Merge branch 'main' into vale-ref-fleet2

natasha-moore-elastic · web-flow · commit c4e69bb7f24c · 2025-11-12T16:52:59.000Z
diff --git a/deploy-manage/upgrade/deployment-or-cluster/reading-indices-from-older-elasticsearch-versions.md b/deploy-manage/upgrade/deployment-or-cluster/reading-indices-from-older-elasticsearch-versions.md
@@ -9,7 +9,7 @@ products:
 
 # Reading indices from older {{es}} versions [archive-indices]
 
-{{es}} has full query and write support for indices created in the previous major version. If you have indices created in {{es}} versions 5 or 6, you can use the archive functionality to import them into newer {{es}} versions as well.
+{{es}} has full query and write support for indices created in the previous major version. If you have indices created in {{es}} versions 5, 6, or 7, you can use the archive functionality to import them into newer {{es}} versions as well.
 
 The archive functionality provides slower read-only access to older {{es}} data, for compliance or regulatory reasons, the occasional lookback or investigation, or to rehydrate parts of it. Access to the data is expected to be infrequent, and can therefore happen with limited performance and query capabilities.
 
@@ -50,7 +50,7 @@ Due to `_source` access, the data can also be [reindexed](https://www.elastic.co
 
 ## Upgrade older {{es}} clusters [_how_to_upgrade_older_es_clusters]
 
-To upgrade older {{es}} 5 or 6 clusters: 
+To upgrade older {{es}} 5, 6, or 7 clusters: 
 
 1. Take a snapshot of the indices in the old cluster. 
 2. Delete any indices created before 8.0.0. 
diff --git a/reference/fleet/migrate-auditbeat-to-agent.md b/reference/fleet/migrate-auditbeat-to-agent.md
@@ -24,20 +24,21 @@ The following table describes the integrations you can use instead of {{auditbea
 
