diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md b/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md index c9c57147eb..07b8dcf288 100644 --- a/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md +++ b/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md @@ -57,7 +57,7 @@ When past behavior on a hot tier indicates that the influx of data can increase * Through ILM policies. For example, if a deployment has only hot nodes and autoscaling is enabled, it automatically creates warm or cold nodes, if an ILM policy is trying to move data from hot to warm or cold nodes. -On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/create-jobs.html). +On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-run-jobs.html#ml-ad-create-job). On a highly available deployment, autoscaling events are always applied to instances in each availability zone simultaneously, to ensure consistency. @@ -74,7 +74,7 @@ A warning is also issued in the ECE `service-constructor` logs with the field `l The following are known limitations and restrictions with autoscaling: * Autoscaling will not run if the cluster is unhealthy or if the last Elasticsearch plan failed. -* In the event that an override is set for the instance size or disk quota multiplier for an instance by means of the [Instance Overrides API](https://www.elastic.co/guide/en/cloud-enterprise/current/set-all-instances-settings-overrides.html), autoscaling will be effectively disabled. It’s recommended to avoid adjusting the instance size or disk quota multiplier for an instance that uses autoscaling, since the setting prevents autoscaling. +* In the event that an override is set for the instance size or disk quota multiplier for an instance by means of the [Instance Overrides API](https://www.elastic.co/docs/api/doc/cloud-enterprise/operation/operation-set-all-instances-settings-overrides), autoscaling will be effectively disabled. It’s recommended to avoid adjusting the instance size or disk quota multiplier for an instance that uses autoscaling, since the setting prevents autoscaling. ## Enable or disable autoscaling [ece-autoscaling-enable] diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-secure-clusters-oidc.md b/raw-migrated-files/cloud/cloud-enterprise/ece-secure-clusters-oidc.md index 6ef16b42d8..d8713b67ec 100644 --- a/raw-migrated-files/cloud/cloud-enterprise/ece-secure-clusters-oidc.md +++ b/raw-migrated-files/cloud/cloud-enterprise/ece-secure-clusters-oidc.md @@ -15,7 +15,7 @@ To prepare for using OpenID Connect for authentication for deployments: * Create or use an existing deployment. Make note of the Kibana endpoint URL, it will be referenced as `` in the following steps. * The steps in this section required a moderate understanding of [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.md#Authentication) in general and the Authorization Code Grant flow specifically. For more information about OpenID Connect and how it works with the Elastic Stack check: - * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html). + * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-elasticsearch-authentication). @@ -103,8 +103,8 @@ The Elasticsearch cluster needs to be configured to use the OpenID Connect realm 7. The URL for the Token Endpoint in the OpenID Connect Provider. This is the endpoint where Elastic Cloud Enterprise will send a request to exchange the code for an ID Token, as part of the Authorization Code flow. The value for this setting should be provided by your OpenID Connect Provider. 8. (Optional) The URL for the UserInfo Endpoint in the OpenID Connect Provider. This is the endpoint of the OP that can be queried to get further user information, if required. The value for this setting should be provided by your OpenID Connect Provider. 9. The path to a file or an HTTPS URL pointing to a JSON Web Key Set with the key material that the OpenID Connect Provider uses for signing tokens and claims responses. Your OpenID Connect Provider should provide you with this file. - 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for details and available options. - 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. + 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-claims-mapping) for details and available options. + 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-claims-mapping) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. 2. By default, users authenticating through OpenID Connect have no roles assigned to them. For example, if you want all your users authenticating with OpenID Connect to get access to Kibana, issue the following request to Elasticsearch: diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-upgrade.md b/raw-migrated-files/cloud/cloud-enterprise/ece-upgrade.md index de40b928e1..5d77afeff0 100644 --- a/raw-migrated-files/cloud/cloud-enterprise/ece-upgrade.md +++ b/raw-migrated-files/cloud/cloud-enterprise/ece-upgrade.md @@ -42,7 +42,7 @@ Before starting the upgrade process, check which of the following recommendation * Upgrading to 2.12.x or 2.13.0 is not recommended as it can cause issues and you may lose access to the admin console. You are strongly advised to upgrade to 2.13.1 and later. * If you are upgrading to ECE versions 2.10, 2.11, or 2.12, refer to the ECE version 2.12 [upgrade steps](https://www.elastic.co/guide/en/cloud-enterprise/2.12/ece-upgrade.html#ece-upgrade-system-deployments) for guidance about certain default ECE visualizations not working. -* We strongly recommend that you routinely update your ECE installation to the most current version so that any bugs and security issues are fixed promptly. If you need to upgrade but are currently experiencing any issues with your platform, note that as long as ZooKeeper is running and healthy you should be able to upgrade (you can use the [get runners API](https://www.elastic.co/guide/en/cloud-enterprise/current/get-runners.html) to easily verify the health of the runners on the [ECE allocators](../../../deploy-manage/deploy/cloud-enterprise/ece-architecture.md#ece-architecture-allocators)). That is, healthy system deployments are not required in order to perform an upgrade successfully. +* We strongly recommend that you routinely update your ECE installation to the most current version so that any bugs and security issues are fixed promptly. If you need to upgrade but are currently experiencing any issues with your platform, note that as long as ZooKeeper is running and healthy you should be able to upgrade (you can use the [get runners API](https://www.elastic.co/docs/api/doc/cloud-enterprise/operation/operation-get-runners) to easily verify the health of the runners on the [ECE allocators](../../../deploy-manage/deploy/cloud-enterprise/ece-architecture.md#ece-architecture-allocators)). That is, healthy system deployments are not required in order to perform an upgrade successfully. * Before upgrading to Elastic Cloud Enterprise 3.0, refer to the [lists of removals](https://www.elastic.co/guide/en/cloud-enterprise/current/ece-3-0-removals.html) to find out about features and API endpoints that are no longer supported. * We strongly recommend that you do not attempt to perform certain actions during the upgrade process, such as: diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-working-with-elasticsearch.md b/raw-migrated-files/cloud/cloud-enterprise/ece-working-with-elasticsearch.md index ba0c2369ff..2cde2b5aa3 100644 --- a/raw-migrated-files/cloud/cloud-enterprise/ece-working-with-elasticsearch.md +++ b/raw-migrated-files/cloud/cloud-enterprise/ece-working-with-elasticsearch.md @@ -97,7 +97,7 @@ Either a `GET` or a `POST` request with some URI search parameters works, or omi curl -u USER:PASSWORD https://ELASTICSEARCH_URL/my_index/_doc/_search?q=title:T* ``` -For an explanation of the allowed parameters, check [URI Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html). +For an explanation of the allowed parameters, check [URI Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html). To make {{es}} return a more human readable JSON response, add `?pretty=true` to the request: diff --git a/raw-migrated-files/cloud/cloud-heroku/ech-add-user-settings.md b/raw-migrated-files/cloud/cloud-heroku/ech-add-user-settings.md index 1d18b41e1c..702a614039 100644 --- a/raw-migrated-files/cloud/cloud-heroku/ech-add-user-settings.md +++ b/raw-migrated-files/cloud/cloud-heroku/ech-add-user-settings.md @@ -35,7 +35,7 @@ Elasticsearch Add-On for Heroku supports the following `elasticsearch.yml` setti The following general settings are supported: $$$http-cors-settings$$$`http.cors.*` -: Enables cross-origin resource sharing (CORS) settings for the [HTTP module](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html). +: Enables cross-origin resource sharing (CORS) settings for the [HTTP module](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html). ::::{note} If your use case depends on the ability to receive CORS requests and you have a cluster that was provisioned prior to January 25th 2019, you must manually set `http.cors.enabled` to `true` and allow a specific set of hosts with `http.cors.allow-origin`. Applying these changes in your Elasticsearch configuration allows cross-origin resource sharing requests. @@ -43,13 +43,13 @@ $$$http-cors-settings$$$`http.cors.