fixes

Author: shainaraskas

deploy-manage/monitor/autoops.md

@@ -10,6 +10,8 @@ applies_to:
 
 AutoOps diagnoses issues in Elasticsearch by analyzing hundreds of metrics, providing root-cause analysis and accurate resolution paths. With AutoOps, customers can prevent and resolve issues, cut down administration time, and optimize resource utilization.
 
+AutoOps is currently only available for [{{ech}} deployments](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md).
+
 :::{image} ../../images/cloud-autoops-overview-page.png
 :alt: The Overview page
 :::
@@ -41,23 +43,22 @@ AutoOps diagnoses issues in Elasticsearch by analyzing hundreds of metrics, prov
 
 ## AutoOps retention period [ec_autoops_retention_period]
 
-AutoOps currently has a four-day retention period for all Cloud Hosted customers.
+AutoOps currently has a four-day retention period for all {{ech}} customers.
 
 
 ## AutoOps scope [ec_autoops_scope]
 
-AutoOps currently monitors only {{es}}, not the entire {{stack}}. Any deployment information pertains solely to {{es}}. AutoOps supports {{es}} version according to the [supported Elastic Stack versions](https://www.elastic.co/support/eol). There are plans to expand AutoOps monitoring to the entire stack.
-
-
-
-
-
-
-
-
-
-
+AutoOps currently monitors only {{es}}, not the entire {{stack}}. Any deployment information pertains solely to {{es}}. AutoOps supports {{es}} versions according to the [supported {{es}} versions](https://www.elastic.co/support/eol). There are plans to expand AutoOps monitoring to the entire stack.
 
 
+## Section overview
 
+In this section, you'll find the following information:
 
+* How to [open AutoOps](/deploy-manage/monitor/autoops/ec-autoops-how-to-access.md) for your deployment.
+* The contents of [AutoOps events](/deploy-manage/monitor/autoops/ec-autoops-events.md).
+* The [views](/deploy-manage/monitor/autoops/views.md) AutoOps offers to gain insight into facets of your deployment.
+* [Notification settings](/deploy-manage/monitor/autoops/ec-autoops-notifications-settings.md) that allow you to specify when and how to be notified.
+* [Event settings](/deploy-manage/monitor/autoops/ec-autoops-event-settings.md) that allow you to fine-tune when events are triggered, and a method to [dismiss](/deploy-manage/monitor/autoops/ec-autoops-dismiss-event.md) certain categories of events.
+* The [regions](/deploy-manage/monitor/autoops/ec-autoops-regions.md) where AutoOps is available.
+* Additional [frequently asked questions](/deploy-manage/monitor/autoops/ec-autoops-faq.md).

deploy-manage/monitor/autoops/ec-autoops-event-settings.md

@@ -6,12 +6,12 @@ applies_to:
     ess: all
 ---
 
-# Events Settings [ec-autoops-event-settings]
+# Event Settings [ec-autoops-event-settings]
 
 AutoOps events are triggered when specific conditions are met and are closed when those conditions are no longer satisfied. An event can be triggered by multiple conditions, and each event comes with a default setting that can be adjusted differently for each connected deployment.
 
 ::::{note}
-Only a user with Cloud Organization Owner role can set up notifications.
+Only **Organization owners** can set up notifications.
 ::::
 
 

deploy-manage/monitor/autoops/ec-autoops-events.md

@@ -8,45 +8,22 @@ applies_to:
 
 # AutoOps events [ec-autoops-events]
 
-An AutoOps event provides a detailed analysis of a specific issue, including why it was triggered and the steps needed to resolve it. The following sections provide you with comprehensive insights and context around issues, the reasons why the event was created, as well as the affected nodes and indices with high indexing activity.
+An AutoOps event provides a detailed analysis of a specific issue, including why it was triggered and the steps needed to resolve it. 
 
 :::{image} ../../../images/cloud-autoops-events.png
 :alt: AutoOps events
 :::
 
+The following sections provide you with comprehensive insights and context around issues, the reasons why the event was created, as well as the affected nodes and indices with high indexing activity.
 
