diff --git a/docset.yml b/docset.yml
index 6d80ca5ac7..6fa3dd3913 100644
--- a/docset.yml
+++ b/docset.yml
@@ -63,146 +63,15 @@ toc:
   - hidden: 404.md
 
 subs:
-  ref:   "https://www.elastic.co/guide/en/elasticsearch/reference/current"
-  ref-bare:   "https://www.elastic.co/guide/en/elasticsearch/reference"
-  ref-8x:   "https://www.elastic.co/guide/en/elasticsearch/reference/8.1"
-  ref-80:   "https://www.elastic.co/guide/en/elasticsearch/reference/8.0"
-  ref-7x:   "https://www.elastic.co/guide/en/elasticsearch/reference/7.17"
-  ref-70:   "https://www.elastic.co/guide/en/elasticsearch/reference/7.0"
-  ref-60:   "https://www.elastic.co/guide/en/elasticsearch/reference/6.0"
-  ref-64:   "https://www.elastic.co/guide/en/elasticsearch/reference/6.4"
-  xpack-ref:   "https://www.elastic.co/guide/en/x-pack/6.2"
-  logstash-ref:   "https://www.elastic.co/guide/en/logstash/current"
-  kibana-ref:   "https://www.elastic.co/guide/en/kibana/current"
-  kibana-ref-all:   "https://www.elastic.co/guide/en/kibana"
-  beats-ref-root:   "https://www.elastic.co/guide/en/beats"
-  beats-ref:   "https://www.elastic.co/guide/en/beats/libbeat/current"
-  beats-ref-60:   "https://www.elastic.co/guide/en/beats/libbeat/6.0"
-  beats-ref-63:   "https://www.elastic.co/guide/en/beats/libbeat/6.3"
-  beats-devguide:   "https://www.elastic.co/guide/en/beats/devguide/current"
-  auditbeat-ref:   "https://www.elastic.co/guide/en/beats/auditbeat/current"
-  packetbeat-ref:   "https://www.elastic.co/guide/en/beats/packetbeat/current"
-  metricbeat-ref:   "https://www.elastic.co/guide/en/beats/metricbeat/current"
   filebeat-ref:   "https://www.elastic.co/guide/en/beats/filebeat/current"
-  functionbeat-ref:   "https://www.elastic.co/guide/en/beats/functionbeat/current"
-  winlogbeat-ref:   "https://www.elastic.co/guide/en/beats/winlogbeat/current"
-  heartbeat-ref:   "https://www.elastic.co/guide/en/beats/heartbeat/current"
-  journalbeat-ref:   "https://www.elastic.co/guide/en/beats/journalbeat/current"
-  ingest-guide:   "https://www.elastic.co/guide/en/ingest/current"
-  fleet-guide:   "https://www.elastic.co/guide/en/fleet/current"
-  apm-guide-ref:   "https://www.elastic.co/guide/en/apm/guide/current"
-  apm-guide-7x:   "https://www.elastic.co/guide/en/apm/guide/7.17"
-  apm-app-ref:   "https://www.elastic.co/guide/en/kibana/current"
-  apm-agents-ref:   "https://www.elastic.co/guide/en/apm/agent"
-  apm-android-ref:   "https://www.elastic.co/guide/en/apm/agent/android/current"
-  apm-py-ref:   "https://www.elastic.co/guide/en/apm/agent/python/current"
-  apm-py-ref-3x:   "https://www.elastic.co/guide/en/apm/agent/python/3.x"
-  apm-node-ref-index:   "https://www.elastic.co/guide/en/apm/agent/nodejs"
-  apm-node-ref:   "https://www.elastic.co/guide/en/apm/agent/nodejs/current"
-  apm-node-ref-1x:   "https://www.elastic.co/guide/en/apm/agent/nodejs/1.x"
-  apm-rum-ref:   "https://www.elastic.co/guide/en/apm/agent/rum-js/current"
-  apm-ruby-ref:   "https://www.elastic.co/guide/en/apm/agent/ruby/current"
-  apm-java-ref:   "https://www.elastic.co/guide/en/apm/agent/java/current"
-  apm-go-ref:   "https://www.elastic.co/guide/en/apm/agent/go/current"
-  apm-dotnet-ref:   "https://www.elastic.co/guide/en/apm/agent/dotnet/current"
-  apm-php-ref:   "https://www.elastic.co/guide/en/apm/agent/php/current"
-  apm-ios-ref:   "https://www.elastic.co/guide/en/apm/agent/swift/current"
-  apm-lambda-ref:   "https://www.elastic.co/guide/en/apm/lambda/current"
-  apm-attacher-ref:   "https://www.elastic.co/guide/en/apm/attacher/current"
-  docker-logging-ref:   "https://www.elastic.co/guide/en/beats/loggingplugin/current"
-  esf-ref:   "https://www.elastic.co/guide/en/esf/current"
-  kinesis-firehose-ref:   "https://www.elastic.co/guide/en/kinesis/{{kinesis_version}}"
-  estc-welcome-current:   "https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current"