*` `http.compression` -: Support for [HTTP compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html) when possible (with Accept-Encoding). Defaults to `true`. +: Support for [HTTP compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) when possible (with Accept-Encoding). Defaults to `true`. `transport.compress` -: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html) for node-to-node traffic. +: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for node-to-node traffic. `transport.compression_scheme` -: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html) for node-to-node traffic. +: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for node-to-node traffic. `repositories.url.allowed_urls` : Enables explicit allowing of [read-only URL repositories](../../../deploy-manage/tools/snapshot-and-restore/read-only-url-repository.md). @@ -197,16 +197,16 @@ The following search settings are supported: The following disk-based allocation settings are supported: `cluster.routing.allocation.disk.threshold_enabled` -: Enable or disable [disk allocation](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html) decider and defaults to `true`. +: Enable or disable [disk allocation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation) decider and defaults to `true`. `cluster.routing.allocation.disk.watermark.low` -: Configures [disk-based shard allocation’s low watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s low watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). `cluster.routing.allocation.disk.watermark.high` -: Configures [disk-based shard allocation’s high watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s high watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). `cluster.routing.allocation.disk.watermark.flood_stage` -: Configures [disk-based shard allocation’s flood_stage](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s flood_stage](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). ::::{tip} Remember to update user settings for alerts when performing a major version upgrade. diff --git a/raw-migrated-files/cloud/cloud-heroku/ech-autoscaling.md b/raw-migrated-files/cloud/cloud-heroku/ech-autoscaling.md index 82c16e2a60..cb987b9e21 100644 --- a/raw-migrated-files/cloud/cloud-heroku/ech-autoscaling.md +++ b/raw-migrated-files/cloud/cloud-heroku/ech-autoscaling.md @@ -57,7 +57,7 @@ When past behavior on a hot tier indicates that the influx of data can increase * Through ILM policies. For example, if a deployment has only hot nodes and autoscaling is enabled, it automatically creates warm or cold nodes, if an ILM policy is trying to move data from hot to warm or cold nodes. -On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/create-jobs.html). +On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-run-jobs.html#ml-ad-create-job). On a highly available deployment, autoscaling events are always applied to instances in each availability zone simultaneously, to ensure consistency. diff --git a/raw-migrated-files/cloud/cloud-heroku/ech-manage-kibana-settings.md b/raw-migrated-files/cloud/cloud-heroku/ech-manage-kibana-settings.md index d1530f6303..859b22da12 100644 --- a/raw-migrated-files/cloud/cloud-heroku/ech-manage-kibana-settings.md +++ b/raw-migrated-files/cloud/cloud-heroku/ech-manage-kibana-settings.md @@ -224,7 +224,7 @@ If a setting is not supported by Elasticsearch Add-On for Heroku, you will get a If you are using SAML to secure your clusters, these settings are supported in Elasticsearch Add-On for Heroku. -To learn more, refer to [configuring Kibana to use SAML](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-kibana.html). +To learn more, refer to [configuring Kibana to use SAML](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html#saml-configure-kibana). #### Version 8.0.0+ [echversion_8_0_0] @@ -299,7 +299,7 @@ If you are using OpenID Connect to secure your clusters, these settings are supp `xpack.security.authc.oidc.realm` : Specifies which OpenID Connect realm in Elasticsearch should be used. -To learn more, check [configuring Kibana to use OpenID Connect](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-kibana.html). +To learn more, check [configuring Kibana to use OpenID Connect](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html). ### Anonymous authentication [echanonymous_authentication] diff --git a/raw-migrated-files/cloud/cloud-heroku/ech-nodes-unavailable-missing.md b/raw-migrated-files/cloud/cloud-heroku/ech-nodes-unavailable-missing.md index bc5d0ea795..6fa2d23d64 100644 --- a/raw-migrated-files/cloud/cloud-heroku/ech-nodes-unavailable-missing.md +++ b/raw-migrated-files/cloud/cloud-heroku/ech-nodes-unavailable-missing.md @@ -2,7 +2,7 @@ **Health check** -* Use the [Metrics inventory](https://www.elastic.co/guide/en/observability/current/analyze-metrics.html) to identify unavailable or unhealthy nodes. If the number of minimum master nodes is down, {{es}} is not available. +* Use the [Metrics inventory](https://www.elastic.co/guide/en/observability/current/monitor-infrastructure-and-hosts.html) to identify unavailable or unhealthy nodes. If the number of minimum master nodes is down, {{es}} is not available. **Possible causes** diff --git a/raw-migrated-files/cloud/cloud-heroku/ech-secure-clusters-oidc.md b/raw-migrated-files/cloud/cloud-heroku/ech-secure-clusters-oidc.md index 66bead79e8..bf1818f72e 100644 --- a/raw-migrated-files/cloud/cloud-heroku/ech-secure-clusters-oidc.md +++ b/raw-migrated-files/cloud/cloud-heroku/ech-secure-clusters-oidc.md @@ -10,7 +10,7 @@ To prepare for using OpenID Connect for authentication for deployments: * Create or use an existing deployment. Make note of the Kibana endpoint URL, it will be referenced as `` in the following steps. * The steps in this section required a moderate understanding of [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.md#Authentication) in general and the Authorization Code Grant flow specifically. For more information about OpenID Connect and how it works with the Elastic Stack check: - * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html). + * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-elasticsearch-authentication). @@ -98,8 +98,8 @@ The Elasticsearch cluster needs to be configured to use the OpenID Connect realm 7. The URL for the Token Endpoint in the OpenID Connect Provider. This is the endpoint where Elasticsearch Add-On for Heroku will send a request to exchange the code for an ID Token, as part of the Authorization Code flow. The value for this setting should be provided by your OpenID Connect Provider. 8. (Optional) The URL for the UserInfo Endpoint in the OpenID Connect Provider. This is the endpoint of the OP that can be queried to get further user information, if required. The value for this setting should be provided by your OpenID Connect Provider. 9. The path to a file or an HTTPS URL pointing to a JSON Web Key Set with the key material that the OpenID Connect Provider uses for signing tokens and claims responses. Your OpenID Connect Provider should provide you with this file. - 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. See [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for details and available options. - 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. + 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. See [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-elasticsearch-authentication) for details and available options. + 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-elasticsearch-authentication) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. 2. By default, users authenticating through OpenID Connect have no roles assigned to them. For example, if you want all your users authenticating with OpenID Connect to get access to Kibana, issue the following request to Elasticsearch: diff --git a/raw-migrated-files/cloud/cloud/ec-add-user-settings.md b/raw-migrated-files/cloud/cloud/ec-add-user-settings.md index 2a9c70422f..8bd097d5d9 100644 --- a/raw-migrated-files/cloud/cloud/ec-add-user-settings.md +++ b/raw-migrated-files/cloud/cloud/ec-add-user-settings.md @@ -35,7 +35,7 @@ Elasticsearch Service supports the following `elasticsearch.yml` settings. The following general settings are supported: $$$http-cors-settings$$$`http.cors.*` -: Enables cross-origin resource sharing (CORS) settings for the [HTTP module](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html). +: Enables cross-origin resource sharing (CORS) settings for the [HTTP module](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html). ::::{note} If your use case depends on the ability to receive CORS requests and you have a cluster that was provisioned prior to January 25th 2019, you must manually set `http.cors.enabled` to `true` and allow a specific set of hosts with `http.cors.allow-origin`. Applying these changes in your Elasticsearch configuration allows cross-origin resource sharing requests. @@ -43,13 +43,13 @@ $$$http-cors-settings$$$`http.cors.*` `http.compression` -: Support for [HTTP compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html) when possible (with Accept-Encoding). Defaults to `true`. +: Support for [HTTP compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) when possible (with Accept-Encoding). Defaults to `true`. `transport.compress` -: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html) for node-to-node traffic. +: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for node-to-node traffic. `transport.compression_scheme` -: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html) for node-to-node traffic. +: Configures [transport compression](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for node-to-node traffic. `repositories.url.allowed_urls` : Enables explicit allowing of [read-only URL repositories](../../../deploy-manage/tools/snapshot-and-restore/read-only-url-repository.md). @@ -197,16 +197,16 @@ The following search settings are supported: The following disk-based allocation settings are supported: `cluster.routing.allocation.disk.threshold_enabled` -: Enable or disable [disk allocation](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html) decider and defaults to `true`. +: Enable or disable [disk allocation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation) decider and defaults to `true`. `cluster.routing.allocation.disk.watermark.low` -: Configures [disk-based shard allocation’s low watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s low watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). `cluster.routing.allocation.disk.watermark.high` -: Configures [disk-based shard allocation’s high watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s high watermark](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). `cluster.routing.allocation.disk.watermark.flood_stage` -: Configures [disk-based shard allocation’s flood_stage](https://www.elastic.co/guide/en/elasticsearch/reference/current/disk-allocator.html). +: Configures [disk-based shard allocation’s flood_stage](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cluster.html#disk-based-shard-allocation). ::::{tip} Remember to update user settings for alerts when performing a major version upgrade. diff --git a/raw-migrated-files/cloud/cloud/ec-autoscaling.md b/raw-migrated-files/cloud/cloud/ec-autoscaling.md index 35eec5c476..2a805359fc 100644 --- a/raw-migrated-files/cloud/cloud/ec-autoscaling.md +++ b/raw-migrated-files/cloud/cloud/ec-autoscaling.md @@ -57,7 +57,7 @@ When past behavior on a hot tier indicates that the influx