Edit logs onboarding

Author: theletterf

manage-data/ingest.md

@@ -16,9 +16,9 @@ products:
   - id: elasticsearch
 ---
 
-# Ingestion
+# Bring your data to Elastic
 
-Bring your data! Whether you call it *adding*, *indexing*, or *ingesting* data, you have to get the data into {{es}} before you can search it, visualize it, and use it for insights.
+Whether you call it *adding*, *indexing*, or *ingesting* data, you have to get the data into {{es}} before you can search it, visualize it, and use it for insights.
 
 Our ingest tools are flexible, and support a wide range of scenarios. We can help you with everything from popular and straightforward use cases, all the way to advanced use cases that require additional processing in order to modify or reshape your data before it goes to {{es}}.
 

manage-data/ingest/tools.md

@@ -40,7 +40,9 @@ $$$supported-outputs-beats-and-agent$$$
 
 $$$additional-capabilities-beats-and-agent$$$
 
-Depending on the type of data you want to ingest, you have a number of methods and tools available for use in your ingestion process. The table below provides more information about the available tools. Refer to our [Ingestion](/manage-data/ingest.md) overview for some guidelines to help you select the optimal tool for your use case.
+Depending on the type of data you want to ingest, you have a number of methods and tools available for use in your ingestion process. The table below provides more information about the available tools.
+
+Refer to our [Ingestion](/manage-data/ingest.md) overview for some guidelines to help you select the optimal tool for your use case.
 
 <br>
 
@@ -49,14 +51,13 @@ Depending on the type of data you want to ingest, you have a number of methods a
 | Integrations | Ingest data using a variety of Elastic integrations. | [Elastic Integrations](integration-docs://reference/index.md) |
 | File upload | Upload data from a file and inspect it before importing it into {{es}}. | [Upload data files](/manage-data/ingest/upload-data-files.md) |
 | APIs  | Ingest data through code by using the APIs of one of the language clients or the {{es}} HTTP APIs. | [Document APIs](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-document) |
-| OpenTelemetry | Collect and send your telemetry data to Elastic Observability | [Elastic Distributions of OpenTelemetry](opentelemetry://reference/index.md) |
+| OpenTelemetry | Collect and send your telemetry data to Elastic Observability | [Elastic Distributions of OpenTelemetry](opentelemetry://reference/index.md). |
 | Fleet and Elastic Agent | Add monitoring for logs, metrics, and other types of data to a host using Elastic Agent, and centrally manage it using Fleet. | [Fleet and {{agent}} overview](/reference/fleet/index.md) <br> [{{fleet}} and {{agent}} restrictions (Serverless)](/reference/fleet/fleet-agent-serverless-restrictions.md) <br> [{{beats}} and {{agent}} capabilities](/manage-data/ingest/tools.md)||
 | {{elastic-defend}} | {{elastic-defend}} provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments. | [Configure endpoint protection with {{elastic-defend}}](/solutions/security/configure-elastic-defend.md) |
 | {{ls}} | Dynamically unify data from a wide variety of data sources and normalize it into destinations of your choice with {{ls}}. | [Logstash](logstash://reference/index.md) |
 | {{beats}} | Use {{beats}} data shippers to send operational data to Elasticsearch directly or through Logstash. | [{{beats}}](beats://reference/index.md) |
 | APM | Collect detailed performance information on response time for incoming requests, database queries, calls to caches, external HTTP requests, and more. | [Application performance monitoring (APM)](/solutions/observability/apm/index.md) |
 | Application logs | Ingest application logs using Filebeat, {{agent}}, or the APM agent, or reformat application logs into Elastic Common Schema (ECS) logs and then ingest them using Filebeat or {{agent}}.  | [Stream application logs](/solutions/observability/logs/stream-application-logs.md) <br> [ECS formatted application logs](/solutions/observability/logs/ecs-formatted-application-logs.md) |
 | Elastic Serverless forwarder for AWS | Ship logs from your AWS environment to cloud-hosted, self-managed Elastic environments, or {{ls}}. | [Elastic Serverless Forwarder](elastic-serverless-forwarder://reference/index.md) |
-| Connectors | Use connectors to extract data from an original data source and sync it to an {{es}} index. | [Ingest content with Elastic connectors
-](elasticsearch://reference/search-connectors/index.md) <br> [Connector clients](elasticsearch://reference/search-connectors/index.md) |
+| Connectors | Use connectors to extract data from an original data source and sync it to an {{es}} index. | [Ingest content with Elastic connectors](elasticsearch://reference/search-connectors/index.md) <br> [Connector clients](elasticsearch://reference/search-connectors/index.md) |
 | Web crawler | Discover, extract, and index searchable content from websites and knowledge bases using the web crawler. | [Elastic Open Web Crawler](https://github.com/elastic/crawler#readme) |

solutions/observability/logs.md

@@ -20,18 +20,29 @@ Elastic Observability allows you to deploy and manage logs at a petabyte scale,
 * [Run pattern analysis on log data](/solutions/observability/logs/run-pattern-analysis-on-log-data.md): Find patterns in unstructured log messages and make it easier to examine your data.
 * [Troubleshoot logs](/troubleshoot/observability/troubleshoot-logs.md): Find solutions for errors you might encounter while onboarding your logs.
 
