Hi Adriann,
Did you refresh your Kibana index patterns?
I do not know the powershell dashboard but I do know the other one (User Management Events) because i was the one I did it.
Regarding to winlog.logon.id is a very useful field because it allows you to correlate different events performed by the same user, if it is not in the index pattern is dynamically generated (when you receive an event with that field) . From winlogbeat's Index Template:
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
In summary, if you have an index with winlog.logon.id field present and then you refresh your index pattern in kibana, the error in the user managment event dashboard should disappear
Please let me know if that helps you
Regards
Anna