of data can increase * Through ILM policies. For example, if a deployment has only hot nodes and autoscaling is enabled, it automatically creates warm or cold nodes, if an ILM policy is trying to move data from hot to warm or cold nodes. -On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/create-jobs.html). +On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](../../../deploy-manage/autoscaling/autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-run-jobs.html#ml-ad-create-job). On a highly available deployment, autoscaling events are always applied to instances in each availability zone simultaneously, to ensure consistency. diff --git a/raw-migrated-files/cloud/cloud/ec-cloud-ingest-data.md b/raw-migrated-files/cloud/cloud/ec-cloud-ingest-data.md index 935272c124..f2a4dd6f04 100644 --- a/raw-migrated-files/cloud/cloud/ec-cloud-ingest-data.md +++ b/raw-migrated-files/cloud/cloud/ec-cloud-ingest-data.md @@ -163,7 +163,7 @@ We have guides and many hands-on tutorials to help get you started with ingestin ### Ingest data for Elastic solutions [ec-ingest-solutions] [Get started with Elastic Observability](https://www.elastic.co/guide/en/observability/current/observability-get-started.html) -: Use Elastic Observability to gain deeper insight into the behavior of your applications and systems. Follow our guides to ingest various data types, such as [logs and metrics](https://www.elastic.co/guide/en/observability/current/logs-metrics-get-started.html), [traces and APM](https://www.elastic.co/guide/en/observability/current/traces-get-started.html), and [data from Splunk](https://www.elastic.co/guide/en/observability/current/splunk-get-started.html). There are also several [tutorials](https://www.elastic.co/guide/en/observability/current/observability-tutorials.html) to choose from. +: Use Elastic Observability to gain deeper insight into the behavior of your applications and systems. Follow our guides to ingest various data types, such as [logs and metrics](https://www.elastic.co/guide/en/observability/current/logs-metrics-get-started.html), [traces and APM](https://www.elastic.co/guide/en/observability/current/apm-getting-started-apm-server.html), and [data from Splunk](https://www.elastic.co/guide/en/observability/current/splunk-get-started.html). There are also several [tutorials](https://www.elastic.co/guide/en/observability/current/observability-tutorials.html) to choose from. [Add data to Elastic Security](https://www.elastic.co/guide/en/security/current/ingest-data.html) : Use Elastic Security to quickly detect, investigate, and respond to threats and vulnerabilities across your environment. You can use {{agent}} to ingest data into the [{{elastic-defend}} integration](https://www.elastic.co/guide/en/security/current/install-endpoint.html), or with many other [{{integrations}}](https://docs.elastic.co/en/integrations) that work together with {{elastic-sec}}. You can also [ingest data from Splunk](https://www.elastic.co/guide/en/observability/current/splunk-get-started.html) or from various third party collectors that ship [ECS compliant security data](https://www.elastic.co/guide/en/security/current/siem-field-reference.html). diff --git a/raw-migrated-files/cloud/cloud/ec-custom-bundles.md b/raw-migrated-files/cloud/cloud/ec-custom-bundles.md index 07f2ae03fc..609f7f863c 100644 --- a/raw-migrated-files/cloud/cloud/ec-custom-bundles.md +++ b/raw-migrated-files/cloud/cloud/ec-custom-bundles.md @@ -239,7 +239,7 @@ https://api.elastic-cloud.com/api/v1/deployments/extensions \ }' ``` -Please refer to the [Extensions API reference](https://www.elastic.co/guide/en/cloud/current/Deployments_-_Extensions.html) for the complete set of HTTP methods and payloads. +Please refer to the [Extensions API reference](https://www.elastic.co/docs/api/doc/cloud/group/endpoint-extensions) for the complete set of HTTP methods and payloads. diff --git a/raw-migrated-files/cloud/cloud/ec-manage-kibana-settings.md b/raw-migrated-files/cloud/cloud/ec-manage-kibana-settings.md index 3b52d8ee2f..4f69d28b9d 100644 --- a/raw-migrated-files/cloud/cloud/ec-manage-kibana-settings.md +++ b/raw-migrated-files/cloud/cloud/ec-manage-kibana-settings.md @@ -224,7 +224,7 @@ If a setting is not supported by Elasticsearch Service, you will get an error me If you are using SAML to secure your clusters, these settings are supported in Elasticsearch Service. -To learn more, refer to [configuring Kibana to use SAML](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-kibana.html). +To learn more, refer to [configuring Kibana to use SAML](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html#saml-configure-kibana). #### Version 8.0.0+ [ec_version_8_0_0] @@ -299,7 +299,7 @@ If you are using OpenID Connect to secure your clusters, these settings are supp `xpack.security.authc.oidc.realm` : Specifies which OpenID Connect realm in Elasticsearch should be used. -To learn more, check [configuring Kibana to use OpenID Connect](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-kibana.html). +To learn more, check [configuring Kibana to use OpenID Connect](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html). ### Anonymous authentication [ec_anonymous_authentication] diff --git a/raw-migrated-files/cloud/cloud/ec-scenario_why_is_my_node_unavailable.md b/raw-migrated-files/cloud/cloud/ec-scenario_why_is_my_node_unavailable.md index 15b0a77572..8bba3ccba5 100644 --- a/raw-migrated-files/cloud/cloud/ec-scenario_why_is_my_node_unavailable.md +++ b/raw-migrated-files/cloud/cloud/ec-scenario_why_is_my_node_unavailable.md @@ -282,7 +282,7 @@ Stack Monitoring comes with out-of-the-box rules, but you need to enable them wh **Health check** -* Use the [Metrics inventory](https://www.elastic.co/guide/en/observability/current/analyze-metrics.html) to identify unavailable or unhealthy nodes. If the number of minimum master nodes is down, {{es}} is not available. +* Use the [Metrics inventory](https://www.elastic.co/guide/en/observability/current/monitor-infrastructure-and-hosts.html) to identify unavailable or unhealthy nodes. If the number of minimum master nodes is down, {{es}} is not available. **Possible causes** diff --git a/raw-migrated-files/cloud/cloud/ec-secure-clusters-oidc.md b/raw-migrated-files/cloud/cloud/ec-secure-clusters-oidc.md index ee71788666..4b3ec0a1a9 100644 --- a/raw-migrated-files/cloud/cloud/ec-secure-clusters-oidc.md +++ b/raw-migrated-files/cloud/cloud/ec-secure-clusters-oidc.md @@ -12,7 +12,7 @@ To prepare for using OpenID Connect for authentication for deployments: * Create or use an existing deployment. Make note of the Kibana endpoint URL, it will be referenced as `` in the following steps. * The steps in this section required a moderate understanding of [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.md#Authentication) in general and the Authorization Code Grant flow specifically. For more information about OpenID Connect and how it works with the Elastic Stack check: - * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html). + * Our [configuration guide for Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-elasticsearch-authentication). @@ -100,8 +100,8 @@ The Elasticsearch cluster needs to be configured to use the OpenID Connect realm 7. The URL for the Token Endpoint in the OpenID Connect Provider. This is the endpoint where Elasticsearch Service will send a request to exchange the code for an ID Token, as part of the Authorization Code flow. The value for this setting should be provided by your OpenID Connect Provider. 8. (Optional) The URL for the UserInfo Endpoint in the OpenID Connect Provider. This is the endpoint of the OP that can be queried to get further user information, if required. The value for this setting should be provided by your OpenID Connect Provider. 9. The path to a file or an HTTPS URL pointing to a JSON Web Key Set with the key material that the OpenID Connect Provider uses for signing tokens and claims responses. Your OpenID Connect Provider should provide you with this file. - 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. See [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for details and available options. - 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide-authentication.html#oidc-claims-mapping) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. + 10. Defines the OpenID Connect claim that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, we map the value of the `sub` claim, but this is not a requirement, other claims can be used too. See [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-claims-mapping) for details and available options. + 11. Defines the OpenID Connect claim that is going to be used for role mapping. Note that the value `"http://example.info/claims/groups"` that is used here, is an arbitrary example. Check [the claims mapping documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-claims-mapping) for a very detailed description of how the claim mapping works and how can these be used for role mapping. The name of this claim should be determined by the configuration of your OpenID Connect Provider. NOTE: According to the OpenID Connect specification, the OP should also make their configuration available at a well known URL, which is the concatenation of their `Issuer` value with the `.well-known/openid-configuration` string. To configure the OpenID Connect realm, refer to the `https://op.org.com/.well-known/openid-configuration` documentation. 