-
 ## Send logs data to your project [observability-log-monitoring-send-logs-data-to-your-project]
 
-You can send logs data to your project in different ways depending on your needs:
+You can send logs data to your project in different ways depending on your needs. When choosing between these options, consider the different features and functionalities between them. 
+
+Refer to [Ingest tools overview](/manage-data/ingest/tools.md) for more information on which option best fits your situation.
+
+
+::::{tab-set}
+
+:::{tab-item} {{edot}}
+
+The Elastic Distribution of OpenTelemetry (EDOT) Collector and SDKs provide native OpenTelemetry support for collecting logs, metrics, and traces. This approach is ideal for:
 
-* {{agent}}
-* {{filebeat}}
+* Native OpenTelemetry: When you want to use OpenTelemetry standards and are already using OpenTelemetry in your environment.
+* Full observability: When you need to collect logs, metrics, and traces from a single collector.
+* Modern applications: When building new applications with OpenTelemetry instrumentation.
+* Standards compliance: When you need to follow OpenTelemetry specifications.
 
-When choosing between {{agent}} and {{filebeat}}, consider the different features and functionalities between the two options. See [{{beats}} and {{agent}} capabilities](/manage-data/ingest/tools.md) for more information on which option best fits your situation.
+For more information, refer to [Elastic Distribution of OpenTelemetry](opentelemetry://reference/index.md).
 
+:::
 
-### {{agent}} [observability-log-monitoring-agent]
+:::{tab-item} {{agent}}
 
 {{agent}} uses [integrations](https://www.elastic.co/integrations/data-integrations) to ingest logs from Kubernetes, MySQL, and many more data sources. You have the following options when installing and managing an {{agent}}:
 
@@ -45,7 +56,7 @@ See [install {{fleet}}-managed {{agent}}](/reference/fleet/install-fleet-managed
 
 #### Standalone {{agent}} [observability-log-monitoring-standalone-agent]
 
-Install an {{agent}} and manually configure it locally on the system where it’s installed. You are responsible for managing and upgrading the agents.
+Install an {{agent}} and manually configure it locally on the system where it's installed. You are responsible for managing and upgrading the agents.
 
 See [install standalone {{agent}}](/reference/fleet/install-standalone-elastic-agent.md).
 
@@ -56,15 +67,32 @@ Run an {{agent}} inside of a container — either with {{fleet-server}} or stand
 
 See [install {{agent}} in containers](/reference/fleet/install-elastic-agents-in-containers.md).
 
+:::
 
-### {{filebeat}} [observability-log-monitoring-filebeat]
+:::{tab-item} {{filebeat}}
 
 {{filebeat}} is a lightweight shipper for forwarding and centralizing log data. Installed as a service on your servers, {{filebeat}} monitors the log files or locations that you specify, collects log events, and forwards them to your Observability project for indexing.
 
 * [{{filebeat}} overview](beats://reference/filebeat/index.md): General information on {{filebeat}} and how it works.
 * [{{filebeat}} quick start](beats://reference/filebeat/filebeat-installation-configuration.md): Basic installation instructions to get you started.
 * [Set up and run {{filebeat}}](beats://reference/filebeat/setting-up-running.md): Information on how to install, set up, and run {{filebeat}}.
 
+:::
+
+:::{tab-item} {{ls}}
+
+{{ls}} is a powerful data processing pipeline that can collect, transform, and enrich log data before sending it to Elasticsearch. It's ideal for:
+
+* Complex data processing: When you need to parse, filter, and transform logs before indexing.
+* Multiple data sources: When you need to collect logs from various sources and normalize them.
+* Advanced use cases: When you need data enrichment, aggregation, or routing to multiple destinations.
+* Extending Elastic integrations: When you want to add custom processing to data collected by Elastic Agent or Beats.
+
+For more information, refer to [Logstash](logstash://reference/index.md) and [Using Logstash with Elastic integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
+
+:::
+
+::::
 
 ## Configure logs [observability-log-monitoring-configure-logs]
 

solutions/observability/logs/discover-logs.md

@@ -22,7 +22,7 @@ For a contextual logs experience, set the **Solution view** for your space to **
 
 :::{image} ../../images/observability-log-explorer.png
 :alt: Screen capture of Discover
-:class: screenshot
+:screenshot:
 :::
 
 ## Required {{kib}} privileges [logs-explorer-privileges]

solutions/observability/logs/stream-any-log-file.md

@@ -10,7 +10,7 @@ products:
   - id: cloud-serverless
 ---
 
-# Stream any log file [logs-stream]
+# Stream any log file using {{agent}} [logs-stream]
 
 This guide shows you how to manually configure a standalone {{agent}} to send your log data to {{es}} using the `elastic-agent.yml` file.
 
