elastic
diff --git a/‎docs/changelog/130847.yaml‎
Lines changed: 5 additions & 0 deletions b/‎docs/changelog/130847.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/changelog/131027.yaml‎
Lines changed: 6 additions & 0 deletions b/‎docs/changelog/131027.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/changelog/131658.yaml‎
Lines changed: 5 additions & 0 deletions b/‎docs/changelog/131658.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/changelog/131775.yaml‎
Lines changed: 5 additions & 0 deletions b/‎docs/changelog/131775.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/changelog/131990.yaml‎
Lines changed: 6 additions & 0 deletions b/‎docs/changelog/131990.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/reference/elasticsearch/rest-apis/api-examples.md‎
Lines changed: 4 additions & 5 deletions b/‎docs/reference/elasticsearch/rest-apis/api-examples.md‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎docs/reference/enrich-processor/normalize-for-stream.md‎
Lines changed: 84 additions & 0 deletions b/‎docs/reference/enrich-processor/normalize-for-stream.md‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎docs/reference/query-languages/esql/_snippets/functions/examples/v_dot_product.md‎
Lines changed: 16 additions & 1 deletion b/‎docs/reference/query-languages/esql/_snippets/functions/examples/v_dot_product.md‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎docs/reference/query-languages/esql/_snippets/functions/examples/v_l1_norm.md‎
Lines changed: 16 additions & 1 deletion b/‎docs/reference/query-languages/esql/_snippets/functions/examples/v_l1_norm.md‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎docs/reference/query-languages/esql/_snippets/functions/layout/categorize.md‎
Lines changed: 3 additions & 0 deletions b/‎docs/reference/query-languages/esql/_snippets/functions/layout/categorize.md‎
Lines changed: 3 additions & 0 deletions
@@ -0,0 +1,5 @@
+pr: 130847
+summary: "Pipelines: Add `created_date` and `modified_date`"
+area: Ingest Node
+type: enhancement
+issues: []
@@ -0,0 +1,6 @@
+pr: 131027
+summary: Handle structured log messages
+area: Ingest Node
+type: feature
+issues:
+ - 130333
@@ -0,0 +1,5 @@
+pr: 131658
+summary: Fix `aggregate_metric_double` sorting and `mv_expand` issues
+area: ES|QL
+type: bug
+issues: []
@@ -0,0 +1,5 @@
+pr: 131775
+summary: Replace "representable" type error messages
+area: ES|QL
+type: enhancement
+issues: []
@@ -0,0 +1,6 @@
+pr: 131990
+summary: Prevent the trained model deployment memory estimation from double-counting
+  allocations
+area: Machine Learning
+type: bug
+issues: []
@@ -1,10 +1,9 @@
 ---
 applies_to:
   stack: all
-navigation_title: API examples
+  serverless:
+navigation_title: Guides and examples
 ---
-# Elasticsearch API examples
+# Elasticsearch API guides and examples
 
-This section provides examples for performing common tasks such as sorting, collapsing, and filtering search results by using Elasticsearch APIs.
-
-For more examples, check the [Elasticsearch](https://www.elastic.co/docs/api/doc/elasticsearch) and [Elasticsearch Serverless](https://www.elastic.co/docs/api/doc/elasticsearch-serverless) API reference.
+This section provides guides and examples for using certain Elasticsearch APIs. These longer-form pages augment and complement the information provided in the [Elasticsearch](https://www.elastic.co/docs/api/doc/elasticsearch) and [Elasticsearch Serverless](https://www.elastic.co/docs/api/doc/elasticsearch-serverless) API reference.
@@ -153,3 +153,87 @@ will be normalized into the following form:
   "trace_id": "abcdef1234567890abcdef1234567890"
 }
 ```
+## Structured `message` field
+
+If the `message` field in the ingested document is structured as a JSON, the
+processor will determine whether it is in ECS format or not, based on the
+existence or absence of the `@timestamp` field. If the `@timestamp` field is
+present, the `message` field will be considered to be in ECS format, and its
+contents will be merged into the root of the document and then normalized as
+described above. The `@timestamp` from the `message` field will override the
+root `@timestamp` field in the resulting document.
+If the `@timestamp` field is absent, the `message` field will be moved to
+the `body.structured` field as is, without any further normalization.
+
+For example, if the `message` field is an ECS-JSON, as follows:
+
+```json
+{
+  "@timestamp": "2023-10-01T12:00:00Z",
+  "message": "{\"@timestamp\":\"2023-10-01T12:01:00Z\",\"log.level\":\"INFO\",\"service.name\":\"my-service\",\"message\":\"The actual log message\",\"http\":{\"method\":\"GET\",\"url\":{\"path\":\"/api/v1/resource\"}}}"
+
+}
+```
+it will be normalized into the following form:
+
+```json
+{
+  "@timestamp": "2023-10-01T12:01:00Z",
+  "severity_text": "INFO",
+  "body": {
+    "text": "The actual log message"
+  },
+  "resource": {
+    "attributes": {
+      "service.name": "my-service"
+    }
+  },
+  "attributes": {
+    "http.method": "GET",
+    "http.url.path": "/api/v1/resource"
+  }
+}
+```
+
+However, if the `message` field is not recognized as ECS format, as follows:
+
+```json
+{
+  "@timestamp": "2023-10-01T12:00:00Z",
+  "log": {
+    "level": "INFO"
+  },
+  "service": {
+    "name": "my-service"
+  },
+  "tags": ["user-action", "api-call"],
+  "message": "{\"root_cause\":\"Network error\",\"http\":{\"method\":\"GET\",\"url\":{\"path\":\"/api/v1/resource\"}}}"
+}
+```
+it will be normalized into the following form:
+
+```json
+{
+  "@timestamp": "2023-10-01T12:00:00Z",
+  "severity_text": "INFO",
+  "resource": {
+    "attributes": {
+      "service.name": "my-service"
+    }
+  },
+  "attributes": {
+    "tags": ["user-action", "api-call"]
+  },
+  "body": {
+    "structured": {
+      "root_cause": "Network error",
+      "http": {
+        "method": "GET",
+        "url": {
+          "path": "/api/v1/resource"
+        }
+      }
+    }
+  }
+}
+```