diff --git a/contribute-docs/_snippets/applies_to-version.md b/contribute-docs/_snippets/applies_to-version.md index f98f758d04..1bfb2c12eb 100644 --- a/contribute-docs/_snippets/applies_to-version.md +++ b/contribute-docs/_snippets/applies_to-version.md @@ -6,5 +6,5 @@ Regardless of the version format used in the source file, the version number is always rendered in the `Major.Minor.Patch` format. :::{note} -**Automatic Version Sorting**: When you specify multiple versions for the same product, the build system automatically sorts them in descending order (highest version first) regardless of the order you write them in the source file. For example, `stack: ga 8.18.6, ga 9.1.2, ga 8.19.2, ga 9.0.6` will be displayed as `stack: ga 9.1.2, ga 9.0.6, ga 8.19.2, ga 8.18.6`. Items without versions (like `ga` without a version or `all`) are sorted last. +**Automatic Version Sorting**: When you specify multiple versions for the same product, the build system automatically sorts them in descending order (highest version first) regardless of the order you write them in the source file. For example, `stack: preview =9.0, ga 9.1-9.7, deprecated =9.8, removed 9.9+` will be displayed as `stack: removed 9.9+, deprecated =9.8, ga 9.1-9.7, preview =9.0`. Items without versions (like `ga` without a version or `all`) are sorted last. ::: \ No newline at end of file diff --git a/contribute-docs/how-to/cumulative-docs/example-scenarios.md b/contribute-docs/how-to/cumulative-docs/example-scenarios.md index 7a1c47a9d8..07a92ecdd0 100644 --- a/contribute-docs/how-to/cumulative-docs/example-scenarios.md +++ b/contribute-docs/how-to/cumulative-docs/example-scenarios.md @@ -304,7 +304,7 @@ applies_to: ### Assign colors to terms [assign-colors-to-terms] ```{applies_to} -stack: ga 9.1, preview 9.0, +stack: ga 9.1+, preview =9.0, serverless: ga ``` @@ -571,7 +571,11 @@ _Work in progress._ ## Functionality is added to multiple patch versions [multiple-patch] -Sometimes, features and enhancements slip through into patch versions, and the same functionality might be added for the first time to multiple patch versions at the same time. In that case, use two `applies_to` badges so that users can see clearly the versions in which the functionality is introduced. Order the `applies_to` badges starting with the latest version, and ending with the earliest version. (Automatic ordering for multiple badges is not currently supported.) +Sometimes, features and enhancements slip through into patch versions, and the same functionality might be added for the first time to multiple patch versions at the same time. + +- **Standard case**: Our docs are aligned with the latest patch of any given minor version. That means that in most cases, we don't need to call out the exact patch version that introduced a change (that's for the release notes). + +- **Exceptions**: In rare cases, it can happen that the change is important enough to be explicitly called out in the docs with a precise patch-level information. In that case, use two `applies_to` badges with the `!` extra symbol so that users can see clearly the versions in which the functionality is introduced. Order the `applies_to` badges starting with the latest version, and ending with the earliest version. (Automatic ordering for multiple badges is not currently supported.) For example, on the [HTTP JSON input](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-httpjson) page, the `terminate` helper function was added to a 9.0.x and 9.1.x patch version at the same time. @@ -586,7 +590,7 @@ For example, on the [HTTP JSON input](https://www.elastic.co/docs/reference/beat ```markdown * `terminate`: exits the template without falling back to the default value and without causing an error. It takes a single string argument that is - logged in debug logging. {applies_to}`stack: ga 9.1.2` {applies_to}`stack: ga 9.0.6` + logged in debug logging. {applies_to}`stack: ga 9.1.2+!` {applies_to}`stack: ga 9.0.6+!` ``` :::: ::::: diff --git a/contribute-docs/how-to/cumulative-docs/guidelines.md b/contribute-docs/how-to/cumulative-docs/guidelines.md index c9340dc8ed..ef3539cc04 100644 --- a/contribute-docs/how-to/cumulative-docs/guidelines.md +++ b/contribute-docs/how-to/cumulative-docs/guidelines.md @@ -123,7 +123,7 @@ This means that badges will always appear to users from newest to oldest, which For example: -{applies_to}`stack: preview 9.0.5, beta 9.1, ga 9.2` +{applies_to}`stack: preview =9.0, beta =9.1, ga 9.2+` ### Keys diff --git a/deploy-manage/production-guidance/optimize-performance/approximate-knn-search.md b/deploy-manage/production-guidance/optimize-performance/approximate-knn-search.md index cf1558ccf0..b674b3b215 100644 --- a/deploy-manage/production-guidance/optimize-performance/approximate-knn-search.md +++ b/deploy-manage/production-guidance/optimize-performance/approximate-knn-search.md @@ -125,8 +125,8 @@ Loading data into the filesystem cache eagerly on too many indices or too many f The following file extensions are used for the approximate kNN search: Each extension is broken down by the quantization types. -* {applies_to}`stack: ga 9.3` `cenivf` for DiskBBQ to store centroids -* {applies_to}`stack: ga 9.3` `clivf` for DiskBBQ to store clusters of quantized vectors +* {applies_to}`stack: ga 9.3+` `cenivf` for DiskBBQ to store centroids +* {applies_to}`stack: ga 9.3+` `clivf` for DiskBBQ to store clusters of quantized vectors * `vex` for the HNSW graph * `vec` for all non-quantized vector values. This includes all element types: `float`, `byte`, and `bit`. * `veq` for quantized vectors indexed with [`quantization`](elasticsearch://reference/elasticsearch/mapping-reference/dense-vector.md#dense-vector-quantization): `int4` or `int8` diff --git a/deploy-manage/tools/snapshot-and-restore/s3-repository.md b/deploy-manage/tools/snapshot-and-restore/s3-repository.md index c53945cb84..2a30338109 100644 --- a/deploy-manage/tools/snapshot-and-restore/s3-repository.md +++ b/deploy-manage/tools/snapshot-and-restore/s3-repository.md @@ -233,7 +233,7 @@ The following settings are supported: `get_register_retry_delay` : ([time value](elasticsearch://reference/elasticsearch/rest-apis/api-conventions.md#time-units)) Sets the time to wait before trying again if an attempt to read a [linearizable register](#repository-s3-linearizable-registers) fails. Defaults to `5s`. -`unsafely_incompatible_with_s3_conditional_writes` {applies_to}`stack: ga 9.2.3` +`unsafely_incompatible_with_s3_conditional_writes` {applies_to}`stack: ga 9.2.3+!` : (boolean) {{es}} uses AWS S3's support for conditional writes to protect against repository corruption. If your repository is based on a storage system which claims to be S3-compatible but does not accept conditional writes, set this setting to `true` to make {{es}} perform unconditional writes, bypassing the repository corruption protection, while you work with your storage supplier to address this incompatibility with AWS S3. Defaults to `false`. ::::{note} diff --git a/explore-analyze/alerts-cases/alerts/maintenance-windows.md b/explore-analyze/alerts-cases/alerts/maintenance-windows.md index 9e3215c792..4ec1cd1462 100644 --- a/explore-analyze/alerts-cases/alerts/maintenance-windows.md +++ b/explore-analyze/alerts-cases/alerts/maintenance-windows.md @@ -3,7 +3,7 @@ mapped_pages: - https://www.elastic.co/guide/en/kibana/current/maintenance-windows.html - https://www.elastic.co/guide/en/serverless/current/maintenance-windows.html applies_to: - stack: preview 9.0, ga 9.2 + stack: preview 9.0-9.1, ga 9.2+ serverless: ga products: - id: kibana diff --git a/explore-analyze/cross-cluster-search.md b/explore-analyze/cross-cluster-search.md index 76cbfe9a1e..9738f9c456 100644 --- a/explore-analyze/cross-cluster-search.md +++ b/explore-analyze/cross-cluster-search.md @@ -26,7 +26,7 @@ The following APIs support {{ccs}}: * [Painless execute API](elasticsearch://reference/scripting-languages/painless/painless-api-examples.md) * [Resolve Index API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-resolve-index) * [Vector tile search](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-search-mvt) -* {applies_to}`stack: preview 9.0, ga 9.1` [ES|QL](elasticsearch://reference/query-languages/esql/esql-cross-clusters.md) +* {applies_to}`stack: preview =9.0, ga 9.1+` [ES|QL](elasticsearch://reference/query-languages/esql/esql-cross-clusters.md) * {applies_to}`stack: preview` [EQL search](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-eql-search) * {applies_to}`stack: preview` [SQL search](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-sql-query) diff --git a/explore-analyze/dashboards/add-controls.md b/explore-analyze/dashboards/add-controls.md index 619e8f709f..cd4531450b 100644 --- a/explore-analyze/dashboards/add-controls.md +++ b/explore-analyze/dashboards/add-controls.md @@ -47,8 +47,8 @@ To add interactive Options list and Range slider controls, create the controls, 1. Open or create a new dashboard. 2. Add a control. - * {applies_to}`stack: ga 9.2` In **Edit** mode, select **Add** > **Controls** > **Control** in the toolbar. - * {applies_to}`stack: ga 9.0` In **Edit** mode, select **Controls** > **Add control** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` In **Edit** mode, select **Add** > **Controls** > **Control** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` In **Edit** mode, select **Controls** > **Add control** in the dashboard toolbar. 3. On the **Create control** flyout, from the **Data view** dropdown, select the data view that contains the field you want to use for the **Control**. 4. In the **Field** list, select the field you want to filter on. @@ -93,8 +93,8 @@ You can add one interactive time slider control to a dashboard. 1. Open or create a new dashboard. 2. Add a time slider control. - * {applies_to}`stack: ga 9.2` In **Edit** mode, select **Add** > **Controls** > **Time slider control** in the toolbar. - * {applies_to}`stack: ga 9.0` In **Edit** mode, select **Controls** > **Add time slider control**. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` In **Edit** mode, select **Add** > **Controls** > **Time slider control** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` In **Edit** mode, select **Controls** > **Add time slider control**. 3. The time slider control uses the time range from the global time filter. To change the time range in the time slider control, [change the global time filter](../query-filter/filtering.md). 