Merge branch 'main' into leemthompo/move-syntax-guide

Author: leemthompo

deploy-manage/deploy/cloud-enterprise/deployment-templates.md

@@ -45,7 +45,7 @@ The system deployment templates available by default are:
 
 * **Elastic Observability template**
 
-    This template allows you to consolidate your logs, metrics, application traces, and system availability with purpose-built UIs. Check the [**Elastic Observability**](../../../solutions/observability/get-started/what-is-elastic-observability.md) documentation for more information.
+    This template allows you to consolidate your logs, metrics, application traces, and system availability with purpose-built UIs. Check the [**Elastic Observability**](/solutions/observability.md) documentation for more information.
 
 ## Instance configurations [ece-getting-started-instance-configurations]
 

explore-analyze/_snippets/import-discover-query-controls-into-dashboard.md

@@ -1,4 +1,4 @@
-To add a Discover query to a dashboard in a way that preserves the [controls created from Discover](/explore-analyze/discover/try-esql.md#add-variable-control-discover) and also adds them to the dashboard, do as follows:
+To add a Discover query to a dashboard in a way that preserves the [controls created from Discover](/explore-analyze/discover/try-esql.md#add-variable-control) and also adds them to the dashboard, do as follows:
 
 1. Save the {{esql}} query containing the variable control into a Discover session. If your Discover session contains several tabs, only the first tab will be imported to the dashboard.
 

explore-analyze/_snippets/multi-value-esql-controls.md

@@ -0,0 +1,17 @@
+You can create controls that let users select multiple values. To do that:
+
+1. Add the [`MV_CONTAINS`](elasticsearch://reference/query-languages/esql/functions-operators/mv-functions.md#esql-mv_contains) function to your query, and [create a variable](#add-variable-control) as one of its parameters. For example:
+
+    ```esql
+    FROM logs-* | WHERE MV_CONTAINS(?values, field)
+    ```
+
+    :::{note}
+    Multi-selection is only available for `?values` variables. It is not available for `??fields` and `??functions` variables.
+    :::
+
+2. When defining the control, select the **Allow multiple selections** option.
+
+3. Save the control.
+
+The newly configured control becomes available and allows users to select multiple values.

explore-analyze/_snippets/variable-control-form.md

@@ -0,0 +1,22 @@
+1. While you edit your {{esql}} query, the autocomplete menu suggests adding a control when relevant or when you type `?` in the query. Select **Create control**.
+
+   ![ESQL query prompting to add a control](/explore-analyze/images/esql-visualization-control-suggestion.png " =40%")
+
+2. A menu opens to let you configure the control. This is where you can specify:
+
+    * The type of the control. 
+      * For controls with **Static values**, enter available controls manually or select them from the dropdown list. 
+      * For controls with **Values from a query**, write an {{esql}} query to populate the list of options.
+    * The name of the control. This name is used to reference the control in {{esql}} queries. 
+      * Start the name with `?` if you want the options to be simple static values.
+      * Start the name with `??` if you want the options to be fields or functions. {applies_to}`stack: ga 9.1`
+    * The values users can select for this control. You can add multiple values from suggested fields, or type in custom values. If you selected **Values from a query**, you must instead write an {{esql}} query at this step.
+    * The label of the control. This is the label displayed in **Discover** or in the dashboard.
+    * The width of the control.
+    * Whether the control should allow selecting a single value or multiple values. This [requires using the `MV_CONTAINS` function in your query](#esql-multi-values-controls). {applies_to}`stack: preview 9.3` {applies_to}`serverless: preview`
+
+    ![ESQL control settings](/explore-analyze/images/esql-visualization-control-settings.png "title =40%")
+
+3. Save the control.
+
+The variable is inserted into your query, and the control appears.

explore-analyze/_snippets/variable-control-procedure.md

@@ -109,29 +109,30 @@ Only **Options lists** are supported for {{esql}}-based controls. Options can be
 - functions {applies_to}`stack: ga 9.1`
 :::
 
-1. Use one of the following options to start creating a variable control:
-   - In **Edit** mode, select **Add** > **Controls** > **Variable control** in the toolbar. 
-   - On the **Create variable control** flyout, while editing your {{esql}} visualization's query, the autocomplete menu suggests adding a control when relevant or when typing `?` in the query.
-
-   ![ESQL query prompting to add a control](/explore-analyze/images/esql-visualization-control-suggestion.png)
-
-2. A menu opens to let you configure the control. This is where you can specify:
-
-   :::{include} ../_snippets/variable-control-form.md
-   :::
-
-3. Save the control. 
+:::{include} ../_snippets/variable-control-procedure.md
+:::
 
-The panel closes and the control is added to the dashboard.
 If you added it by starting from a query, the control is directly inserted in that query and you can continue editing it.
-
 You can then insert it in any other {{esql}} visualization queries by typing the control's name.
 