@@ -97,7 +97,7 @@ Expand-Archive .\elastic-agent-{{version.stack}}-windows-x86_64.zip
 ::::::{tab-item} DEB
 
 :::{tip}
-To simplify upgrading to future versions of Elastic Agent, we recommended that you use the tarball distribution instead of the RPM distribution.
+To simplify upgrading to future versions of Elastic Agent, use the tarball distribution instead of the RPM distribution.
 You can install Elastic Agent in an unprivileged mode that does not require root privileges.
 :::
 
@@ -110,7 +110,7 @@ sudo dpkg -i elastic-agent-{{version.stack}}-amd64.deb
 ::::::{tab-item} RPM
 
 :::{tip}
-To simplify upgrading to future versions of Elastic Agent, we recommended that you use the tarball distribution instead of the RPM distribution.
+To simplify upgrading to future versions of Elastic Agent, use the tarball distribution instead of the RPM distribution.
 You can install Elastic Agent in an unprivileged mode that does not require root privileges.
 :::
 
@@ -124,7 +124,7 @@ sudo rpm -vi elastic-agent-{{version.stack}}-x86_64.rpm
 
 ### Step 2: Install and start the {{agent}} [logs-stream-install-agent]
 
-After downloading and extracting the installation package, you’re ready to install the {{agent}}. From the agent directory, run the install command that corresponds with your system:
+After downloading and extracting the installation package, you're ready to install the {{agent}}. From the agent directory, run the install command that corresponds with your system:
 
 ::::{note}
 On macOS, Linux (tar package), and Windows, run the `install` command to install and start {{agent}} as a managed service and start the service. The DEB and RPM packages include a service unit for Linux systems with systemd. For these systems, you must enable and start the service.

solutions/observability/logs/stream-application-logs.md

@@ -17,7 +17,7 @@ Application logs provide valuable insight into events that have occurred within
 The format of your logs (structured or plaintext) influences your log ingestion strategy.
 
 
-## Plaintext logs vs. structured Elastic Common Schema (ECS) logs [observability-correlate-application-logs-plaintext-logs-vs-structured-elastic-common-schema-ecs-logs]
+## Plaintext logs versus structured Elastic Common Schema (ECS) logs [observability-correlate-application-logs-plaintext-logs-vs-structured-elastic-common-schema-ecs-logs]
 
 Logs are typically produced as either plaintext or structured. Plaintext logs contain only text and have no special formatting, for example:
 
@@ -27,7 +27,7 @@ Logs are typically produced as either plaintext or structured. Plaintext logs co
 2019-08-06T14:08:40.199Z DEBUG:spring-petclinic: init find form, org.springframework.samples.petclinic.owner.OwnerController
 ```
 
-Structured logs follow a predefined, repeatable pattern or structure. This structure is applied at write time — preventing the need for parsing at ingest time. The Elastic Common Schema (ECS) defines a common set of fields to use when structuring logs. This structure allows logs to be easily ingested, and provides the ability to correlate, search, and aggregate on individual fields within your logs.
+Structured logs follow a predefined, repeatable pattern or structure. This structure is applied at write time, preventing the need for parsing at ingest time. The Elastic Common Schema (ECS) defines a common set of fields to use when structuring logs. This structure allows logs to be ingested, and provides the ability to correlate, search, and aggregate on individual fields within your logs.
 
 For example, the previous example logs might look like this when structured with ECS-compatible JSON:
 
@@ -92,15 +92,40 @@ Log sending is supported in the Java {{apm-agent}}.
 
 Correlate your application logs with trace events to:
 
-* view the context of a log and the parameters provided by a user
-* view all logs belonging to a particular trace
-* easily move between logs and traces when debugging application issues
+* See the context of a log and the parameters provided by a user
+* See all logs belonging to a particular trace
+* Move between logs and traces when debugging application issues
 
 Learn more about log correlation in the agent-specific ingestion guides:
 
+::::{tab-set}
+
+:::{tab-item} OpenTelemetry (EDOT)
+
+The {{edot}} (EDOT) provides SDKs for multiple programming languages with built-in support for log correlation:
+
+* [Java](opentelemetry://reference/edot-sdks/java/index.md)
+* [.NET](opentelemetry://reference/edot-sdks/dotnet/index.md)
+* [Node.js](opentelemetry://reference/edot-sdks/nodejs/index.md)
+* [PHP](opentelemetry://reference/edot-sdks/php/index.md)
+* [Python](opentelemetry://reference/edot-sdks/python/index.md)
+
+For more information about EDOT, refer to [Elastic Distribution of OpenTelemetry (EDOT)](opentelemetry://reference/index.md).
+
+:::
+
+:::{tab-item} APM Agents
+:name: apm-agents
+
+Elastic APM agents provide log correlation capabilities for the following languages:
+
 * [Go](apm-agent-go://reference/logs.md)
 * [Java](apm-agent-java://reference/logs.md#log-correlation-ids)
 * [.NET](apm-agent-dotnet://reference/logs.md)
 * [Node.js](apm-agent-nodejs://reference/logs.md)
 * [Python](apm-agent-python://reference/logs.md#log-correlation-ids)
-* [Ruby](apm-agent-ruby://reference/logs.md)
+* [Ruby](apm-agent-ruby://reference/logs.md)
+
+:::
+
+::::