Merge branch 'main' into mw-tsds-fin

marciw · web-flow · commit ff1b13cf4897 · 2025-10-17T12:12:17.000-04:00
diff --git a/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md b/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md
@@ -19,7 +19,6 @@ When you’re done, you’ll have a complete overview of the sample web logs dat
 :screenshot:
 :::
 
-
 ## Add the data and create the dashboard [add-the-data-and-create-the-dashboard-advanced]
 
 Add the sample eCommerce data, and create and set up the dashboard.
@@ -33,9 +32,12 @@ Add the sample eCommerce data, and create and set up the dashboard.
 
 Open the visualization editor, then make sure the correct fields appear.
 
-1. On the dashboard, click **Create visualization**.
-2. Make sure the **Kibana Sample Data eCommerce** {{data-source}} appears, then set the [time filter](../query-filter/filtering.md) to **Last 30 days**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization**.
 
+2. Make sure the **Kibana Sample Data eCommerce** {{data-source}} appears, then set the [time filter](../query-filter/filtering.md) to **Last 30 days**.
 
 ## Create visualizations with custom time intervals [custom-time-interval]
 
@@ -91,14 +93,17 @@ To identify the 75th percentile of orders, add a reference line:
 
 5. Click **Save and return**.
 
-
 ## Analyze multiple data series [add-a-data-layer-advanced]
 
 You can create visualizations with multiple data series within the same time interval, even when the series have similar configurations with minor differences.
 
 To analyze multiple series, create a line chart that displays the price distribution of products sold over time:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. Open the **Visualization type** dropdown, then select **Line**.
 3. From the **Available fields** list, drag **products.price** to the workspace.
 
@@ -129,14 +134,17 @@ To copy a function, you drag it to the **Add or drag-and-drop a field** area wit
 
 6. Click **Save and return**.
 
-
 ## Analyze multiple visualization types [add-a-data-layer]
 
 With layers, you can analyze your data with multiple visualization types. When you create layered visualizations, match the data on the horizontal axis so that it uses the same scale.
 
 To analyze multiple visualization types, create an area chart that displays the average order prices, then add a line chart layer that displays the number of customers.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **products.price** to the workspace.
 3. In the layer pane, click **Median of products.price**.
 
@@ -169,14 +177,17 @@ Add a layer to display the customer traffic:
 
 6. Click **Save and return**.
 
-
 ## Compare the change in percentage over time [percentage-stacked-area]
 
 By default, the visualization editor displays time series data with stacked charts, which show how the different document sets change over time.
 
 To view change over time as a percentage, create an **Area percentage** chart that displays three order categories over time:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **Records** to the workspace.
 3. Open the **Visualization type** dropdown, then select **Area**.
 
@@ -209,12 +220,15 @@ For each order category, create a filter:
 
 8. Click **Save and return**.
 
-
 ## View the cumulative number of products sold on weekends [view-the-cumulative-number-of-products-sold-on-weekends]
 
 To determine the number of orders made only on Saturday and Sunday, create an area chart, then add it to the dashboard.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. Open the **Visualization type** dropdown, then select **Area**.
 
 Configure the cumulative sum of store orders:
@@ -246,14 +260,17 @@ Filter the results to display the data for only Saturday and Sunday:
 
 6. Click **Save and return**.
 
-
 ## Compare time ranges [compare-time-ranges]
 
 With **Time shift**, you can compare the data from different time ranges. To make sure the data displays correctly, choose a multiple of the date histogram interval when you use multiple time shifts. For example, you are unable to use a **36h** time shift for one series, and a **1d** time shift for the second series if the interval is **days**.
 
 To compare two time ranges, create a line chart that compares the sales in the current week with sales from the previous week:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. Open the **Visualization type** dropdown, then select **Line**.
 3. From the **Available fields** list, drag **Records** to the workspace.
 4. To duplicate **Count of records**, drag **Count of records** to **Add or drag-and-drop a field** for **Vertical axis** in the layer pane.
@@ -275,14 +292,17 @@ To create a week-over-week comparison, shift **Count of records [1]** by one wee
 
 Time shifts can be used on any metric. The special shift **previous** will show the time window preceding the currently selected one in the time picker in the top right, spanning the same duration. For example, if **Last 7 days** is selected in the time picker, **previous** will show data from 14 days ago to 7 days ago. This mode can’t be used together with date histograms.
 