-  estc-welcome:   "https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current"
-  estc-welcome-all:   "https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions"
-  hadoop-ref:   "https://www.elastic.co/guide/en/elasticsearch/hadoop/current"
-  stack-ref:   "https://www.elastic.co/guide/en/elastic-stack/current"
-  stack-ref-67:   "https://www.elastic.co/guide/en/elastic-stack/6.7"
-  stack-ref-68:   "https://www.elastic.co/guide/en/elastic-stack/6.8"
-  stack-ref-70:   "https://www.elastic.co/guide/en/elastic-stack/7.0"
-  stack-ref-80:   "https://www.elastic.co/guide/en/elastic-stack/8.0"
-  stack-ov:   "https://www.elastic.co/guide/en/elastic-stack-overview/current"
-  stack-gs:   "https://www.elastic.co/guide/en/elastic-stack-get-started/current"
-  stack-gs-current:   "https://www.elastic.co/guide/en/elastic-stack-get-started/current"
-  javaclient:   "https://www.elastic.co/guide/en/elasticsearch/client/java-api/current"
-  java-api-client:   "https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current"
-  java-rest:   "https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current"
-  jsclient:   "https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current"
-  jsclient-current:   "https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current"
-  es-ruby-client:   "https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current"
-  es-dotnet-client:   "https://www.elastic.co/guide/en/elasticsearch/client/net-api/current"
-  es-php-client:   "https://www.elastic.co/guide/en/elasticsearch/client/php-api/current"
-  es-python-client:   "https://www.elastic.co/guide/en/elasticsearch/client/python-api/current"
   defguide:   "https://www.elastic.co/guide/en/elasticsearch/guide/2.x"
-  painless:   "https://www.elastic.co/guide/en/elasticsearch/painless/current"
-  plugins:   "https://www.elastic.co/guide/en/elasticsearch/plugins/current"
-  plugins-8x:   "https://www.elastic.co/guide/en/elasticsearch/plugins/8.1"
-  plugins-7x:   "https://www.elastic.co/guide/en/elasticsearch/plugins/7.17"
-  plugins-6x:   "https://www.elastic.co/guide/en/elasticsearch/plugins/6.8"
-  glossary:   "https://www.elastic.co/guide/en/elastic-stack-glossary/current"
-  upgrade_guide:   "https://www.elastic.co/products/upgrade_guide"
-  blog-ref:   "https://www.elastic.co/blog/"
-  curator-ref:   "https://www.elastic.co/guide/en/elasticsearch/client/curator/current"
-  curator-ref-current:   "https://www.elastic.co/guide/en/elasticsearch/client/curator/current"
-  metrics-ref:   "https://www.elastic.co/guide/en/metrics/current"
-  metrics-guide:   "https://www.elastic.co/guide/en/metrics/guide/current"
-  logs-ref:   "https://www.elastic.co/guide/en/logs/current"
-  logs-guide:   "https://www.elastic.co/guide/en/logs/guide/current"
-  uptime-guide:   "https://www.elastic.co/guide/en/uptime/current"
-  observability-guide:   "https://www.elastic.co/guide/en/observability/current"
-  observability-guide-all:   "https://www.elastic.co/guide/en/observability"
-  siem-guide:   "https://www.elastic.co/guide/en/siem/guide/current"
-  security-guide:   "https://www.elastic.co/guide/en/security/current"
   security-guide-all:   "https://www.elastic.co/guide/en/security"
-  endpoint-guide:   "https://www.elastic.co/guide/en/endpoint/current"
   sql-odbc:   "https://www.elastic.co/guide/en/elasticsearch/sql-odbc/current"
-  ecs-ref:   "https://www.elastic.co/guide/en/ecs/current"
-  ecs-logging-ref:   "https://www.elastic.co/guide/en/ecs-logging/overview/current"
-  ecs-logging-go-logrus-ref:   "https://www.elastic.co/guide/en/ecs-logging/go-logrus/current"
-  ecs-logging-go-zap-ref:   "https://www.elastic.co/guide/en/ecs-logging/go-zap/current"
-  ecs-logging-go-zerolog-ref:   "https://www.elastic.co/guide/en/ecs-logging/go-zap/current"
-  ecs-logging-java-ref:   "https://www.elastic.co/guide/en/ecs-logging/java/current"