2. By default, users authenticating through OpenID Connect have no roles assigned to them. For example, if you want all your users authenticating with OpenID Connect to get access to Kibana, issue the following request to Elasticsearch: diff --git a/raw-migrated-files/cloud/cloud/ec-securing-clusters-oidc-op.md b/raw-migrated-files/cloud/cloud/ec-securing-clusters-oidc-op.md index 0cade34e98..9aa62bfe3a 100644 --- a/raw-migrated-files/cloud/cloud/ec-securing-clusters-oidc-op.md +++ b/raw-migrated-files/cloud/cloud/ec-securing-clusters-oidc-op.md @@ -103,7 +103,7 @@ Follow these steps to configure OpenID Connect single sign-on on Elasticsearch S The following role mapping for OIDC restricts access to a specific user `(firstname.lastname)` based on the `claim_patterns.principal` email address. This prevents other users on the same domain from having access to your deployment. You can remove the rule or adjust it at your convenience. - More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-role-mapping.html). + More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-role-mappings). ```json POST /_security/role_mapping/oidc_kibana @@ -229,7 +229,7 @@ Follow these steps to configure OpenID Connect single sign-on on Elasticsearch S The following role mapping for OIDC restricts access to a specific user `(firstname.lastname)` based on the `claim_patterns.principal` email address. This prevents other users on the same domain from having access to your deployment. You can remove the rule or adjust it at your convenience. - More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-role-mapping.html). + More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-role-mappings). ```json POST /_security/role_mapping/oidc_kibana @@ -355,7 +355,7 @@ Follow these steps to configure OpenID Connect single sign-on on Elasticsearch S The following role mapping for OIDC restricts access to a specific user `(firstname.lastname)` based on the `claim_patterns.principal` email address. This prevents other users on the same domain from having access to your deployment. You can remove the rule or adjust it at your convenience. - More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-role-mapping.html). + More details are available in our [Configuring role mappings documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html#oidc-role-mappings). ```json POST /_security/role_mapping/oidc_kibana diff --git a/raw-migrated-files/cloud/cloud/ec-select-subscription-level.md b/raw-migrated-files/cloud/cloud/ec-select-subscription-level.md index a92ef7d183..08063fc4f0 100644 --- a/raw-migrated-files/cloud/cloud/ec-select-subscription-level.md +++ b/raw-migrated-files/cloud/cloud/ec-select-subscription-level.md @@ -35,7 +35,7 @@ This overview shows you: You can [change your subscription level](../../../deploy-manage/cloud-organization/billing/manage-subscription.md) to the recommended level, or stop using the features that belong to a higher level. In the following list, you can find the features we are tracking and the relevant instructions to remove them from your deployments: `Machine learning` -: Edit your deployment to disable [machine learning](https://www.elastic.co/guide/en/machine-learning/current/ml-overview.html). +: Edit your deployment to disable [machine learning](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-overview.html). `Searchable snapshots` : Edit your deployment index management policies to disable the frozen tier that is using [searchable snapshots](../../../deploy-manage/tools/snapshot-and-restore/searchable-snapshots.md), or set up your cold tier to not mount indices from a searchable snapshot. diff --git a/raw-migrated-files/cloud/cloud/ec-working-with-elasticsearch.md b/raw-migrated-files/cloud/cloud/ec-working-with-elasticsearch.md index 77f203d74e..f21e0d276b 100644 --- a/raw-migrated-files/cloud/cloud/ec-working-with-elasticsearch.md +++ b/raw-migrated-files/cloud/cloud/ec-working-with-elasticsearch.md @@ -97,7 +97,7 @@ Either a `GET` or a `POST` request with some URI search parameters works, or omi curl -u USER:PASSWORD https://ELASTICSEARCH_URL/my_index/_doc/_search?q=title:T* ``` -For an explanation of the allowed parameters, check [URI Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html). +For an explanation of the allowed parameters, check [URI Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html). To make {{es}} return a more human readable JSON response, add `?pretty=true` to the request: diff --git a/raw-migrated-files/docs-content/serverless/observability-correlate-application-logs.md b/raw-migrated-files/docs-content/serverless/observability-correlate-application-logs.md index 2c0359b326..3aed5dc66e 100644 --- a/raw-migrated-files/docs-content/serverless/observability-correlate-application-logs.md +++ b/raw-migrated-files/docs-content/serverless/observability-correlate-application-logs.md @@ -88,7 +88,7 @@ Learn more about log correlation in the agent-specific ingestion guides: * [Go](https://www.elastic.co/guide/en/apm/agent/go/current/logs.html) * [Java](https://www.elastic.co/guide/en/apm/agent/java/current/logs.html#log-correlation-ids) -* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/log-correlation.html) +* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/logs.html) * [Node.js](https://www.elastic.co/guide/en/apm/agent/nodejs/current/log-correlation.html) * [Python](https://www.elastic.co/guide/en/apm/agent/python/current/logs.html#log-correlation-ids) * [Ruby](https://www.elastic.co/guide/en/apm/agent/ruby/current/log-correlation.html) diff --git a/raw-migrated-files/docs-content/serverless/observability-detect-metric-anomalies.md b/raw-migrated-files/docs-content/serverless/observability-detect-metric-anomalies.md index 049e6dfc9a..42a1e70c67 100644 --- a/raw-migrated-files/docs-content/serverless/observability-detect-metric-anomalies.md +++ b/raw-migrated-files/docs-content/serverless/observability-detect-metric-anomalies.md @@ -39,7 +39,7 @@ Along with each anomaly job and the node name, detected anomalies with a severit To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the Anomaly Explorer. You can also select **Actions** → **Show in Inventory** to view the host or Kubernetes pods Inventory page, filtered by the specific metric. ::::{note} -These predefined {{anomaly-jobs}} use [custom rules](https://www.elastic.co/guide/en/machine-learning/current/ml-rules.html). To update the rules in the Anomaly Explorer, select **Actions** → **Configure rules**. The changes only take effect for new results. If you want to apply the changes to existing results, clone and rerun the job. +These predefined {{anomaly-jobs}} use [custom rules](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-run-jobs.html#ml-ad-rules). To update the rules in the Anomaly Explorer, select **Actions** → **Configure rules**. The changes only take effect for new results. If you want to apply the changes to existing results, clone and rerun the job. :::: diff --git a/raw-migrated-files/docs-content/serverless/observability-plaintext-application-logs.md b/raw-migrated-files/docs-content/serverless/observability-plaintext-application-logs.md index 218db5db6e..96df87d66a 100644 --- a/raw-migrated-files/docs-content/serverless/observability-plaintext-application-logs.md +++ b/raw-migrated-files/docs-content/serverless/observability-plaintext-application-logs.md @@ -387,7 +387,7 @@ Learn about correlating plaintext logs in the agent-specific ingestion guides: * [Go](https://www.elastic.co/guide/en/apm/agent/go/current/logs.html) * [Java](https://www.elastic.co/guide/en/apm/agent/java/current/logs.html#log-correlation-ids) -* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/log-correlation.html) +* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/logs.html) * [Node.js](https://www.elastic.co/guide/en/apm/agent/nodejs/current/log-correlation.html) * [Python](https://www.elastic.co/guide/en/apm/agent/python/current/logs.html#log-correlation-ids) * [Ruby](https://www.elastic.co/guide/en/apm/agent/ruby/current/log-correlation.html) diff --git a/raw-migrated-files/docs-content/serverless/security-about-rules.md b/raw-migrated-files/docs-content/serverless/security-about-rules.md index 72176598d7..be6fa47141 100644 --- a/raw-migrated-files/docs-content/serverless/security-about-rules.md +++ b/raw-migrated-files/docs-content/serverless/security-about-rules.md @@ -25,7 +25,7 @@ You can create the following types of rules: For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule’s search results. * [**Event correlation**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-eql-rule): Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](../../../explore-analyze/query-filter/languages/eql.md) query. -* [**Indicator match**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-indicator-rule): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/{{ecs_version}}). For information on creating {{es}} indices and field types, see [Index some documents](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index.html), [Create index API](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html), and [Field data types](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](../../../explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators. +* [**Indicator match**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-indicator-rule): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/{{ecs_version}}). For information on creating {{es}} indices and field types, see [Index some documents](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/getting-started-general-purpose.html#gp-gs-add-data), [Create index API](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html), and [Field data types](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](../../../explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators. ::::{tip} You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](../../../solutions/security/detect-and-alert/create-detection-rule.md#indicator-value-lists) at the end of this topic for more information. diff --git a/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md b/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md index a24c77cda7..0071d4bd93 100644 --- a/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md +++ b/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md @@ -7,7 +7,7 @@ Use the detection engine to create and manage rules and view the alerts these ru :class: screenshot ::: -In addition to creating [your own rules](../../../solutions/security/detect-and-alert/create-detection-rule.md), enable [Elastic prebuilt rules](../../../solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) to immediately start detecting suspicious activity. For detailed information on all the prebuilt rules, see the [Prebuilt rules reference](https://www.elastic.co/guide/en/serverless/current/security-prebuilt-rules.html). Once the prebuilt rules are loaded and running, [Tune detection rules](../../../solutions/security/detect-and-alert/tune-detection-rules.md) and [Add and manage exceptions](../../../solutions/security/detect-and-alert/add-manage-exceptions.md) explain how to modify the rules to reduce false positives and get a better set of actionable alerts. You can also use exceptions and value lists when creating or modifying your own rules. +In addition to