-
 ### Analyze the percent change between time ranges [compare-time-as-percent]
 
 With **Formula**, you can analyze the percent change in your data from different time ranges.
 
 To compare time range changes as a percent, create a bar chart that compares the sales in the current week with sales from the previous week:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **Records** to the workspace.
 3. In the layer pane, click **Count of records**.
 4. Click **Formula**, then enter `count() / count(shift='1w') - 1` in the **Formula** field.
@@ -298,14 +318,17 @@ To compare time range changes as a percent, create a bar chart that compares the
 
 8. Click **Save and return**.
 
-
 ## Analyze the data in a table [view-customers-over-time-by-continents]
 
 With tables, you can view and compare the field values, which is useful for displaying the locations of customer orders.
 
 Create a date histogram table and group the customer count metric by category, such as the continent registered in user accounts:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. Open the **Visualization type** dropdown, then select **Table**.
 3. From the **Available fields** list, drag **customer_id** to the **Metrics** field in the layer pane.
 
diff --git a/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md b/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md
@@ -19,7 +19,6 @@ When you’re done, you’ll have a complete overview of the sample web logs dat
 :screenshot:
 :::
 
-
 ## Add the data and create the dashboard [add-the-data-and-create-the-dashboard]
 
 Add the sample web logs data, and create and set up the dashboard.
@@ -34,15 +33,18 @@ Add the sample web logs data, and create and set up the dashboard.
 
 Open the visualization editor, then make sure the correct fields appear.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization**.
+
 2. Make sure the **{{kib}} Sample Data Logs** {{data-source}} appears.
 
    :::{image} /explore-analyze/images/kibana-lens_dataViewDropDown_8.4.0.png
    :alt: Data view dropdown
    :screenshot:
    :::
 
-
 To create the visualizations in this tutorial, you’ll use the following fields:
 
 * **Records**
@@ -59,7 +61,6 @@ Click a field name to view more details, such as its top values and distribution
 :width: 50%
 :::
 
-
 ## Create your first visualization [view-the-number-of-website-visitors]
 
 Pick a field you want to analyze, such as **clientip**. To analyze only the **clientip** field, use the **Metric** visualization to display the field as a number.
@@ -89,17 +90,20 @@ The only number function that you can use with **clientip** is **Unique count**,
 
 4. Click **Save and return**.
 
-
 ## View a metric over time [mixed-multiaxis]
 
 There are two shortcuts you can use to view metrics over time. When you drag a numeric field to the workspace, the visualization editor adds the default time field from the {{data-source}}. When you use the **Date histogram** function, you can replace the time field by dragging the field to the workspace.
 
 To visualize the **bytes** field over time:
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **bytes** to the workspace.
 
-    The visualization editor creates a bar chart with the **timestamp** and **Median of bytes** fields.
+   The visualization editor creates a bar chart with the **timestamp** and **Median of bytes** fields.
 
 3. To zoom in on the data, click and drag your cursor across the bars.
 
@@ -150,15 +154,17 @@ Since you removed the axis labels, add a panel title:
    :width: 50%
    :::
 
-
-
 ## View the top values of a field [view-the-distribution-of-visitors-by-operating-system]
 
 Create a visualization that displays the most frequent values of **request.keyword** on your website, ranked by the unique visitors. To create the visualization, use **Top values of request.keyword** ranked by **Unique count of clientip**, instead of being ranked by **Count of records**.
 
 The **Top values** function ranks the unique values of a field by another function. The values are the most frequent when ranked by a **Count** function, and the largest when ranked by the **Sum** function.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **clientip** to the **Vertical axis** field in the layer pane.
 
     The visualization editor automatically applies the **Unique count** function. If you drag **clientip** to the workspace, the editor adds the field to the incorrect axis.
@@ -200,13 +206,15 @@ The chart labels are unable to display because the **request.keyword** field con
 
     Since the table columns are labeled, you do not need to add a panel title.
 
