make review updates

Author: mdbirnstiehl

solutions/observability/streams/management/advanced.md

@@ -8,30 +8,34 @@ navigation_title: Configure advanced settings
 
 The **Advanced** tab shows the underlying {{es}} configuration details and advanced configuration options for your stream.
 
-You can use the **Advanced** tab to manually configure the index or component templates or modify other ingest pipelines used by the stream.
+You can use the **Advanced** tab to add [descriptions](#streams-advanced-description) or [features](#streams-advanced-features) that provide useful information to Stream's AI components. You can also  [manually configure](#streams-advanced-index-config) the index or component templates or modify other ingest pipelines used by the stream.
 
-## Stream description
-
-% can we provide more information on what users should put here.
+## Stream description [streams-advanced-description]
 
 Describe the data in the stream. AI features like system identification and significant events use this description when generating suggestions.
 
-## Stream system configuration
+## Stream feature configuration [streams-advanced-features]
+
+Streams analyzes your data and identifies features. Features are a way to classify some of the data you have in your stream.
+
+Each feature has a natural language description and an optional filter which points to a subset of your data.
 
-% Why do users want to add systems here?
+For example, in a stream of Kubernetes logs, the feature identification process would be able to identify that you have data from "nginx" which can be found by filtering for `WHERE service.name==nginx`. It would also include a description defining nginx.
 
-Streams analyzes your stream and identifies systems. Then, you can select the ones you want to add to your stream.
+Features provide useful information for AI processes, such as significant events, and are used as the foundation for them.
 
-## Index configuration
+## Index configuration [streams-advanced-index-config]
 
-% Can we add use cases of when it makes sense to modify shards/replicas/refresh interval
+:::{note}
+Processing and schema changes should typically be done through the Streams interface, and none of these configuration processes are required. This feature mainly exists to help advanced users maintain familiar workflows.
+:::
 
-For classic streams, you can manually configure the stream's:
+For classic streams, you can manually configure:
 
-- [index template](../../../../manage-data/data-store/templates.md#index-templates)
-- [component templates](../../../../manage-data/data-store/templates.md#component-templates)
-- [pipeline](../../../../manage-data/ingest/transform-enrich.md)
-- [data stream](../../../../manage-data/data-store/data-streams.md).
+- [Index templates](../../../../manage-data/data-store/templates.md#index-templates)
+- [Component templates](../../../../manage-data/data-store/templates.md#component-templates)
+- [Pipelines](../../../../manage-data/ingest/transform-enrich.md)
+- [Data streams](../../../../manage-data/data-store/data-streams.md).
 
 For both wired ({applies_to}`stack: preview 9.2`) and classic streams, you can manually configure:
 

solutions/observability/streams/management/data-quality.md

@@ -6,13 +6,13 @@ applies_to:
 
 # Manage data quality [streams-data-retention]
 
-Use the **Data quality** tab to find failed and degraded documents in your stream. Use the following components to monitor the health of your data and identify and fix issues:
+After selecting a stream, use the **Data quality** tab to find failed and degraded documents in your stream. Use the following components to monitor the health of your data and identify and fix issues:
 
 - **Degraded documents:** Documents with the `ignored` property usually because of malformed fields or exceeding the limit of total fields when `ignore_above:false`. This component shows the total number of degraded documents, the percentage, and status (**Good**, **Degraded**, **Poor**).
 - **Failed documents:**: Documents that were rejected during ingestion because of mapping conflicts or pipeline failures.
-- **Quality score:** Streams calculates the overall quality score (Good, Degraded, Poor) based on the percentage of degraded and failed documents.
+- **Quality score:** Streams calculates the overall quality score (**Good**, **Degraded**, **Poor**) based on the percentage of degraded and failed documents.
 - **Trends over time:** A time-series chart so you can track how degraded and failed documents are accumulating over time. Use the date picker to zoom into a specific range and understand when problems are spiking.
-- **Issues:**: {applies_to}`stack: preview 9.2`Find issues with specific fields, how often they've occurred, and when they've occurred.
+- **Issues:** {applies_to}`stack: preview 9.2`Find issues with specific fields, how often they've occurred, and when they've occurred.
 
 ## Failure store
 
@@ -23,7 +23,9 @@ To view and modify failure store in {{stack}}, you need the following data strea
 - `read_failure_store`
 - `manage_failure_store`
 
+For more information, refer to [Granting privileges for data streams and aliases](../../../../deploy-manage/users-roles/cluster-or-deployment-auth/granting-privileges-for-data-streams-aliases.md).
 