4. Save the dashboard. The control can now be used. @@ -107,6 +107,7 @@ serverless: preview ``` :::{note} +:applies_to: stack: ga 9.0-9.1 In versions `9.0` and `9.1`, variable controls are called {{esql}} controls. ::: @@ -159,8 +160,8 @@ Several settings apply to all controls that are part of a dashboard. 1. Configure the control settings. - * {applies_to}`stack: ga 9.2` In **Edit** mode, select **Add** > **Controls** > **Settings** in the toolbar. - * {applies_to}`stack: ga 9.0` In **Edit** mode, select **Controls** > **Settings**. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` In **Edit** mode, select **Add** > **Controls** > **Settings** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` In **Edit** mode, select **Controls** > **Settings**. 2. On the **Control settings** flyout, configure the following settings: diff --git a/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md b/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md index 805507fd88..222aa7d5cd 100644 --- a/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md +++ b/explore-analyze/dashboards/create-dashboard-of-panels-with-ecommerce-data.md @@ -35,8 +35,8 @@ Open the visualization editor, then make sure the correct fields appear. 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization**. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization**. 2. Make sure the **Kibana Sample Data eCommerce** {{data-source}} appears, then set the [time filter](../query-filter/filtering.md) to **Last 30 days**. @@ -102,8 +102,8 @@ To analyze multiple series, create a line chart that displays the price distribu 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. Open the **Visualization type** dropdown, then select **Line**. 3. From the **Available fields** list, drag **products.price** to the workspace. @@ -143,8 +143,8 @@ To analyze multiple visualization types, create an area chart that displays the 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **products.price** to the workspace. 3. In the layer pane, click **Median of products.price**. @@ -186,8 +186,8 @@ To view change over time as a percentage, create an **Area percentage** chart th 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **Records** to the workspace. 3. Open the **Visualization type** dropdown, then select **Area**. @@ -227,8 +227,8 @@ To determine the number of orders made only on Saturday and Sunday, create an ar 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. Open the **Visualization type** dropdown, then select **Area**. @@ -269,8 +269,8 @@ To compare two time ranges, create a line chart that compares the sales in the c 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. Open the **Visualization type** dropdown, then select **Line**. 3. From the **Available fields** list, drag **Records** to the workspace. @@ -301,8 +301,8 @@ To compare time range changes as a percent, create a bar chart that compares the 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **Records** to the workspace. 3. In the layer pane, click **Count of records**. @@ -327,8 +327,8 @@ Create a date histogram table and group the customer count metric by category, s 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. Open the **Visualization type** dropdown, then select **Table**. 3. From the **Available fields** list, drag **customer_id** to the **Metrics** field in the layer pane. diff --git a/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md b/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md index 698626f924..7141c86e8f 100644 --- a/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md +++ b/explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md @@ -36,8 +36,8 @@ Open the visualization editor, then make sure the correct fields appear. 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization**. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization**. 2. Make sure the **{{kib}} Sample Data Logs** {{data-source}} appears. @@ -99,8 +99,8 @@ To visualize the **bytes** field over time: 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **bytes** to the workspace. @@ -163,8 +163,8 @@ The **Top values** function ranks the unique values of a field by another functi 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **clientip** to the **Vertical axis** field in the layer pane. @@ -213,8 +213,8 @@ Create a proportional visualization that helps you determine if your users trans 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **bytes** to the **Vertical axis** field in the layer pane. 3. In the layer pane, click **Median of bytes**. @@ -266,8 +266,8 @@ The distribution of a number can help you find patterns. For example, you can an 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Available fields** list, drag **bytes** to **Vertical axis** field in the layer pane. 3. In the layer pane, click **Median of bytes**. @@ -298,8 +298,8 @@ Add a panel title: 1. Create a visualization. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. Open the **Visualization type** dropdown, then select **Treemap**. 3. From the **Available fields** list, drag **Records** to the **Metric** field in the layer pane. diff --git a/explore-analyze/dashboards/drilldowns.md b/explore-analyze/dashboards/drilldowns.md index c72e630825..5567d4b6e8 100644 --- a/explore-analyze/dashboards/drilldowns.md +++ b/explore-analyze/dashboards/drilldowns.md @@ -59,8 +59,8 @@ Use the [**Sample web logs**](../index.md#gs-get-data-into-kibana) data to creat 1. Add the **Sample web logs** data. 2. Create a new dashboard. - * {applies_to}`stack: ga 9.2` Select **Add** > **From library** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Add from library** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **From library** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Add from library** in the dashboard toolbar. 3. Add the following panel: @@ -113,8 +113,8 @@ For example, if you have a dashboard that shows data from a Github repository, y 3. In the toolbar, click **Edit**. 4. Create a pie chart. - * {applies_to}`stack: ga 9.2` Select **Add** > **Visualization** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Create visualization** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **Visualization** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Create visualization** in the dashboard toolbar. 2. From the **Chart type** dropdown, select **Pie**. 3. From the **Available fields** list, drag **machine.os.keyword** to the workspace. diff --git a/explore-analyze/elastic-inference/eis.md b/explore-analyze/elastic-inference/eis.md index b4de895bc4..8c8effadfd 100644 --- a/explore-analyze/elastic-inference/eis.md +++ b/explore-analyze/elastic-inference/eis.md @@ -17,9 +17,9 @@ Instead, you can use {{ml}} models for ingest, search, and chat independently of * Your Elastic deployment or project comes with an [`Elastic Managed LLM` connector](https://www.elastic.co/docs/reference/kibana/connectors-kibana/elastic-managed-llm) with a default `General Purpose LLM`. This connector is used in Agent Builder, the AI Assistant, Attack Discovery, Automatic Import and Search Playground. For the list of available models, refer to the documentation. -* You can use [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md) to perform semantic search as a service (ELSER on EIS). {applies_to}`stack: preview 9.1, ga 9.2` {applies_to}`serverless: ga` +* You can use [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md) to perform semantic search as a service (ELSER on EIS). {applies_to}`stack: preview =9.1, ga 9.2+` {applies_to}`serverless: ga` -* You can use the [`jina-embeddings-v3`](/explore-analyze/machine-learning/nlp/ml-nlp-jina.md#jina-embeddings-v3) multilingual dense vector embedding model to perform semantic search through the Elastic {{infer-cap}} Service. {applies_to}`stack: preview 9.3` {applies_to}`serverless: preview` +* You can use the [`jina-embeddings-v3`](/explore-analyze/machine-learning/nlp/ml-nlp-jina.md#jina-embeddings-v3) multilingual dense vector embedding model to perform semantic search through the Elastic {{infer-cap}} Service. {applies_to}`stack: preview 9.3+` {applies_to}`serverless: preview` ## Region and hosting [eis-regions] @@ -31,7 +31,7 @@ ELSER requests are managed by Elastic's own EIS infrastructure and are also host ## ELSER through Elastic {{infer-cap}} Service (ELSER on EIS) [elser-on-eis] ```{applies_to} -stack: preview 9.1, ga 9.2 +stack: preview =9.1, ga 9.2+ serverless: ga ``` diff --git a/explore-analyze/query-filter/languages/esql-kibana.md b/explore-analyze/query-filter/languages/esql-kibana.md index 44b85bb36c..de5c247451 100644 --- a/explore-analyze/query-filter/languages/esql-kibana.md +++ b/explore-analyze/query-filter/languages/esql-kibana.md @@ -120,8 +120,8 @@ You can then: :::{note} The maximum number of queries in the history depends on the version you're using: -- {applies_to}`serverless: ga` {applies_to}`stack: ga 9.2` The query history can keep up to 50 KB of queries, which represents about 200 large queries, or about 300 short queries. -- {applies_to}`stack: ga 9.0` The query history keeps your 20 most recent queries. +- {applies_to}`serverless: ga` {applies_to}`stack: ga 9.2+` The query history can keep up to 50 KB of queries, which represents about 200 large queries, or about 300 short queries. +- {applies_to}`stack: ga 9.0-9.1` The query history keeps your 20 most recent queries. ::: ### Query help diff --git a/explore-analyze/report-and-share.md b/explore-analyze/report-and-share.md index 08d4a61db1..2bf7dc1f9d 100644 --- a/explore-analyze/report-and-share.md +++ b/explore-analyze/report-and-share.md @@ -86,8 +86,8 @@ In the following dashboard, the shareable container is highlighted: 1. Open the saved Discover session, dashboard, visualization, or **Canvas** workpad you want to share. 