diff --git a/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md b/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md
index ecbe4accf6..0fce2f887d 100644
--- a/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md
+++ b/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md
@@ -8,7 +8,7 @@ mapped_pages:
# Logstash plugins [k8s-logstash-plugins]
-The power of {{ls}} is in the plugins--[inputs](asciidocalypse://docs/logstash/docs/reference/input-plugins.md), [outputs](asciidocalypse://docs/logstash/docs/reference/output-plugins.md), [filters,]((asciidocalypse://docs/logstash/docs/reference/filter-plugins.md) and [codecs](asciidocalypse://docs/logstash/docs/reference/codec-plugins.md).
+The power of {{ls}} is in the plugins--[inputs](asciidocalypse://docs/logstash/docs/reference/input-plugins.md), [outputs](asciidocalypse://docs/logstash/docs/reference/output-plugins.md), [filters](asciidocalypse://docs/logstash/docs/reference/filter-plugins.md), and [codecs](asciidocalypse://docs/logstash/docs/reference/codec-plugins.md).
In {{ls}} on ECK, you can use the same plugins that you use for other {{ls}} instances—including Elastic-supported, community-supported, and custom plugins. However, you may have other factors to consider, such as how you configure your {{k8s}} resources, how you specify additional resources, and how you scale your {{ls}} installation.
diff --git a/extend/index.md b/extend/index.md
index 92bebe7cd2..9a118b7f36 100644
--- a/extend/index.md
+++ b/extend/index.md
@@ -6,15 +6,15 @@ This section contains information on how to extend or contribute to our various
You can contribute to various projects, including:
-- [Kibana](kibana://docs/extend/index.md): Enhance our data visualization platform by contributing to Kibana.
-- [Logstash](logstash://docs/extend/index.md): Help us improve the data processing pipeline with your contributions to Logstash.
-- [Beats](beats://docs/extend/index.md): Add new features or beats to our lightweight data shippers.
+- [Kibana](asciidocalypse://docs/extend/index.md): Enhance our data visualization platform by contributing to Kibana.
+- [Logstash](asciidocalypse://docs/extend/index.md): Help us improve the data processing pipeline with your contributions to Logstash.
+- [Beats](asciidocalypse://docs/extend/index.md): Add new features or beats to our lightweight data shippers.
## Creating Integrations
-Extend the capabilities of Elastic by creating integrations that connect Elastic products with other tools and systems. Visit our [Integrations Guide](integrations://docs/extend/index.md) to get started.
+Extend the capabilities of Elastic by creating integrations that connect Elastic products with other tools and systems. Visit our [Integrations Guide](asciidocalypse://docs/extend/index.md) to get started.
## Elasticsearch Plugins
-Develop custom plugins to add new functionalities to Elasticsearch. Check out our [Elasticsearch Plugins Development Guide](elasticsearch://docs/extend/index.md) for detailed instructions and best practices.
+Develop custom plugins to add new functionalities to Elasticsearch. Check out our [Elasticsearch Plugins Development Guide](asciidocalypse://docs/extend/index.md) for detailed instructions and best practices.
diff --git a/reference/data-analysis/index.md b/reference/data-analysis/index.md
index e4f03e50bf..4bd7d580a0 100644
--- a/reference/data-analysis/index.md
+++ b/reference/data-analysis/index.md
@@ -4,7 +4,7 @@
This section contains reference information for data analysis features, including:
-* [Text analysis components](elasticsearch://docs/reference/data-analysis/text-analysis/index.md)
-* [Aggregations](elasticsearch://docs/reference/data-analysis/aggregations/index.md)
+* [Text analysis components](asciidocalypse://docs/reference/data-analysis/text-analysis/index.md)
+* [Aggregations](asciidocalypse://docs/reference/data-analysis/aggregations/index.md)
* [Machine learning functions](/reference/data-analysis/machine-learning/machine-learning-functions.md)
* [Canvas functions](/reference/data-analysis/kibana/canvas-functions.md)
diff --git a/reference/data-analysis/machine-learning/ml-geo-functions.md b/reference/data-analysis/machine-learning/ml-geo-functions.md
index 011b632d29..555319fccf 100644
--- a/reference/data-analysis/machine-learning/ml-geo-functions.md
+++ b/reference/data-analysis/machine-learning/ml-geo-functions.md
@@ -64,7 +64,7 @@ For example, JSON data might contain the following transaction coordinates:
}
```
-In {{es}}, location data is likely to be stored in `geo_point` fields. For more information, see [`geo_point` data type](elasticsearch://docs/reference/elasticsearch/mapping-reference/geo-point.md). This data type is supported natively in {{ml-features}}. Specifically, when pulling data from a `geo_point` field, a {{dfeed}} will transform the data into the appropriate `lat,lon` string format before sending to the {{anomaly-job}}.
+In {{es}}, location data is likely to be stored in `geo_point` fields. For more information, see [`geo_point` data type](asciidocalypse://docs/reference/elasticsearch/mapping-reference/geo-point.md). This data type is supported natively in {{ml-features}}. Specifically, when pulling data from a `geo_point` field, a {{dfeed}} will transform the data into the appropriate `lat,lon` string format before sending to the {{anomaly-job}}.
For more information, see [Altering data in your {{dfeed}} with runtime fields](/explore-analyze/machine-learning/anomaly-detection/ml-configuring-transform.md).
diff --git a/reference/data-analysis/machine-learning/ootb-ml-jobs-auditbeat.md b/reference/data-analysis/machine-learning/ootb-ml-jobs-auditbeat.md
index ce1f7d8b92..f1f992555d 100644
--- a/reference/data-analysis/machine-learning/ootb-ml-jobs-auditbeat.md
+++ b/reference/data-analysis/machine-learning/ootb-ml-jobs-auditbeat.md
@@ -5,7 +5,7 @@ mapped_pages:
# {{auditbeat}} {{anomaly-detect}} configurations [ootb-ml-jobs-auditbeat]
-These {{anomaly-job}} wizards appear in {{kib}} if you use [{{auditbeat}}](beats://docs/reference/auditbeat/auditbeat.md) to audit process activity on your systems. For more details, see the {{dfeed}} and job definitions in GitHub.
+These {{anomaly-job}} wizards appear in {{kib}} if you use [{{auditbeat}}](asciidocalypse://docs/reference/auditbeat/auditbeat.md) to audit process activity on your systems. For more details, see the {{dfeed}} and job definitions in GitHub.