-In Streams, you need to turn on failure stores to see failed documents. To do this, select **Enable failure store*. From here you can set your failure store retention period.
+### Turn on failure stores
+In Streams, you need to turn on failure stores to get failed documents. To do this, select **Enable failure store** in the **Failed documents** component. From here you can set your failure store retention period.
 
 For more information on data quality, refer to the [data set quality](../../data-set-quality-monitoring.md) documentation.

solutions/observability/streams/management/extract.md

@@ -5,16 +5,16 @@ applies_to:
 ---
 # Extract fields [streams-extract-fields]
 
-Use the **Processing** tab to add [processors](#streams-extract-processors) that extract meaningful fields from your log messages. These fields let you filter and analyze your data more effectively.
+After selecting a stream, use the **Processing** tab to add [processors](#streams-extract-processors) that extract meaningful fields from your log messages. These fields let you filter and analyze your data more effectively.
 
 For example, in [Discover](../../../../explore-analyze/discover.md), extracted fields might let you filter for log messages with an `ERROR` log level that occurred during a specific time period to help diagnose an issue. Without extracting the log level and timestamp fields from your messages, those filters wouldn't return meaningful results.
 
-The processing tab also:
+The **Processing** tab also:
 
-- Simulates your processors and provides an immediate [preview](#streams-preview-changes) that's tested end to end.
-- Flags indexing issues, like [mapping conflicts](#streams-processing-mapping-conflicts), so you can address them before applying changes.
+- Simulates your processors and provides an immediate [preview](#streams-preview-changes) that's tested end to end
+- Flags indexing issues, like [mapping conflicts](#streams-processing-mapping-conflicts), so you can address them before applying changes
 
-After creating your processor, all future data ingested ingested into the stream will be parsed into structured fields accordingly.
+After creating your processor, all future data ingested into the stream is parsed into structured fields accordingly.
 
 :::{note}
 Applied changes aren't retroactive and only affect *future ingested data*.
@@ -24,12 +24,12 @@ Applied changes aren't retroactive and only affect *future ingested data*.
 
 Streams supports the following processors:
 
-- [Date](./extract/date.md): Converts date strings into timestamps, with options for timezone, locale, and output formatting.
-- [Dissect](./extract/dissect.md): Extracts fields from structured log messages using defined delimiters instead of patterns, making it faster than Grok and ideal for consistently formatted logs.
-- [Grok](./extract/grok.md): Extracts fields from unstructured log messages using predefined or custom patterns, supports multiple match attempts in sequence, and can automatically generate patterns with an LLM connector.
-- [Set](./extract/set.md): Assigns a specific value to a field, creating the field if it doesn’t exist or overwriting its value if it does.
-- [Rename](./extract/rename.md): Changes the name of a field, moving its value to a new field name and removing the original.
-- [Append](./extract/append.md): Adds a value to an existing array field, or creates the field as an array if it doesn’t exist.
+- [**Date**](./extract/date.md): Converts date strings into timestamps, with options for timezone, locale, and output formatting.
+- [**Dissect**](./extract/dissect.md): Extracts fields from structured log messages using defined delimiters instead of patterns, making it faster than Grok and ideal for consistently formatted logs.
+- [**Grok**](./extract/grok.md): Extracts fields from unstructured log messages using predefined or custom patterns, supports multiple match attempts in sequence, and can automatically generate patterns with an LLM connector.
+- [**Set**](./extract/set.md): Assigns a specific value to a field, creating the field if it doesn’t exist or overwriting its value if it does.
+- [**Rename**](./extract/rename.md): Changes the name of a field, moving its value to a new field name and removing the original.
+- [**Append**](./extract/append.md): Adds a value to an existing array field, or creates the field as an array if it doesn’t exist.
 
 ## Add a processor [streams-add-processors]
 
@@ -41,7 +41,7 @@ To add a processor from the **Processing** tab:
 1. Select a processor from the **Processor** menu.
 1. Configure the processor and select **Create** to save the processor.
 
-After adding all desired processors and conditions, make sure to **Save changes**.
+After adding all desired processors and conditions, select **Save changes**.
 
 Refer to individual [supported processors](#streams-extract-processors) for more on configuring specific processors.
 
