Merge branch 'main' into remote_clusters_settings_moved_reference

Author: eedugon

deploy-manage/deploy/cloud-enterprise/ece-install-offline-images.md

@@ -17,13 +17,13 @@ The first table contains the stack versions shipped with the current {{version.e
 | Docker images included with {{ece}} {{version.ece}} |
 | --- |
 | docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}} |
-| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.8 |
-| docker.elastic.co/cloud-release/kibana-cloud:8.18.8 |
-| docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.8 |
-| docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.8 |
-| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.8 |
-| docker.elastic.co/cloud-release/kibana-cloud:9.0.8 |
-| docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.8 |
+| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}} |
+| docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-8}} |
+| docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}} |
+| docker.elastic.co/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}} |
+| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}} |
+| docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-9}} |
+| docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}} |
 
 $$$ece-all-stacks$$$Additional {{stack}} versions are available as Docker images that you can use with ECE. For offline installations, you need to download both the {{stack}} pack and the Docker images for the same version.
 

deploy-manage/deploy/cloud-enterprise/ece-install-offline-no-registry.md

@@ -19,13 +19,13 @@ To perform an offline installation without a private Docker registry, you have t
 
     ```sh subs=true
     docker pull docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}}
-    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.8
-    docker pull docker.elastic.co/cloud-release/kibana-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.8
-    docker pull docker.elastic.co/cloud-release/kibana-cloud:9.0.8
-    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.8
+    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}}
+    docker pull docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-9}}
+    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}}
     ```
 
     ::::{note}
@@ -36,27 +36,27 @@ To perform an offline installation without a private Docker registry, you have t
 
     ```sh subs=true
     docker save -o ece.{{version.ece}}.tar docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}}
-    docker save -o es.8.18.2.tar docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.8
-    docker save -o kibana.8.18.2.tar docker.elastic.co/cloud-release/kibana-cloud:8.18.8
-    docker save -o apm.8.18.2.tar docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.8
-    docker save -o enterprise-search.8.18.2.tar docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.8
-    docker save -o es.9.0.1.tar docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.8
-    docker save -o kibana.9.0.1.tar docker.elastic.co/cloud-release/kibana-cloud:9.0.8
-    docker save -o apm.9.0.1.tar docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.8
+    docker save -o es.8.18.2.tar docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}}
+    docker save -o kibana.8.18.2.tar docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-8}}
+    docker save -o apm.8.18.2.tar docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}}
+    docker save -o enterprise-search.8.18.2.tar docker.elastic.co/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}}
+    docker save -o es.9.0.1.tar docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}}
+    docker save -o kibana.9.0.1.tar docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-9}}
+    docker save -o apm.9.0.1.tar docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}}
     ```
 
 3. Copy the .tar files to a location on your network where they are available to each host where you plan to install {{ece}}. Alternatively, you can copy the .tar files to each host directly.
 4. On each host, load the images into Docker, replacing `FILE_PATH` with the correct path to the .tar files:
 
     ```sh subs=true
     docker load < FILE_PATH/ece.{{version.ece}}.tar
-    docker load < FILE_PATH/es.8.18.8.tar
-    docker load < FILE_PATH/kibana.8.18.8.tar
-    docker load < FILE_PATH/apm.8.18.8.tar
-    docker load < FILE_PATH/enterprise-search.8.18.8.tar
-    docker load < FILE_PATH/es.9.0.8.tar
-    docker load < FILE_PATH/kibana.9.0.8.tar
-    docker load < FILE_PATH/apm.9.0.8.tar
+    docker load < FILE_PATH/es.{{ece-docker-images-8}}.tar
+    docker load < FILE_PATH/kibana.{{ece-docker-images-8}}.tar
+    docker load < FILE_PATH/apm.{{ece-docker-images-8}}.tar
+    docker load < FILE_PATH/enterprise-search.{{ece-docker-images-8}}.tar
+    docker load < FILE_PATH/es.{{ece-docker-images-9}}.tar
+    docker load < FILE_PATH/kibana.{{ece-docker-images-9}}.tar
+    docker load < FILE_PATH/apm.{{ece-docker-images-9}}.tar
     ```
 