## Auditbeat docker processes [auditbeat-process-docker-ecs]
diff --git a/reference/data-analysis/machine-learning/ootb-ml-jobs-metricbeat.md b/reference/data-analysis/machine-learning/ootb-ml-jobs-metricbeat.md
index ceb58cf5f6..cda8b5a915 100644
--- a/reference/data-analysis/machine-learning/ootb-ml-jobs-metricbeat.md
+++ b/reference/data-analysis/machine-learning/ootb-ml-jobs-metricbeat.md
@@ -5,7 +5,7 @@ mapped_pages:
# {{metricbeat}} {{anomaly-detect}} configurations [ootb-ml-jobs-metricbeat]
-These {{anomaly-job}} wizards appear in {{kib}} if you use the [{{metricbeat}} system module](beats://docs/reference/metricbeat/metricbeat-module-system.md) to monitor your servers. For more details, see the {{dfeed}} and job definitions in GitHub.
+These {{anomaly-job}} wizards appear in {{kib}} if you use the [{{metricbeat}} system module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-system.md) to monitor your servers. For more details, see the {{dfeed}} and job definitions in GitHub.
## {{metricbeat}} system [metricbeat-system-ecs]
diff --git a/reference/data-analysis/machine-learning/ootb-ml-jobs-siem.md b/reference/data-analysis/machine-learning/ootb-ml-jobs-siem.md
index b35701b203..64abee1946 100644
--- a/reference/data-analysis/machine-learning/ootb-ml-jobs-siem.md
+++ b/reference/data-analysis/machine-learning/ootb-ml-jobs-siem.md
@@ -12,7 +12,7 @@ These {{anomaly-jobs}} automatically detect file system and network anomalies on
Detect anomalous activity in your ECS-compatible authentication logs.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
By default, when you create these job in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json#L7) then select it in the job wizard.
@@ -31,7 +31,7 @@ By default, when you create these job in the {{security-app}}, it uses a {{data-
Detect suspicious activity recorded in your CloudTrail logs.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_cloudtrail/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_cloudtrail/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
| Name | Description | Job (JSON) | Datafeed |
| --- | --- | --- | --- |
@@ -46,7 +46,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
Anomaly detection jobs for host-based threat hunting and detection.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Dashboards -> Host Traffic Anomalies`.
@@ -60,7 +60,7 @@ To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Da
Anomaly detection jobs for Linux host-based threat hunting and detection.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
| Name | Description | Job (JSON) | Datafeed |
| --- | --- | --- | --- |
@@ -84,7 +84,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
Detect anomalous network activity in your ECS-compatible network logs.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
By default, when you create these jobs in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json#L7) then select it in the job wizard.
@@ -100,7 +100,7 @@ By default, when you create these jobs in the {{security-app}}, it uses a {{data
Detect suspicious network activity in {{packetbeat}} data.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_packetbeat/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_packetbeat/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
| Name | Description | Job (JSON) | Datafeed |
| --- | --- | --- | --- |
@@ -115,7 +115,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
Anomaly detection jobs for Windows host-based threat hunting and detection.
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
If there are additional requirements such as installing the Windows System Monitor (Sysmon) or auditing process creation in the Windows security event log, they are listed for each job.
@@ -137,20 +137,20 @@ If there are additional requirements such as installing the Windows System Monit
## Security: Elastic Integrations [security-integrations-jobs]
-[Elastic Integrations](integration-docs://docs/reference/index.md) are a streamlined way to add Elastic assets to your environment, such as data ingestion, {{transforms}}, and in this case, {{ml}} capabilities for Security.
+[Elastic Integrations](asciidocalypse://docs/reference/index.md) are a streamlined way to add Elastic assets to your environment, such as data ingestion, {{transforms}}, and in this case, {{ml}} capabilities for Security.
The following Integrations use {{ml}} to analyze patterns of user and entity behavior, and help detect and alert when there is related suspicious activity in your environment.
-* [Data Exfiltration Detection](integration-docs://docs/reference/ded.md)
-* [Domain Generation Algorithm Detection](integration-docs://docs/reference/dga.md)
-* [Lateral Movement Detection](integration-docs://docs/reference/lmd.md)
-* [Living off the Land Attack Detection](integration-docs://docs/reference/problemchild.md)
+* [Data Exfiltration Detection](asciidocalypse://docs/reference/ded.md)
+* [Domain Generation Algorithm Detection](asciidocalypse://docs/reference/dga.md)
+* [Lateral Movement Detection](asciidocalypse://docs/reference/lmd.md)
+* [Living off the Land Attack Detection](asciidocalypse://docs/reference/problemchild.md)
**Domain Generation Algorithm (DGA) Detection**
{{ml-cap}} solution package to detect domain generation algorithm (DGA) activity in your network data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
-To download, refer to the [documentation](integration-docs://docs/reference/dga.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/dga.md).
| Name | Description |
| --- | --- |
@@ -162,7 +162,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
{{ml-cap}} solution package to detect Living off the Land (LotL) attacks in your environment. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. (Also known as ProblemChild).
-To download, refer to the [documentation](integration-docs://docs/reference/problemchild.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/problemchild.md).
| Name | Description |
| --- | --- |
@@ -179,7 +179,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
{{ml-cap}} package to detect data exfiltration in your network and file data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
-To download, refer to the [documentation](integration-docs://docs/reference/ded.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/ded.md).
| Name | Description |
| --- | --- |
@@ -197,7 +197,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
{{ml-cap}} package to detect lateral movement based on file transfer activity and Windows RDP events. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
-To download, refer to the [documentation](integration-docs://docs/reference/lmd.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/lmd.md).
| Name | Description |
| --- | --- |
diff --git a/reference/ecs.md b/reference/ecs.md
index a8cc7766f5..c3ff432fc2 100644
--- a/reference/ecs.md
+++ b/reference/ecs.md
@@ -4,6 +4,6 @@ navigation_title: ECS
# Elastic Common Schema
Elastic Common Schema (ECS) defines a common set of fields for ingesting data into Elasticsearch.
-For field details and usage information, refer to [](ecs://docs/reference/index.md).
+For field details and usage information, refer to [](asciidocalypse://docs/reference/index.md).
-ECS loggers are plugins for your favorite logging libraries, which help you to format your logs into ECS-compatible JSON. Check out [](ecs-logging://docs/reference/intro.md).
