[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)

* [Rule Tuning] Change event.dataset to data_stream.dataset

* updating ESQL field names

rules/cross-platform/persistence_web_server_potential_command_injection.toml

@@ -2,7 +2,7 @@
 creation_date = "2025/11/19"
 integration = ["nginx", "apache", "apache_tomcat", "iis", "traefik"]
 maturity = "production"
-updated_date = "2026/03/24"
+updated_date = "2026/04/10"
 
 [rule]
 author = ["Elastic"]
@@ -116,7 +116,7 @@ from logs-nginx.access-*, logs-apache.access-*, logs-apache_tomcat.access-*, log
     http.response.status_code,
     user_agent.original,
     agent.name,
-    event.dataset,
+    data_stream.dataset,
     data_stream.namespace
 
 | stats
@@ -130,7 +130,7 @@ from logs-nginx.access-*, logs-apache.access-*, logs-apache_tomcat.access-*, log
     Esql.url_path_values = values(Esql.url_original_to_lower),
     Esql.http.response.status_code_values = values(http.response.status_code),
     Esql.user_agent_original_values = values(user_agent.original),
-    Esql.event_dataset_values = values(event.dataset),
+    Esql.data_stream_dataset_values = values(data_stream.dataset),
     Esql.data_stream_namespace_values = values(data_stream.namespace),
 
     // Rule Specific fields