-
-
 ## Compare a subset of documents to all documents [custom-ranges]
 
 Create a proportional visualization that helps you determine if your users transfer more bytes from documents under 10KB versus documents over 10Kb.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **bytes** to the **Vertical axis** field in the layer pane.
 3. In the layer pane, click **Median of bytes**.
 4. Click the **Sum** quick function, then click **Close**.
@@ -251,12 +259,15 @@ Add a panel title:
 1. Hover over the panel and click ![Settings icon](/explore-analyze/images/kibana-settings-icon-hover-action.png "kibana-settings-icon-hover-action =4%x4%"). The **Settings** flyout appears.
 2. In the **Title** field, enter `Sum of bytes from large requests`, then click **Apply**.
 
-
 ## View the distribution of a number field [histogram]
 
 The distribution of a number can help you find patterns. For example, you can analyze the website traffic per hour to find the best time for routine maintenance.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. From the **Available fields** list, drag **bytes** to **Vertical axis** field in the layer pane.
 3. In the layer pane, click **Median of bytes**.
 
@@ -280,12 +291,15 @@ Add a panel title:
 1. Hover over the panel and click ![Settings icon](/explore-analyze/images/kibana-settings-icon-hover-action.png "kibana-settings-icon-hover-action =4%x4%"). The **Settings** flyout appears.
 2. In the **Title** field, enter `Website traffic`, then click **Apply**.
 
-
 ## Create a multi-level chart [treemap]
 
 **Table** and **Proportion** visualizations support multiple functions. For example, to create visualizations that break down the data by website traffic sources and user geography, apply the **Filters** and **Top values** functions.
 
-1. On the dashboard, click **Create visualization**.
+1. Create a visualization.
+   
+   * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar.
+   * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar.
+
 2. Open the **Visualization type** dropdown, then select **Treemap**.
 3. From the **Available fields** list, drag **Records** to the **Metric** field in the layer pane.
 4. In the layer pane, click **Add or drag-and-drop a field** for **Group by**.
@@ -370,4 +384,4 @@ Now that you have a complete overview of your web server data, save the dashboar
 
 :::{image} /explore-analyze/images/kibana-dashboard-creator-editor.png
 :alt: Information panel of a dashboard showing its creator and last editor
-:::
+:::
diff --git a/explore-analyze/visualize/link-panels.md b/explore-analyze/visualize/link-panels.md
@@ -24,9 +24,11 @@ You can use **Links** panels to create links to other dashboards or external web
 
 ## Add a links panel [add-links-panel]
 
-To add a links panel to your dashboard:
+1. Add a new panel.
+
+    * {applies_to}`stack: ga 9.2` Select **Add** > **New panel** in the toolbar.
+    * {applies_to}`stack: ga 9.0` Click **Add panel** in the dashboard toolbar.
 
-1. From your dashboard, select **Add panel**.
 2. In the **Add panel** flyout, select **Links**. The **Create links panel** flyout appears and lets you add the link you want to display.
 3. Choose between the panel displaying vertically or horizontally on your dashboard and add your link.
 4. Specify the following:
@@ -44,10 +46,13 @@ To add a links panel to your dashboard:
 
 To add a previously saved links panel to another dashboard:
 
-1. From your dashboard, select **Add from library**.
-2. In the **Add from library** flyout, select **Links** from the **Types** dropdown and then select the Links panel you want to add.
-3. Click **Save**.
+1. Open the **Add from library** flyout.
 
+    * {applies_to}`stack: ga 9.2` Select **Add** > **From library** in the toolbar.
+    * {applies_to}`stack: ga 9.0` Click **Add from library** in the dashboard toolbar.
+
+2. Select **Links** from the **Types** dropdown and then select the Links panel you want to add.
+3. Click **Save**.
 
 ## Edit links panels [edit-links-panel]
 
diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md
@@ -54,6 +54,7 @@ Attack Discovery is designed for use with alerts based on data that complies wit
 1.  Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** button to open AI Assistant.
 2.  At the bottom of the chat window, the alert's information appears. Click **Edit** to open the anonymization window to this alert's fields.
 3.  Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**.
+4.  Check the `Update presets` box to add the allowed fields to the space's default anonymization settings.
 
 The selected fields can now be analyzed the next time you run Attack Discovery.
 :::
