Merge branch 'main' into discover-metrics-docs

Author: mdbirnstiehl

explore-analyze/query-filter/tools/saved-queries.md

@@ -16,20 +16,23 @@ For example, suppose you’re in **Discover**, and you’ve put time into buildi
 
 Saved queries are different than [saved Discover sessions](/explore-analyze/discover/save-open-search.md), which include the **Discover** configuration—selected columns in the document table, sort order, and {{data-source}}—in addition to the query. Discover sessions are primarily used for adding search results to a dashboard.
 
-## Saved query access [_saved_query_access]
+:::{note}
+Saved queries aren't available for {{esql}} queries. When using {{esql}}, the editor automatically keeps an [history of your most recent queries](/explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-query-history), and you can also [mark some as favorite](/explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-starred-queries) to find them faster later.
+:::
 
-If you have insufficient privileges to manage saved queries, you will be unable to load or save queries from the saved query management popover. For more information, see [Granting access to Kibana](elasticsearch://reference/elasticsearch/roles.md)
+## Saved queries requirements [_saved_query_access]
+
+You must have **Saved Query Management** privileges in {{kib}} to use saved queries.
 
 
 ## Save a query [_save_a_query]
 
-1. Once you’ve built a query worth saving, click the save query icon ![save query icon](/explore-analyze/images/kibana-saved-query-icon.png "").
-2. In the menu, select the item to save the query.
+1. Once you’ve built a query worth saving, open the {icon}`filter` **Query menu**.
+2. In the menu, select **Save query**.
 3. Enter a unique name.
 4. Choose whether to include or exclude filters and a time range. By default, filters are automatically included, but the time filter is not.
 5. Save the query.
-6. To load a saved query, select it in the **Saved query** menu.
 
-    The query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is.
+The query is saved. You can load it at any time by opening the **Query menu** again and selecting **Load query**.
 
-7. To add filters and clear saved queries, use the **Saved query** menu.
+When you load a saved query, the query text, filters, and time range are updated and your data refreshed. If you’re loading a saved query that did not include the filters or time range, those components remain as-is.

reference/fleet/manage-integrations.md

@@ -2,34 +2,34 @@
 navigation_title: Manage integrations
 mapped_pages:
   - https://www.elastic.co/guide/en/fleet/current/integrations.html
+applies_to:
+  stack: ga
+  serverless: ga
 products:
   - id: fleet
   - id: elastic-agent
 ---
 
 # Manage {{agent}} integrations [integrations]
 
+{{agent}} integrations provide a unified way to collect data from apps and services and to protect systems from security threats. 
 
-::::{admonition}
-Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
+Integrations are available for a wide array of services and platforms. To browse the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
 
-{{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats.
-
-Each integration comes prepackaged with assets that support all of your observability needs:
+{{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS) come prepackaged with assets that support your observability needs:
 
 * Data ingestion, storage, and transformation rules
 * Configuration options
 * Pre-built, custom dashboards and visualizations
 * Documentation
 
-::::
-
+{applies_to}`stack: preview 9.2.0` {{fleet}} also supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry data. For more information, refer to [Collect OpenTelemetry data with {{agent}} integrations](/reference/fleet/otel-integrations.md).
 
 ::::{note}
-Be aware that some integrations may function differently across different spaces. Also, some might only work in the default space. We recommend reviewing the specific integration documentation for any space-related considerations.
-
+Some integrations may function differently across different spaces, and some might only work in the default space. For any space-related considerations, review the documentation for the specific integration.
 ::::
 
+## Integration actions [integration-actions]
 
 The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too.
 
@@ -44,9 +44,8 @@ The following table shows the main actions you can perform in the **Integrations
 
 ::::{note}
 The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
-
 ::::
 
 :::{tip}
 Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
-:::
+:::

reference/fleet/otel-integrations.md

@@ -0,0 +1,47 @@
+---
+navigation_title: OpenTelemetry integration packages
+description: Fleet supports installing Elastic Agent integration packages for collecting and visualizing OpenTelemetry data such as logs, metrics, and traces.
+applies_to:
+  stack: preview 9.2
+  serverless: ga
+products:
+  - id: fleet
+  - id: elastic-agent
+---
+
+# Collect OpenTelemetry data with {{agent}} integrations
+
+{{fleet}} now supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry (OTel) data such as logs, metrics, and traces. To find the available OpenTelemetry integration packages, open the **Integrations** page in {{kib}}, then select the **OpenTelemetry** category.
+
+There are two types of OpenTelemetry integration packages:
+
+- Input packages which include an OTel Collector configuration.
+- Content packages which include {{es}} and {{kib}} assets such as prebuilt dashboards and visualizations.
+
+Unlike {{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS), OpenTelemetry input packages use OTel Collector receivers to collect OTel data following [OpenTelemetry semantic conventions](https://opentelemetry.io/docs/specs/semconv).
+
+When OTel data is collected using an OpenTelemetry input package, content packages with assets related to the collected data type are automatically installed if available.
+
+:::{important}
+OpenTelemetry input packages are used with {{fleet}} and {{agent}} running in default mode. They are distinct from [running {{agent}} as an EDOT Collector](/reference/fleet/otel-agent.md), and cannot be used on {{agent}} running in `otel` mode.
+:::
+
+## Configure OpenTelemetry input packages
+
+The installation and configuration of OpenTelemetry input packages is similar to that of ECS-based integrations and allow you to specify the namespace, dataset name, data stream type, and more. For more information, refer to [Add an integration to an {{agent}} policy](/reference/fleet/add-integration-to-policy.md).
+
+When the integration policy for the input package is created, {{fleet}} creates a managed index template with an OTel configuration and an index pattern with an `.otel` suffix. The index template uses {{fleet}} component templates for settings and OTel component templates for default mappings. It also includes `@custom` component templates that allow you to [customize your {{es}} index](/reference/fleet/data-streams.md#data-streams-index-templates-edit) similarly to ECS-based integrations.
+
+On the OpenTelemetry input package's **Configs** page, you can view a generated sample configuration, which you can use as a starting point to set up the integration on a standalone {{agent}}. 
+
+Note that this is a partial configuration as it does not include an exporter component. For more information on setting up the exporter, refer to [{{es}} exporter](elastic-agent://reference/edot-collector/components/elasticsearchexporter.md).
+
+:::{note}
+Currently, OpenTelemetry input packages only support sending data using the {{es}} output.
+:::
+
+## Compatibility with ECS-based integrations
+
+{{agent}} policies can include configurations for both ECS-based integrations and OpenTelemetry input packages, essentially converting the {{agents}} enrolled in the policy into hybrid agents.
+
+Note that only {{agents}} on version 9.2 or later can collect OTel data using OpenTelemetry input packages. OpenTelemetry input packages added to an agent policy do not affect enrolled agents on prior versions.

reference/fleet/toc.yml

@@ -149,6 +149,7 @@ toc:
       - file: upgrade-integration.md
       - file: managed-integrations-content.md
       - file: integrations-assets-best-practices.md
+      - file: otel-integrations.md
       - file: data-streams.md
         children:
           - file: data-streams-ilm-tutorial.md

solutions/observability/connect-to-own-local-llm.md

@@ -11,12 +11,17 @@ products:
 
 # Connect to your own local LLM
 
+:::{important}
+Elastic doesn’t support the setup and configuration of local LLMs. The example provided is for reference only.
+Before using a local LLM, evaluate its performance according to the [LLM performance matrix](./llm-performance-matrix.md#evaluate-your-own-model).
+:::
+
 This page provides instructions for setting up a connector to a large language model (LLM) of your choice using LM Studio. This allows you to use your chosen model within the {{obs-ai-assistant}}. You’ll first need to set up LM Studio, then download and deploy a model via LM studio and finally configure the connector in your Elastic deployment.
 
 ::::{note}
 If your Elastic deployment is not on the same network, you must configure an Nginx reverse proxy to authenticate with Elastic. Refer to [Configure your reverse proxy](https://www.elastic.co/docs/solutions/security/ai/connect-to-own-local-llm#_configure_your_reverse_proxy) for more detailed instructions.
 
-You do not have to set up a proxy if LM Studio is running locally, or on the same network as your Elastic deployment. 
+You do not have to set up a proxy if LM Studio is running locally, or on the same network as your Elastic deployment.
 ::::
 
 ::::{note}
@@ -85,7 +90,7 @@ Once you’ve downloaded a model, use the following commands in your CLI:
 4. Load a model: `lms load llama-3.3-70b-instruct --context-length 64000 --gpu max`.
 
 ::::{important}
-When loading a model, use the `--context-length` flag with a context window of 64,000 or higher. 
+When loading a model, use the `--context-length` flag with a context window of 64,000 or higher.
 Optionally, you can set how much to offload to the GPU by using the `--gpu` flag. `--gpu max` will offload all layers to GPU.
 ::::
 

solutions/observability/observability-ai-assistant.md

@@ -102,6 +102,10 @@ While the {{obs-ai-assistant}} is compatible with many different models, refer t
 :::
 
 ### Connect to a custom local LLM
+```{applies_to}
+serverless: ga
+stack: ga 9.2
+```
 
 [Connect to LM Studio](/solutions/observability/connect-to-own-local-llm.md) to use a custom LLM deployed and managed by you.
 

solutions/search/agent-builder/get-started.md

@@ -26,19 +26,24 @@ You can set up a new [space](/deploy-manage/manage-spaces.md) to use the solutio
 
 :::::{step} Enable {{agent-builder}}
 
+
+<!-- 
+
+TODO: uncomment once default enabled is live on serverless
+
 ::::{applies-switch}
 
 :::{applies-item} { "serverless": "preview", "elasticsearch" }
 
 {{agent-builder}} is enabled by default in serverless {{es}} projects.
 
-Find **Agents** in the navigation menu to begin using the feature, or search for **Agents** in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
+Find **Agents** in the navigation menu to begin using the feature, or search for **Agents** in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). 
 
 :::
 
 :::{applies-item} stack: preview 9.2
-
-You have to enable {{agent-builder}} to get started on non-serverless deployments.
+-->
+You have to enable {{agent-builder}} to get started.
 
 You can enable the features using the UI:
 

solutions/search/agent-builder/models.md

@@ -10,6 +10,10 @@ applies_to:
 
 # Using different models in {{agent-builder}}
 
+:::{important}
+Due to phased rollout, the ability to use different models may not be immediately available in your project.
+:::
+
 {{agent-builder}} uses large language models (LLMs) to power agent reasoning and decision-making. By default, agents use the Elastic Managed LLM, but you can configure other models through Kibana connectors.
 
 ## Default model configuration

solutions/security/cloud/cspm-privilege-requirements.md

@@ -27,6 +27,7 @@ Users with these minimum permissions can view data on the **Findings** page and
 
 * `logs-cloud_security_posture.findings_latest-*`
 * `logs-cloud_security_posture.scores-*`
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` `security_solution-cloud_security_posture.misconfiguration_latest*`
 
 
 ### {{kib}} privileges [_kib_privileges]
@@ -45,6 +46,8 @@ Users with these minimum permissions can view data on the **Findings** page and
 
 * `logs-cloud_security_posture.findings_latest-*`
 * `logs-cloud_security_posture.scores-*`
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` `security_solution-cloud_security_posture.misconfiguration_latest*`
+
 
 
 ### {{kib}} privileges [_kib_privileges_2]
@@ -63,6 +66,8 @@ Users with these minimum permissions can view data on the **Findings** page and
 
 * `logs-cloud_security_posture.findings_latest-*`
 * `logs-cloud_security_posture.scores-*`
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` `security_solution-cloud_security_posture.misconfiguration_latest*`
+
 
 
 ### {{kib}} privileges [_kib_privileges_3]

troubleshoot/elasticsearch/index-lifecycle-management-errors.md

@@ -151,7 +151,7 @@ POST /my-index-000001/_ilm/retry
 
 ### How `min_age` is calculated [min-age-calculation]
 
-When setting up an [{{ilm-init}} policy](../../manage-data/lifecycle/index-lifecycle-management/configure-lifecycle-policy.md) or [automating rollover with {{ilm-init}}](../../manage-data/lifecycle/index-lifecycle-management.md), be aware that `min_age` can be relative to either the rollover time or the index creation time.
+When setting up an [{{ilm-init}} policy](../../manage-data/lifecycle/index-lifecycle-management/configure-lifecycle-policy.md) or [automating rollover with {{ilm-init}}](../../manage-data/lifecycle/index-lifecycle-management/rollover.md), be aware that `min_age` can be relative to either the rollover time or the index creation time.
 
 If you use [{{ilm-init}} rollover](elasticsearch://reference/elasticsearch/index-lifecycle-actions/ilm-rollover.md), `min_age` is calculated relative to the time the index was rolled over. This is because the [rollover API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-rollover) generates a new index and updates the `age` of the previous index to reflect the rollover time. If the index hasn’t been rolled over, then the `age` is the same as the `creation_date` for the index.