 | If you use… | You can use this instead… | Notes |
 | --- | --- | --- |
-| [Auditd](beats://reference/auditbeat/auditbeat-module-auditd.md) module | [Auditd Manager](integration-docs://reference/auditd_manager/index.md) integration | This integration is a direct replacement of the module. You can port rules andconfiguration to this integration. Starting in {{stack}} 8.4, you can also set the`immutable` flag in the audit configuration. |
-| [Auditd Logs](integration-docs://reference/auditd/index.md) integration | Use this integration if you don't need to manage rules. It only parses logs fromthe audit daemon `auditd`. The events created by this integrationare different than the ones created by[Auditd Manager](integration-docs://reference/auditd_manager/index.md), since the latter merges allrelated messages in a single event while [Auditd Logs](integration-docs://reference/auditd/index.md)creates one event per message. |
+| [Auditd](beats://reference/auditbeat/auditbeat-module-auditd.md) module | [Auditd Manager](integration-docs://reference/auditd_manager/index.md) integration | This integration is a direct replacement of the module. You can port rules and configuration to this integration. Starting in {{stack}} 8.4, you can also set the`immutable` flag in the audit configuration. |
 | [File Integrity](beats://reference/auditbeat/auditbeat-module-file_integrity.md) module | [File Integrity Monitoring](integration-docs://reference/fim/index.md) integration | This integration is a direct replacement of the module. It reports real-timeevents, but cannot report who made the changes. If you need to track thisinformation, use [{{elastic-defend}}](/solutions/security/configure-elastic-defend/install-elastic-defend.md) instead. |
+| [Auditd Logs](integration-docs://reference/auditd/index.md) integration | Use this integration if you don't need to manage rules. It only parses logs from the audit daemon `auditd`. The events created by this integration are different than the ones created by [Auditd Manager](integration-docs://reference/auditd_manager/index.md), since the latter merges all related messages in a single event while [Auditd Logs](integration-docs://reference/auditd/index.md) creates one event per message. |
+| [File Integrity](beats://reference/auditbeat/auditbeat-module-file_integrity.md) module | [File Integrity Monitoring](integration-docs://reference/fim/index.md) integration | This integration is a direct replacement of the module. It reports real-time events, but cannot report who made the changes. If you need to track this information, use [{{elastic-defend}}](/solutions/security/configure-elastic-defend/install-elastic-defend.md) instead. |
 | [System](beats://reference/auditbeat/auditbeat-module-system.md) module | It depends… | There is not a single integration that collects all this information. |
 | [System.host](beats://reference/auditbeat/auditbeat-dataset-system-host.md) dataset | [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Schedule collection of information like:<br><br>* [system_info](https://www.osquery.io/schema/5.1.0/#system_info) for hostname, unique ID, and architecture<br>* [os_version](https://www.osquery.io/schema/5.1.0/#os_version)<br>* [interface_addresses](https://www.osquery.io/schema/5.1.0/#interface_addresses) for IPs and MACs<br> |
 | [System.login](beats://reference/auditbeat/auditbeat-dataset-system-login.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Report login events. |
 | [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Use the [last](https://www.osquery.io/schema/5.1.0/#last) table for Linux and macOS. |
 | {{fleet}} [system](integration-docs://reference/system/index.md) integration | Collect login events for Windows through the [Security event log](integration-docs://reference/system/index.md#security). |
-| [System.package](beats://reference/auditbeat/auditbeat-dataset-system-package.md) dataset | [System Audit](integration-docs://reference/system_audit/index.md) integration | This integration is a direct replacement of the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:<br><br>* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br> |
+| [System.package](beats://reference/auditbeat/auditbeat-dataset-system-package.md) dataset | [System Audit](integration-docs://reference/system_audit/index.md) integration | This integration is a direct replacement for the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:<br><br>* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br> |
 | [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Schedule collection of information like:<br><br>* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br>* [apps](https://www.osquery.io/schema/5.1.0/#apps) (MacOS)<br>* [programs](https://www.osquery.io/schema/5.1.0/#programs) (Windows)<br>* [npm_packages](https://www.osquery.io/schema/5.1.0/#npm_packages)<br>* [atom_packages](https://www.osquery.io/schema/5.1.0/#atom_packages)<br>* [chocolatey_packages](https://www.osquery.io/schema/5.1.0/#chocolatey_packages)<br>* [portage_packages](https://www.osquery.io/schema/5.1.0/#portage_packages)<br>* [python_packages](https://www.osquery.io/schema/5.1.0/#python_packages)<br> |
-| [System.process](beats://reference/auditbeat/auditbeat-dataset-system-process.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because out of the box it reports events forevery process in [ECS](integration-docs://reference/index.md) format and has excellent integration in {{kib}}. |
+| [System.process](beats://reference/auditbeat/auditbeat-dataset-system-process.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because out of the box it reports events for every process in [ECS](integration-docs://reference/index.md) format and has excellent integration in {{kib}}. |
 | [Custom Windows event log](integration-docs://reference/winlog/index.md) and [Sysmon](integration-docs://reference/sysmon_linux/index.md) integrations | Provide process data. |
-| [Osquery](integration-docs://reference/osquery/index.md) or[Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSeswithout polling. |
-| [System.socket](beats://reference/auditbeat/auditbeat-dataset-system-socket.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because it supports monitoring network connections on Linux,Windows, and MacOS. Includes process and user metadata. Currently does notdo flow accounting (byte and packet counts) or domain name enrichment (but doescollect DNS queries separately). |
-| [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Monitor socket events using the [socket_events](https://www.osquery.io/schema/5.1.0/#socket_events) table for Linux and MacOS. |
-| [System.user](beats://reference/auditbeat/auditbeat-dataset-system-user.md) dataset | [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Monitor local users using the [user](https://www.osquery.io/schema/5.1.0/#user) table for Linux, Windows, and MacOS. |
+| [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSes without polling. |
+| [System.socket](beats://reference/auditbeat/auditbeat-dataset-system-socket.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because it supports monitoring network connections on Linux, Windows, and MacOS. Includes process and user metadata. Currently does not do flow accounting (byte and packet counts) or domain name enrichment (but does collect DNS queries separately). |
+| [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Monitor socket events via the [socket_events](https://www.osquery.io/schema/5.1.0/#socket_events) table for Linux and MacOS. |
+| [System.user](beats://reference/auditbeat/auditbeat-dataset-system-user.md) dataset | [Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Monitor local users via the [user](https://www.osquery.io/schema/5.1.0/#user) table for Linux, Windows, and MacOS. |
 
diff --git a/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md b/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md
@@ -3,10 +3,10 @@ description: Learn how to use the Elastic Cloud Managed OTLP Endpoint to send lo
 mapped_pages:
   - https://www.elastic.co/guide/en/serverless/current/collect-data-with-native-otlp.html
 applies_to:
-  serverless:
+  serverless: ga
   deployment:
-    ess:
-  stack: preview 9.2
+    ess: preview
+    self: unavailable
 ---
 
 # Quickstart: Send OTLP data to Elastic Serverless or Elastic Cloud Hosted
