Placeholder fields

Author: nastasha-solomon

raw-migrated-files/docs-content/serverless/security-osquery-placeholder-fields.md

@@ -288,7 +288,6 @@ toc:
       - file: docs-content/serverless/security-llm-performance-matrix.md
       - file: docs-content/serverless/security-machine-learning.md
       - file: docs-content/serverless/security-ml-requirements.md
-      - file: docs-content/serverless/security-osquery-placeholder-fields.md
       - file: docs-content/serverless/security-overview-dashboard.md
       - file: docs-content/serverless/security-policies-page.md
       - file: docs-content/serverless/security-posture-faq.md

raw-migrated-files/toc.yml

@@ -4,14 +4,7 @@ mapped_urls:
   - https://www.elastic.co/guide/en/serverless/current/security-osquery-placeholder-fields.html
 ---
 
-# Use placeholder fields in Osquery queries
-
-% What needs to be done: Lift-and-shift
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/osquery-placeholder-fields.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-osquery-placeholder-fields.md
+# Use placeholder fields in Osquery queries [security-osquery-placeholder-fields]
 
 Instead of hard-coding alert and event values into Osquery queries, you can use placeholder fields to dynamically pass this data into queries. Placeholder fields function like parameters. You can use placeholder fields to build flexible and reusable queries.
 
@@ -33,7 +26,9 @@ Queries with placeholder fields can only run against alerts or events. Otherwise
 
 The following query uses the `{{host.name}}` placeholder field:
 
-`SELECT * FROM os_version WHERE name = {{host.os.name}}`
+```sql
+SELECT * FROM os_version WHERE name = {{host.os.name}}
+```
 
 When you run the query, the value that’s stored in the alert or event’s `host.name` field will be transferred to the `{{host.os.name}}` placeholder field.