elastic
diff --git a/‎deploy-manage/monitor/logging-configuration/auditing-search-queries.md‎
Lines changed: 2 additions & 1 deletion b/‎deploy-manage/monitor/logging-configuration/auditing-search-queries.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎deploy-manage/monitor/logging-configuration/configuring-audit-logs.md‎
Lines changed: 1 addition & 1 deletion b/‎deploy-manage/monitor/logging-configuration/configuring-audit-logs.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy-manage/monitor/logging-configuration/correlating-kibana-elasticsearch-audit-logs.md‎
Lines changed: 2 additions & 1 deletion b/‎deploy-manage/monitor/logging-configuration/correlating-kibana-elasticsearch-audit-logs.md‎
Lines changed: 2 additions & 1 deletion
@@ -6,11 +6,12 @@ applies:
   ece: all
   eck: all
   stack: all
+  serverless: unavailable
 ---
 
 # Audit Elasticsearch search queries [auditing-search-queries]
 
-There is no [audit event type](elasticsearch-audit-events.md) specifically dedicated to search queries. Search queries are analyzed and then processed; the processing triggers authorization actions that are audited. However, the original raw query, as submitted by the client, is not accessible downstream when authorization auditing occurs.
+There is no [audit event type]() (asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events) specifically dedicated to search queries. Search queries are analyzed and then processed; the processing triggers authorization actions that are audited. However, the original raw query, as submitted by the client, is not accessible downstream when authorization auditing occurs.
 
 Search queries are contained inside HTTP request bodies, however, and some audit events that are generated by the REST layer, on the coordinating node, can be toggled to output the request body to the audit log. Therefore, one must audit request bodies in order to audit search queries.
 
 
@@ -24,7 +24,7 @@ When auditing security events, a single client request might generate multiple a
     ::::
 
 For a complete description of event details and format, refer to the following resources:
-  * [{{es}} audit events details and schema](/deploy-manage/monitor/logging-configuration/elasticsearch-audit-events.md)
+  * [{{es}} audit events details and schema]() asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events
   * [{{es}} log entry output format](/deploy-manage/monitor/logging-configuration/logfile-audit-output.md#audit-log-entry-format)
 
 ### Kibana auditing configuration
 
@@ -7,6 +7,7 @@ applies:
   ece: all
   eck: all
   stack: all
+  serverless: unavailable
 ---
 
 # Correlating audit events [xpack-security-ecs-audit-correlation]
@@ -23,7 +24,7 @@ When an {{es}} request generates multiple audit events across multiple nodes, yo
 
 This identifier allows you to trace the flow of a request across the {{es}} cluster and reconstruct the full context of an operation.
 
-Refer to [](./elasticsearch-audit-events.md) for a complete reference of event types and attributes.
+Refer to [linkTBD]() asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events for a complete reference of event types and attributes.
 
 ## `trace.id` field in {{kib}} audit events