@@ -51,7 +51,7 @@ Editing processors with JSON is planned for a future release, and additional pro
 
 ### Add conditions to processors [streams-add-processor-conditions]
 
-You can add conditions to processors so they only run on data that meets those conditions. Each condition is a boolean expression evaluated for every document.
+You can add conditions to processors so they only run on data that meets those conditions. Each condition is a boolean expression that's evaluated for every document.
 
 To add a condition:
 
@@ -80,16 +80,16 @@ Streams processors support the following comparators:
 
 After you create processors, the **Data preview** tab simulates processor results with additional filtering options depending on the outcome of the simulation.
 
-When you add or edit processors, the **Data preview** updates automatically.
+When you add or edit processors, the **Data preview** tab updates automatically.
 
 :::{note}
 To avoid unexpected results, it's best to add processors rather than remove or reorder existing ones.
 :::
 
-**Data preview** loads 100 documents from your existing data and runs your changes against them.
+The **Data preview** tab loads 100 documents from your existing data and runs your changes against them.
 For any newly created processors and conditions, the preview results are reliable, and you can freely create and reorder during the preview.
 
-Select **Save changes** to apply your changes to the data stream.
+After making sure everything in the **Data preview** tab is correct, select **Save changes** to apply your changes to the data stream.
 
 If you edit the stream after saving your changes, keep the following in mind:
 
@@ -99,34 +99,32 @@ If you edit the stream after saving your changes, keep the following in mind:
 
 ### Ignore failures [streams-ignore-failures]
 
-Each processor has the option to **Ignore failures**. When enabled, processing of the document continues when the processor fails.
+Each processor has the **Ignore failures** option. When enabled, document processing continues when even if the processor fails.
 
 ### Ignore missing fields [streams-ignore-missing-fields]
 
-Dissect, grok, and rename processors include the **Ignore missing fields** option. When enabled, processing of the document continues when a source field is missing.
+Dissect, grok, and rename processors include the **Ignore missing fields** option. When enabled, document processing continues even if a source field is missing.
 
 ## Detect and resolve failures [streams-detect-failures]
 
 Documents can fail processing for various reasons. Streams helps you identify and resolve these issues before deploying changes.
 
-In the following screenshot, the **Failed** percentage indicates that not all messages matched the provided grok pattern:
+In the following screenshot, the **Failed** percentage indicates that some messages didn't match the provided grok pattern:
 
 ![Screenshot showing some failed documents](<../../../images/logs-streams-parsed.png>)
 
-You can filter your documents by selecting **Parsed** or **Failed** at the top of the table.
+You can filter your documents by selecting **Parsed** or **Failed** on the **Data preview** tab.
 Selecting **Failed** shows the documents that weren't parsed correctly:
 
 ![Screenshot showing the documents UI with Failed selected](<../../../images/logs-streams-failures.png>)
 
-Failures are displayed at the bottom of the process editor:
+Failures are displayed at the bottom of the process editor. Some failures may require fixes, while others simply serve as a warning:
 
 ![Screenshot showing failure notifications](<../../../images/logs-streams-processor-failures.png>)
 
-Some failures may require fixes, while others simply serve as a warning.
-
 ### Mapping conflicts [streams-processing-mapping-conflicts]
 
-As part of processing, Streams simulates your changes end to end to check for mapping conflicts. If a conflict is detected, Streams marks the processor as failed and displays a message like the following:
+As part of processing, Streams simulates your changes end to end to check for mapping conflicts. If it detects a conflict, Streams marks the processor as failed and displays a message like the following:
 
 ![Screenshot showing mapping conflict notifications](<../../../images/logs-streams-mapping-conflicts.png>)
 
@@ -140,9 +138,7 @@ Once saved, the processor displays its success rate and the fields it added.
 
 ## Advanced: How and where do these changes get applied to the underlying data stream? [streams-applied-changes]
 
-% make sure this is all still accurate.
-
-When you save processors, Streams modifies the best-matching ingest pipeline for the data stream. In short, it either chooses the best-matching pipeline ending in `@custom` in your data stream, or it adds one for you.
+When you save processors, Streams appends processing to the best-matching ingest pipeline for the data stream. It either chooses the best-matching pipeline ending in `@custom` in your data stream, or it adds one for you.
 
 Streams identifies the appropriate `@custom` pipeline (for example, `logs-myintegration@custom` or `logs@custom`) by checking the `default_pipeline` that is set on the data stream. You can view the default pipeline on the **Advanced** tab under **Ingest pipeline**.
 