2. Choose a file type for the report. - * {applies_to}`stack: ga 9.0` From the toolbar, click **Share** > **Export** tab, then choose a file type. Note that when you create a dashboard report that includes a data table or Discover session, the PDF includes only the visible data. - * {applies_to}`stack: ga 9.1` From the toolbar, click the {icon}`download` **Export** icon, then choose a file type. + * {applies_to}`stack: ga 9.1+` From the toolbar, click the {icon}`download` **Export** icon, then choose a file type. + * {applies_to}`stack: ga =9.0` From the toolbar, click **Share** > **Export** tab, then choose a file type. Note that when you create a dashboard report that includes a data table or Discover session, the PDF includes only the visible data. ::::{note} When you create a dashboard report that includes a data table or Discover session, the PDF includes only the visible data. @@ -98,7 +98,7 @@ In the following dashboard, the shareable container is highlighted: Tips for generating PDF reports: * If you are creating dashboard PDFs, select **For printing** to create printer-friendly PDFs with multiple A4 portrait pages and two visualizations per page. - * {applies_to}`stack: ga 9.0` If you are creating workpad PDFs, select **Full page layout** to create PDFs without margins that surround the workpad. + * {applies_to}`stack: ga 9.0+` If you are creating workpad PDFs, select **Full page layout** to create PDFs without margins that surround the workpad. :::: @@ -107,7 +107,7 @@ In the following dashboard, the shareable container is highlighted: ::::{note} To generate the report from outside of {{kib}} or from {{watcher}}, use the POST URL, then submit an HTTP `POST` request using a script or {{watcher}}. - {applies_to}`stack: ga 9.1` You can schedule a recurring task in {{kib}} that generates reports on a repeating basis. Refer to [Automatically generate reports](report-and-share/automating-report-generation.md) to learn more. + {applies_to}`stack: ga 9.1+` You can schedule a recurring task in {{kib}} that generates reports on a repeating basis. Refer to [Automatically generate reports](report-and-share/automating-report-generation.md) to learn more. :::: Go to the **Reporting** page to access all of your reports. To find the page, navigate to **Stack Management > Alerts and Insights > Reporting** in the main menu, or use the [global search field](find-and-organize/find-apps-and-objects.md). diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 1ce3fcbcea..c7ca4ac35f 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -33,9 +33,9 @@ To create the POST URL for PDF reports: 1. Go to **Dashboards**, **Visualize Library**, or **Canvas**. 2. Open the dashboard, visualization, or **Canvas** workpad you want to view as a report. From the toolbar, do one of the following: - * {applies_to}`stack: ga 9.0` If you are using **Dashboard** or **Visualize Library**, click **Share > Export**, select the PDF or PNG option, then click **Copy POST URL**. - * {applies_to}`stack: ga 9.0` If you are using **Canvas**, click **Share > PDF Reports**, then click **Advanced options > Copy POST URL**. - * {applies_to}`stack: ga 9.1` Click the **Export** icon, then **PDF** or **PNG**. In the export flyout, copy the POST URL. + * {applies_to}`stack: ga 9.1+` Click the **Export** icon, then **PDF** or **PNG**. In the export flyout, copy the POST URL. + * {applies_to}`stack: ga =9.0` If you are using **Dashboard** or **Visualize Library**, click **Share > Export**, select the PDF or PNG option, then click **Copy POST URL**. + * {applies_to}`stack: ga =9.0` If you are using **Canvas**, click **Share > PDF Reports**, then click **Advanced options > Copy POST URL**. ### CSV reports [csv-post-url] @@ -45,8 +45,8 @@ To create the POST URL for CSV reports: 2. Open the saved Discover session you want to share. 3. In the toolbar, do one of the following: - * {applies_to}`stack: ga 9.0` Click **Share > Export > Copy POST URL**. - * {applies_to}`stack: ga 9.1` Click the **Export** icon, then **CSV**. In the export flyout, copy the POST URL. + * {applies_to}`stack: ga 9.1+` Click the **Export** icon, then **CSV**. In the export flyout, copy the POST URL. + * {applies_to}`stack: ga =9.0` Click **Share > Export > Copy POST URL**. ## Use Watcher [use-watcher] @@ -245,7 +245,7 @@ Save time by setting up a recurring task that automatically generates reports an If your role doesn't have the **Manage Scheduled Reporting** feature privilege, you can only send reports to yourself. :::: - {applies_to}`serverless: ga` {applies_to}`stack: ga 9.3`: (Optional) Enter additional details for email notifications: + {applies_to}`serverless: ga` {applies_to}`stack: ga 9.3+`: (Optional) Enter additional details for email notifications: * **Cc**: Enter one or more email addresses. Recipients will get a copy of the report, be included on all replies, and have view access to all other recipients' addresses. * **Bcc**: Enter one or more email addresses. Recipients will get a copy of the report, but won't be included on all replies and won't have view access to the other recipients' addresses. @@ -264,8 +264,8 @@ A message appears, indicating that the schedule is available on the **Reporting* To stop a scheduled report, you can take the following actions from the **Schedules** tab on the **Reporting** page: -- **Disable schedule**: {applies_to}`stack: ga 9.1` Disabling a schedule allows you to keep a record of it on the **Reporting** page, but permanently turns the schedule off. To restart the schedule, you must create a new one. -- **Delete schedule**: {applies_to}`stack: ga 9.3` Deleting a schedule permanently stops it and removes the schedule's record from the **Reporting** page. You can't recover a deleted schedule. +- **Disable schedule**: {applies_to}`stack: ga 9.1+` Disabling a schedule allows you to keep a record of it on the **Reporting** page, but permanently turns the schedule off. To restart the schedule, you must create a new one. +- **Delete schedule**: {applies_to}`stack: ga 9.3+` Deleting a schedule permanently stops it and removes the schedule's record from the **Reporting** page. You can't recover a deleted schedule. ### Scheduled reports limitations [scheduled-reports-limitations] diff --git a/explore-analyze/visualize/esorql.md b/explore-analyze/visualize/esorql.md index 6361815a91..db4d58e5f5 100644 --- a/explore-analyze/visualize/esorql.md +++ b/explore-analyze/visualize/esorql.md @@ -23,8 +23,8 @@ You can then **Save** and add it to an existing or a new dashboard using the sav 1. Add a new panel from your dashboard. - * {applies_to}`stack: ga 9.2` Select **Add** > **New panel** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Add panel** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **New panel** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Add panel** in the dashboard toolbar. ::::{tip} If you haven't created a [data view](/explore-analyze/find-and-organize/data-views.md) and you don't have a dashboard yet, the **Dashboards** page offers you the possibility to **Try ES|QL** right away. By selecting this option, a dashboard is created with an ES|QL visualization that you can interact with and configure using ES|QL. @@ -41,7 +41,7 @@ You can then **Save** and add it to an existing or a new dashboard using the sav ![Previewing an ESQL visualization](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69dcceb4f1e12bc1/66c752d6aff77d384dc44209/edit-esql-visualization.gif "") :::{note} - {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` + :applies_to: { "stack": "ga 9.1+", "serverless": "ga" } When you edit the query and run it again, the visualization configuration persists as long as it is compatible with the query changes. Refer to [](#chart-config-persist) for more details. ::: @@ -72,8 +72,8 @@ serverless: ga When you edit the {{esql}} query and run it again, the visualization configuration persists as you defined it as long as it is compatible with the query changes. The chart configuration resets or follows automatic suggestions when: -- {applies_to}`stack: ga 9.2` You manually select a different chart type incompatible with the one previously selected. -- {applies_to}`stack: ga 9.2` You create a new chart and haven't edited the visualization's options yet. +- {applies_to}`stack: ga 9.2+` You manually select a different chart type incompatible with the one previously selected. +- {applies_to}`stack: ga 9.2+` You create a new chart and haven't edited the visualization's options yet. - The query changes significantly and no longer returns compatible columns. ## Create an alert from your {{esql}} visualization diff --git a/explore-analyze/visualize/lens.md b/explore-analyze/visualize/lens.md index 03fff17e9d..475fa7e7dd 100644 --- a/explore-analyze/visualize/lens.md +++ b/explore-analyze/visualize/lens.md @@ -106,7 +106,7 @@ Tables are highly customizable, and provide you with text alignment, value forma ### Assign colors to terms [assign-colors-to-terms] ```{applies_to} -stack: preview 9.0, ga 9.1 +stack: preview =9.0, ga 9.1+ serverless: ga ``` diff --git a/explore-analyze/visualize/link-panels.md b/explore-analyze/visualize/link-panels.md index dbc2994b09..c702bb3cf0 100644 --- a/explore-analyze/visualize/link-panels.md +++ b/explore-analyze/visualize/link-panels.md @@ -26,8 +26,8 @@ You can use **Links** panels to create links to other dashboards or external web 1. Add a new panel. - * {applies_to}`stack: ga 9.2` Select **Add** > **New panel** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Add panel** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **New panel** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Add panel** in the dashboard toolbar. 2. In the **Add panel** flyout, select **Links**. The **Create links panel** flyout appears and lets you add the link you want to display. 3. Choose between the panel displaying vertically or horizontally on your dashboard and add your link. @@ -48,8 +48,8 @@ To add a previously saved links panel to another dashboard: 1. Open the **Add from library** flyout. - * {applies_to}`stack: ga 9.2` Select **Add** > **From library** in the toolbar. - * {applies_to}`stack: ga 9.0` Click **Add from library** in the dashboard toolbar. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Select **Add** > **From library** in the toolbar. + * {applies_to}`stack: ga 9.0-9.1` Click **Add from library** in the dashboard toolbar. 