-:::{include} ../_snippets/variable-control-examples.md
+:::{tip}
+You can also create variable controls to add later to any query by selecting **Add** > **Controls** > **Variable control** in the dashboard's toolbar. 
 :::
 
 ![Editing {{esql}} controls from a dashboard](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte42dfaa404bfc2d6/67d2e31e2e4dc59da190d78f/dashboard-esql-controls.gif)
 
+:::{include} ../_snippets/variable-control-examples.md
+:::
+
+### Allow multi-value selections for {{esql}}-based variable controls [esql-multi-values-controls]
+```{applies_to}
+stack: preview 9.3
+serverless: preview
+```
+
+:::{include} ../_snippets/multi-value-esql-controls.md
+:::
+
 ### Import a Discover query along with its controls into a dashboard
 ```{applies_to}
 stack: preview 9.2

explore-analyze/dashboards/add-controls.md

@@ -190,7 +190,7 @@ To view or edit an index:
 
 4. If you made changes, select **Save** before closing the flyout.
 
-### Add variable controls to your Discover queries [add-variable-control-discover]
+### Add variable controls to your Discover queries [add-variable-control]
 ```{applies_to}
 stack: preview 9.2
 serverless: preview
@@ -202,25 +202,26 @@ Variable controls help you make your queries more dynamic instead of having to m
 
 You can add them from your Discover {{esql}} query.
 
-1. While editing your {{esql}} query, the autocomplete menu suggests adding a control when relevant or when typing `?` in the query. Select **Create control**.
-
-2. A menu opens to let you configure the control. This is where you can specify:
-
-   :::{include} ../_snippets/variable-control-form.md
-   :::
+:::{include} ../_snippets/variable-control-procedure.md
+:::
 
-3. Save the control.
+:::{include} ../_snippets/variable-control-examples.md
+:::
 
-The variable is inserted into your query, and the control appears in the query editor.
+#### Allow multi-value selections for {{esql}}-based variable controls [esql-multi-values-controls]
+```{applies_to}
+stack: preview 9.3
+serverless: preview
+```
 
-:::{include} ../_snippets/variable-control-examples.md
+:::{include} ../_snippets/multi-value-esql-controls.md
 :::
 
 #### Edit a variable control
 
 Once a control is active for your query, you can still edit it by hovering over it and by selecting the {icon}`pencil` **Edit** option that appears.
 
-You can edit all of the options described in [](#add-variable-control-discover).
+You can edit all of the options described in [](#add-variable-control).
 
 When you save your edits, the control is updated for your query.
 

explore-analyze/discover/try-esql.md

@@ -190,9 +190,6 @@ FROM kibana_sample_data_logs
 
 To display data within a specified time range, you can use the standard time filter, custom time parameters, or a WHERE command.
 
-% DO NOT REMOVE - Link from the product, will become a real section link shortly
-$$$esql-multi-values-controls$$$
-
 