 5. Optional: Remove the .tar files after installation.

deploy-manage/deploy/cloud-enterprise/ece-install-offline-with-registry.md

@@ -25,13 +25,13 @@ Installing ECE on multiple hosts with your own registry server is simpler, becau
 
     ```sh subs=true
     docker pull docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}}
-    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.8
-    docker pull docker.elastic.co/cloud-release/kibana-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.8
-    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.8
-    docker pull docker.elastic.co/cloud-release/kibana-cloud:9.0.8
-    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.8
+    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}}
+    docker pull docker.elastic.co/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}}
+    docker pull docker.elastic.co/cloud-release/kibana-cloud:{{ece-docker-images-9}}
+    docker pull docker.elastic.co/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}}
     ```
 
     ::::{note}
@@ -42,26 +42,26 @@ Installing ECE on multiple hosts with your own registry server is simpler, becau
 
     ```sh subs=true
     docker tag docker.elastic.co/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}} REGISTRY/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}}
-    docker tag docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.2 REGISTRY/cloud-release/elasticsearch-cloud-ess:8.18.8
-    docker tag docker.elastic.co/cloud-release/kibana-cloud:8.18.2 REGISTRY/cloud-release/kibana-cloud:8.18.8
-    docker tag docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.2 REGISTRY/cloud-release/elastic-agent-cloud:8.18.8
-    docker tag docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.2 REGISTRY/cloud-release/enterprise-search-cloud:8.18.8
-    docker tag docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.1 REGISTRY/cloud-release/elasticsearch-cloud-ess:9.0.8
-    docker tag docker.elastic.co/cloud-release/kibana-cloud:9.0.1 REGISTRY/cloud-release/kibana-cloud:9.0.8
-    docker tag docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.1 REGISTRY/cloud-release/elastic-agent-cloud:9.0.8
+    docker tag docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.2 REGISTRY/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}}
+    docker tag docker.elastic.co/cloud-release/kibana-cloud:8.18.2 REGISTRY/cloud-release/kibana-cloud:{{ece-docker-images-8}}
+    docker tag docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.2 REGISTRY/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}}
+    docker tag docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.2 REGISTRY/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}}
+    docker tag docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.1 REGISTRY/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}}
+    docker tag docker.elastic.co/cloud-release/kibana-cloud:9.0.1 REGISTRY/cloud-release/kibana-cloud:{{ece-docker-images-9}}
+    docker tag docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.1 REGISTRY/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}}
     ```
 
 4. Push the Docker images to your private Docker registry, using the same tags from the previous step. Replace `REGISTRY` with your actual registry URL, for example `my.private.repo:5000`:
 
     ```sh subs=true
     docker push REGISTRY/cloud-enterprise/elastic-cloud-enterprise:{{version.ece}}
-    docker push REGISTRY/cloud-release/elasticsearch-cloud-ess:8.18.8
-    docker push REGISTRY/cloud-release/kibana-cloud:8.18.8
-    docker push REGISTRY/cloud-release/elastic-agent-cloud:8.18.8
-    docker push REGISTRY/cloud-release/enterprise-search-cloud:8.18.8
-    docker push REGISTRY/cloud-release/elasticsearch-cloud-ess:9.0.8
-    docker push REGISTRY/cloud-release/kibana-cloud:9.0.8
-    docker push REGISTRY/cloud-release/elastic-agent-cloud:9.0.8
+    docker push REGISTRY/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-8}}
+    docker push REGISTRY/cloud-release/kibana-cloud:{{ece-docker-images-8}}
+    docker push REGISTRY/cloud-release/elastic-agent-cloud:{{ece-docker-images-8}}
+    docker push REGISTRY/cloud-release/enterprise-search-cloud:{{ece-docker-images-8}}
+    docker push REGISTRY/cloud-release/elasticsearch-cloud-ess:{{ece-docker-images-9}}
+    docker push REGISTRY/cloud-release/kibana-cloud:{{ece-docker-images-9}}
+    docker push REGISTRY/cloud-release/elastic-agent-cloud:{{ece-docker-images-9}}
     ```
 
 5. On an internet-connected host, download the installation script:

deploy-manage/deploy/elastic-cloud/serverless.md

@@ -65,6 +65,8 @@ To learn more about serverless status, see [Service status](../../cloud-organiza
 
 The following FAQ addresses common questions about using {{serverless-full}} projects.
 