2. Select **Links** from the **Types** dropdown and then select the Links panel you want to add. 3. Click **Save**. diff --git a/manage-data/data-store/data-streams/manage-data-stream.md b/manage-data/data-store/data-streams/manage-data-stream.md index ecc280b9db..b2982257f1 100644 --- a/manage-data/data-store/data-streams/manage-data-stream.md +++ b/manage-data/data-store/data-streams/manage-data-stream.md @@ -26,9 +26,9 @@ In {{es-serverless}}, indices matching the `logs-*-*` pattern use the logsDB ind ## Manage data streams on the Streams page [manage-data-streams-with-streams] ```{applies_to} serverless: ga -stack: preview 9.1, ga 9.2 +stack: preview =9.1, ga 9.2+ ``` -Starting with {{stack}} version 9.2, the [**Streams**](/solutions/observability/streams/streams.md) page provides a centralized interface for managing your data in {{kib}}. It consolidates common data management tasks and eliminates the need for manual configuration of multiple applications and components. A stream maps directly to an {{es}} data stream, for example `logs-myapp-default`. Any changes that you make on the **Streams** page are automatically propagated to the associated data stream. +The [**Streams**](/solutions/observability/streams/streams.md) page provides a centralized interface for managing your data in {{kib}}. It consolidates common data management tasks and eliminates the need for manual configuration of multiple applications and components. A stream maps directly to an {{es}} data stream, for example `logs-myapp-default`. Any changes that you make on the **Streams** page are automatically propagated to the associated data stream. :::{image} /manage-data/images/data-stream-management-streams.png :alt: The Streams page @@ -40,6 +40,6 @@ You can perform the following data management tasks on the **Streams** page: * [define parsing and field extraction logic](/solutions/observability/streams/management/extract.md) * [configure data retention policies](/solutions/observability/streams/management/retention.md) * [manually adjust index settings](/solutions/observability/streams/management/advanced.md) -* [manage and update field mappings](/solutions/observability/streams/management/schema.md) {applies_to}`stack: unavailable 9.1` -* [identify failed and degraded documents](/solutions/observability/streams/management/data-quality.md) {applies_to}`stack: unavailable 9.1` -* [partition data into child streams](/solutions/observability/streams/management/partitioning.md) {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` +* [manage and update field mappings](/solutions/observability/streams/management/schema.md) +* [identify failed and degraded documents](/solutions/observability/streams/management/data-quality.md) +* [partition data into child streams](/solutions/observability/streams/management/partitioning.md) {applies_to}`stack: preview 9.2+` {applies_to}`serverless: preview` diff --git a/manage-data/lifecycle/data-stream/tutorial-update-existing-data-stream.md b/manage-data/lifecycle/data-stream/tutorial-update-existing-data-stream.md index 7276ff29ea..bb19596285 100644 --- a/manage-data/lifecycle/data-stream/tutorial-update-existing-data-stream.md +++ b/manage-data/lifecycle/data-stream/tutorial-update-existing-data-stream.md @@ -218,7 +218,7 @@ GET .ds-my-data-stream-*/_lifecycle/explain ## Manage data retention on the Streams page [data-retention-streams] ```{applies_to} serverless: ga -stack: preview 9.1, ga 9.2 +stack: preview =9.1, ga 9.2+ ``` Starting with {{stack}} version 9.2, the **Streams** page provides a centralized interface for common data management tasks in {{kib}}, including getting insight into how your data streams retain data. diff --git a/manage-data/lifecycle/index-lifecycle-management/policy-view-status.md b/manage-data/lifecycle/index-lifecycle-management/policy-view-status.md index 0344c789ab..dec4b8284e 100644 --- a/manage-data/lifecycle/index-lifecycle-management/policy-view-status.md +++ b/manage-data/lifecycle/index-lifecycle-management/policy-view-status.md @@ -47,7 +47,7 @@ To learn how to create and adjust copies of built-in {{ilm-init}} policies for m ![Data stream status page](/manage-data/images/elasticsearch-reference-datastream-status.png "") -**To view the current lifecycle status for a datastream on the Streams page:** {applies_to}`"stack": "ga 9.2, preview 9.1"` +**To view the current lifecycle status for a datastream on the Streams page:** {applies_to}`"stack": "ga 9.2+, preview =9.1"` Starting with {{stack}} version 9.2, the [**Streams**](/solutions/observability/streams/streams.md) page provides a centralized interface for common data management tasks in {{kib}}. diff --git a/reference/fleet/agent-policy.md b/reference/fleet/agent-policy.md index 4175ec471d..689694eacd 100644 --- a/reference/fleet/agent-policy.md +++ b/reference/fleet/agent-policy.md @@ -362,8 +362,8 @@ You can also set the log level for an individual agent: 1. In {{fleet}}, click **Agents**. In the **Host** column, select the agent you want to edit. 2. Find the **Agent logging level** setting: - - {applies_to}`serverless: ga` {applies_to}`stack: ga 9.1.0` On the agent's **Settings** tab. - - {applies_to}`stack: ga 9.0.0` On the agent's **Logs** tab. + - {applies_to}`serverless: ga` {applies_to}`stack: ga 9.1+` On the agent's **Settings** tab. + - {applies_to}`stack: ga =9.0` On the agent's **Logs** tab. 3. Set the **Agent logging level** and apply your changes. Or, you can choose to reset the agent to use the logging level specified in the agent policy. diff --git a/reference/fleet/fleet-settings.md b/reference/fleet/fleet-settings.md index 02050f2fc9..7871e0a0af 100644 --- a/reference/fleet/fleet-settings.md +++ b/reference/fleet/fleet-settings.md @@ -150,7 +150,6 @@ To enable automatic deletion of unenrolled agents: 2. In the **Advanced Settings** section, enable the **Delete unenrolled agents** option. ### Show agentless resources [show-agentless-resources-setting] - ```{applies_to} stack: ga 9.1.6 serverless: ga diff --git a/reference/fleet/install-uninstall-integration-assets.md b/reference/fleet/install-uninstall-integration-assets.md index 533a69ad65..7fd21469b8 100644 --- a/reference/fleet/install-uninstall-integration-assets.md +++ b/reference/fleet/install-uninstall-integration-assets.md @@ -25,7 +25,7 @@ It's currently not possible to have multiple versions of the same integration in Elastic Agent integrations and associated assets, such as dashboards, visualizations, and saved searches, behave differently depending on your {{stack}} version: -* {applies_to}`stack: ga 9.1` Fleet uses a space-aware data model for {{agent}} policies and integrations. Agent policies can now span multiple spaces, while integration assets remain space-specific. +* {applies_to}`stack: ga 9.1+` Fleet uses a space-aware data model for {{agent}} policies and integrations. Agent policies can span multiple spaces, while integration assets remain space-specific. Integration assets are still installed per space, but can be managed and reinstalled independently in each space. @@ -33,7 +33,7 @@ Elastic Agent integrations and associated assets, such as dashboards, visualizat For more details, refer to [Using Spaces with Fleet](../../deploy-manage/manage-spaces-fleet.md). -* {applies_to}`stack: ga 9.0` In versions earlier than {{stack}} 9.1, integration assets can be installed in only one {{kib}} space. You can manually [copy them](/explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-copy-to-space) to other spaces. However, many integrations include markdown panels with dynamically generated links to other dashboards. When copied between spaces, these links might not behave as expected and can result in a `Dashboard not found` (404) error. Refer to known issue [#175072](https://github.com/elastic/kibana/issues/175072) for details. +* {applies_to}`stack: ga =9.0` Integration assets can be installed in only one {{kib}} space. You can manually [copy them](/explore-analyze/find-and-organize/saved-objects.md#managing-saved-objects-copy-to-space) to other spaces. However, many integrations include markdown panels with dynamically generated links to other dashboards. When copied between spaces, these links might not behave as expected and can result in a `Dashboard not found` (404) error. Refer to known issue [#175072](https://github.com/elastic/kibana/issues/175072) for details. :::: diff --git a/solutions/observability/incident-management/create-manage-rules.md b/solutions/observability/incident-management/create-manage-rules.md index f9c532ab99..e81f278ca8 100644 --- a/solutions/observability/incident-management/create-manage-rules.md +++ b/solutions/observability/incident-management/create-manage-rules.md @@ -103,13 +103,16 @@ To import and export rules, use [{{saved-objects-app}}](/explore-analyze/find-an Rules are disabled on export. You are prompted to re-enable the rule on successful import. ## Add resources for investigating alerts [observability-create-manage-rules-add-investigation-resources] +```{applies_to} +stack: ga 9.1 +``` When creating or editing a rule, add the following resources to help you get started with investigating alerts: -* {applies_to}`stack: ga 9.1` **Investigation guide**: Investigation guides can help you respond to alerts more efficiently and consistently. When creating them, you can include instructions for responding to alerts, links to external supporting materials, and more. When the rule generates an alert, the investigation guide can be accessed from the **Investigation guide** tab on the alert's details page. +* **Investigation guide**: Investigation guides can help you respond to alerts more efficiently and consistently. When creating them, you can include instructions for responding to alerts, links to external supporting materials, and more. When the rule generates an alert, the investigation guide can be accessed from the **Investigation guide** tab on the alert's details page. ::::{tip} Use Markdown to format and structure text in your investigation guide. :::: -* {applies_to}`stack: ga 9.1` **Related and suggested dashboards**: Link to dashboards that provide useful insights about your environment, active events, and any other information that might be relevant during your investigations. When the rule generates an alert, linked dashboards can be accessed from the **Related dashboards** tab on the alert's details page. From the tab, you can also review and add suggested dashboards (available for custom threshold rules only). +* **Related and suggested dashboards**: Link to dashboards that provide useful insights about your environment, active events, and any other information that might be relevant during your investigations. When the rule generates an alert, linked dashboards can be accessed from the **Related dashboards** tab on the alert's details page. From the tab, you can also review and add suggested dashboards (available for custom threshold rules only). diff --git a/solutions/observability/streams/management/advanced.md b/solutions/observability/streams/management/advanced.md index b9688a1c13..b0a3b60655 100644 --- a/solutions/observability/streams/management/advanced.md +++ b/solutions/observability/streams/management/advanced.