Merge branch 'main' into 3408-cspm-index-privs

Author: benironside

deploy-manage/tools/snapshot-and-restore/searchable-snapshots.md

@@ -13,7 +13,7 @@ products:
 
 # Searchable snapshots [searchable-snapshots]
 ::::{important}
-Searchable snapshots is a feature that requires an Enteprise license. 
+Searchable snapshots is a feature that requires an Enterprise license. 
 ::::
 
 {{search-snaps-cap}} let you use [snapshots](../snapshot-and-restore.md) to search infrequently accessed and read-only data in a very cost-effective fashion. The [cold](../../../manage-data/lifecycle/data-tiers.md#cold-tier) and [frozen](../../../manage-data/lifecycle/data-tiers.md#frozen-tier) data tiers use {{search-snaps}} to reduce your storage and operating costs.

explore-analyze/query-filter/tools/saved-queries.md

@@ -16,20 +16,23 @@ For example, suppose you’re in **Discover**, and you’ve put time into buildi
 
 Saved queries are different than [saved Discover sessions](/explore-analyze/discover/save-open-search.md), which include the **Discover** configuration—selected columns in the document table, sort order, and {{data-source}}—in addition to the query. Discover sessions are primarily used for adding search results to a dashboard.
 
-## Saved query access [_saved_query_access]
+:::{note}
+Saved queries aren't available for {{esql}} queries. When using {{esql}}, the editor automatically keeps an [history of your most recent queries](/explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-query-history), and you can also [mark some as favorite](/explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-starred-queries) to find them faster later.
+:::
 
-If you have insufficient privileges to manage saved queries, you will be unable to load or save queries from the saved query management popover. For more information, see [Granting access to Kibana](elasticsearch://reference/elasticsearch/roles.md)
+## Saved queries requirements [_saved_query_access]
+
+You must have **Saved Query Management** privileges in {{kib}} to use saved queries.
 
 
 ## Save a query [_save_a_query]
 
-1. Once you’ve built a query worth saving, click the save query icon ![save query icon](/explore-analyze/images/kibana-saved-query-icon.png "").
-2. In the menu, select the item to save the query.
+1. Once you’ve built a query worth saving, open the {icon}`filter` **Query menu**.
+2. In the menu, select **Save query**.
 3. Enter a unique name.
 4. Choose whether to include or exclude filters and a time range. By default, filters are automatically included, but the time filter is not.
 5. Save the query.
-6. To load a saved query, select it in the **Saved query** menu.
 
-    The query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is.
+The query is saved. You can load it at any time by opening the **Query menu** again and selecting **Load query**.
 
-7. To add filters and clear saved queries, use the **Saved query** menu.
+When you load a saved query, the query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is.

manage-data/data-store/mapping/dynamic-templates.md

@@ -247,7 +247,7 @@ PUT my-index-000001
   }
 }
 
-PUT my-index/_doc/1
+PUT my-index-000001/_doc/1
 {
   "one_ip":   "will not match", <1>
   "ip_two":   "will not match", <2>

manage-data/data-store/text-analysis/token-graphs.md

@@ -34,7 +34,7 @@ In the following graph, `quick` and its synonym `fast` both have a position of `
 
 ## Multi-position tokens [token-graphs-multi-position-tokens]
 
-Some token filters can add tokens that span multiple positions. These can include tokens for multi-word synonyms, such as using "atm" as a synonym for "automatic teller machine."
+Some token filters can add tokens that span multiple positions. These can include tokens for multi-word synonyms, such as using "atm" as a synonym for "automatic teller machine".
 
 However, only some token filters, known as *graph token filters*, accurately record the `positionLength` for multi-position tokens. These filters include:
 

reference/fleet/manage-integrations.md

@@ -2,34 +2,34 @@
 navigation_title: Manage integrations
 mapped_pages:
   - https://www.elastic.co/guide/en/fleet/current/integrations.html
+applies_to:
+  stack: ga
+  serverless: ga
 products:
   - id: fleet
   - id: elastic-agent
 ---
 
 # Manage {{agent}} integrations [integrations]
 
+{{agent}} integrations provide a unified way to collect data from apps and services and to protect systems from security threats. 
 
-::::{admonition}
-Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
+Integrations are available for a wide array of services and platforms. To browse the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
 
-{{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats.
-
-Each integration comes prepackaged with assets that support all of your observability needs:
+{{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS) come prepackaged with assets that support your observability needs:
 
 * Data ingestion, storage, and transformation rules
 * Configuration options
 * Pre-built, custom dashboards and visualizations
 * Documentation
 
-::::
-
+{applies_to}`stack: preview 9.2.0` {{fleet}} also supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry data. For more information, refer to [Collect OpenTelemetry data with {{agent}} integrations](/reference/fleet/otel-integrations.md).
 
 ::::{note}
-Be aware that some integrations may function differently across different spaces. Also, some might only work in the default space. We recommend reviewing the specific integration documentation for any space-related considerations.
-
+Some integrations may function differently across different spaces, and some might only work in the default space. For any space-related considerations, review the documentation for the specific integration.
 ::::
 
+## Integration actions [integration-actions]
 
 The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too.
 