creating [your own rules](../../../solutions/security/detect-and-alert/create-detection-rule.md), enable [Elastic prebuilt rules](../../../solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) to immediately start detecting suspicious activity. For detailed information on all the prebuilt rules, see the [Prebuilt rules reference](https://www.elastic.co/guide/en/security/current/prebuilt-rules.html). Once the prebuilt rules are loaded and running, [Tune detection rules](../../../solutions/security/detect-and-alert/tune-detection-rules.md) and [Add and manage exceptions](../../../solutions/security/detect-and-alert/add-manage-exceptions.md) explain how to modify the rules to reduce false positives and get a better set of actionable alerts. You can also use exceptions and value lists when creating or modifying your own rules. There are several special prebuilt rules you need to know about: diff --git a/raw-migrated-files/docs-content/serverless/security-install-edr.md b/raw-migrated-files/docs-content/serverless/security-install-edr.md index 49ec0a6a37..1660ca988e 100644 --- a/raw-migrated-files/docs-content/serverless/security-install-edr.md +++ b/raw-migrated-files/docs-content/serverless/security-install-edr.md @@ -71,7 +71,7 @@ If you’re using macOS, some versions may require you to grant Full Disk Access To enable the {{elastic-defend}} integration, you must enroll agents in the relevant policy using {{fleet}}. ::::{important} -Before you add an {{agent}}, a {{fleet-server}} must be running. Refer to [Add a {{fleet-server}}](https://www.elastic.co/guide/en/fleet/current/add-a-fleet-server.html). +Before you add an {{agent}}, a {{fleet-server}} must be running. Refer to [Add a {{fleet-server}}](https://www.elastic.co/guide/en/fleet/current/fleet-deployment-models.html). {{elastic-defend}} cannot be integrated with an {{agent}} in standalone mode. diff --git a/raw-migrated-files/docs-content/serverless/security-machine-learning.md b/raw-migrated-files/docs-content/serverless/security-machine-learning.md index 0830986ab1..e7afdf8e28 100644 --- a/raw-migrated-files/docs-content/serverless/security-machine-learning.md +++ b/raw-migrated-files/docs-content/serverless/security-machine-learning.md @@ -49,7 +49,7 @@ Or * You install one or more of the [Advanced Analytics integrations](../../../solutions/security/advanced-entity-analytics/behavioral-detection-use-cases.md#security-behavioral-detection-use-cases-elastic-integrations-for-behavioral-detection-use-cases). -[Prebuilt job reference](https://www.elastic.co/guide/en/serverless/current/security-prebuilt-ml-jobs.html) describes all available {{ml}} jobs and lists which ECS fields are required on your hosts when you are not using {{beats}} or the {{agent}} to ship your data. For information on tuning anomaly results to reduce the number of false positives, see [Optimizing anomaly results](../../../solutions/security/advanced-entity-analytics/optimizing-anomaly-results.md). +[Prebuilt job reference](https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html) describes all available {{ml}} jobs and lists which ECS fields are required on your hosts when you are not using {{beats}} or the {{agent}} to ship your data. For information on tuning anomaly results to reduce the number of false positives, see [Optimizing anomaly results](../../../solutions/security/advanced-entity-analytics/optimizing-anomaly-results.md). ::::{note} Machine learning jobs look back and analyze two weeks of historical data prior to the time they are enabled. After jobs are enabled, they continuously analyze incoming data. When jobs are stopped and restarted within the two-week time frame, previously analyzed data is not processed again. diff --git a/raw-migrated-files/docs-content/serverless/security-network-page-overview.md b/raw-migrated-files/docs-content/serverless/security-network-page-overview.md index 5922fa5c8b..72c62ac650 100644 --- a/raw-migrated-files/docs-content/serverless/security-network-page-overview.md +++ b/raw-migrated-files/docs-content/serverless/security-network-page-overview.md @@ -52,7 +52,7 @@ The Events table includes inline actions and several customization options. To l * **Flows**: Source and destination IP addresses and countries. * **DNS**: DNS network queries. -* **HTTP**: Received HTTP requests (HTTP requests for applications using [Elastic APM](https://www.elastic.co/guide/en/kibana/current/apm-getting-started.html) are monitored by default). +* **HTTP**: Received HTTP requests (HTTP requests for applications using [Elastic APM](https://www.elastic.co/guide/en/observability/current/apm.html) are monitored by default). * **TLS**: Handshake details. * **Anomalies**: Anomalies discovered by [machine learning jobs](../../../solutions/security/advanced-entity-analytics/anomaly-detection.md). diff --git a/raw-migrated-files/docs-content/serverless/security-prebuilt-rules-management.md b/raw-migrated-files/docs-content/serverless/security-prebuilt-rules-management.md index fcf25d63d2..ed88d40a1d 100644 --- a/raw-migrated-files/docs-content/serverless/security-prebuilt-rules-management.md +++ b/raw-migrated-files/docs-content/serverless/security-prebuilt-rules-management.md @@ -5,7 +5,7 @@ navigation_title: "Use Elastic prebuilt rules" # Install and manage Elastic prebuilt rules [security-prebuilt-rules-management] -Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](https://www.elastic.co/guide/en/serverless/current/security-prebuilt-rules.html), keep them updated, and make sure they have the data needed to run successfully. +Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](https://www.elastic.co/guide/en/security/current/prebuilt-rules.html), keep them updated, and make sure they have the data needed to run successfully. * [Install and enable Elastic prebuilt rules](../../../solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) * [Prebuilt rule tags](../../../solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#prebuilt-rule-tags) diff --git a/raw-migrated-files/elasticsearch/elasticsearch-reference/index-mgmt.md b/raw-migrated-files/elasticsearch/elasticsearch-reference/index-mgmt.md index 3d51e26084..78c06fccf2 100644 --- a/raw-migrated-files/elasticsearch/elasticsearch-reference/index-mgmt.md +++ b/raw-migrated-files/elasticsearch/elasticsearch-reference/index-mgmt.md @@ -26,7 +26,7 @@ Investigate your indices and perform operations from the **Indices** view. ::: * To show details and perform operations such as close, forcemerge, and flush, click the index name. To perform operations on multiple indices, select their checkboxes and then open the **Manage** menu. For more information on managing indices, refer to [Index APIs](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices.html). -* To filter the list of indices, use the search bar or click a badge. Badges indicate if an index is a [follower index](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-put-follow.html), a [rollup index](https://www.elastic.co/guide/en/elasticsearch/reference/current/rollup-get-rollup-index-caps.html), or [frozen](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices.html). +* To filter the list of indices, use the search bar or click a badge. Badges indicate if an index is a [follower index](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-put-follow.html), a [rollup index](https://www.elastic.co/guide/en/elasticsearch/reference/current/rollup-get-rollup-index-caps.html), or [frozen](https://www.elastic.co/guide/en/elasticsearch/reference/current/unfreeze-index-api.html). * To drill down into the index [mappings](../../../manage-data/data-store/mapping.md), [settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html#index-modules-settings), and statistics, click an index name. From this view, you can navigate to **Discover** to further explore the documents in the index. :::{image} ../../../images/elasticsearch-reference-management_index_details.png diff --git a/raw-migrated-files/elasticsearch/elasticsearch-reference/mapping.md b/raw-migrated-files/elasticsearch/elasticsearch-reference/mapping.md index 9281a37a91..9841fbe1c5 100644 --- a/raw-migrated-files/elasticsearch/elasticsearch-reference/mapping.md +++ b/raw-migrated-files/elasticsearch/elasticsearch-reference/mapping.md @@ -45,7 +45,7 @@ It’s often useful to index the same field in different ways for different purp :::: -Use [runtime fields](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-fields.html) to make schema changes without reindexing. You can use runtime fields in conjunction with indexed fields to balance resource usage and performance. Your index will be smaller, but with slower search performance. +Use [runtime fields](https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime-mapping-fields.html) to make schema changes without reindexing. You can use runtime fields in conjunction with indexed fields to balance resource usage and performance. Your index will be smaller, but with slower search performance. ## Managing and updating mappings [mapping-manage-update] diff --git a/raw-migrated-files/elasticsearch/elasticsearch-reference/secure-monitoring.md b/raw-migrated-files/elasticsearch/elasticsearch-reference/secure-monitoring.md index 34c9388268..f86a923624 100644 --- a/raw-migrated-files/elasticsearch/elasticsearch-reference/secure-monitoring.md +++ b/raw-migrated-files/elasticsearch/elasticsearch-reference/secure-monitoring.md @@ -7,6 +7,6 @@ To use the {{monitor-features}} with the {{security-features}} enabled, you need For more information, see: * [*Monitoring in a production environment*](../../../deploy-manage/monitor/stack-monitoring/elasticsearch-monitoring-self-managed.md) -* [Configuring monitoring in {{kib}}](https://www.elastic.co/guide/en/kibana/current/monitoring-xpack-kibana.html) +* [Configuring monitoring in {{kib}}](https://www.elastic.co/guide/en/kibana/current/monitoring-kibana.html) * [Configuring monitoring for Logstash nodes](https://www.elastic.co/guide/en/logstash/current/configuring-logstash.html) diff --git a/raw-migrated-files/ingest-docs/fleet/fleet-elastic-agent-quick-start.md b/raw-migrated-files/ingest-docs/fleet/fleet-elastic-agent-quick-start.md index 8fd43209b5..4204d2ce9f 100644 --- a/raw-migrated-files/ingest-docs/fleet/fleet-elastic-agent-quick-start.md +++ b/raw-migrated-files/ingest-docs/fleet/fleet-elastic-agent-quick-start.md @@ -3,5 +3,5 @@ Want to get up and running