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ navigation_title: Configure advanced settings --- # Configure advanced settings for streams [streams-advanced-settings] diff --git a/solutions/observability/streams/management/data-quality.md b/solutions/observability/streams/management/data-quality.md index d3ae93ffc8..30299b7e9b 100644 --- a/solutions/observability/streams/management/data-quality.md +++ b/solutions/observability/streams/management/data-quality.md @@ -1,7 +1,7 @@ --- applies_to: serverless: preview - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Manage data quality [streams-data-retention] diff --git a/solutions/observability/streams/management/extract.md b/solutions/observability/streams/management/extract.md index d49c36ab4b..749bd392e4 100644 --- a/solutions/observability/streams/management/extract.md +++ b/solutions/observability/streams/management/extract.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Extract fields [streams-extract-fields] diff --git a/solutions/observability/streams/management/extract/append.md b/solutions/observability/streams/management/extract/append.md index ff94116ca8..aa392d01fe 100644 --- a/solutions/observability/streams/management/extract/append.md +++ b/solutions/observability/streams/management/extract/append.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Append processor [streams-append-processor] % Need use cases diff --git a/solutions/observability/streams/management/extract/date.md b/solutions/observability/streams/management/extract/date.md index 9545e04e6f..bdaa2e8a8c 100644 --- a/solutions/observability/streams/management/extract/date.md +++ b/solutions/observability/streams/management/extract/date.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Date processor [streams-date-processor] diff --git a/solutions/observability/streams/management/extract/dissect.md b/solutions/observability/streams/management/extract/dissect.md index 9258852031..48b7f0206b 100644 --- a/solutions/observability/streams/management/extract/dissect.md +++ b/solutions/observability/streams/management/extract/dissect.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Dissect processor [streams-dissect-processor] diff --git a/solutions/observability/streams/management/extract/grok.md b/solutions/observability/streams/management/extract/grok.md index 9a33c0cab0..6d2df5cc25 100644 --- a/solutions/observability/streams/management/extract/grok.md +++ b/solutions/observability/streams/management/extract/grok.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Grok processor [streams-grok-processor] diff --git a/solutions/observability/streams/management/extract/manual-pipeline-configuration.md b/solutions/observability/streams/management/extract/manual-pipeline-configuration.md index 55669933f2..6069dd09c5 100644 --- a/solutions/observability/streams/management/extract/manual-pipeline-configuration.md +++ b/solutions/observability/streams/management/extract/manual-pipeline-configuration.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Manual pipeline configuration [streams-manual-pipeline-configuration] diff --git a/solutions/observability/streams/management/extract/rename.md b/solutions/observability/streams/management/extract/rename.md index 2c9b3fc02e..7a0cedc74e 100644 --- a/solutions/observability/streams/management/extract/rename.md +++ b/solutions/observability/streams/management/extract/rename.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Rename processor [streams-rename-processor] % need use cases diff --git a/solutions/observability/streams/management/extract/set.md b/solutions/observability/streams/management/extract/set.md index c5714dbfa9..608492c6f6 100644 --- a/solutions/observability/streams/management/extract/set.md +++ b/solutions/observability/streams/management/extract/set.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Set processor [streams-set-processor] % need use cases diff --git a/solutions/observability/streams/management/retention.md b/solutions/observability/streams/management/retention.md index b706c2b75c..c953c2b463 100644 --- a/solutions/observability/streams/management/retention.md +++ b/solutions/observability/streams/management/retention.md @@ -2,7 +2,7 @@ navigation_title: Manage data retention applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Manage data retention for Streams [streams-data-retention] @@ -12,7 +12,7 @@ After selecting a stream, use the **Retention** tab to set how long your stream - **Retention**: The current retention policy, including the source of the policy. - **Storage size**: The total data volume and number of documents in the stream. - **Ingestion averages**: Estimated ingestion per day and month, calculated based on the total size of all data in the stream divided by the stream's age. -- **ILM policy data tiers**: {applies_to}`stack: preview 9.1, ga 9.2` The amount of data in each data tier (**Hot**, **Warm**, **Cold**). +- **ILM policy data tiers**: {applies_to}`stack: preview =9.1, ga 9.2+` The amount of data in each data tier (**Hot**, **Warm**, **Cold**). - **Ingestion over time**: Estimated ingestion volume over time based on the number of documents over that time, multiplied by the average document size in the backing index. For more information on data retention, refer to [Data stream lifecycle](../../../../manage-data/lifecycle/data-stream.md). @@ -30,7 +30,7 @@ Under **Retention**, select **Edit data retention** to open the configuration op - [**Inherit from index template or parent stream**](#streams-retention-inherit-from-template): Use the data retention configuration that's set in a classic stream's index template or a wired stream's parent stream. - [**Set a specific retention period**](#streams-retention-dsl): For simplicity, you can set your stream to retain data for a specific number of days. Setting a specific or indefinite retention period stores data in the hot phase for best indexing and search performance. -- [**Follow an ILM policy**](#streams-retention-ilm): {applies_to}`stack: preview 9.1, ga 9.2` Select an existing ILM policy that uses phases for your data (hot, warm, cold) to allow more control when managing storage, performance, and cost as your data ages. +- [**Follow an ILM policy**](#streams-retention-ilm): {applies_to}`stack: preview =9.1, ga 9.2+` Select an existing ILM policy that uses phases for your data (hot, warm, cold) to allow more control when managing storage, performance, and cost as your data ages. ### Inherit from index template or parent stream [streams-retention-inherit-from-template] If you enable **Inherit from index template** or **parent stream**, the stream uses the retention settings from its index template (for classic streams) or parent stream (for wired streams). When this option is enabled, you don’t need to specify a custom retention period or policy. @@ -63,7 +63,7 @@ To define a global default retention policy, refer to [project settings](../../. ### Follow an ILM policy [streams-retention-ilm] ```{applies_to} serverless: unavailable -stack: preview 9.1, ga 9.2 +stack: preview =9.1, ga 9.2+ ``` [ILM policies](../../../../manage-data/lifecycle/index-lifecycle-management.md) let you automate and standardize data retention across Streams and other data streams. diff --git a/solutions/observability/streams/management/schema.md b/solutions/observability/streams/management/schema.md index 8dd2433ffb..9e14ad270d 100644 --- a/solutions/observability/streams/management/schema.md +++ b/solutions/observability/streams/management/schema.md @@ -2,7 +2,7 @@ navigation_title: Map fields applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Map fields in Streams [streams-schema] diff --git a/solutions/observability/streams/management/significant-events.md b/solutions/observability/streams/management/significant-events.md index 3ab9a1c6c0..00cdc44cf6 100644 --- a/solutions/observability/streams/management/significant-events.md +++ b/solutions/observability/streams/management/significant-events.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Add significant events diff --git a/solutions/observability/streams/streams.md b/solutions/observability/streams/streams.md index c7bdfc99ce..198123bd79 100644 --- a/solutions/observability/streams/streams.md +++ b/solutions/observability/streams/streams.md @@ -1,7 +1,7 @@ --- applies_to: serverless: ga - stack: preview 9.1, ga 9.2 + stack: preview =9.1, ga 9.2+ --- # Streams diff --git a/solutions/search/rag/playground-context.md b/solutions/search/rag/playground-context.md index 452e1cece2..be481c16a7 100644 --- a/solutions/search/rag/playground-context.md +++ b/solutions/search/rag/playground-context.md @@ -2,7 +2,7 @@ mapped_pages: - https://www.elastic.co/guide/en/kibana/current/playground-context.html applies_to: - stack: preview 9.0, beta 9.1 + stack: preview =9.0, beta 9.1+ serverless: beta products: - id: kibana @@ -15,7 +15,7 @@ Context is the information you provide to the LLM, to optimize the relevance of There are a few ways to optimize this context for better results. Some adjustments can be made directly in the Playground UI. Others require refining your indexing strategy, and potentially reindexing your data. ::::{note} -:applies_to: stack: preview 9.0 +:applies_to: stack: preview 9.0+ Only **one field** can be selected as context for the LLM. :::: @@ -24,7 +24,7 @@ Only **one field** can be selected as context for the LLM. ## Edit context in UI [playground-context-ui] ```{applies_to} -stack: preview 9.0.0, unavailable 9.1.0 +stack: preview =9.0.0, removed 9.1+ ``` Use the **Playground context** section in the Playground UI to adjust the number of documents and fields sent to the LLM. diff --git a/solutions/search/rag/playground-query.md b/solutions/search/rag/playground-query.md index 0c0f4e09ab..1dc6263a3a 100644 --- a/solutions/search/rag/playground-query.md +++ b/solutions/search/rag/playground-query.md @@ -2,7 +2,7 @@ mapped_pages: - https://www.elastic.co/guide/en/kibana/current/playground-query.html applies_to: - stack: preview 9.0, beta 9.1 + stack: preview =9.0, beta 9.1+ serverless: beta products: - id: kibana diff --git a/solutions/search/rag/playground-troubleshooting.md b/solutions/search/rag/playground-troubleshooting.md index a928828ede..bc7e7a40fe 100644 --- a/solutions/search/rag/playground-troubleshooting.md +++ b/solutions/search/rag/playground-troubleshooting.md @@ -3,7 +3,7 @@ navigation_title: Troubleshooting mapped_pages: - https://www.elastic.co/guide/en/kibana/current/playground-troubleshooting.html applies_to: - stack: preview 9.0, beta 9.1 + stack: preview =9.0, beta 9.1+ serverless: beta products: - id: kibana diff --git a/solutions/search/rag/playground.md b/solutions/search/rag/playground.md index e71f767f6a..800c8e98ec 100644 --- a/solutions/search/rag/playground.md +++ b/solutions/search/rag/playground.md @@ -4,7 +4,7 @@ mapped_pages: - https://www.elastic.co/guide/en/serverless/current/elasticsearch-playground.html - https://www.elastic.co/guide/en/kibana/current/playground.html applies_to: - stack: preview 9.0, beta 9.1 + stack: preview =9.0, beta 9.1+ serverless: beta products: - id: cloud-serverless diff --git a/solutions/search/vector/knn.md b/solutions/search/vector/knn.md index c819d84cf5..1b2956a0a8 100644 --- a/solutions/search/vector/knn.md +++ b/solutions/search/vector/knn.md @@ -1202,7 +1202,7 @@ All quantization introduces some accuracy loss, and higher compression generally #### The `rescore_vector` option ```{applies_to} -stack: preview 9.0, ga 9.1 +stack: preview =9.0, ga 9.1+ ``` Use `rescore_vector` to automatically perform reranking. When you specify an `oversample` value, approximate kNN will: diff --git a/solutions/security/advanced-entity-analytics/entity-store.md b/solutions/security/advanced-entity-analytics/entity-store.md index 234338ce78..c46c3d5f40 100644 --- a/solutions/security/advanced-entity-analytics/entity-store.md +++ b/solutions/security/advanced-entity-analytics/entity-store.md @@ -33,8 +33,8 @@ When the entity store is enabled, the following resources are generated for each * {{es}} resources, such as transforms, ingest pipelines, and enrich policies. * Data and fields for each entity. * The `.entities.v1.latest.security_user_`, `.entities.v1.latest.security_host_`, and `.entities.v1.latest.security_services_` indices, which contain field mappings for hosts, users, and services respectively. You can query these indices to see a list of fields that are mapped in the entity store. -* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` Snapshot indices (`.entities.v1.history..*`) that store daily snapshots of entity data, enabling [historical analysis](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#historical-entity-analysis) of attributes over time. -* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` Reset indices (`.entities.v1.reset.*`) that ensure entity timestamps are updated correctly in the latest index, supporting accurate time-based queries and future data resets. +* {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` Snapshot indices (`.entities.v1.history..*`) that store daily snapshots of entity data, enabling [historical analysis](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#historical-entity-analysis) of attributes over time. +* {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` Reset indices (`.entities.v1.reset.*`) that ensure entity timestamps are updated correctly in the latest index, supporting accurate time-based queries and future data resets. ## Enable entity store [enable-entity-store] diff --git a/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md b/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md index 7b6c721bbc..53d4a620f3 100644 --- a/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md +++ b/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md @@ -44,10 +44,10 @@ If you’re installing the risk scoring engine for the first time: 1. Find **Entity risk score** in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). 2. On the **Entity risk score** page, turn the toggle on. -3. {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` Choose whether to retain [residual risk scores](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md#residual-risk-score). +3. {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` Choose whether to retain [residual risk scores](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md#residual-risk-score). 4. Optionally, specify a date and time range for the calculation. 5. Choose whether to include `Closed` alerts in risk scoring calculations. -6. {applies_to}`stack: ga 9.3` {applies_to}`serverless: ga` Optionally, filter out alerts by defining conditions for the entity types or attributes that you want to exclude from the calculation. For example, if you don't want to calculate risk scores for users with a **Low impact** asset criticality level, enter `not user.asset.criticality: "low_impact"`. +6. {applies_to}`stack: ga 9.3+` {applies_to}`serverless: ga` Optionally, filter out alerts by defining conditions for the entity types or attributes that you want to exclude from the calculation. For example, if you don't want to calculate risk scores for users with a **Low impact** asset criticality level, enter `not user.asset.criticality: "low_impact"`. :::{image} /solutions/images/security-turn-on-risk-engine.png :alt: Turn on entity risk scoring diff --git a/solutions/security/ai/ai-assistant.md b/solutions/security/ai/ai-assistant.md index ab22a7763b..d5b1062359 100644 --- a/solutions/security/ai/ai-assistant.md +++ b/solutions/security/ai/ai-assistant.md @@ -46,7 +46,7 @@ The [**GenAI settings**](/explore-analyze/ai-features/manage-access-to-ai-assist - Manage which AI connectors are available in your environment. - Enable or disable AI Assistant and other AI-powered features in your environment. -- {applies_to}`stack: ga 9.2` {applies_to}`serverless: unavailable` Specify in which Elastic solutions the `AI Assistant for Observability and Search` and the `AI Assistant for Security` appear. +- {applies_to}`stack: ga 9.2+` {applies_to}`serverless: unavailable` Specify in which Elastic solutions the `AI Assistant for Observability and Search` and the `AI Assistant for Security` appear. @@ -100,14 +100,14 @@ Each user’s chat history (up to the 99 most recent conversations) and custom Q Use these optional features to adjust and act on your conversations with AI Assistant: * Select a *System Prompt* at the beginning of a conversation by using the **Select Prompt** menu. System Prompts provide context to the model, informing its response. To create a System Prompt, open the System Prompts dropdown menu and click **+ Add new System Prompt…**. -* {applies_to}`stack: ga 9.1` Select a *prompt tile* to start your conversation with a predefined goal or topic. Prompt tiles help you begin structured tasks or investigations into common {{elastic-sec}} workflows. The available prompt tiles include: +* {applies_to}`stack: ga 9.1+` Select a *prompt tile* to start your conversation with a predefined goal or topic. Prompt tiles help you begin structured tasks or investigations into common {{elastic-sec}} workflows. The available prompt tiles include: * **Alerts**: Quickly identify and prioritize the most important alerts from the last 24 hours. * **Research**: Get a summary of the latest {{elastic-sec}} Labs research articles. * **Query**: Generate {{esql}} queries based on a specific goal or requirement. * **Suggest**: Explore the types of questions you can ask AI Assistant about {{elastic-sec}}. -* {applies_to}`stack: removed 9.1` Select a default *Quick Prompt* at the bottom of the chat window to get help writing a prompt for a specific purpose, such as summarizing an alert or converting a query from a legacy SIEM to {{elastic-sec}}. The default Quick Prompts' availability varies based on context—for example, the **Alert summarization** Quick Prompt appears when you open AI Assistant while viewing an alert. +* {applies_to}`stack: removed 9.1+` Select a default *Quick Prompt* at the bottom of the chat window to get help writing a prompt for a specific purpose, such as summarizing an alert or converting a query from a legacy SIEM to {{elastic-sec}}. The default Quick Prompts' availability varies based on context—for example, the **Alert summarization** Quick Prompt appears when you open AI Assistant while viewing an alert. * Create new custom Quick Prompts by clicking **Add quick prompt**. diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index a1b34a5011..340853e8d3 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -76,6 +76,7 @@ Ensure your role has: By default, Attack Discovery analyzes up to 100 alerts from the last 24 hours, but you can customize how many and which alerts it analyzes using the settings menu. To open it, click the settings icon next to the **Run** button. :::{note} +:applies_to: stack: ga =9.0 In {{stack}} 9.0.0 and earlier, the **Run** button is called **Generate**. ::: @@ -103,8 +104,8 @@ You’ll need to select an LLM connector before you can analyze alerts. To get s 1. Click the **Attack Discovery** page from {{elastic-sec}}'s navigation menu. 2. Do one of the following: - - {applies_to}`stack: ga 9.1` Click the settings icon next to the **Run** button, then in the settings menu, select an existing connector from the dropdown menu, or add a new one. - - {applies_to}`stack: ga 9.0` Select an existing connector from the dropdown menu, or add a new one. + - {applies_to}`stack: ga 9.1+` Click the settings icon next to the **Run** button, then in the settings menu, select an existing connector from the dropdown menu, or add a new one. + - {applies_to}`stack: ga =9.0` Select an existing connector from the dropdown menu, or add a new one. :::{admonition} Recommended models While Attack Discovery is compatible with many different models, refer to the [Large language model performance matrix](/solutions/security/ai/large-language-model-performance-matrix.md) to see which models perform best. @@ -117,8 +118,8 @@ You’ll need to select an LLM connector before you can analyze alerts. To get s ::: 3. Once you’ve selected a connector, do one of the following to start the analysis: - - {applies_to}`stack: ga 9.1` Click **Save and run**. - - {applies_to}`stack: ga 9.0` Click **Generate**. + - {applies_to}`stack: ga 9.1+` Click **Save and run**. + - {applies_to}`stack: ga =9.0` Click **Generate**. It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Once the analysis