+ECS loggers are plugins for your favorite logging libraries, which help you to format your logs into ECS-compatible JSON. Check out [](asciidocalypse://docs/reference/intro.md).
diff --git a/reference/elasticsearch/clients/index.md b/reference/elasticsearch/clients/index.md
index 0d98eb88b0..4aa5bba4b9 100644
--- a/reference/elasticsearch/clients/index.md
+++ b/reference/elasticsearch/clients/index.md
@@ -21,13 +21,13 @@ This section contains documentation for all the official Elasticsearch clients:
You can use the following language clients with {{es-serverless}}:
-* [Go](go-elasticsearch://docs/reference/getting-started-serverless.md)
-* [Java](elasticsearch-java://docs/reference/getting-started-serverless.md)
-* [.NET](elasticsearch-net://docs/reference/getting-started.md)
-* [Node.JS](elasticsearch-js://docs/reference/getting-started.md)
-* [PHP](elasticsearch-php://docs/reference/getting-started.md)
-* [Python](elasticsearch-py://docs/reference/getting-started.md)
-* [Ruby](elasticsearch-ruby://docs/reference/getting-started.md)
+* [Go](asciidocalypse://docs/reference/getting-started-serverless.md)
+* [Java](asciidocalypse://docs/reference/getting-started-serverless.md)
+* [.NET](asciidocalypse://docs/reference/getting-started.md)
+* [Node.JS](asciidocalypse://docs/reference/getting-started.md)
+* [PHP](asciidocalypse://docs/reference/getting-started.md)
+* [Python](asciidocalypse://docs/reference/getting-started.md)
+* [Ruby](asciidocalypse://docs/reference/getting-started.md)
::::{tip}
Learn how to [connect to your {{es-serverless}} endpoint](/solutions/search/serverless-elasticsearch-get-started.md).
diff --git a/reference/glossary/index.md b/reference/glossary/index.md
index b52bc6bf0a..a5859667b4 100644
--- a/reference/glossary/index.md
+++ b/reference/glossary/index.md
@@ -15,7 +15,7 @@ $$$glossary-metadata$$$ @metadata
## A [a-glos]
$$$glossary-action$$$ action
-: 1. The rule-specific response that occurs when an alerting rule fires. A rule can have multiple actions. See [Connectors and actions](kibana://docs/reference/connectors-kibana.md).
+: 1. The rule-specific response that occurs when an alerting rule fires. A rule can have multiple actions. See [Connectors and actions](asciidocalypse://docs/reference/connectors-kibana.md).
2. In {{elastic-sec}}, actions send notifications via other systems when a detection alert is created, such as email, Slack, PagerDuty, and {{webhook}}.
@@ -23,7 +23,7 @@ $$$glossary-admin-console$$$ administration console
: A component of {{ece}} that provides the API server for the [Cloud UI](/reference/glossary/index.md#glossary-cloud-ui). Also syncs cluster and allocator data from ZooKeeper to {{es}}.
$$$glossary-advanced-settings$$$ Advanced Settings
-: Enables you to control the appearance and behavior of {{kib}} by setting the date format, default index, and other attributes. Part of {{kib}} Stack Management. See [Advanced Settings](kibana://docs/reference/advanced-settings.md).
+: Enables you to control the appearance and behavior of {{kib}} by setting the date format, default index, and other attributes. Part of {{kib}} Stack Management. See [Advanced Settings](asciidocalypse://docs/reference/advanced-settings.md).
$$$glossary-agent-policy$$$ Agent policy
: A collection of inputs and settings that defines the data to be collected by {{agent}}. An agent policy can be applied to a single agent or shared by a group of agents; this makes it easier to manage many agents at scale. See [{{agent}} policies](/reference/ingestion-tools/fleet/agent-policy.md).
@@ -120,7 +120,7 @@ $$$glossary-cold-tier$$$ cold tier
: [Data tier](/reference/glossary/index.md#glossary-data-tier) that contains [nodes](/reference/glossary/index.md#glossary-node) that hold time series data that is accessed occasionally and not normally updated. See [Data tiers](/manage-data/lifecycle/data-tiers.md).
$$$glossary-component-template$$$ component template
-: Building block for creating [index templates](/reference/glossary/index.md#glossary-index-template). A component template can specify [mappings](/reference/glossary/index.md#glossary-mapping), [index settings](elasticsearch://docs/reference/elasticsearch/index-settings/index.md), and [aliases](/reference/glossary/index.md#glossary-alias). See [index templates](/manage-data/data-store/templates.md).
+: Building block for creating [index templates](/reference/glossary/index.md#glossary-index-template). A component template can specify [mappings](/reference/glossary/index.md#glossary-mapping), [index settings](asciidocalypse://docs/reference/elasticsearch/index-settings/index.md), and [aliases](/reference/glossary/index.md#glossary-alias). See [index templates](/manage-data/data-store/templates.md).
$$$glossary-condition$$$ condition
: Specifies the circumstances that must be met to trigger an alerting [rule](/reference/glossary/index.md#glossary-rule).
@@ -129,7 +129,7 @@ $$$glossary-conditional$$$ conditional
: A control flow that executes certain actions based on whether a statement (also called a condition) is true or false. {{ls}} supports `if`, `else if`, and `else` statements. You can use conditional statements to apply filters and send events to a specific output based on conditions that you specify.
$$$glossary-connector$$$ connector
-: A configuration that enables integration with an external system (the destination for an action). See [Connectors and actions](kibana://docs/reference/connectors-kibana.md).
+: A configuration that enables integration with an external system (the destination for an action). See [Connectors and actions](asciidocalypse://docs/reference/connectors-kibana.md).
$$$glossary-console$$$ Console
: In {{kib}}, a tool for interacting with the {{es}} REST API. You can send requests to {{es}}, view responses, view API documentation, and get your request history. See [Console](/explore-analyze/query-filter/tools/console.md).
@@ -180,7 +180,7 @@ $$$glossary-data-stream$$$ data stream
: A named resource used to manage [time series data](/reference/glossary/index.md#glossary-time-series-data). A data stream stores data across multiple backing [indices](/reference/glossary/index.md#glossary-index). See [Data streams](/manage-data/data-store/data-streams.md).
$$$glossary-data-tier$$$ data tier
-: Collection of [nodes](/reference/glossary/index.md#glossary-node) with the same [data role](elasticsearch://docs/reference/elasticsearch/configuration-reference/node-settings.md) that typically share the same hardware profile. Data tiers include the [content tier](/reference/glossary/index.md#glossary-content-tier), [hot tier](/reference/glossary/index.md#glossary-hot-tier), [warm tier](/reference/glossary/index.md#glossary-warm-tier), [cold tier](/reference/glossary/index.md#glossary-cold-tier), and [frozen tier](/reference/glossary/index.md#glossary-frozen-tier). See [Data tiers](/manage-data/lifecycle/data-tiers.md).
+: Collection of [nodes](/reference/glossary/index.md#glossary-node) with the same [data role](asciidocalypse://docs/reference/elasticsearch/configuration-reference/node-settings.md) that typically share the same hardware profile. Data tiers include the [content tier](/reference/glossary/index.md#glossary-content-tier), [hot tier](/reference/glossary/index.md#glossary-hot-tier), [warm tier](/reference/glossary/index.md#glossary-warm-tier), [cold tier](/reference/glossary/index.md#glossary-cold-tier), and [frozen tier](/reference/glossary/index.md#glossary-frozen-tier). See [Data tiers](/manage-data/lifecycle/data-tiers.md).
$$$glossary-data-view$$$ data view
: An object that enables you to select the data that you want to use in {{kib}} and define the properties of the fields. A data view can point to one or more [data streams](/reference/glossary/index.md#glossary-data-stream), [indices](/reference/glossary/index.md#glossary-index), or [aliases](/reference/glossary/index.md#glossary-alias). For example, a data view can point to your log data from yesterday, or all indices that contain your data.
@@ -318,7 +318,7 @@ $$$glossary-fleet$$$ Fleet
: Fleet provides a way to centrally manage {{agent}}s at scale. There are two parts: The Fleet app in {{kib}} provides a web-based UI to add and remotely manage agents, while the {{fleet-server}} provides the backend service that manages agents. See [{{agent}} overview](/reference/ingestion-tools/fleet/index.md).
$$$glossary-flush$$$ flush
-: Writes data from the [transaction log](elasticsearch://docs/reference/elasticsearch/index-settings/translog.md) to disk for permanent storage.
+: Writes data from the [transaction log](asciidocalypse://docs/reference/elasticsearch/index-settings/translog.md) to disk for permanent storage.
$$$glossary-follower-index$$$ follower index
: Target [index](/reference/glossary/index.md#glossary-index) for [{{ccr}}](/reference/glossary/index.md#glossary-ccr). A follower index exists in a [local cluster](/reference/glossary/index.md#glossary-local-cluster) and replicates a [leader index](/reference/glossary/index.md#glossary-leader-index). See [{{ccr-cap}}](/deploy-manage/tools/cross-cluster-replication.md).
@@ -345,10 +345,10 @@ $$$glossary-gem$$$ gem
: A self-contained package of code that's hosted on [RubyGems.org](https://rubygems.org). {{ls}} [plugins](/reference/glossary/index.md#glossary-plugin) are packaged as Ruby Gems. You can use the {{ls}} [plugin manager](/reference/glossary/index.md#glossary-plugin-manager) to manage {{ls}} gems.
$$$glossary-geo-point$$$ geo-point
-: A field type in {{es}}. A geo-point field accepts latitude-longitude pairs for storing point locations. The latitude-longitude format can be from a string, geohash, array, well-known text, or object. See [geo-point](elasticsearch://docs/reference/elasticsearch/mapping-reference/geo-point.md).
+: A field type in {{es}}. A geo-point field accepts latitude-longitude pairs for storing point locations. The latitude-longitude format can be from a string, geohash, array, well-known text, or object. See [geo-point](asciidocalypse://docs/reference/elasticsearch/mapping-reference/geo-point.md).
$$$glossary-geo-shape$$$ geo-shape
-: A field type in {{es}}. A geo-shape field accepts arbitrary geographic primitives, like polygons, lines, or rectangles (and more). You can populate a geo-shape field from GeoJSON or well-known text. See [geo-shape](elasticsearch://docs/reference/elasticsearch/mapping-reference/geo-shape.md).
+: A field type in {{es}}. A geo-shape field accepts arbitrary geographic primitives, like polygons, lines, or rectangles (and more). You can populate a geo-shape field from GeoJSON or well-known text. See [geo-shape](asciidocalypse://docs/reference/elasticsearch/mapping-reference/geo-shape.md).
$$$glossary-geojson$$$ GeoJSON
: A format for representing geospatial data. GeoJSON is also a file-type, commonly used in the **Maps** application to upload a file of geospatial data. See [GeoJSON data](/explore-analyze/visualize/maps/indexing-geojson-data-tutorial.md).
@@ -369,7 +369,7 @@ $$$glossary-heat-map$$$ heat map
: A layer type in the **Maps** application. Heat maps cluster locations to show higher (or lower) densities. Heat maps describe a visualization with color-coded cells or regions to analyze patterns across multiple dimensions. See [Heat map layer](/explore-analyze/visualize/maps/heatmap-layer.md).
$$$glossary-hidden-index$$$ hidden data stream or index
-: [Data stream](/reference/glossary/index.md#glossary-data-stream) or [index](/reference/glossary/index.md#glossary-index) excluded from most [index patterns](/reference/glossary/index.md#glossary-index-pattern) by default. See [Hidden data streams and indices](elasticsearch://docs/reference/elasticsearch/rest-apis/api-conventions.md#multi-hidden).
+: [Data stream](/reference/glossary/index.md#glossary-data-stream) or [index](/reference/glossary/index.md#glossary-index) excluded from most [index patterns](/reference/glossary/index.md#glossary-index-pattern) by default. See [Hidden data streams and indices](asciidocalypse://docs/reference/elasticsearch/rest-apis/api-conventions.md#multi-hidden).
$$$glossary-host-runner$$$ host runner (runner)
: In {{ece}}, a local control agent that runs on all hosts, used to deploy local containers based on role definitions. Ensures that containers assigned to the host exist and are able to run, and creates or recreates the containers if necessary.
@@ -387,7 +387,7 @@ $$$glossary-hot-tier$$$ hot tier
## I [i-glos]
$$$glossary-id$$$ ID
-: Identifier for a [document](/reference/glossary/index.md#glossary-document). Document IDs must be unique within an [index](/reference/glossary/index.md#glossary-index). See the [`_id` field](elasticsearch://docs/reference/elasticsearch/mapping-reference/mapping-id-field.md).
+: Identifier for a [document](/reference/glossary/index.md#glossary-document). Document IDs must be unique within an [index](/reference/glossary/index.md#glossary-index). See the [`_id` field](asciidocalypse://docs/reference/elasticsearch/mapping-reference/mapping-id-field.md).
$$$glossary-index-lifecycle-policy$$$ index lifecycle policy
: Specifies how an [index](/reference/glossary/index.md#glossary-index) moves between phases in the [index lifecycle](/reference/glossary/index.md#glossary-index-lifecycle) and what actions to perform during each phase. See [Index lifecycle](/manage-data/lifecycle/index-lifecycle-management/index-lifecycle.md).
