "query": {
                     "language": "kuery",
-                    "query": "event.action:EXECVE"
+                    "query": "event.action:execve"
                 }
             }
         },