is complete, any threats it identifies will appear as discoveries. Click each one’s title to expand or collapse it. Click **Run** at any time to start the Attack Discovery process again with the selected alerts. diff --git a/solutions/security/detect-and-alert/monitor-rule-executions.md b/solutions/security/detect-and-alert/monitor-rule-executions.md index d476587cb9..8bc3ea9313 100644 --- a/solutions/security/detect-and-alert/monitor-rule-executions.md +++ b/solutions/security/detect-and-alert/monitor-rule-executions.md @@ -45,11 +45,11 @@ For information about rule execution gaps (which are periods of time when a rule * **Time filter**: Allows you to select a time range for viewing gap data. * **Total rules with gaps:** Provides metrics for rules with gaps: - * {applies_to}`stack: ga 9.0` Tells you how many rules have unfilled or partially filled gaps within the selected time range. - * {applies_to}`stack: ga 9.1` Tells you the number of rules with unfilled gaps (left metric) and the number of rules with gaps being filled (right metric). - -* {applies_to}`stack: ga 9.0` **Only rules with gaps**: Filters the Rules table to only display rules with unfilled or partially filled gaps. -* {applies_to}`stack: ga 9.1` **Only rules with unfilled gaps**: Filters the Rules table to only display rules with unfilled gaps. Note that the filter excludes rules with gaps that are being filled. + * {applies_to}`stack: ga 9.1+` Tells you the number of rules with unfilled gaps (left metric) and the number of rules with gaps being filled (right metric). + * {applies_to}`stack: ga =9.0` Tells you how many rules have unfilled or partially filled gaps within the selected time range. + +* {applies_to}`stack: ga 9.1+` **Only rules with unfilled gaps**: Filters the Rules table to only display rules with unfilled gaps. Note that the filter excludes rules with gaps that are being filled. +* {applies_to}`stack: ga =9.0` **Only rules with gaps**: Filters the Rules table to only display rules with unfilled or partially filled gaps. Within the Rules table, the **Last Gap (if any)** column conveys how long the most recent gap for a rule lasted. The **Unfilled gaps duration** column shows whether a rule still has gaps and provides a total sum of the remaining unfilled or partially filled gaps. The total sum can change based on the time range that you select in the panel above the table. If a rule has no gaps, the columns display a dash (`––`). @@ -92,9 +92,8 @@ Use these controls to filter what’s included in the logs table: ### Gaps table [gaps-table] - ```{applies_to} - stack: preview 9.0, ga 9.1 +stack: preview =9.0, ga 9.1+ ``` Gaps in rule executions are periods of time where a rule didn’t run. They can be caused by various disruptions, including system updates, rule failures, or simply turning off a rule. Addressing gaps is essential for maintaining consistent coverage and avoiding missed alerts. @@ -106,7 +105,8 @@ Refer to the [Troubleshoot gaps](../../../troubleshoot/security/detection-rules. Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. In {{stack}} 9.1 and Serverless, fill all gaps for the current rule by clicking **Fill all gaps** in the Gaps table. ::::{note} -{applies_to}`stack: ga 9.1` From the Rules table, fill gaps for multiple rules with the [**Fill gaps** bulk action](/solutions/security/detect-and-alert/manage-detection-rules.md#bulk-fill-gaps-multiple-rules). +:applies_to: stack: ga 9.1+ +From the Rules table, fill gaps for multiple rules with the [**Fill gaps** bulk action](/solutions/security/detect-and-alert/manage-detection-rules.md#bulk-fill-gaps-multiple-rules). :::: :::{image} /solutions/images/security-gaps-table.png diff --git a/solutions/security/detect-and-alert/suppress-detection-alerts.md b/solutions/security/detect-and-alert/suppress-detection-alerts.md index c8e7cc21e0..2b5d41c9f6 100644 --- a/solutions/security/detect-and-alert/suppress-detection-alerts.md +++ b/solutions/security/detect-and-alert/suppress-detection-alerts.md @@ -32,8 +32,9 @@ You can configure alert suppression when [creating](/solutions/security/detect-a 1. When configuring the rule (the **Define rule** step for a new rule, or the **Definition** tab for an existing rule), specify how you want to group alerts for alert suppression: * **All rule types except the threshold rule:** In **Suppress alerts by**, enter 1 or more field names to group alerts by the fields' values. The maximum limit of fields that you can enter is as follows: - * {applies_to}`stack: ga 9.0.0, ga 9.1.0` Enter up to 3 fields. - * {applies_to}`stack: ga 9.2.0`: Enter up to 5 fields. + * {applies_to}`serverless:` {applies_to}`stack: ga 9.2+` Enter up to 5 fields. + * {applies_to}`stack: ga 9.0-9.1` Enter up to 3 fields. + * **Threshold rule only:** In **Group by**, enter up to 3 field names to group events by the fields' values, or leave the setting empty to group all qualifying events together. diff --git a/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md b/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md index de748a0236..a62652e12e 100644 --- a/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md +++ b/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md @@ -97,11 +97,11 @@ Expand a section below for your endpoint security system: * Microsoft Defender for Endpoint Fleet integration policy: Permission to read alert data (`Windows Defender ATP: Alert.Read.All`). * Microsoft Defender for Endpoint connector: Permission to read machine information as well as isolate and release a machine (`Windows Defender ATP: Machine.Read.All` and `Machine.Isolate`). - * {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` To run a script on a host: + * {applies_to}`stack: ga 9.1+` {applies_to}`serverless: ga` To run a script on a host: * Microsoft Defender for Endpoint connector: Permission to manage live response library files as well as run live response on a specific machine (`Windows Defender ATP: Library.Manage` and `Machine.LiveResponse`) - * {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` To cancel an ongoing action on a host, you need the same permissions that are required for the action you're canceling. + * {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` To cancel an ongoing action on a host, you need the same permissions that are required for the action you're canceling. Refer to the [Microsoft Defender for Endpoint integration documentation](https://docs.elastic.co/en/integrations/microsoft_defender_endpoint) or [Microsoft’s documentation](https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-webapp) for details on creating a new Azure application. diff --git a/solutions/security/endpoint-response-actions/third-party-response-actions.md b/solutions/security/endpoint-response-actions/third-party-response-actions.md index 5b4c62f9a4..a86f8e2cff 100644 --- a/solutions/security/endpoint-response-actions/third-party-response-actions.md +++ b/solutions/security/endpoint-response-actions/third-party-response-actions.md @@ -49,9 +49,9 @@ These response actions are supported for Microsoft Defender for Endpoint–enrol Refer to the instructions on [isolating](/solutions/security/endpoint-response-actions/isolate-host.md#isolate-a-host) and [releasing](/solutions/security/endpoint-response-actions/isolate-host.md#release-a-host) hosts for more details. -* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` **Run a script on a host** with the [`runscript` response action](/solutions/security/endpoint-response-actions.md#microsoft-defender-for-endpoint). +* {applies_to}`stack: ga 9.1+` {applies_to}`serverless: ga` **Run a script on a host** with the [`runscript` response action](/solutions/security/endpoint-response-actions.md#microsoft-defender-for-endpoint). -* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Cancel an ongoing action on a host** with the [`cancel` response action](/solutions/security/endpoint-response-actions.md#cancel). +* {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` **Cancel an ongoing action on a host** with the [`cancel` response action](/solutions/security/endpoint-response-actions.md#cancel). ## SentinelOne response actions [sentinelone-response-actions] diff --git a/solutions/security/get-started/automatic-migration.md b/solutions/security/get-started/automatic-migration.md index 879f494735..a2c817ef50 100644 --- a/solutions/security/get-started/automatic-migration.md +++ b/solutions/security/get-started/automatic-migration.md @@ -1,6 +1,6 @@ --- applies_to: - stack: preview 9.0, ga 9.1 + stack: preview =9.0, ga 9.1+ serverless: security: ga --- @@ -9,8 +9,8 @@ applies_to: Automatic Migration helps you quickly migrate Splunk assets to {{elastic-sec}}. The following asset types are supported: -* {applies_to}`stack: preview 9.0, ga 9.1` {applies_to}`serverless: ga` Splunk rules -* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Classic Splunk dashboards (v1.1) +* {applies_to}`stack: preview 9.2+` {applies_to}`serverless: preview` Classic Splunk dashboards (v1.1) +* {applies_to}`stack: preview 9.0-9.1` {applies_to}`serverless: ga` Splunk rules For rule migrations, if comparable Elastic-authored rules exist, Automatic Migration simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules and dashboards on the fly so you can verify and edit them instead of writing them from scratch. diff --git a/solutions/security/get-started/elastic-security-ui.md b/solutions/security/get-started/elastic-security-ui.md index f81131e9ef..aa73103d8d 100644 --- a/solutions/security/get-started/elastic-security-ui.md +++ b/solutions/security/get-started/elastic-security-ui.md @@ -217,7 +217,7 @@ Use additional API and analysis tools to interact with your data. Use the management or project settings pages to access and manage: - Additional security features -- {applies_to}`stack: ga` [Stack monitoring](/deploy-manage/monitor/stack-monitoring.md) +- {applies_to}`serverless: unavailable` [Stack monitoring](/deploy-manage/monitor/stack-monitoring.md) - [{{integrations}}](/reference/fleet/manage-integrations.md) - Indices, data streams, and rollups - {applies_to}`serverless: ga` [Billing](/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md) and [subscription](/deploy-manage/cloud-organization/billing/manage-subscription.md) options for your {{serverless-short}} project diff --git a/solutions/security/investigate/notes.md b/solutions/security/investigate/notes.md index d15979707a..6b86967d67 100644 --- a/solutions/security/investigate/notes.md +++ b/solutions/security/investigate/notes.md @@ -17,7 +17,7 @@ Incorporate notes into your investigative workflows to coordinate responses, con ::::{note} * {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` You can attach up to 100 notes to alerts and events. The number of notes you can attach to Timelines is unlimited. -* {applies_to}`stack: removed 9.1` {applies_to}`serverless: removed` Configure the `securitySolution:maxUnassociatedNotes` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#max-notes-alerts-events) to specify the maximum number of notes that you can attach to alerts and events. +* {applies_to}`stack: ga =9.0` Configure the `securitySolution:maxUnassociatedNotes` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#max-notes-alerts-events) to specify the maximum number of notes that you can attach to alerts and events. :::: ## Grant access to notes [notes-privileges] diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index 3fdad05521..8b0a9eac2a 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -42,11 +42,11 @@ Open a new case to keep track of security issues and share their details with co 4. Optionally, add a category, assignees and relevant tags. You can add users only if they meet the necessary [prerequisites](/solutions/security/investigate/cases-requirements.md). 