-## What was detected [ec-autoops-what-was-detected]
-
-This section describes the reasons for which the event was created, as well as links to drill down into the issue.
-
-
-## Recommendations [ec-autoops-recommendations]
-
-AutoOps provides a set of recommendations. The sequence of their appearance indicates the suggested order of steps to address the issue.
-
-
-## Event duration [ec-autoops-event-duration]
-
-The time the event was detected (opened at) and the time AutoOps identified that the issue no longer exists (closed at). The closing of an event does not necessarily indicate that the customer resolved the issue, but rather that AutoOps no longer detects it.
-
-
-## Background and impact [ec-autoops-background-impact]
-
-Provides background and context as to why an event is important, and the impact it can have on performance and stability.
-
-
-## Event timeline chart [ec-autoops-event-timeline]
-
-This chart visually represents metrics related to an issue. It appears only for events with dynamic metrics. For example, load issues will have this section, while settings-related issues will not. The event timeline chart displays just the last 15 minutes.
-
-
-## Event severity [ec-autoops-event-severity]
-
-Events are categorized into three levels of severity - high, medium, and low - based on their potential impact on cluster performance and stability:
-
-* **High**: Events can immediately cause significant usability, performance and stability problems.
-* **Medium**: Events may lead to severe problems if not addressed.
-* **Low**: Events have minimal/not urgent impact.
+| Section | Description |
+| --- | --- |
+| What was detected | This section describes the reasons for which the event was created, as well as links to drill down into the issue. |
+| Recommendations | AutoOps provides a set of recommendations. The sequence of their appearance indicates the suggested order of steps to address the issue. |
+| Event duration | The time the event was detected (opened at) and the time AutoOps identified that the issue no longer exists (closed at). The closing of an event does not necessarily indicate that the customer resolved the issue, but rather that AutoOps no longer detects it. |
+| Background and impact | Provides background and context as to why an event is important, and the impact it can have on performance and stability. |
+| Event timeline chart | This chart visually represents metrics related to an issue. It appears only for events with dynamic metrics. For example, load issues will have this section, while settings-related issues will not. The event timeline chart displays just the last 15 minutes. |
+| Event severity | Events are categorized into three levels of severity - high, medium, and low - based on their potential impact on cluster performance and stability: <br><br>- **High**: Events can immediately cause significant usability, performance and stability problems.<br>- **Medium**: Events may lead to severe problems if not addressed.<br>- **Low**: Events have minimal/not urgent impact. |
 
 
 ## Event settings [ec-autoops-event-customize]

deploy-manage/monitor/autoops/ec-autoops-how-to-access.md

@@ -9,7 +9,7 @@ applies_to:
 # How to access AutoOps [ec-autoops-how-to-access]
 
 ::::{note}
-AutoOps supports {{es}} version according to the [supported Elastic Stack versions](https://www.elastic.co/support/eol).
+AutoOps supports {{es}} versions according to the [supported Elastic Stack versions](https://www.elastic.co/support/eol).
 ::::
 
 

deploy-manage/monitor/autoops/ec-autoops-notifications-settings.md

@@ -6,7 +6,7 @@ applies_to:
     ess: all
 ---
 
-# Notifications settings [ec-autoops-notifications-settings]
+# Notifications Settings [ec-autoops-notifications-settings]
 
 AutoOps can notify you of new events opened or closed through various methods and operation management tools. With a customizable mechanism, you can specify which events you want to be notified about, how you wish to receive these notifications, and their frequency.
 
@@ -60,18 +60,22 @@ The following connectors are available with AutoOps:
 * [Microsoft Teams Configuration](#ec-autoops-ms-configuration)
 * [Webhook](#ec-autoops-webhook)
 
-### Email [email]
+:::{dropdown} Email
+$$$email$$$
 
 To set up notifications via email, follow these steps:
 
 1. Add a new **Email** connector.
 2. Add a list of emails.
    You can add up to 40 emails for a single email connector, and opt in to get alerts also when events close.
-4. To receive notifications, scroll down the **Notification** page and click **Add**.
-5. Fill in the filter details.
-6. Select the events that you want to send to this connector.
+3. To receive notifications, scroll down the **Notification** page and click **Add**.
+4. Fill in the filter details.
+5. Select the events that you want to send to this connector.
+:::
 
-### PagerDuty [ec-autoops-pagerduty]
+:::{dropdown} PagerDuty 
+
+$$$ec-autoops-pagerduty$$$
 
 The PagerDuty integration consists of the following parts:
 
@@ -86,9 +90,12 @@ The PagerDuty integration consists of the following parts:
 2. To receive Slack notifications, add a notification filter. Scroll down the Notification page and click **Add**.
 3. Fill in the filter details.
 4. Select the events that should be sent to this output.
+:::
 
 
-### Slack [ec-autoops-slack]
+:::{dropdown} Slack
+
+$$$ec-autoops-slack
 
 To set up a webhook to send AutoOps notifications to a Slack channel, go through the following steps.
 
@@ -103,8 +110,12 @@ To set up a webhook to send AutoOps notifications to a Slack channel, go through
 9. Copy the webhook URL to set up the webhook notification endpoint in AutoOps.
 10. Add the webhook URL when creating the endpoint.
 