+For information about upcoming features, refer to our [roadmap](https://www.elastic.co/cloud/serverless/roadmap).
+
 ### Pricing and availability
 **Q: Where can I learn about pricing for {{serverless-short}}?**  
 A: See pricing information for [{{es-serverless}}](https://www.elastic.co/pricing/serverless-search), [{{observability}}](https://www.elastic.co/pricing/serverless-observability), and [{{sec-serverless}}](https://www.elastic.co/pricing/serverless-security).
@@ -73,6 +75,7 @@ A: See pricing information for [{{es-serverless}}](https://www.elastic.co/pricin
 A: {{serverless-full}} is available in select AWS, GCP, and Azure regions, with plans to expand to more regions. For more information, refer to [](/deploy-manage/deploy/elastic-cloud/regions.md).
 
 ### Data management
+
 **Q: How can I move data to or from {{serverless-short}} projects?**  
 A: We are working on data migration tools. In the interim, [use Logstash](logstash://reference/index.md) with {{es}} input and output plugins to move data to and from {{serverless-short}} projects.
 
@@ -83,6 +86,9 @@ A: Request for project backups or restores is currently unsupported, and we are
 **Q: How can I create {{serverless-full}} service accounts?**  
 A: Create API keys for service accounts in your {{serverless-short}} projects. Options to automate the creation of API keys with tools such as Terraform will be available in the future.
 
+**Q: What compliance and privacy standards does {{serverless-full}} adhere to?**  
+A: Alongside the entire Elastic platform, {{serverless-full}} is independently audited and certified to meet industry-leading compliance and privacy standards. Refer to the [Elastic Trust Center](https://www.elastic.co/trust) for more information. Further details about specific standards are available on our [roadmap](https://www.elastic.co/cloud/serverless/roadmap).
+
 ### Project lifecycle and support
 **Q: How does {{serverless-full}} ensure compatibility between software versions?**  
 A: Connections and configurations are unaffected by upgrades. To ensure compatibility between software versions, quality testing and API versioning are used.

deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md

@@ -121,7 +121,7 @@ Depending on your selected installation method, you may have to provide the foll
 
 With this authentication method, you need to create an API key to grant access to your cluster. Complete the following steps:
 
-1. From your {{ecloud}} home page, select a deployment.
+1. Open your self-managed cluster's Kibana
 2. Go to the **API keys** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 3.  Select **Create API key**.
 4. In the flyout, enter a name for your key and select **User API key**.
@@ -167,7 +167,7 @@ With this authentication method, you need to create an API key to grant access t
 
 With this authentication method, you need the username and password of a user with the necessary privileges to grant access to your cluster. There are two ways to set up a user with the these privileges:
 