5. {applies_to}`stack: preview` {applies_to}`serverless: preview` If you defined [custom fields](/solutions/security/investigate/configure-case-settings.md#cases-ui-custom-fields), they appear in the **Additional fields** section. 6. Choose if you want alert statuses to sync with the case’s status after they are added to the case. This option is turned on by default, but you can turn it off after creating the case. -7. {applies_to}`stack: ga 9.2` With the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md), you can choose to automatically extract observables from alerts that you're adding to the case. This option is turned on by default. You can turn it off after creating the case by toggling **Auto-extract observables** on the case's **Observables** tab. +7. {applies_to}`stack: ga 9.2+` With the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md), you can choose to automatically extract observables from alerts that you're adding to the case. This option is turned on by default. You can turn it off after creating the case by toggling **Auto-extract observables** on the case's **Observables** tab. 8. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/security/investigate/configure-case-settings.md#cases-ui-integrations) ::::{note} - :applies_to:{stack: ga 9.3} + :applies_to: stack: ga 9.3+ When specifying **Additional fields** for an {{ibm-r}} connector, fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: @@ -87,7 +87,7 @@ When you subsequently add assignees to cases, they receive an email. From the Cases page, you can search existing cases and filter them by attributes such as assignees, categories, severity, status, and tags. You can also select multiple cases and use bulk actions to delete cases or change their attributes. General case metrics, including how long it takes to close cases, are provided above the table. -{applies_to}`stack: ga 9.3.0` To find cases that were created during a specific time range, use the date time picker above the Cases table. The default time selection is the last 30 days. Clicking **Show all cases** displays every {{elastic-sec}} case in your space. The action also adjusts the starting time range to the date of when the first case was created. +{applies_to}`stack: ga 9.3+` To find cases that were created during a specific time range, use the date time picker above the Cases table. The default time selection is the last 30 days. Clicking **Show all cases** displays every {{elastic-sec}} case in your space. The action also adjusts the starting time range to the date of when the first case was created. To explore a case, click on its name. You can then: @@ -102,7 +102,7 @@ To explore a case, click on its name. You can then: * Add and manage the following items: * [Alerts](/solutions/security/investigate/open-manage-cases.md#cases-examine-alerts) * [Indicators](/solutions/security/investigate/indicators-of-compromise.md#review-indicator-in-case) - * {applies_to}`stack: ga 9.2.0` [Events](/solutions/security/investigate/open-manage-cases.md#cases-examine-events) + * {applies_to}`stack: ga 9.2+` [Events](/solutions/security/investigate/open-manage-cases.md#cases-examine-events) * [Files](/solutions/security/investigate/open-manage-cases.md#cases-add-files) * [Observables](/solutions/security/investigate/open-manage-cases.md#cases-add-observables) * [Manage connectors](/solutions/security/investigate/configure-case-settings.md#cases-ui-integrations) and send updates to external systems (if you’ve added a connector to the case) @@ -139,8 +139,8 @@ To explore the alerts attached to a case, click the **Alerts** tab. In the table You can find the **Alerts** tab in the following places: -- {applies_to}`stack: ga 9.3`: Go to the case's details page, then select the **Attachments** tab. -- {applies_to}`stack: ga 9.0`: Go to the case's details page. +- {applies_to}`serverless:` {applies_to}`stack: ga 9.3+`: Go to the case's details page, then select the **Attachments** tab. +- {applies_to}`stack: ga 9.0-9.2`: Go to the case's details page. ::::{important} Each case can have a maximum of 1,000 alerts. @@ -157,8 +157,8 @@ After adding events to a case, go to the **Events** tab to examine them. Within You can find the **Events** tab in the following places: -- {applies_to}`stack: ga 9.3`: Go to the case's details page, then select the **Attachments** tab. -- {applies_to}`stack: ga 9.2`: Go to the case's details page. +- {applies_to}`serverless:` {applies_to}`stack: ga 9.3+`: Go to the case's details page, then select the **Attachments** tab. +- {applies_to}`stack: ga =9.2`: Go to the case's details page. ### Add files [cases-add-files] @@ -218,8 +218,8 @@ An observable is a piece of information about an investigation, for example, a s To view and manage observables, go to the **Observables** tab. You can find the tab in the following places: -- {applies_to}`stack: ga 9.3`: Go to the case's details page, then select the **Attachments** tab. -- {applies_to}`stack: ga 9.0`: Go to the case's details page. +- {applies_to}`serverless:` {applies_to}`stack: ga 9.3+`: Go to the case's details page, then select the **Attachments** tab. +- {applies_to}`stack: ga 9.0-9.2`: Go to the case's details page. ::::{important} Each case can have a maximum of 50 observables. diff --git a/solutions/security/investigate/timeline.md b/solutions/security/investigate/timeline.md index 95659dcbca..9da1ddfe45 100644 --- a/solutions/security/investigate/timeline.md +++ b/solutions/security/investigate/timeline.md @@ -54,8 +54,8 @@ Click the star icon (![Favorite icon](/solutions/images/security-favorite-icon.p ## View and refine Timeline results [refine-timeline-results] You can select whether Timeline displays detection alerts and other raw events, or just alerts. By default, Timeline displays both raw events and alerts. To hide raw events and display alerts only: -* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` Select the `Security solution alerts` data view. -* {applies_to}`stack: ga 9.0` Click **Data view** to the left of the KQL query bar, then select **Show only detection alerts**. +* {applies_to}`stack: ga 9.2+` {applies_to}`serverless: ga` Select the `Security solution alerts` data view. +* {applies_to}`stack: ga 9.0-9.1` Click **Data view** to the left of the KQL query bar, then select **Show only detection alerts**. ## Inspect an event or alert [timeline-inspect-events-alerts] diff --git a/solutions/security/manage-elastic-defend/automatic-troubleshooting.md b/solutions/security/manage-elastic-defend/automatic-troubleshooting.md index f4d397a1c4..fa64c13ec0 100644 --- a/solutions/security/manage-elastic-defend/automatic-troubleshooting.md +++ b/solutions/security/manage-elastic-defend/automatic-troubleshooting.md @@ -2,7 +2,7 @@ mapped_pages: - https://www.elastic.co/guide/en/serverless/current/identify-third-party-av-products.html applies_to: - stack: ga 9.2, preview 9.0 + stack: ga 9.2+, preview 9.0-9.1 serverless: security: ga products: diff --git a/troubleshoot/ingest/opentelemetry/edot-collector/trace-export-errors.md b/troubleshoot/ingest/opentelemetry/edot-collector/trace-export-errors.md index c3bd8a9d75..21114562f4 100644 --- a/troubleshoot/ingest/opentelemetry/edot-collector/trace-export-errors.md +++ b/troubleshoot/ingest/opentelemetry/edot-collector/trace-export-errors.md @@ -30,14 +30,14 @@ These errors indicate the Collector is overwhelmed and unable to export data fas This issue typically occurs when the `sending_queue` configuration or the Elasticsearch cluster scaling is misaligned with the incoming telemetry volume. :::{important} -{applies_to}`stack: ga 9.0, deprecated 9.3` +{applies_to}`stack: ga 9.0-9.2, deprecated 9.3+` The sending queue is turned off by default. Verify that `enabled: true` is explicitly set — otherwise any queue configuration will be ignored. ::: Common contributing factors include: * Underscaled Elasticsearch cluster is the most frequent cause of persistent export failures. If Elasticsearch cannot index data fast enough, the Collector’s queue fills up. -* {applies_to}`stack: ga 9.0, deprecated 9.3` `sending_queue.block_on_overflow` is turned off (defaults to `false`), which can lead to data drops. +* {applies_to}`stack: ga 9.0-9.2, deprecated 9.3+` `sending_queue.block_on_overflow` is turned off (defaults to `false`), which can lead to data drops. * Sending queue is enabled but `num_consumers` is too low to keep up with the incoming data volume. * Sending queue size (`queue_size`) is too small for the traffic load. * Both internal and sending queue batching are disabled, increasing processing overhead. @@ -52,7 +52,7 @@ Increasing the `timeout` value (for example from 30s to 90s) doesn't help if the The resolution approach depends on your {{stack}} version and Collector configuration. ### When the sending queue is not enabled by default -{applies_to}`stack: ga 9.0, deprecated 9.3` +{applies_to}`stack: ga 9.0-9.2, deprecated 9.3+` Enable the sending queue and block on overflow to prevent data drops: