[Auditbeat] Cherry-pick #10511 to 6.x: System module dashboards (#10574)

Cherry-pick of PR #10511 to 6.x branch. Original message: 

Seven dashboards for the Auditbeat System module - one for each dataset, and an overall overview dashboards.

(cherry picked from commit 38d5f43)

CHANGELOG.next.asciidoc

@@ -153,6 +153,7 @@ https://github.com/elastic/beats/compare/v6.6.0...6.x[Check the HEAD diff]
 - Add system `package` dataset. {pull}10225[10225]
 - Add system module `login` dataset. {pull}9327[9327]
 - Add `entity_id` fields. {pull}10500[10500]
+- Add seven dashboards for the system module. {pull}10511[10511]
 
 *Filebeat*
 

auditbeat/docs/fields.asciidoc

@@ -3809,6 +3809,8 @@ ID uniquely identifying the socket. It is computed as a SHA-256 hash of the host
 --
 type: long
 
+format: duration
+
 Uptime in nanoseconds.
 
 

libbeat/scripts/Makefile

@@ -83,6 +83,7 @@ INTEGRATION_TESTS?=
 FIND?=. ${PYTHON_ENV}/bin/activate; find . -type f -not -path "*/vendor/*" -not -path "*/build/*" -not -path "*/.git/*"
 PERM_EXEC?=$(shell [ `uname -s` = "Darwin" ] && echo "+111" || echo "/a+x")
 XPACK_ONLY?=false
+XPACK_DIR=${ES_BEATS}/x-pack/${BEAT_NAME}
 
 ifeq ($(DOCKER_CACHE),0)
 	DOCKER_NOCACHE=--no-cache
@@ -362,7 +363,11 @@ endif
 
 .PHONY: docs
 docs:  ## @build Builds the documents for the beat
-	sh ${ES_BEATS}/script/build_docs.sh ${BEAT_NAME} ${BEAT_PATH}/docs ${BUILD_DIR}
+	@if [ -d $(XPACK_DIR) ]; then \
+		sh ${ES_BEATS}/script/build_docs.sh ${BEAT_NAME} ${BEAT_PATH}/docs ${BUILD_DIR} ${XPACK_DIR}; \
+	else \
+		sh ${ES_BEATS}/script/build_docs.sh ${BEAT_NAME} ${BEAT_PATH}/docs ${BUILD_DIR}; \
+	fi
 
 .PHONY: docs-preview
 docs-preview:  ## @build Preview the documents for the beat in the browser

script/build_docs.sh

@@ -5,6 +5,7 @@ set -e
 name=$1
 path=$2
 build_dir=$3
+resource_dir=$4
 
 docs_dir=$build_dir/docs
 html_dir=$build_dir/html_docs
@@ -29,7 +30,12 @@ do
   mkdir -p "$dest_dir"
   params="--chunk=1"
   if [ "$PREVIEW" = "1" ]; then
-    params="--chunk=1 -open chunk=1 -open"
+    params="$params -open"
   fi
+
+  if [ -d "$resource_dir" ]; then
+    params="$params -resource=${resource_dir}"
+  fi
+
   $docs_dir/build_docs.pl $params --doc "$index" -out "$dest_dir"
 done

x-pack/auditbeat/docs/modules/system.asciidoc

@@ -36,6 +36,14 @@ All datasets are currently using a poll model to retrieve their data.
 The frequency of these polls is controlled by the `period` configuration
 parameter.
 
+[float]
+==== Example dashboard
+
+The module comes with a sample dashboard:
+
+[role="screenshot"]
+image:./images/auditbeat-system-overview-dashboard.png[Auditbeat System Overview Dashboard]
+
 [float]
 === Configuration options
 

x-pack/auditbeat/module/system/_meta/docs.asciidoc

@@ -31,6 +31,14 @@ All datasets are currently using a poll model to retrieve their data.
 The frequency of these polls is controlled by the `period` configuration
 parameter.
 
+[float]
+==== Example dashboard
+
+The module comes with a sample dashboard:
+
+[role="screenshot"]
+image:./images/auditbeat-system-overview-dashboard.png[Auditbeat System Overview Dashboard]
+
 [float]
 === Configuration options