+:::
+
+
+:::{dropdown} VictorOps 
 
-### VictorOps [ec-autoops-victorops]
+$$$ec-autoops-victorops$$$
 
 The VictorOps integration consists of the following parts:
 
@@ -119,9 +130,12 @@ The VictorOps integration consists of the following parts:
 2. To receive Slack notifications, add a notification filter. Scroll down the Notification page and click Add.
 3. Fill in the filter details.
 4. Select the events that should be sent to this output.
+:::
+
 
+:::{dropdown} Opsgenie 
 
-### Opsgenie [ec-autoops-opsgenie]
+$$$ec-autoops-opsgenie$$$
 
 The Opsgenie integration consists of the following parts:
 
@@ -141,9 +155,11 @@ The Opsgenie integration consists of the following parts:
 4. To receive notifications on Opsgenie, you need to add a notification filter. Scroll down the **Notification** page and click **Add**.
 5. Fill in the filter details.
 6. Select events that should be sent to this output.
+:::
 
+:::{dropdown} Microsoft Teams 
 
-### Microsoft Teams Configuration [ec-autoops-ms-configuration]
+$$$ec-autoops-ms-configuration$$$
 
 To create an incoming webhook on your Microsoft Teams, follow [these instructions](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook).
 
@@ -155,43 +171,47 @@ Save the URL displayed during the creation of the incoming webhook, as you will
 2. To receive notifications into Microsoft Teams, you need to add a notification filter. Scroll down the Notification page and click Add.
 3. Fill in the filter details.
 4. Select events that should be sent to this output.
+:::
 
 
-### Webhook [ec-autoops-webhook]
+::::{dropdown} Webhook 
+
+$$$ec-autoops-webhook$$$
 
 A webhook enables an application to provide other applications with real-time information. A webhook is a user-defined HTTP callback (HTTP POST), which is triggered by specific events.
 
 **How to add a webhook notification**
 
 1. Go to **Settings** → **Notifications*** → ***Endpoint settings** and click **Add**.
-2. Select Webhook from the drop-dowon list and enter the following details:
+2. Select Webhook from the drop-down list and enter the following details:
 
-    * Name: It must be a unique name for this webhook.
-    * URL: This is the endpoint to which HTTP POST requests will be sent when events occur.
-    * Method: POST
-    * Header: Content-Type, application/Json
+    * **Name**: It must be a unique name for this webhook.
+    * **URL**: This is the endpoint to which HTTP POST requests will be sent when events occur.
+    * **Method**: POST
+    * **Header**: Content-Type, application/Json
 
 3. Review and update the message as it appears in the body section. AutoOps provides a set of optional fields to use in the message. Read your application documentation for the expected message schema.
 
-    * RESOURCE_ID – Customer Deployment ID
-    * RESOURCE_NAME – Customer Deployment name
-    * TITLE – The title of the event.
-    * DESCRIPTION – The description of the issue that was found.
-    * SEVERITY – One of the 3 severity levels (High, Medium and Low).
-    * STATUS – Indicate if the event is currently open or close.
-    * MESSAGE – The background and impact of the issue
-    * START_TIME – The time the event was open.
-    * END_TIME – The time the event was closed.
-    * ENDPOINT_TYPE – The type of the endpoint (Slack, PagerDuty, Webhook, Opsgenie, VictorOps and MS Teams).
-    * AFFECTED_NODES – List of node names.
-    * AFFECTED_INDICES – List of indices names.
-    * EVENT_LINK – Direct link to the event in AutoOps.
-
-4. Click Validate to check your settings and click **Save**.
+    * `RESOURCE_ID`: Customer Deployment ID
+    * `RESOURCE_NAME`: Customer Deployment name
+    * `TITLE`: The title of the event.
+    * `DESCRIPTION`: The description of the issue that was found.
+    * `SEVERITY`: One of the 3 severity levels (High, Medium and Low).
+    * `STATUS`: Indicate if the event is currently open or close.
+    * `MESSAGE`: The background and impact of the issue
+    * `START_TIME`: The time the event was open.
+    * `END_TIME`: The time the event was closed.
+    * `ENDPOINT_TYPE`: The type of the endpoint (Slack, PagerDuty, Webhook, Opsgenie, VictorOps and MS Teams).
+    * `AFFECTED_NODES`: List of node names.
+    * `AFFECTED_INDICES`: List of indices names.
+    * `EVENT_LINK`: Direct link to the event in AutoOps.
+
+4. Click **Validate** to check your settings, and then click **Save**.
 5. Optionally, you can test the webhook integration by using the [webhook.site](https://webhook.site/#!/view/fe9d630e-2f01-44b7-9e41-ef9520fbe9a7).
 