@@ -396,10 +396,10 @@ $$$glossary-index-lifecycle$$$ index lifecycle
: Five phases an [index](/reference/glossary/index.md#glossary-index) can transition through: [hot](/reference/glossary/index.md#glossary-hot-phase), [warm](/reference/glossary/index.md#glossary-warm-phase), [cold](/reference/glossary/index.md#glossary-cold-phase), [frozen](/reference/glossary/index.md#glossary-frozen-phase), and [delete](/reference/glossary/index.md#glossary-delete-phase). See [Index lifecycle](/manage-data/lifecycle/index-lifecycle-management/index-lifecycle.md).
$$$glossary-index-pattern$$$ index pattern
-: In {{es}}, a string containing a wildcard (`*`) pattern that can match multiple [data streams](/reference/glossary/index.md#glossary-data-stream), [indices](/reference/glossary/index.md#glossary-index), or [aliases](/reference/glossary/index.md#glossary-alias). See [Multi-target syntax](elasticsearch://docs/reference/elasticsearch/rest-apis/api-conventions.md).
+: In {{es}}, a string containing a wildcard (`*`) pattern that can match multiple [data streams](/reference/glossary/index.md#glossary-data-stream), [indices](/reference/glossary/index.md#glossary-index), or [aliases](/reference/glossary/index.md#glossary-alias). See [Multi-target syntax](asciidocalypse://docs/reference/elasticsearch/rest-apis/api-conventions.md).
$$$glossary-index-template$$$ index template
-: Automatically configures the [mappings](/reference/glossary/index.md#glossary-mapping), [index settings](elasticsearch://docs/reference/elasticsearch/index-settings/index.md), and [aliases](/reference/glossary/index.md#glossary-alias) of new [indices](/reference/glossary/index.md#glossary-index) that match its [index pattern](/reference/glossary/index.md#glossary-index-pattern). You can also use index templates to create [data streams](/reference/glossary/index.md#glossary-data-stream). See [Index templates](/manage-data/data-store/templates.md).
+: Automatically configures the [mappings](/reference/glossary/index.md#glossary-mapping), [index settings](asciidocalypse://docs/reference/elasticsearch/index-settings/index.md), and [aliases](/reference/glossary/index.md#glossary-alias) of new [indices](/reference/glossary/index.md#glossary-index) that match its [index pattern](/reference/glossary/index.md#glossary-index-pattern). You can also use index templates to create [data streams](/reference/glossary/index.md#glossary-data-stream). See [Index templates](/manage-data/data-store/templates.md).
$$$glossary-index$$$ index
: 1. Collection of JSON [documents](/reference/glossary/index.md#glossary-document). See [Documents and indices](/manage-data/data-store/index-basics.md).
@@ -491,7 +491,7 @@ $$$glossary-lucene$$$ Lucene query syntax
## M [m-glos]
$$$glossary-ml-nodes$$$ machine learning node
-: A {{ml}} node is a node that has `xpack.ml.enabled` set to `true` and `ml` in `node.roles`. If you want to use {{ml-features}}, there must be at least one {{ml}} node in your cluster. See [Machine learning nodes](elasticsearch://docs/reference/elasticsearch/configuration-reference/node-settings.md#ml-node).
+: A {{ml}} node is a node that has `xpack.ml.enabled` set to `true` and `ml` in `node.roles`. If you want to use {{ml-features}}, there must be at least one {{ml}} node in your cluster. See [Machine learning nodes](asciidocalypse://docs/reference/elasticsearch/configuration-reference/node-settings.md#ml-node).
$$$glossary-map$$$ map
: A representation of geographic data using symbols and labels. See [Maps](/explore-analyze/visualize/maps.md).
@@ -518,7 +518,7 @@ $$$glossary-monitor$$$ monitor
: A network endpoint which is monitored to track the performance and availability of applications and services.
$$$glossary-multi-field$$$ multi-field
-: A [field](/reference/glossary/index.md#glossary-field) that's [mapped](/reference/glossary/index.md#glossary-mapping) in multiple ways. See the [`fields` mapping parameter](elasticsearch://docs/reference/elasticsearch/mapping-reference/multi-fields.md).
+: A [field](/reference/glossary/index.md#glossary-field) that's [mapped](/reference/glossary/index.md#glossary-mapping) in multiple ways. See the [`fields` mapping parameter](asciidocalypse://docs/reference/elasticsearch/mapping-reference/multi-fields.md).
$$$glossary-multifactor$$$ multifactor authentication (MFA)
: A security process that requires you to provide two or more verification methods to gain access to web-based user interfaces.
@@ -637,7 +637,7 @@ $$$glossary-rollup$$$ rollup
: Summarizes high-granularity data into a more compressed format to maintain access to historical data in a cost-effective way. See [Roll up your data](/manage-data/lifecycle/rollup.md).
$$$glossary-routing$$$ routing
-: Process of sending and retrieving data from a specific [primary shard](/reference/glossary/index.md#glossary-primary-shard). {{es}} uses a hashed routing value to choose this shard. You can provide a routing value in [indexing](/reference/glossary/index.md#glossary-index) and search requests to take advantage of caching. See the [`_routing` field](elasticsearch://docs/reference/elasticsearch/mapping-reference/mapping-routing-field.md).
+: Process of sending and retrieving data from a specific [primary shard](/reference/glossary/index.md#glossary-primary-shard). {{es}} uses a hashed routing value to choose this shard. You can provide a routing value in [indexing](/reference/glossary/index.md#glossary-index) and search requests to take advantage of caching. See the [`_routing` field](asciidocalypse://docs/reference/elasticsearch/mapping-reference/mapping-routing-field.md).
$$$glossary-rule$$$ rule
: A set of [conditions](/reference/glossary/index.md#glossary-condition), schedules, and [actions](/reference/glossary/index.md#glossary-action) that enable notifications. See [{{rules-ui}}](/reference/glossary/index.md#glossary-rules).
@@ -706,7 +706,7 @@ $$$glossary-solution$$$ solution
: In {{ecloud}}, deployments with specialized [templates](/reference/glossary/index.md#glossary-deployment-template) that are pre-configured with sensible defaults and settings for common use cases.
$$$glossary-source_field$$$ source field
-: Original JSON object provided during [indexing](/reference/glossary/index.md#glossary-index). See the [`_source` field](elasticsearch://docs/reference/elasticsearch/mapping-reference/mapping-source-field.md).