 #### Standard time filter [_standard_time_filter]
 
@@ -227,6 +224,32 @@ FROM kibana_sample_data_logs
 | WHERE timestamp > NOW() - 15minutes
 ```
 
+
+### Create controls with {{esql}} variables [add-variable-control]
+
+{{esql}} variables help you add interactive controls to your queries and make them more dynamic.
+
+They're available for:
+* [Discover queries](/explore-analyze/discover/try-esql.md#add-variable-control) {applies_to}`stack: ga 9.2`
+* [{{esql}} visualizations in dashboards](/explore-analyze/dashboards/add-controls.md#add-variable-control)
+
+:::{include} ../../_snippets/variable-control-procedure.md
+:::
+
+:::{include} ../../_snippets/variable-control-examples.md
+:::
+
+% Link from the product
+#### Allow multi-value selections for {{esql}}-based variable controls [esql-multi-values-controls]
+```{applies_to}
+stack: preview 9.3
+serverless: preview
+```
+
+:::{include} ../../_snippets/multi-value-esql-controls.md
+:::
+
+
 ### LOOKUP JOINs
 
 The ES|QL editor supports [`LOOKUP JOIN`](elasticsearch://reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) commands and suggests lookup mode indices and join condition fields.

explore-analyze/images/esql-visualization-control-suggestion.png

@@ -4,25 +4,27 @@ By leveraging the search and analytics capabilities of {{es}}, it offers a holis
 
 Elastic {{observability}} embraces open standards like OpenTelemetry for flexible data collection, and offers scalable, cost-efficient data retention with tiered storage.
 
-For a complete overview, refer to [](/solutions/observability/get-started/what-is-elastic-observability.md).
+:::{tip}
+New to Elastic? Refer to [Elastic Fundamentals](/get-started/index.md) to understand the Elastic Stack, its components, and your deployment options.
+:::
 
 ## Use cases [observability-use-cases]
 
 Apply {{observability}} to various scenarios to improve operational awareness and system reliability. 
 
 :::{dropdown} Use cases
 :open:
-* **Log monitoring and analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
-* **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
-* **Infrastructure monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
-* **AI-powered log analysis with Streams**: Ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams leverages AI to automatically parse, structure, and analyze log data on the fly.
+* **[Log monitoring and analytics](/solutions/observability/logs.md):** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
+* **[Application Performance Monitoring (APM)](/solutions/observability/applications/index.md):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
+* **[Infrastructure monitoring](/solutions/observability/infra-and-hosts.md):** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
+* **[AI-powered log analysis with Streams](/solutions/observability/streams/streams.md):** Ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams leverages AI to automatically parse, structure, and analyze log data on the fly.
 * **Digital experience monitoring:**
-  * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
-  * **Synthetic monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.
-  * **Uptime monitoring:** Continuously check the status of services and applications to ensure they are available.
-* **Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
-* **LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
-* **Incident response and management:** Investigate operational incidents by correlating data from multiple sources, accelerating root cause analysis and resolution.
+  * **[Real User Monitoring (RUM)](/solutions/observability/applications/user-experience.md):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
+  * **[Synthetic monitoring](/solutions/observability/synthetics/index.md):** Proactively simulate user journeys and API calls to test application availability and functionality.
+  * **[Uptime monitoring](/solutions/observability/uptime/index.md):** Continuously check the status of services and applications to ensure they are available.
+* **[LLM Observability](/solutions/observability/applications/llm-observability.md):** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
+* **[Incident response and management](/solutions/observability/incident-management.md):** Investigate operational incidents by correlating data from multiple sources, accelerating root cause analysis and resolution.
+* **[Universal Profiling](/solutions/observability/infra-and-hosts/get-started-with-universal-profiling.md):** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
 :::
 
 To start your {{observability}} journey, read the [**Get started**](/solutions/observability/get-started.md) guide, which presents all the essential steps, with links to valuable resources. You can also browse the {{observability}} [**Quickstart guides**](/solutions/observability/get-started/quickstarts.md).
@@ -38,8 +40,9 @@ At the heart of Elastic {{observability}} are several key components that enable
   * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
   * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
   * [**Traces:**](/solutions/observability/apm/traces.md) Representations of end-to-end journeys of requests as they travel through distributed systems.
-* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry/index.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
-* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
-* **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** Allows you to create  rules to detect complex conditions and perform actions. Cases allows teams to stay aware of potential issues and track investigation details, assign tasks, and collaborate on resolutions.
-* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
+* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry/index.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the {{edot}} (EDOT).
+* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config {{anomaly-detect}}, pattern analysis, and the ability to surface correlations and root causes.
+* **[Alerting](/solutions/observability/incident-management/alerting.md)**: Allows you to create  rules to detect complex conditions and perform actions. 
+* **[Cases](/solutions/observability/incident-management/cases.md):** Cases allows teams to stay aware of potential issues and track investigation details, assign tasks, and collaborate on resolutions.
+* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure you meet your performance targets.
 :::