-  ecs-logging-dotnet-ref:   "https://www.elastic.co/guide/en/ecs-logging/dotnet/current"
-  ecs-logging-nodejs-ref:   "https://www.elastic.co/guide/en/ecs-logging/nodejs/current"
-  ecs-logging-php-ref:   "https://www.elastic.co/guide/en/ecs-logging/php/current"
-  ecs-logging-python-ref:   "https://www.elastic.co/guide/en/ecs-logging/python/current"
-  ecs-logging-ruby-ref:   "https://www.elastic.co/guide/en/ecs-logging/ruby/current"
   ml-docs:   "https://www.elastic.co/guide/en/machine-learning/current"
   eland-docs:   "https://www.elastic.co/guide/en/elasticsearch/client/eland/current"
-  eql-ref:   "https://eql.readthedocs.io/en/latest/query-guide"
   subscriptions:   "https://www.elastic.co/subscriptions"
   extendtrial:   "https://www.elastic.co/trialextension"
-  wikipedia:   "https://en.wikipedia.org/wiki"
-  forum:   "https://discuss.elastic.co/"
-  xpack-forum:   "https://discuss.elastic.co/c/50-x-pack"
-  security-forum:   "https://discuss.elastic.co/c/x-pack/shield"
-  watcher-forum:   "https://discuss.elastic.co/c/x-pack/watcher"
-  monitoring-forum:   "https://discuss.elastic.co/c/x-pack/marvel"
-  graph-forum:   "https://discuss.elastic.co/c/x-pack/graph"
-  apm-forum:   "https://discuss.elastic.co/c/apm"
-  enterprise-search-ref:   "https://www.elastic.co/guide/en/enterprise-search/current"
-  app-search-ref:   "https://www.elastic.co/guide/en/app-search/current"
-  workplace-search-ref:   "https://www.elastic.co/guide/en/workplace-search/current"
-  enterprise-search-node-ref:   "https://www.elastic.co/guide/en/enterprise-search-clients/enterprise-search-node/current"
-  enterprise-search-php-ref:   "https://www.elastic.co/guide/en/enterprise-search-clients/php/current"
-  enterprise-search-python-ref:   "https://www.elastic.co/guide/en/enterprise-search-clients/python/current"
-  enterprise-search-ruby-ref:   "https://www.elastic.co/guide/en/enterprise-search-clients/ruby/current"
-  elastic-maps-service:   "https://maps.elastic.co"
-  integrations-docs:   "https://docs.elastic.co/en/integrations"
-  integrations-devguide:   "https://www.elastic.co/guide/en/integrations-developer/current"
-  time-units:   "https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#time-units"
-  byte-units:   "https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#byte-units"
-  apm-py-ref-v:   "https://www.elastic.co/guide/en/apm/agent/python/current"
-  apm-node-ref-v:   "https://www.elastic.co/guide/en/apm/agent/nodejs/current"
-  apm-rum-ref-v:   "https://www.elastic.co/guide/en/apm/agent/rum-js/current"
-  apm-ruby-ref-v:   "https://www.elastic.co/guide/en/apm/agent/ruby/current"
-  apm-java-ref-v:   "https://www.elastic.co/guide/en/apm/agent/java/current"
-  apm-go-ref-v:   "https://www.elastic.co/guide/en/apm/agent/go/current"
-  apm-ios-ref-v:   "https://www.elastic.co/guide/en/apm/agent/swift/current"
-  apm-dotnet-ref-v:   "https://www.elastic.co/guide/en/apm/agent/dotnet/current"
-  apm-php-ref-v:   "https://www.elastic.co/guide/en/apm/agent/php/current"
   ecloud:   "Elastic Cloud"
-  esf:   "Elastic Serverless Forwarder"
   ess:   "Elasticsearch Service"
   ech:   "Elastic Cloud Hosted"
   ece:   "Elastic Cloud Enterprise"
@@ -221,8 +90,6 @@ subs:
   ess-product:   "https://www.elastic.co/cloud/elasticsearch-service?page=docs&placement=docs-body"
   ess-console:   "https://cloud.elastic.co?page=docs&placement=docs-body"
   ess-deployments:   "https://cloud.elastic.co/deployments?page=docs&placement=docs-body"
-  ece-ref:   "https://www.elastic.co/guide/en/cloud-enterprise/current"
-  eck-ref:   "https://www.elastic.co/guide/en/cloud-on-k8s/current"
   ess-leadin:   "You can run Elasticsearch on your own hardware or use our hosted Elasticsearch Service that is available on AWS, GCP, and Azure. https://cloud.elastic.co/registration{ess-utm-params}[Try the Elasticsearch Service for free]."