with {{fleet}} and {{agent}} quickly? Read our getting started guides: * [Get started with logs and metrics](../../../solutions/observability/infra-and-hosts/get-started-with-system-metrics.md) -* [Get started with application traces and APM](https://www.elastic.co/guide/en/observability/current/ingest-traces.html) +* [Get started with application traces and APM](https://www.elastic.co/guide/en/observability/current/apm-getting-started-apm-server.html) diff --git a/raw-migrated-files/kibana/kibana/action-types.md b/raw-migrated-files/kibana/kibana/action-types.md index 8caf54d4e6..48ed574139 100644 --- a/raw-migrated-files/kibana/kibana/action-types.md +++ b/raw-migrated-files/kibana/kibana/action-types.md @@ -27,7 +27,7 @@ Connectors provide a central place to store connection information for services * [Tines](https://www.elastic.co/guide/en/kibana/current/tines-action-type.html): Send events to a Tines Story. * [Torq](https://www.elastic.co/guide/en/kibana/current/torq-action-type.html): Trigger a Torq workflow. * [{{webhook}}](https://www.elastic.co/guide/en/kibana/current/webhook-action-type.html): Send a request to a web service. -* [{{webhook-cm}}](https://www.elastic.co/guide/en/kibana/current/webhook-action-type.html): Send a request to a Case Management web service. +* [{{webhook-cm}}](https://www.elastic.co/guide/en/kibana/current/cases-webhook-action-type.html): Send a request to a Case Management web service. * [xMatters](https://www.elastic.co/guide/en/kibana/current/xmatters-action-type.html): Send actionable alerts to on-call xMatters resources. ::::{note} diff --git a/raw-migrated-files/kibana/kibana/data-rollups.md b/raw-migrated-files/kibana/kibana/data-rollups.md index 8d42c5ab5f..f6d1a868bd 100644 --- a/raw-migrated-files/kibana/kibana/data-rollups.md +++ b/raw-migrated-files/kibana/kibana/data-rollups.md @@ -47,12 +47,12 @@ Once you’ve saved a rollup job, you’ll see it the **Rollup Jobs** overview p :class: screenshot ::: -You can’t change a rollup job after you’ve created it. To select additional fields or redefine terms, you must delete the existing job, and then create a new one with the updated specifications. Be sure to use a different name for the new rollup job—reusing the same name can lead to problems with mismatched job configurations. Refer to [rollup job configuration](https://www.elastic.co/guide/en/elasticsearch/reference/current/rollup-job-config.html). +You can’t change a rollup job after you’ve created it. To select additional fields or redefine terms, you must delete the existing job, and then create a new one with the updated specifications. Be sure to use a different name for the new rollup job—reusing the same name can lead to problems with mismatched job configurations. Refer to [rollup job configuration](https://www.elastic.co/guide/en/elasticsearch/reference/current/rollup-put-job.html#rollup-put-job-api-request-body). ## Try it: Create and visualize rolled up data [rollup-data-tutorial] -This example creates a rollup job to capture log data from sample web logs. Before you start, [add the web logs sample data set](https://www.elastic.co/guide/en/kibana/current/add-sample-data.html). +This example creates a rollup job to capture log data from sample web logs. Before you start, [add the web logs sample data set](https://www.elastic.co/guide/en/kibana/current/get-started.html). In this example, you want data that is older than 7 days in the `kibana_sample_data_logs` index to roll up into the `rollup_logstash` index. You’ll bucket the rolled up data on an hourly basis, using `60m` for the time bucket configuration. diff --git a/raw-migrated-files/kibana/kibana/install.md b/raw-migrated-files/kibana/kibana/install.md index 1145669f52..4649860667 100644 --- a/raw-migrated-files/kibana/kibana/install.md +++ b/raw-migrated-files/kibana/kibana/install.md @@ -47,7 +47,7 @@ Kibana is provided in the following package formats: ::::{important} -If your Elasticsearch installation is protected by [{{stack-security-features}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-security.html) see [Configuring security in {{kib}}](../../../deploy-manage/security.md) for additional setup instructions. +If your Elasticsearch installation is protected by [{{stack-security-features}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html) see [Configuring security in {{kib}}](../../../deploy-manage/security.md) for additional setup instructions. :::: diff --git a/raw-migrated-files/kibana/kibana/kibana-authentication.md b/raw-migrated-files/kibana/kibana/kibana-authentication.md index 584e0db1e6..880fce660f 100644 --- a/raw-migrated-files/kibana/kibana/kibana-authentication.md +++ b/raw-migrated-files/kibana/kibana/kibana-authentication.md @@ -118,9 +118,9 @@ PKI authentication will not work if {{kib}} is hosted behind a TLS termination r PKI authentication is a [subscription feature](https://www.elastic.co/subscriptions). This allows users to log into {{kib}} using X.509 client certificates that must be presented while connecting to {{kib}}. The certificates must first be accepted for authentication on the {{kib}} TLS layer, and then they are further validated by an {{es}} PKI realm. The PKI authentication provider relies on the {{es}} [Delegate PKI authentication API](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delegate-pki-authentication.html) to exchange X.509 client certificates to access tokens. All subsequent requests to {{es}} APIs on behalf of users will be authenticated using these access tokens. -Prior to configuring {{kib}}, ensure that the PKI realm is enabled in {{es}} and configured to permit delegation. See [Configuring a PKI realm](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-pki-realm.html) for more information. +Prior to configuring {{kib}}, ensure that the PKI realm is enabled in {{es}} and configured to permit delegation. See [Configuring a PKI realm](https://www.elastic.co/guide/en/elasticsearch/reference/current/pki-realm.html) for more information. -To enable the PKI authentication provider in {{kib}}, you must first [configure {{kib}} to encrypt communications between the browser and {{kib}} server](https://www.elastic.co/guide/en/kibana/current/configuring-tls.html). You must also enable TLS client authentication and include the certificate authority (CA) used to sign client certificates into a list of CAs trusted by {{kib}} in your `kibana.yml`: +To enable the PKI authentication provider in {{kib}}, you must first [configure {{kib}} to encrypt communications between the browser and {{kib}} server](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-kibana-http). You must also enable TLS client authentication and include the certificate authority (CA) used to sign client certificates into a list of CAs trusted by {{kib}} in your `kibana.yml`: ::::{note} You can configure only one PKI provider per {{kib}} instance. @@ -156,7 +156,7 @@ Note that with `server.ssl.clientAuthentication` set to `required`, users are as ## SAML single sign-on [saml] -SAML authentication is part of single sign-on (SSO), a [subscription feature](https://www.elastic.co/subscriptions). This allows users to log in to {{kib}} with an external Identity Provider, such as Okta or Auth0. Make sure that SAML is enabled and configured in {{es}} before setting it up in {{kib}}. See [Configuring SAML single sign-on on the Elastic Stack](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-guide.html). +SAML authentication is part of single sign-on (SSO), a [subscription feature](https://www.elastic.co/subscriptions). This allows users to log in to {{kib}} with an external Identity Provider, such as Okta or Auth0. Make sure that SAML is enabled and configured in {{es}} before setting it up in {{kib}}. See [Configuring SAML single sign-on on the Elastic Stack](https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html). Enable SAML authentication by specifying which SAML realm in {{es}} should be used: diff --git a/raw-migrated-files/kibana/kibana/management.md b/raw-migrated-files/kibana/kibana/management.md index 798a3683a7..b2b82600f4 100644 --- a/raw-migrated-files/kibana/kibana/management.md +++ b/raw-migrated-files/kibana/kibana/management.md @@ -5,7 +5,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Consult your administrator if you do not have the appropriate access. -## Ingest [manage-ingest] +## Ingest [manage-ingest] | | | | --- | --- | @@ -13,7 +13,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | [Logstash Pipelines](https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html) | Create, edit, and delete your Logstash pipeline configurations. | -## Data [manage-data] +## Data [manage-data] | | | | --- | --- | @@ -22,11 +22,11 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | [Snapshot and Restore](../../../deploy-manage/tools/snapshot-and-restore.md) | Define a policy that creates, schedules, and automatically deletes snapshots to ensure that youhave backups of your cluster in case something goes wrong. | | [Rollup Jobs](../../../manage-data/lifecycle/rollup.md) | [8.11.0] Create a job that periodically aggregates data from one or more indices, and thenrolls it into a new, compact index. Rollup indices are a good way to store months oryears of historical data in combination with your raw data. | | [Transforms](../../../explore-analyze/transforms.md) | Use transforms to pivot existing {{es}} indices into summarized or entity-centric indices. | -| [Cross-Cluster Replication](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-getting-started.html) | Replicate indices on a remote cluster and copy them to a follower index on a local cluster.This is important fordisaster recovery. It also keeps data local for faster queries. | -| [Remote Clusters](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-getting-started.html#ccr-getting-started-remote-cluster) | Manage your remote clusters for use with cross-cluster search and cross-cluster replication.You can add and remove remote clusters, and check their connectivity. | +| [Cross-Cluster Replication](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-getting-started-tutorial.html) | Replicate indices on a remote cluster and copy them to a follower index on a local cluster.This is important fordisaster recovery. It also keeps data local for faster queries. | +| [Remote Clusters](https://www.elastic.co/guide/en/elasticsearch/reference/current/ccr-getting-started-tutorial.html#ccr-getting-started-remote-cluster) | Manage