@@ -44,9 +44,8 @@ The following table shows the main actions you can perform in the **Integrations
 
 ::::{note}
 The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
-
 ::::
 
 :::{tip}
 Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
-:::
+:::

reference/fleet/otel-integrations.md

@@ -0,0 +1,47 @@
+---
+navigation_title: OpenTelemetry integration packages
+description: Fleet supports installing Elastic Agent integration packages for collecting and visualizing OpenTelemetry data such as logs, metrics, and traces.
+applies_to:
+  stack: preview 9.2
+  serverless: ga
+products:
+  - id: fleet
+  - id: elastic-agent
+---
+
+# Collect OpenTelemetry data with {{agent}} integrations
+
+{{fleet}} now supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry (OTel) data such as logs, metrics, and traces. To find the available OpenTelemetry integration packages, open the **Integrations** page in {{kib}}, then select the **OpenTelemetry** category.
+
+There are two types of OpenTelemetry integration packages:
+
+- Input packages which include an OTel Collector configuration.
+- Content packages which include {{es}} and {{kib}} assets such as prebuilt dashboards and visualizations.
+
+Unlike {{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS), OpenTelemetry input packages use OTel Collector receivers to collect OTel data following [OpenTelemetry semantic conventions](https://opentelemetry.io/docs/specs/semconv).
+
+When OTel data is collected using an OpenTelemetry input package, content packages with assets related to the collected data type are automatically installed if available.
+
+:::{important}
+OpenTelemetry input packages are used with {{fleet}} and {{agent}} running in default mode. They are distinct from [running {{agent}} as an EDOT Collector](/reference/fleet/otel-agent.md), and cannot be used on {{agent}} running in `otel` mode.
+:::
+
+## Configure OpenTelemetry input packages
+
+The installation and configuration of OpenTelemetry input packages is similar to that of ECS-based integrations and allow you to specify the namespace, dataset name, data stream type, and more. For more information, refer to [Add an integration to an {{agent}} policy](/reference/fleet/add-integration-to-policy.md).
+
+When the integration policy for the input package is created, {{fleet}} creates a managed index template with an OTel configuration and an index pattern with an `.otel` suffix. The index template uses {{fleet}} component templates for settings and OTel component templates for default mappings. It also includes `@custom` component templates that allow you to [customize your {{es}} index](/reference/fleet/data-streams.md#data-streams-index-templates-edit) similarly to ECS-based integrations.
+
+On the OpenTelemetry input package's **Configs** page, you can view a generated sample configuration, which you can use as a starting point to set up the integration on a standalone {{agent}}. 
+
+Note that this is a partial configuration as it does not include an exporter component. For more information on setting up the exporter, refer to [{{es}} exporter](elastic-agent://reference/edot-collector/components/elasticsearchexporter.md).
+
+:::{note}
+Currently, OpenTelemetry input packages only support sending data using the {{es}} output.
+:::
+
+## Compatibility with ECS-based integrations
+
+{{agent}} policies can include configurations for both ECS-based integrations and OpenTelemetry input packages, essentially converting the {{agents}} enrolled in the policy into hybrid agents.
+
+Note that only {{agents}} on version 9.2 or later can collect OTel data using OpenTelemetry input packages. OpenTelemetry input packages added to an agent policy do not affect enrolled agents on prior versions.

reference/fleet/toc.yml

@@ -149,6 +149,7 @@ toc:
       - file: upgrade-integration.md
       - file: managed-integrations-content.md
       - file: integrations-assets-best-practices.md
+      - file: otel-integrations.md
       - file: data-streams.md
         children:
           - file: data-streams-ilm-tutorial.md

solutions/images/security-turn-on-risk-engine.png

@@ -20,6 +20,10 @@ Most options in this section are supported by all APM Server deployment methods.
 
 The [Real User Monitoring (RUM) agent](apm-agent-rum-js://reference/index.md) captures user interactions with clients such as web browsers. These interactions are sent as events to the APM Server. Because the RUM agent runs on the client side, the connection between agent and server is unauthenticated. As a security precaution, RUM is therefore disabled by default.
 
+:::{important}
+To use RUM, you need a centralized APM Server, either running as standalone binary or managed through Fleet.
+:::
+
 :::::::{tab-set}
 
 ::::::{tab-item} APM Server binary

solutions/observability/apm/apm-server/configure-real-user-monitoring-rum.md

@@ -11,12 +11,17 @@ products:
 
 # Connect to your own local LLM
 
+:::{important}
+Elastic doesn’t support the setup and configuration of local LLMs. The example provided is for reference only.
+Before using a local LLM, evaluate its performance according to the [LLM performance matrix](./llm-performance-matrix.md#evaluate-your-own-model).
+:::
+
 This page provides instructions for setting up a connector to a large language model (LLM) of your choice using LM Studio. This allows you to use your chosen model within the {{obs-ai-assistant}}. You’ll first need to set up LM Studio, then download and deploy a model via LM studio and finally configure the connector in your Elastic deployment.
 
 ::::{note}
 If your Elastic deployment is not on the same network, you must configure an Nginx reverse proxy to authenticate with Elastic. Refer to [Configure your reverse proxy](https://www.elastic.co/docs/solutions/security/ai/connect-to-own-local-llm#_configure_your_reverse_proxy) for more detailed instructions.
 
-You do not have to set up a proxy if LM Studio is running locally, or on the same network as your Elastic deployment. 
+You do not have to set up a proxy if LM Studio is running locally, or on the same network as your Elastic deployment.
 ::::
 
 ::::{note}
@@ -85,7 +90,7 @@ Once you’ve downloaded a model, use the following commands in your CLI:
 4. Load a model: `lms load llama-3.3-70b-instruct --context-length 64000 --gpu max`.
 
 ::::{important}
-When loading a model, use the `--context-length` flag with a context window of 64,000 or higher. 
+When loading a model, use the `--context-length` flag with a context window of 64,000 or higher.
 Optionally, you can set how much to offload to the GPU by using the `--gpu` flag. `--gpu max` will offload all layers to GPU.
 ::::