-::::{note}
+:::{note}
 When the Endpoint settings have been completed, continue to set up the notification filter to define which events you’d like to be notified about.
+:::
 ::::
 
 ## Notifications report [ec-notification-report]

deploy-manage/monitor/autoops/views.md

@@ -0,0 +1,17 @@
+---
+applies_to:
+  deployment:
+    ess: all
+navigation_title: Views
+---
+
+# AutoOps views
+
+AutoOps offers the following views to gain further insight into difference facets of your deployment:
+
+* [](/deploy-manage/monitor/autoops/ec-autoops-overview-view.md)
+* [](/deploy-manage/monitor/autoops/ec-autoops-deployment-view.md)
+* [](/deploy-manage/monitor/autoops/ec-autoops-nodes-view.md)
+* [](/deploy-manage/monitor/autoops/ec-autoops-index-view.md)
+* [](/deploy-manage/monitor/autoops/ec-autoops-shards-view.md)
+* [](/deploy-manage/monitor/autoops/ec-autoops-template-optimizer.md)

deploy-manage/monitor/logging-configuration.md

@@ -12,4 +12,43 @@ applies_to:
 
 % GitHub issue: https://github.com/elastic/docs-projects/issues/350
 
-⚠️ **This page is a work in progress.** ⚠️
+⚠️ **This page is a work in progress.** ⚠️
+
+
+## Logging features [ECE/ECH] [extra-logging-features]
+
+When shipping logs to a monitoring deployment there are more logging features available to you. These features include:
+
+
+### For {{es}} [extra-logging-features-elasticsearch]
+
+* [Audit logging](../logging-configuration/enabling-audit-logs.md) - logs security-related events on your deployment
+* [Slow query and index logging](elasticsearch://reference/elasticsearch/index-settings/slow-log.md) - helps find and debug slow queries and indexing
+* Verbose logging - helps debug stack issues by increasing component logs
+
+After you’ve enabled log delivery on your deployment, you can [add the Elasticsearch user settings](../../deploy/cloud-enterprise/edit-stack-settings.md) to enable these features.
+
+
+### For {{kib}} [extra-logging-features-kibana]
+
+* [Audit logging](../logging-configuration/enabling-audit-logs.md) - logs security-related events on your deployment
+
+After you’ve enabled log delivery on your deployment, you can [add the {{kib}} user settings](../../deploy/cloud-enterprise/edit-stack-settings.md) to enable this feature.
+
+
+### Other components [extra-logging-features-enterprise-search]
+
+Enabling log collection also supports collecting and indexing the following types of logs from other components in your deployments:
+
+**APM**
+
+* `apm*.log*`
+
+**Fleet and Elastic Agent**
+
+* `fleet-server-json.log-*`
+* `elastic-agent-json.log-*`
+
+The `*` indicates that we also index the archived files of each type of log.
+
+Check the respective product documentation for more information about the logging capabilities of each product.

deploy-manage/monitor/logging-configuration/update-elasticsearch-logging-levels.md

@@ -19,22 +19,12 @@ You can use {{es}}'s application logs to monitor your cluster and diagnose issue
 On [Docker](../../deploy/self-managed/install-elasticsearch-with-docker.md), log messages go to the console and are handled by the configured Docker logging driver. To access logs, run `docker logs`.
 ::::::
 
-::::::{tab-item} Debian (APT)
-For [Debian installations](../../deploy/self-managed/install-elasticsearch-with-debian-package.md), {{es}} writes logs to `/var/log/elasticsearch`.
+::::::{tab-item} Debian (APT) and RPM
+For [Debian](../../deploy/self-managed/install-elasticsearch-with-debian-package.md) and [RPM](../../deploy/self-managed/install-elasticsearch-with-rpm.md) installations, {{es}} writes logs to `/var/log/elasticsearch`.
 ::::::
 
-::::::{tab-item} RPM
-For [RPM installations](../../deploy/self-managed/install-elasticsearch-with-rpm.md), {{es}} writes logs to `/var/log/elasticsearch`.
-::::::
-
-::::::{tab-item} macOS
-For [macOS `.tar.gz`](../../deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos.md) installations, {{es}} writes logs to `$ES_HOME/logs`.
-
-Files in `$ES_HOME` risk deletion during an upgrade. In production, we strongly recommend you set `path.logs` to a location outside of `$ES_HOME`. See [Path settings](../../deploy/self-managed/important-settings-configuration.md#path-settings).
-::::::
-
-::::::{tab-item} Linux
-For [Linux `.tar.gz`](../../deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos.md) installations, {{es}} writes logs to `$ES_HOME/logs`.
+::::::{tab-item} macOS and Linux
+For [macOS and Linux `.tar.gz`](../../deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos.md) installations, {{es}} writes logs to `$ES_HOME/logs`.
 
 Files in `$ES_HOME` risk deletion during an upgrade. In production, we strongly recommend you set `path.logs` to a location outside of `$ES_HOME`. See [Path settings](../../deploy/self-managed/important-settings-configuration.md#path-settings).
 ::::::