your remote clusters for use with cross-cluster search and cross-cluster replication.You can add and remove remote clusters, and check their connectivity. | -## Alerts and Insights [manage-alerts-insights] +## Alerts and Insights [manage-alerts-insights] | | | | --- | --- | @@ -39,7 +39,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | [Maintenance windows](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md) | Suppress rule notifications for scheduled periods of time. | -## Security [manage-security] +## Security [manage-security] | | | | --- | --- | @@ -49,7 +49,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | [Role Mappings](../../../deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md) | Assign roles to your users using a set of rules. Role mappings are requiredwhen authenticating via an external identity provider, such as Active Directory,Kerberos, PKI, OIDC, and SAML. | -## {{kib}} [manage-kibana] +## {{kib}} [manage-kibana] | | | | --- | --- | @@ -61,7 +61,7 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons | [Advanced Settings](https://www.elastic.co/guide/en/kibana/current/advanced-options.html) | Customize {{kib}} to suit your needs. Change the format for displaying dates, turn on dark mode,set the timespan for notification messages, and much more. | -## Stack [manage-stack] +## Stack [manage-stack] | | | | --- | --- | diff --git a/raw-migrated-files/kibana/kibana/secure-reporting.md b/raw-migrated-files/kibana/kibana/secure-reporting.md index 8a166ebf2d..a34558f5fe 100644 --- a/raw-migrated-files/kibana/kibana/secure-reporting.md +++ b/raw-migrated-files/kibana/kibana/secure-reporting.md @@ -180,8 +180,8 @@ reporting_user: To automatically generate reports with {{watcher}}, you must configure {{watcher}} to trust the {{kib}} server certificate. -1. Enable {{stack-security-features}} on your {{es}} cluster. For more information, see [Getting started with security](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-getting-started.html). -2. Configure TLS/SSL encryption for the {{kib}} server. For more information, see [*Encrypt TLS communications in {{kib}}*](https://www.elastic.co/guide/en/kibana/current/configuring-tls.html). +1. Enable {{stack-security-features}} on your {{es}} cluster. For more information, see [Getting started with security](https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html). +2. Configure TLS/SSL encryption for the {{kib}} server. For more information, see [*Encrypt TLS communications in {{kib}}*](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-kibana-http). 3. Specify the {{kib}} server CA certificate chain in `elasticsearch.yml`: If you are using your own CA to sign the {{kib}} server certificate, then you need to specify the CA certificate chain in {{es}} to properly establish trust in TLS connections between {{watcher}} and {{kib}}. If your CA certificate chain is contained in a PKCS #12 trust store, specify it like so: diff --git a/raw-migrated-files/kibana/kibana/watcher-ui.md b/raw-migrated-files/kibana/kibana/watcher-ui.md index fc5eb306bf..1e1bd8edb3 100644 --- a/raw-migrated-files/kibana/kibana/watcher-ui.md +++ b/raw-migrated-files/kibana/kibana/watcher-ui.md @@ -167,5 +167,5 @@ After starting the simulation, you’ll see a results screen. For more informati Refer to these examples for creating an advanced watch: * [Watch the status of an {{es}} cluster](../../../explore-analyze/alerts-cases/watcher/watch-cluster-status.md) -* [Watch event data](https://www.elastic.co/guide/en/elasticsearch/reference/current/watching-meetup-data.html) +* [Watch event data](https://www.elastic.co/guide/en/elasticsearch/reference/current/example-watches.html) diff --git a/raw-migrated-files/observability-docs/observability/analyze-hosts.md b/raw-migrated-files/observability-docs/observability/analyze-hosts.md index 120d519434..f76e4615c6 100644 --- a/raw-migrated-files/observability-docs/observability/analyze-hosts.md +++ b/raw-migrated-files/observability-docs/observability/analyze-hosts.md @@ -264,7 +264,7 @@ The **Anomalies** tab displays a list of each single metric {{anomaly-detect}} j Along with the name of each anomaly job, detected anomalies with a severity score equal to 50, or higher, are listed. These scores represent a severity of "warning" or higher in the selected time period. The **summary** value represents the increase between the actual value and the expected ("typical") value of the host metric in the anomaly record result. -To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-gs-results.html). You can also select **Actions → Show in Inventory** to view the host Inventory page, filtered by the specific metric. +To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-getting-started.html#sample-data-results). You can also select **Actions → Show in Inventory** to view the host Inventory page, filtered by the specific metric. :::{image} ../../../images/observability-anomalies-overlay.png :alt: Anomalies diff --git a/raw-migrated-files/observability-docs/observability/apm-reduce-apm-storage.md b/raw-migrated-files/observability-docs/observability/apm-reduce-apm-storage.md index 66e3de09e3..3ed1eafece 100644 --- a/raw-migrated-files/observability-docs/observability/apm-reduce-apm-storage.md +++ b/raw-migrated-files/observability-docs/observability/apm-reduce-apm-storage.md @@ -16,7 +16,7 @@ See [Transaction sampling](../../../solutions/observability/apps/transaction-sam In some cases, APM agents may collect large amounts of very similar or identical spans in a transaction. These repeated, similar spans often don’t provide added benefit, especially if they are of very short duration. Span compression takes these similar spans and compresses them into a single span-- retaining important information but reducing processing and storage overhead. -See [Span compression](https://www.elastic.co/guide/en/observability/current/apm-span-compression.html) to learn more. +See [Span compression](https://www.elastic.co/guide/en/observability/current/apm-data-model-spans.html#apm-spans-span-compression) to learn more. ## Reduce collected stack trace information [apm-reduce-stacktrace] diff --git a/raw-migrated-files/observability-docs/observability/application-logs.md b/raw-migrated-files/observability-docs/observability/application-logs.md index 81df8cc230..054dffb3e4 100644 --- a/raw-migrated-files/observability-docs/observability/application-logs.md +++ b/raw-migrated-files/observability-docs/observability/application-logs.md @@ -85,7 +85,7 @@ Learn more about log correlation in the agent-specific ingestion guides: * [Go](https://www.elastic.co/guide/en/apm/agent/go/current/logs.html) * [Java](https://www.elastic.co/guide/en/apm/agent/java/current/logs.html#log-correlation-ids) -* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/log-correlation.html) +* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/logs.html) * [Node.js](https://www.elastic.co/guide/en/apm/agent/nodejs/current/log-correlation.html) * [Python](https://www.elastic.co/guide/en/apm/agent/python/current/logs.html#log-correlation-ids) * [Ruby](https://www.elastic.co/guide/en/apm/agent/ruby/current/log-correlation.html) diff --git a/raw-migrated-files/observability-docs/observability/inspect-metric-anomalies.md b/raw-migrated-files/observability-docs/observability/inspect-metric-anomalies.md index fa181e50a3..1f66381b44 100644 --- a/raw-migrated-files/observability-docs/observability/inspect-metric-anomalies.md +++ b/raw-migrated-files/observability-docs/observability/inspect-metric-anomalies.md @@ -41,10 +41,10 @@ Once you create {{ml}} jobs, you can not change the settings. You can recreate t Along with each anomaly job and the node name, detected anomalies with a severity score equal to 50 or higher are listed. These scores represent a severity of "warning" or higher in the selected time period. The **summary** value represents the increase between the actual value and the expected ("typical") value of the metric in the anomaly record result. - To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-gs-results.html). You can also select **Actions → Show in Inventory** to view the host or Kubernetes pods Inventory page, filtered by the specific metric. + To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-getting-started.html#sample-data-results). You can also select **Actions → Show in Inventory** to view the host or Kubernetes pods Inventory page, filtered by the specific metric. ::::{note} - These predefined {{anomaly-jobs}} use [custom rules](https://www.elastic.co/guide/en/machine-learning/current/ml-rules.html). To update the rules in the [Anomaly Explorer](https://www.elastic.co/guide/en/machine-learning/current/ml-gs-results.html), select **actions → Configure rules**. The changes only take effect for new results. If you want to apply the changes to existing results, clone and rerun the job. + These predefined {{anomaly-jobs}} use [custom rules](https://www.elastic.co/guide/en/machine-learning/current/ml-ad-run-jobs.html#ml-ad-rules). To update the rules in the [Anomaly Explorer](https://www.elastic.co/guide/en/machine-learning/current/ml-getting-started.html#sample-data-results), select **actions → Configure rules**. The changes only take effect for new results. If you want to apply the changes to existing results, clone and rerun the job. :::: @@ -52,7 +52,7 @@ Once you create {{ml}} jobs, you can not change the settings. You can recreate t ## History chart [history-chart] -On the **Inventory** page, click **Show history** to view the metric values within the selected time frame. Detected anomalies with an anomaly score equal to 50, or higher, are highlighted in red. To examine the detected anomalies, use the [Anomaly Explorer](https://www.elastic.co/guide/en/machine-learning/current/ml-gs-results.html). +On the **Inventory** page, click **Show history** to view the metric values within the selected time frame. Detected anomalies with an anomaly score equal to 50, or higher, are highlighted in red. To examine the detected anomalies, use the [Anomaly Explorer](https://www.elastic.co/guide/en/machine-learning/current/ml-getting-started.html#sample-data-results). :::{image} ../../../images/observability-metrics-history-chart.png :alt: History diff --git a/raw-migrated-files/observability-docs/observability/logs-plaintext.md