   ess-leadin-short:   "Our hosted Elasticsearch Service is available on AWS, GCP, and Azure, and you can https://cloud.elastic.co/registration{ess-utm-params}[try it for free]."
   ess-icon:   "image:https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg[link=\"https://cloud.elastic.co/registration{ess-utm-params}\", title=\"Supported on Elasticsearch Service\"]"
@@ -234,7 +101,6 @@ subs:
   api-ece:   "https://www.elastic.co/docs/api/doc/cloud-enterprise"
   api-kibana-serverless:   "https://www.elastic.co/docs/api/doc/serverless"
   es-feature-flag:   "This feature is in development and not yet available for use. This documentation is provided for informational purposes only."
-  es-ref-dir:   "'{{elasticsearch-root}}/docs/reference'"
   apm-app:   "APM app"
   uptime-app:   "Uptime app"
   synthetics-app:   "Synthetics app"
@@ -528,16 +394,6 @@ subs:
   apm-issue:   "https://github.com/elastic/apm-server/issues/"
   apm-pull:   "https://github.com/elastic/apm-server/pull/"
   kibana-blob:   "https://github.com/elastic/kibana/blob/current/"
-  apm-get-started-ref:   "https://www.elastic.co/guide/en/apm/get-started/current"
-  apm-server-ref:   "https://www.elastic.co/guide/en/apm/server/current"
-  apm-server-ref-v:   "https://www.elastic.co/guide/en/apm/server/current"
-  apm-server-ref-m:   "https://www.elastic.co/guide/en/apm/server/master"
-  apm-server-ref-62:   "https://www.elastic.co/guide/en/apm/server/6.2"
-  apm-server-ref-64:   "https://www.elastic.co/guide/en/apm/server/6.4"
-  apm-server-ref-70:   "https://www.elastic.co/guide/en/apm/server/7.0"
-  apm-overview-ref-v:   "https://www.elastic.co/guide/en/apm/get-started/current"
-  apm-overview-ref-70:   "https://www.elastic.co/guide/en/apm/get-started/7.0"
-  apm-overview-ref-m:   "https://www.elastic.co/guide/en/apm/get-started/master"
   infra-guide:   "https://www.elastic.co/guide/en/infrastructure/guide/current"
   a-data-source:   "a data view"
   icon-bug:   "pass:[<span class=\"eui-icon icon-bug\"></span>]"
diff --git a/reference/ingestion-tools/fleet/data-streams-scenario1.md b/reference/ingestion-tools/fleet/data-streams-scenario1.md
index 9018035f8b..2e503d9fac 100644
--- a/reference/ingestion-tools/fleet/data-streams-scenario1.md
+++ b/reference/ingestion-tools/fleet/data-streams-scenario1.md
@@ -73,7 +73,7 @@ To confirm that the index template is using the `logs@custom` component template
 2. Search for `logs@` and select the `logs@custom` component template.
 3. The **Summary** shows the list of all data streams that use the component template, and the **Settings** view shows your newly configured ILM policy.
 
-New ILM policies only take effect when new indices are created, so you either must wait for a rollover to occur (usually after 30 days or when the index size reaches 50 GB), or force a rollover of each data stream using the {{ref}}/indices-rollover-index.html[{{es}} rollover API.