+: Original JSON object provided during [indexing](/reference/glossary/index.md#glossary-index). See the [`_source` field](asciidocalypse://docs/reference/elasticsearch/mapping-reference/mapping-source-field.md).
$$$glossary-space$$$ space
: A place for organizing [dashboards](/reference/glossary/index.md#glossary-dashboard), [visualizations](/reference/glossary/index.md#glossary-visualization), and other [saved objects](/reference/glossary/index.md#glossary-saved-object) by category. For example, you might have different spaces for each team, use case, or individual. See [Spaces](/deploy-manage/manage-spaces.md).
diff --git a/reference/ingestion-tools/fleet/add-fleet-server-kubernetes.md b/reference/ingestion-tools/fleet/add-fleet-server-kubernetes.md
index bfefc80a12..a57b1ea166 100644
--- a/reference/ingestion-tools/fleet/add-fleet-server-kubernetes.md
+++ b/reference/ingestion-tools/fleet/add-fleet-server-kubernetes.md
@@ -134,7 +134,7 @@ A {{fleet-server}} is an {{agent}} that is enrolled in a {{fleet-server}} policy
### {{fleet}} preparations [add-fleet-server-kubernetes-preparations]
::::{tip}
-If you already have a {{fleet}} policy with the {{fleet-server}} integration, you know its ID, and you know how to generate an [{{es}} service token](elasticsearch://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md) for the {{fleet-server}}, skip directly to [{{fleet-server}} installation](#add-fleet-server-kubernetes-install).
+If you already have a {{fleet}} policy with the {{fleet-server}} integration, you know its ID, and you know how to generate an [{{es}} service token](asciidocalypse://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md) for the {{fleet-server}}, skip directly to [{{fleet-server}} installation](#add-fleet-server-kubernetes-install).
Also note that the `service token` required by the {{fleet-server}} is different from the `enrollment tokens` used by {{agent}}s to enroll to {{fleet}}.
@@ -204,7 +204,7 @@ Also note that the `service token` required by the {{fleet-server}} is different
To deploy {{fleet-server}} on Kubernetes and enroll it into {{fleet}} you need the following details:
* **Policy ID** of the {{fleet}} policy configured with the {{fleet-server}} integration.
-* **Service token**, that you can generate following the [{{fleet}} preparations](#add-fleet-server-kubernetes-preparations) or manually using the [{{es}}-service-tokens command](elasticsearch://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md).
+* **Service token**, that you can generate following the [{{fleet}} preparations](#add-fleet-server-kubernetes-preparations) or manually using the [{{es}}-service-tokens command](asciidocalypse://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md).
* **{{es}} endpoint URL**, configured in both the {{es}} output associated to the policy and in the Fleet Server as an environment variable.
* **{{es}} CA certificate file**, configured in both the {{es}} output associated to the policy and in the Fleet Server.
* {{fleet-server}} **certificate and key** (for **Production** deployment mode only).
diff --git a/reference/ingestion-tools/fleet/add-fleet-server-on-prem.md b/reference/ingestion-tools/fleet/add-fleet-server-on-prem.md
index a906cfe72f..6b3c4528dd 100644
--- a/reference/ingestion-tools/fleet/add-fleet-server-on-prem.md
+++ b/reference/ingestion-tools/fleet/add-fleet-server-on-prem.md
@@ -126,8 +126,8 @@ To add a {{fleet-server}}:
4. Step through the in-product instructions to configure and install {{fleet-server}}.
::::{note}
- * The fields to configure {{fleet-server}} hosts are not available if the hosts are already configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](kibana://docs/reference/configuration-reference/fleet-settings.md).
- * When using the **Advanced** option, it’s recommended to generate a unique service token for each {{fleet-server}}. For other ways to generate service tokens, refer to [`elasticsearch-service-tokens`](elasticsearch://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md).
+ * The fields to configure {{fleet-server}} hosts are not available if the hosts are already configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md).
+ * When using the **Advanced** option, it’s recommended to generate a unique service token for each {{fleet-server}}. For other ways to generate service tokens, refer to [`elasticsearch-service-tokens`](asciidocalypse://docs/reference/elasticsearch/command-line-tools/service-tokens-command.md).
* If you’ve configured a non-default port for {{fleet-server}} in the {{fleet-server}} integration, you need to include the `--fleet-server-host` and `--fleet-server-port` options in the `elastic-agent install` command. Refer to the [install command documentation](/reference/ingestion-tools/fleet/agent-command-reference.md#elastic-agent-install-command) for details.
::::
diff --git a/reference/ingestion-tools/fleet/agent-policy.md b/reference/ingestion-tools/fleet/agent-policy.md
index 7ec3e3dd34..6038b4abee 100644
--- a/reference/ingestion-tools/fleet/agent-policy.md
+++ b/reference/ingestion-tools/fleet/agent-policy.md
@@ -322,7 +322,7 @@ You can limit the amount of CPU consumed by {{agent}}. This parameter limits the
This limit applies independently to the agent and each underlying Go process that it supervises. For example, if {{agent}} is configured to supervise two {{beats}} with a CPU usage limit of `2` set in the policy, then the total CPU limit is six, where each of the three processes (one {{agent}} and two {{beats}}) may execute independently on two CPUs.
-This setting is similar to the {{beats}} [`max_procs`](beats://docs/reference/filebeat/configuration-general-options.md#_max_procs) setting. For more detail, refer to the [GOMAXPROCS](https://pkg.go.dev/runtime#GOMAXPROCS) function in the Go runtime documentation.
+This setting is similar to the {{beats}} [`max_procs`](asciidocalypse://docs/reference/filebeat/configuration-general-options.md#_max_procs) setting. For more detail, refer to the [GOMAXPROCS](https://pkg.go.dev/runtime#GOMAXPROCS) function in the Go runtime documentation.