@@ -177,5 +173,5 @@ You can still add your own processors manually to the `@custom` pipeline if need
 
 ## Known limitations [streams-known-limitations]
 
-- Streams does not support all processors. We are working on adding more processors in the future.
-- The data preview simulation may not accurately reflect the changes to the existing data when editing existing processors or re-ordering them. We will allow proper simulations using original documents in a future version.
+- Streams does not support all processors. More processors will be added in future versions.
+- The data preview simulation may not accurately reflect the changes to the existing data when editing existing processors or re-ordering them. Streams will allow proper simulations using original documents in a future version.

solutions/observability/streams/management/extract/grok.md

@@ -5,11 +5,11 @@ applies_to:
 ---
 # Grok processor [streams-grok-processor]
 
-The grok processor parses unstructured log messages using a set of predefined patterns to match the log messages and extract the fields. The Grok processor is very powerful and can parse a wide variety of log formats.
+The grok processor parses unstructured log messages using a set of predefined patterns to match the log messages and extract the fields. The grok processor is very powerful and can parse a wide variety of log formats.
 
-You can provide multiple patterns to the grok processor. The Grok processor will try to match the log message against each pattern in the order they are provided. If a pattern matches, the fields will be extracted and the remaining patterns will not be used.
+You can provide multiple patterns to the grok processor. The grok processor tries to match the log message against each pattern in the order they are provided. If a pattern matches, it extracts the fields and the remaining patterns won't be used.
 
-If a pattern doesn't match, the grok processor will try the next pattern. If no patterns match, the Grok processor will fail and you can troubleshoot the issue. Instead of writing grok patterns, you can have streams generate patterns for you. Refer to [generate patterns](#streams-grok-patterns) for more information.
+If a pattern doesn't match, the grok processor tries the next pattern. If no patterns match, the Grok processor will fail and you can troubleshoot the issue. Instead of writing grok patterns, you can have Streams generate patterns for you. Refer to [generate patterns](#streams-grok-patterns) for more information.
 
 :::{tip}
 To improve pipeline performance, start with the most common patterns first, then add more specific patterns. This reduces the number times the grok processor has to run.
@@ -44,7 +44,7 @@ Requires an LLM Connector to be configured.
 
 Instead of writing the Grok patterns by hand, you can use the **Generate Patterns** button to generate the patterns for you.
 
-Generated patterns work best on semi-structured data. For very custom logs with a lot of text, creating manual patterns general creates more accurate results.
+Generated patterns work best on semi-structured data. For very custom logs with a lot of text, creating patterns manually generally creates more accurate results.
 
 ![generated patterns](<../../../../images/logs-streams-patterns.png>)
 

solutions/observability/streams/management/extract/manual-pipeline-configuration.md

@@ -5,13 +5,13 @@ applies_to:
 ---
 # Manual pipeline configuration [streams-manual-pipeline-configuration]
 
-The **Manual pipeline configuration** lets you create a JSON-encoded array of ingest pipeline processors.
+The **Manual pipeline configuration** lets you create a JSON-encoded array of ingest pipeline processors.This is helpful if you want to add more advanced processing that isn't currently available as part of the UI-based processors.
 
 Refer to the following documentation for more on manually configuring processors:
 
 - [Create readable and maintainable ingest pipelines](../../../../../manage-data/ingest/transform-enrich/readable-maintainable-ingest-pipelines.md)
 - [Error handling in ingest pipelines](../../../../../manage-data/ingest/transform-enrich/error-handling.md)
-- [Ingest processor reference][elasticsearch://reference/enrich-processor]
+- [Ingest processor reference][elasticsearch://reference/enrich-processor.md]
 
 To manually create an array of ingest pipeline processors:
 

solutions/observability/streams/management/extract/set.md

@@ -12,7 +12,7 @@ To use a set processor:
 
 1. Select **Create** → **Create processor**.
 1. Select **Set** from the **Processor** menu.
-1. Set **Source Field** to the field you want to insert, upsert, or update
+1. Set **Source Field** to the field you want to insert, upsert, or update.
 1. Set **Value** to the value you want the source field to be set to.
 
 This functionality uses the {{es}} set pipeline processor. Refer to the [set processor](elasticsearch://reference/enrich-processor/set-processor.md) {{es}} documentation for more information.