+New ILM policies only take effect when new indices are created, so you either must wait for a rollover to occur (usually after 30 days or when the index size reaches 50 GB), or force a rollover of each data stream using the {{es}} [rollover API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-rollover).
 
 For example:
 
diff --git a/reference/ingestion-tools/fleet/data-streams-scenario2.md b/reference/ingestion-tools/fleet/data-streams-scenario2.md
index c7841f4e63..eeb63eb170 100644
--- a/reference/ingestion-tools/fleet/data-streams-scenario2.md
+++ b/reference/ingestion-tools/fleet/data-streams-scenario2.md
@@ -69,7 +69,7 @@ To confirm that the index template is using the `logs@custom` component template
 2. Search for `system` and select the `logs-system.auth@custom` component template.
 3. The **Summary** shows the list of all data streams that use the component template, and the **Settings** view shows your newly configured ILM policy.
 
-New ILM policies only take effect when new indices are created, so you either must wait for a rollover to occur (usually after 30 days or when the index size reaches 50 GB), or force a rollover of the data stream using the {{ref}}/indices-rollover-index.html[{{es}} rollover API:
+New ILM policies only take effect when new indices are created, so you either must wait for a rollover to occur (usually after 30 days or when the index size reaches 50 GB), or force a rollover of the data stream using the {{es}} [rollover API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-rollover):
 
 ```bash
 POST /logs-system.auth/_rollover/
diff --git a/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md b/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
index b73f9d4262..0eb0f11927 100644
--- a/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
+++ b/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
@@ -32,7 +32,7 @@ The following table describes the integrations you can use instead of {{auditbea
 | [System.package](asciidocalypse://docs/beats/docs/reference/auditbeat/auditbeat-dataset-system-package.md) dataset | [System Audit](asciidocalypse://docs/integration-docs/docs/reference/system_audit.md) integration | This integration is a direct replacement of the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:<br><br>* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br> |
 | [Osquery](asciidocalypse://docs/integration-docs/docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/integration-docs/docs/reference/osquery_manager.md) integration | Schedule collection of information like:<br><br>* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br>* [apps](https://www.osquery.io/schema/5.1.0/#apps) (MacOS)<br>* [programs](https://www.osquery.io/schema/5.1.0/#programs) (Windows)<br>* [npm_packages](https://www.osquery.io/schema/5.1.0/#npm_packages)<br>* [atom_packages](https://www.osquery.io/schema/5.1.0/#atom_packages)<br>* [chocolatey_packages](https://www.osquery.io/schema/5.1.0/#chocolatey_packages)<br>* [portage_packages](https://www.osquery.io/schema/5.1.0/#portage_packages)<br>* [python_packages](https://www.osquery.io/schema/5.1.0/#python_packages)<br> |
 | [System.process](asciidocalypse://docs/beats/docs/reference/auditbeat/auditbeat-dataset-system-process.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because out of the box it reports events forevery process in [ECS](asciidocalypse://docs/integration-docs/docs/reference/index.md) format and has excellentintegration in [Kibana](/get-started/the-stack.md). |
-| [Custom Windows event log](asciidocalypse://docs/integration-docs/docs/reference/winlog.md) and{{integrations-docs}}/windows#sysmonoperational[Sysmon] integrations | Provide process data. |
+| [Custom Windows event log](asciidocalypse://docs/integration-docs/docs/reference/winlog.md) and [Sysmon](asciidocalypse://docs/integration-docs/docs/reference/sysmon_linux.md) integrations | Provide process data. |
 | [Osquery](asciidocalypse://docs/integration-docs/docs/reference/osquery.md) or[Osquery Manager](asciidocalypse://docs/integration-docs/docs/reference/osquery_manager.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSeswithout polling. |
 | [System.socket](asciidocalypse://docs/beats/docs/reference/auditbeat/auditbeat-dataset-system-socket.md) dataset | [Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md) | Best replacement because it supports monitoring network connections on Linux,Windows, and MacOS. Includes process and user metadata. Currently does notdo flow accounting (byte and packet counts) or domain name enrichment (but doescollect DNS queries separately). |
 | [Osquery](asciidocalypse://docs/integration-docs/docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/integration-docs/docs/reference/osquery_manager.md) integration | Monitor socket events via the [socket_events](https://www.osquery.io/schema/5.1.0/#socket_events) tablefor Linux and MacOS. |