-* (Recommended) From your {{ecloud}} home page, select a deployment and go to **Developer tools**. In **Console**, run the following command:
+* (Recommended) Open your self-managed cluster's Kibana and go to **Developer tools**. In **Console**, run the following command:
 ```js
 POST /_security/role/autoops
 {

deploy-manage/security/logging-configuration/logfile-audit-events-ignore-policies.md

@@ -25,7 +25,7 @@ The drawback of an audited system is represented by the inevitable performance p
 When utilizing audit events ignore policies you are acknowledging potential accountability gaps that could render illegitimate actions undetectable. Take time to review these policies whenever your system architecture changes.
 ::::
 
-A policy is a named set of filter rules. Each filter rule applies to a single event attribute, one of the `users`, `realms`, `actions`, `roles` or `indices` attributes. The filter rule defines a list of [Lucene regexp](elasticsearch://reference/query-languages/query-dsl/regexp-syntax.md), **any** of which has to match the value of the audit event attribute for the rule to match. A policy matches an event if **all** the rules comprising it match the event. An audit event is ignored, therefore not printed, if it matches **any** policy. All other non-matching events are printed as usual.
+A policy is a named set of filter rules. Each filter rule applies to a single event attribute, one of the `users`, `realms`, `actions`, `roles` or `indices` attributes. The filter rule defines a list of [wildcard patterns](elasticsearch://reference/query-languages/query-dsl/query-dsl-wildcard-query.md) or [Lucene regexp](elasticsearch://reference/query-languages/query-dsl/regexp-syntax.md), **any** of which has to match the value of the audit event attribute for the rule to match. A policy matches an event if **all** the rules comprising it match the event. An audit event is ignored, therefore not printed, if it matches **any** policy. All other non-matching events are printed as usual.
 
 All policies are defined under the `xpack.security.audit.logfile.events.ignore_filters` settings namespace. For example, the following policy named *example1* matches events from the *kibana_system* or *admin_user* principals that operate over indices of the wildcard form *app-logs**:
 
@@ -35,8 +35,16 @@ xpack.security.audit.logfile.events.ignore_filters:
     users: ["kibana_system", "admin_user"]
     indices: ["app-logs*"]
 ```
+An audit event generated by the *kibana_system* user and operating over multiple indices, some of which do not match the indices wildcard, will not match. As expected, operations generated by all other users (even operating only on indices that match the *indices* filter) will not match this policy either.
 
-An audit event generated by the *kibana_system* user and operating over multiple indices , some of which do not match the indices wildcard, will not match. As expected, operations generated by all other users (even operating only on indices that match the *indices* filter) will not match this policy either.
+The following policy named *example2* matches events that operate over any index except *logs-app1* and *logs-app2*:
+
+```yaml
+xpack.security.audit.logfile.events.ignore_filters:
+  example2:
+    indices: ["/~(logs-app1|logs-app2)/"]
+```
+Only events operating over *logs-app1* and *logs-app2* indices will not match and will not be ignored by the policy.
 
 Audit events of different types may have [different attributes](elasticsearch://reference/elasticsearch/elasticsearch-audit-events.md#audit-event-attributes). If an event does not contain an attribute for which some policy defines filters, the event will not match the policy. For example, the following policy will never match `authentication_success` or `authentication_failed` events, irrespective of the user’s roles, because these event schemas do not contain the `role` attribute:
 
@@ -46,7 +54,7 @@ xpack.security.audit.logfile.events.ignore_filters:
     roles: ["admin", "ops_admin_*"]
 ```
 
-Likewise, any events of users with multiple roles, some of which do not match the regexps will not match this policy.
+Likewise, any events of users with multiple roles, some of which do not match the wildcard patterns or the regexps will not match this policy.
 
 For completeness, although practical use cases should be sparse, a filter can match a missing attribute of an event, using the empty string ("") or the empty list ([]). For example, the following policy will match events that do not have the `indices` attribute (`anonymous_access_denied`, `authentication_success` and other types) as well as events over the *next* index.
 

docset.yml

@@ -297,4 +297,6 @@ subs:
   models-app: "Trained Models"
   agent-builder: "Elastic Agent Builder"
   kube-stack-version: 0.9.1
+  ece-docker-images-8: 8.18.8
+  ece-docker-images-9: 9.0.8
 

reference/data-analysis/machine-learning/machine-learning-functions.md

@@ -1,12 +1,12 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/machine-learning/current/ml-functions.html
-navigation_title: Function reference
+navigation_title: ML function reference
 products:
   - id: machine-learning
 ---
 
-# Function reference for Elastic {{ml} [ml-functions]
+# Function reference for Elastic {{ml}} [ml-functions]
 
 The {{ml-features}} include analysis functions that provide a wide variety of flexible ways to analyze data for anomalies.