cleanup

nastasha-solomon · nastasha-solomon · commit 75018ff86b61 · 2025-10-12T12:30:01.000-04:00
diff --git a/explore-analyze/alerts-cases/cases/cases-as-data.md b/explore-analyze/alerts-cases/cases/cases-as-data.md
@@ -9,6 +9,10 @@ applies_to:
 
 The cases as data feature lets you visualize data about cases in your [space](/deploy-manage/manage-spaces.md). After turning it on, you can query case data from dedicated case analytics indices and build dashboards and visualizations to track case trends and operational metrics. This information is particularly useful when reporting on key performance indicators (KPIs) such as Mean Time To Respond (MTTR), case severity trends, and analyst workload.
 
+::::{admonition} Requirements
+To use cases as data, you must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers.
+::::
+
 ## Turn on cases as data [turn-on-cases-as-data]
 
 To turn on cases as data, add `xpack.cases.incrementalId.enabled: true` to your [`kibana.yml`](/deploy-manage/stack-settings.md) file.
@@ -19,31 +23,26 @@ To turn on cases as data, add `xpack.cases.incrementalId.enabled: true` to your
 
 ## Create and manage indices for case data [create-manage-case-analytics-indices]
 
-After turning on cases as data, you do not need to manually create the analytics indices. {{es}} automatically creates the indices in any space with cases and for each solution ({{stack-manage-app}}, {{observability}}, and Security cases). To form the analytics indices, it indexes general data about cases and data related to case comments, attachments, and activity.
+After turning on cases as data, you do not need to manually create the analytics indices. {{es}} will automatically create them for you in any space with cases and for each solution ({{stack-manage-app}}, {{observability}}, and Security). The indices are populated with general case data as well as data related to case comments, attachments, and activity.
 
-You also do not need to manually manage the analytics indices' index lifecycle management (ILM) policies. The indices are updated by a background task that runs every five minutes and applies a snapshot of the most current cases data. Note that historical case data is not retained; it gets overwritten whenever the indices are refreshed.
+You also do not need to manually manage the lifecycle policies of the analytics indices. Every five minutes, a background task runs to refresh the indices with a snapshot of the most current cases data. During the refresh, historical case data is overwritten. 
 
 ::::{note} 
-There may be delays in indexing data and creating indices:
 - After making new cases, it may take up to 10 minutes to index the new case data. 
 - After making a new space, it can take up to an hour for the case analytics indices for that space to form.  
 ::::
 
-## Explore case data [explore-case-data]
+## Grant access to case analytics indices [case-analytics-indices-privs]
 
-::::{admonition} Requirements
-* Your role needs at least `read` and `view_index_metadata` access to the appropriate case analytics indices.
-* You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers.
-::::
+Ensure your role has at least `read` and `view_index_metadata` access to the appropriate [case analytics indices](../../../explore-analyze/alerts-cases/cases/cases-as-data.md#case-analytics-indices-names).
 
-To explore case data:
+## Explore and visualize case data with Discover [explore-case-data]
 
-1. Create a [data view](../../../explore-analyze/find-and-organize/data-views.md) that uses any of the case analytics indices.
-2. Search and filter the case data in [Discover](../../discover.md) or build visualizations for dashboards in [Lens](../../visualize/lens.md). 
+ By default, {{kib}} requires a [{{data-source}}](../../find-and-organize/data-views.md) to access your Elasticsearch data. When creating a {{data-source}} for case data, point to one or more [case analytics indices or their aliases](../../../explore-analyze/alerts-cases/cases/cases-as-data.md#case-analytics-indices-names).
 
-To help you start visualizing your case data, here are some sample {{esql}} queries that you can run from the [{{esql}} editor](../../../explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-get-started) in Discover.
+You can also [try {{esql}}](../../../explore-analyze/discover/try-esql.md), that lets you query any data you have in {{es}} without specifying a {{data-source}} first. Here are some sample queries to get you started:
 
-* Find the total number of open cases in the default space:
+* Find the total number of open {{observability}} cases in the default space:
 
   ```console
   FROM .internal.cases.default-observability | STATS count = COUNT(*) BY status | WHERE status  == "open"
@@ -75,14 +74,14 @@ To help you start visualizing your case data, here are some sample {{esql}} quer
 
 ## Case analytics indices names and aliases [case-analytics-indices-names]
 
-This section provides the names and aliases of the case analytics indices that {{es}} creates per space and solution. Note that `<space-name>` is a placeholder for the name of a space.  
+{{es}} automatically creates the following case analytics indices and their aliases in spaces with case data. 
 
 ::::{note} 
 Go to
 % [Case analytics indices schema](kibana://reference/case-analytics-indices-schema.md) for schema details. 
 ::::
 
-### Indices for general case data 
+### General case data 
 
 These indices store general data about cases. 
 
@@ -92,29 +91,29 @@ These indices store general data about cases.
 | `.internal.cases.<space-name>-observability` |  `.cases.<space-name>-observability` | {{observability}} cases   | 
 | `.internal.cases.<space-name>-securitysolution` |  `.cases.<space-name>-securitysolution` | Security cases  | 
 
-### Indices for case comments
+### Case comments
 
-These indices store data related to comments in Stack Management, {{observability}}, and Security cases.
+These indices store data related to comments.
 
 | Index    | Alias | Created for | 
 | ---------------------------- | ---------------------- |----------------------------------------- | 
 | `.internal.cases-comments.<space-name>-cases` |  `.cases-comments.<space-name>-cases` | Stack Management cases    | 
 | `.internal.cases-comments.<space-name>-observability` |  `.cases-comments.<space-name>-observability` | {{observability}} cases    | 
 | `.internal.cases-comments.<space-name>-securitysolution` |  `.cases-comments.<space-name>-securitysolution` | Security cases   | 
 
-### Indices for case attachments 
+### Case attachments 
 
-These indices store data related to attachments in Stack Management, {{observability}}, and Security cases.
+These indices store data related to attachments.
 
 | Index    | Alias | Created for | 
 | ---------------------------- | ---------------------- |----------------------------------------- | 
 | `.internal.cases-attachments.<space-name>-cases` |  `.cases-attachments.<space-name>-cases` | Stack Management cases    | 
 | `.internal.cases-attachments.<space-name>-observability` |  `.cases-attachments.<space-name>-observability` | {{observability}} cases    | 
 | `.internal.cases-attachments.<space-name>-securitysolution` |  `.cases-attachments.<space-name>-securitysolution` | Security cases    | 
 
-### Indices for case activity 
+### Case activity 
 
-These indices store data related to activity in Stack Management, {{observability}}, and Security cases.
+These indices store data related to activity.
 
 | Index    | Alias | Created for | 
 | ---------------------------- | ---------------------- |----------------------------------------- | 