b/raw-migrated-files/observability-docs/observability/logs-plaintext.md index 4390eecd1c..60186110e1 100644 --- a/raw-migrated-files/observability-docs/observability/logs-plaintext.md +++ b/raw-migrated-files/observability-docs/observability/logs-plaintext.md @@ -334,7 +334,7 @@ Learn about correlating plaintext logs in the agent-specific ingestion guides: * [Go](https://www.elastic.co/guide/en/apm/agent/go/current/logs.html) * [Java](https://www.elastic.co/guide/en/apm/agent/java/current/logs.html#log-correlation-ids) -* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/log-correlation.html) +* [.NET](https://www.elastic.co/guide/en/apm/agent/dotnet/current/logs.html) * [Node.js](https://www.elastic.co/guide/en/apm/agent/nodejs/current/log-correlation.html) * [Python](https://www.elastic.co/guide/en/apm/agent/python/current/logs.html#log-correlation-ids) * [Ruby](https://www.elastic.co/guide/en/apm/agent/ruby/current/log-correlation.html) diff --git a/raw-migrated-files/observability-docs/observability/observability-introduction.md b/raw-migrated-files/observability-docs/observability/observability-introduction.md index 05f54e931d..4f893f239b 100644 --- a/raw-migrated-files/observability-docs/observability/observability-introduction.md +++ b/raw-migrated-files/observability-docs/observability/observability-introduction.md @@ -38,7 +38,7 @@ On the {{observability}} **Overview** page, the **Hosts** table shows your top h You can then drill down into the {{infrastructure-app}} by clicking **Show inventory**. Here you can monitor and filter your data by hosts, pods, containers,or EC2 instances and create custom groupings such as availability zones or namespaces. -For more information, see [Infrastructure Monitoring](https://www.elastic.co/guide/en/observability/current/analyze-metrics.html). +For more information, see [Infrastructure Monitoring](https://www.elastic.co/guide/en/observability/current/monitor-infrastructure-and-hosts.html). ## Real user monitoring (RUM) [user-experience-overview] diff --git a/raw-migrated-files/observability-docs/observability/quickstart-monitor-hosts-with-elastic-agent.md b/raw-migrated-files/observability-docs/observability/quickstart-monitor-hosts-with-elastic-agent.md index a334d462d0..aae8ecc571 100644 --- a/raw-migrated-files/observability-docs/observability/quickstart-monitor-hosts-with-elastic-agent.md +++ b/raw-migrated-files/observability-docs/observability/quickstart-monitor-hosts-with-elastic-agent.md @@ -91,7 +91,7 @@ After using the dashboards to examine your data and confirm you’ve ingested al For host monitoring, the following capabilities and features are recommended: -* In the [Infrastructure UI](https://www.elastic.co/guide/en/observability/current/analyze-metrics.html), analyze and compare data collected from your hosts. You can also: +* In the [Infrastructure UI](https://www.elastic.co/guide/en/observability/current/monitor-infrastructure-and-hosts.html), analyze and compare data collected from your hosts. You can also: * [Detect anomalies](../../../solutions/observability/infra-and-hosts/detect-metric-anomalies.md) for memory usage and network traffic on hosts. * [Create alerts](../../../solutions/observability/incident-management/alerting.md) that notify you when an anomaly is detected or a metric exceeds a given value. diff --git a/raw-migrated-files/observability-docs/observability/view-infrastructure-metrics.md b/raw-migrated-files/observability-docs/observability/view-infrastructure-metrics.md index 02e51b29e5..a3c122e21d 100644 --- a/raw-migrated-files/observability-docs/observability/view-infrastructure-metrics.md +++ b/raw-migrated-files/observability-docs/observability/view-infrastructure-metrics.md @@ -175,7 +175,7 @@ The **Anomalies** tab displays a list of each single metric {{anomaly-detect}} j Along with the name of each anomaly job, detected anomalies with a severity score equal to 50, or higher, are listed. These scores represent a severity of "warning" or higher in the selected time period. The **summary** value represents the increase between the actual value and the expected ("typical") value of the host metric in the anomaly record result. -To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-gs-results.html). You can also select **Actions → Show in Inventory** to view the host Inventory page, filtered by the specific metric. +To drill down and analyze the metric anomaly, select **Actions → Open in Anomaly Explorer** to view the [Anomaly Explorer in {{ml-app}}](https://www.elastic.co/guide/en/machine-learning/current/ml-getting-started.html#sample-data-results). You can also select **Actions → Show in Inventory** to view the host Inventory page, filtered by the specific metric. :::{image} ../../../images/observability-anomalies-overlay.png :alt: Anomalies diff --git a/raw-migrated-files/security-docs/security/about-rules.md b/raw-migrated-files/security-docs/security/about-rules.md index 0a750b33db..b36cb925b7 100644 --- a/raw-migrated-files/security-docs/security/about-rules.md +++ b/raw-migrated-files/security-docs/security/about-rules.md @@ -20,7 +20,7 @@ You can create the following types of rules: For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule’s search results. * [**Event correlation**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-eql-rule): Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](../../../explore-analyze/query-filter/languages/eql.md) query. -* [**Indicator match**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-indicator-rule): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/{{ecs_version}}). For information on creating {{es}} indices and field types, see [Index some documents](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index.html), [Create index API](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html), and [Field data types](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](../../../explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators. +* [**Indicator match**](../../../solutions/security/detect-and-alert/create-detection-rule.md#create-indicator-rule): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/{{ecs_version}}). For information on creating {{es}} indices and field types, see [Index some documents](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/getting-started-general-purpose.html#gp-gs-add-data), [Create index API](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html), and [Field data types](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-types.html). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](../../../explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators. ::::{tip} You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](../../../solutions/security/detect-and-alert/create-detection-rule.md#indicator-value-lists) at the end of this topic for more information. diff --git a/raw-migrated-files/security-docs/security/detections-permissions-section.md b/raw-migrated-files/security-docs/security/detections-permissions-section.md index db7f80d8a0..fbd367a989 100644 --- a/raw-migrated-files/security-docs/security/detections-permissions-section.md +++ b/raw-migrated-files/security-docs/security/detections-permissions-section.md @@ -14,7 +14,7 @@ Additionally, there are some [advanced settings](../../../solutions/security/det These steps are only required for **self-managed** deployments: -* HTTPS must be configured for communication between [{{es}} and {{kib}}](https://www.elastic.co/guide/en/kibana/current/configuring-tls.html#configuring-tls-kib-es). +* HTTPS must be configured for communication between [{{es}} and {{kib}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-kibana-http). * In the `elasticsearch.yml` configuration file, set the `xpack.security.enabled` setting to `true`. For more information, refer to [Configuring {{es}}](../../../deploy-manage/deploy/self-managed/configure-elasticsearch.md) and [Security settings in {{es}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html). * In the `kibana.yml` [configuration file](../../../deploy-manage/deploy/self-managed/configure.md), add the `xpack.encryptedSavedObjects.encryptionKey` setting with any alphanumeric value of at least 32 characters. For example: diff --git a/raw-migrated-files/security-docs/security/install-endpoint.md b/raw-migrated-files/security-docs/security/install-endpoint.md index 6d35b781c8..02198f22eb 100644 --- a/raw-migrated-files/security-docs/security/install-endpoint.md +++ b/raw-migrated-files/security-docs/security/install-endpoint.md @@ -66,7 +66,7 @@ If you’re using macOS, some versions may require you to grant Full Disk Access To enable the {{elastic-defend}} integration, you must enroll agents in the relevant policy using {{fleet}}. ::::{important} -Before you add an {{agent}}, a {{fleet-server}} must be running. Refer to [Add a {{fleet-server}}](https://www.elastic.co/guide/en/fleet/current/add-a-fleet-server.html). +Before you add an {{agent}}, a {{fleet-server}} must be running. Refer to [Add a {{fleet-server}}](https://www.elastic.co/guide/en/fleet/current/fleet-deployment-models.html). {{elastic-defend}} cannot be integrated with an {{agent}} in standalone mode. diff --git a/raw-migrated-files/security-docs/security/network-page-overview.md b/raw-migrated-files/security-docs/security/network-page-overview.md index 419f2e7f86..0aea9ec034 100644 --- a/raw-migrated-files/security-docs/security/network-page-overview.md +++ b/raw-migrated-files/security-docs/security/network-page-overview.md @@ -47,7 +47,7 @@ There are also tabs for viewing and investigating specific types of data: * **Events**: All network events. To display alerts received from external monitoring tools, scroll down to the events table and select **Show only external alerts** on the right. * **Flows**: Source and destination IP addresses and countries. * **DNS**: DNS network queries. -* **HTTP**: Received HTTP requests (HTTP requests for applications using [Elastic APM](https://www.elastic.co/guide/en/kibana/current/apm-getting-started.html) are monitored by default). +* **HTTP**: Received HTTP requests (HTTP requests for applications using [Elastic APM](https://www.elastic.co/guide/en/observability/current/apm.html) are monitored by default). * **TLS**: Handshake details. * **Anomalies**: Anomalies discovered by [machine learning jobs](../../../solutions/security/advanced-entity-analytics/anomaly-detection.md).