1. In {{fleet}}, click **Agent policies**. Select the name of the policy you want to edit.
2. Click the **Settings** tab and scroll to **Advanced settings**.
diff --git a/reference/ingestion-tools/fleet/agent-processors.md b/reference/ingestion-tools/fleet/agent-processors.md
index 8a1976824b..1d5f52b29c 100644
--- a/reference/ingestion-tools/fleet/agent-processors.md
+++ b/reference/ingestion-tools/fleet/agent-processors.md
@@ -95,7 +95,7 @@ The {{stack}} provides several options for processing data collected by {{agent}
| Sanitize or enrich raw data at the source | Use an {{agent}} processor |
| Convert data to ECS, normalize field data, or enrich incoming data | Use [ingest pipelines](/manage-data/ingest/transform-enrich/ingest-pipelines.md#pipelines-for-fleet-elastic-agent) |
| Define or alter the schema at query time | Use [runtime fields](/manage-data/data-store/mapping/runtime-fields.md) |
-| Do something else with your data | Use [Logstash plugins](logstash://docs/reference/filter-plugins.md) |
+| Do something else with your data | Use [Logstash plugins](asciidocalypse://docs/reference/filter-plugins.md) |
## How are {{agent}} processors different from {{ls}} plugins or ingest pipelines? [how-different]
diff --git a/reference/ingestion-tools/fleet/air-gapped.md b/reference/ingestion-tools/fleet/air-gapped.md
index 31528b678b..06c10eb98a 100644
--- a/reference/ingestion-tools/fleet/air-gapped.md
+++ b/reference/ingestion-tools/fleet/air-gapped.md
@@ -95,7 +95,7 @@ For more information, refer to [Using a proxy server with {{agent}} and {{fleet}
## Host your own {{package-registry}} [air-gapped-diy-epr]
::::{note}
-The {{package-registry}} packages include signatures used in [package verification](/reference/ingestion-tools/fleet/package-signatures.md). By default, {{fleet}} uses the Elastic public GPG key to verify package signatures. If you ever need to change this GPG key, use the `xpack.fleet.packageVerification.gpgKeyPath` setting in `kibana.yml`. For more information, refer to [{{fleet}} settings](kibana://docs/reference/configuration-reference/fleet-settings.md).
+The {{package-registry}} packages include signatures used in [package verification](/reference/ingestion-tools/fleet/package-signatures.md). By default, {{fleet}} uses the Elastic public GPG key to verify package signatures. If you ever need to change this GPG key, use the `xpack.fleet.packageVerification.gpgKeyPath` setting in `kibana.yml`. For more information, refer to [{{fleet}} settings](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md).
::::
diff --git a/reference/ingestion-tools/fleet/conditions-based-autodiscover.md b/reference/ingestion-tools/fleet/conditions-based-autodiscover.md
index 8eb429132c..6a685d9a42 100644
--- a/reference/ingestion-tools/fleet/conditions-based-autodiscover.md
+++ b/reference/ingestion-tools/fleet/conditions-based-autodiscover.md
@@ -51,7 +51,7 @@ For a list of provider fields that you can use in conditions, refer to [Kubernet
2. For a pod with annotation `prometheus.io/scrape: "true"` the condition should be `${kubernetes.annotations.prometheus.io/scrape} == "true"`.
3. For a pod with name `kube-scheduler-kind-control-plane` the condition should be `${kubernetes.pod.name} == "kube-scheduler-kind-control-plane"`.
-The `redis` input defined in the {{agent}} manifest only specifies the`info` metricset. To learn about other available metricsets and their configuration settings, refer to the [Redis module page](beats://docs/reference/metricbeat/metricbeat-module-redis.md).
+The `redis` input defined in the {{agent}} manifest only specifies the`info` metricset. To learn about other available metricsets and their configuration settings, refer to the [Redis module page](asciidocalypse://docs/reference/metricbeat/metricbeat-module-redis.md).
To deploy Redis, you can apply the following example manifest:
@@ -108,7 +108,7 @@ Before the 8.6 release, labels used in autodiscover conditions were dedoted in c
::::{warning}
-In some "As a Service" Kubernetes implementations, like GKE, the control plane nodes or even the Pods running on them won’t be visible. In these cases, it won’t be possible to use scheduler metricsets, necessary for this example. Refer [scheduler and controller manager](beats://docs/reference/metricbeat/metricbeat-module-kubernetes.md#_scheduler_and_controllermanager) to find more information.
+In some "As a Service" Kubernetes implementations, like GKE, the control plane nodes or even the Pods running on them won’t be visible. In these cases, it won’t be possible to use scheduler metricsets, necessary for this example. Refer [scheduler and controller manager](asciidocalypse://docs/reference/metricbeat/metricbeat-module-kubernetes.md#_scheduler_and_controllermanager) to find more information.
::::
diff --git a/reference/ingestion-tools/fleet/config-file-example-apache.md b/reference/ingestion-tools/fleet/config-file-example-apache.md
index 9a68969432..120fe482a0 100644
--- a/reference/ingestion-tools/fleet/config-file-example-apache.md
+++ b/reference/ingestion-tools/fleet/config-file-example-apache.md
@@ -76,7 +76,7 @@ inputs: <7>
9. For available input types, refer to [{{agent}} inputs](/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md).
10. Learn about [Data streams](/reference/ingestion-tools/fleet/data-streams.md) for time series data.
11. Specify a unique ID for each individual input stream. Naming the ID by appending the associated `data_stream` dataset (for example `{{user-defined-unique-id}}-apache.access` or `{{user-defined-unique-id}}-apache.error`) is a recommended practice, but any unique ID will work.
-12. Refer to [Logs](integration-docs://docs/reference/apache.md#apache-logs) in the Apache HTTP Server integration documentation for the logs available to ingest and exported fields.
+12. Refer to [Logs](asciidocalypse://docs/reference/apache.md#apache-logs) in the Apache HTTP Server integration documentation for the logs available to ingest and exported fields.
13. Path to the log files to be monitored.
@@ -128,7 +128,7 @@ inputs: <7>
9. Learn about [Data streams](/reference/ingestion-tools/fleet/data-streams.md) for time series data.
10. Specify a unique ID for each individual input stream. Naming the ID by appending the associated `data_stream` dataset (for example `{{user-defined-unique-id}}-apache.status`) is a recommended practice, but any unique ID will work.
11. A user-defined dataset. You can specify anything that makes sense to signify the source of the data.
-12. Refer to [Metrics](integration-docs://docs/reference/apache.md#apache-metrics) in the Apache HTTP Server integration documentation for the type of metrics collected and exported fields.
+12. Refer to [Metrics](asciidocalypse://docs/reference/apache.md#apache-metrics) in the Apache HTTP Server integration documentation for the type of metrics collected and exported fields.
diff --git a/reference/ingestion-tools/fleet/config-file-example-nginx.md b/reference/ingestion-tools/fleet/config-file-example-nginx.md
index 3454d4b371..3b85d4ef79 100644
--- a/reference/ingestion-tools/fleet/config-file-example-nginx.md
+++ b/reference/ingestion-tools/fleet/config-file-example-nginx.md
@@ -81,7 +81,7 @@ inputs: <7>
9. For available input types, refer to [{{agent}} inputs](/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md).
10. Learn about [Data streams](/reference/ingestion-tools/fleet/data-streams.md) for time series data.
11. Specify a unique ID for each individual input stream. Naming the ID by appending the associated `data_stream` dataset (for example `{{user-defined-unique-id}}-nginx.access` or `{{user-defined-unique-id}}-nginx.error`) is a recommended practice, but any unique ID will work.
-12. Refer to [Logs reference](integration-docs://docs/reference/nginx.md#nginx-logs-reference) in the Nginx HTTP integration documentation for the logs available to ingest and exported fields.
+12. Refer to [Logs reference](asciidocalypse://docs/reference/nginx.md#nginx-logs-reference) in the Nginx HTTP integration documentation for the logs available to ingest and exported fields.
13. Path to the log files to be monitored.
@@ -135,7 +135,7 @@ inputs: <7>
10. Learn about [Data streams](/reference/ingestion-tools/fleet/data-streams.md) for time series data.
11. Specify a unique ID for each individual input stream. Naming the ID by appending the associated `data_stream` dataset (for example `{{user-defined-unique-id}}-nginx.stubstatus`) is a recommended practice, but any unique ID will work.
12. A user-defined dataset. You can specify anything that makes sense to signify the source of the data.
-13. Refer to [Metrics reference](integration-docs://docs/reference/nginx.md#nginx-metrics-reference) in the Nginx integration documentation for the type of metrics collected and exported fields.
+13. Refer to [Metrics reference](asciidocalypse://docs/reference/nginx.md#nginx-metrics-reference) in the Nginx integration documentation for the type of metrics collected and exported fields.
diff --git a/reference/ingestion-tools/fleet/configuring-kubernetes-metadata.md b/reference/ingestion-tools/fleet/configuring-kubernetes-metadata.md
index afbd0caf2f..9640e4caa4 100644
--- a/reference/ingestion-tools/fleet/configuring-kubernetes-metadata.md
+++ b/reference/ingestion-tools/fleet/configuring-kubernetes-metadata.md
@@ -7,7 +7,7 @@ mapped_pages:
Kubernetes [metadata](/solutions/observability/infra-and-hosts/tutorial-observe-kubernetes-deployments.md#beats-metadata) refer to contextual information extracted from Kubernetes resources. Metadata information enrich metrics and logs collected from a Kubernetes cluster, enabling deeper insights into Kubernetes environments.
-When the {{agent}}'s policy includes the [{{k8s}} Integration](integration-docs://docs/reference/kubernetes.md) which configures the collection of Kubernetes related metrics and container logs, the mechanisms used for the metadata enrichment are:
+When the {{agent}}'s policy includes the [{{k8s}} Integration](asciidocalypse://docs/reference/kubernetes.md) which configures the collection of Kubernetes related metrics and container logs, the mechanisms used for the metadata enrichment are:
* [Kubernetes Provider](/reference/ingestion-tools/fleet/kubernetes-provider.md) for log collection
* Kubernetes metadata enrichers for metrics
diff --git a/reference/ingestion-tools/fleet/create-policy-no-ui.md b/reference/ingestion-tools/fleet/create-policy-no-ui.md
index 3c2e5e0c00..2a61d7b88b 100644
--- a/reference/ingestion-tools/fleet/create-policy-no-ui.md
+++ b/reference/ingestion-tools/fleet/create-policy-no-ui.md
@@ -80,4 +80,4 @@ xpack.fleet.agentPolicies:
enabled: false
```
-For more information about preconfiguration settings, refer to the [{{kib}} documentation](kibana://docs/reference/configuration-reference/fleet-settings.md).
+For more information about preconfiguration settings, refer to the [{{kib}} documentation](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md).
diff --git a/reference/ingestion-tools/fleet/data-streams-advanced-features.md b/reference/ingestion-tools/fleet/data-streams-advanced-features.md
index a4dd429e00..dddfdc03fa 100644
--- a/reference/ingestion-tools/fleet/data-streams-advanced-features.md
+++ b/reference/ingestion-tools/fleet/data-streams-advanced-features.md
@@ -10,7 +10,7 @@ mapped_pages:
{{fleet}} provides support for several advanced features around its data streams, including:
* [Time series data streams (TSDS)](/manage-data/data-store/data-streams/time-series-data-stream-tsds.md)
-* [Synthetic `_source`](elasticsearch://docs/reference/elasticsearch/mapping-reference/mapping-source-field.md#synthetic-source)
+* [Synthetic `_source`](asciidocalypse://docs/reference/elasticsearch/mapping-reference/mapping-source-field.md#synthetic-source)
These features can be enabled and disabled for {{fleet}}-managed data streams by using the index template API and a few key settings. Note that in versions 8.17.0 and later, Synthetic `_source` requires an Enterprise license.
diff --git a/reference/ingestion-tools/fleet/data-streams-pipeline-tutorial.md b/reference/ingestion-tools/fleet/data-streams-pipeline-tutorial.md
index 85e47e4744..e323a97667 100644
--- a/reference/ingestion-tools/fleet/data-streams-pipeline-tutorial.md
+++ b/reference/ingestion-tools/fleet/data-streams-pipeline-tutorial.md
@@ -24,7 +24,7 @@ Create a custom ingest pipeline that will be called by the default integration p
* Field: `test`
* Value: `true`
- The [Set processor](elasticsearch://docs/reference/ingestion-tools/enrich-processor/set-processor.md) sets a document field and associates it with the specified value.
+ The [Set processor](asciidocalypse://docs/reference/ingestion-tools/enrich-processor/set-processor.md) sets a document field and associates it with the specified value.
4. Click **Add**.
5. Click **Create pipeline**.
@@ -89,7 +89,7 @@ Add the custom ingest pipeline to any other data streams you wish to update.
Allow time for new data to be ingested before testing your pipeline. In a new window, open {{kib}} and navigate to **{{kib}} Dev tools**.
-Use an [exists query](elasticsearch://docs/reference/query-languages/query-dsl-exists-query.md) to ensure that the new field, "test" is being applied to documents.
+Use an [exists query](asciidocalypse://docs/reference/query-languages/query-dsl-exists-query.md) to ensure that the new field, "test" is being applied to documents.
```console
GET metrics-system.cpu-default/_search <1>
@@ -188,7 +188,7 @@ Let’s create a new custom ingest pipeline `logs@custom` that processes all log
}
```
-3. Allow some time for new data to be ingested, and then use a new [exists query](elasticsearch://docs/reference/query-languages/query-dsl-exists-query.md) to confirm that the new field "my-logs-field" is being applied to log event documents.
+3. Allow some time for new data to be ingested, and then use a new [exists query](asciidocalypse://docs/reference/query-languages/query-dsl-exists-query.md) to confirm that the new field "my-logs-field" is being applied to log event documents.
For this example, we’ll check the System integration `system.syslog` dataset:
diff --git a/reference/ingestion-tools/fleet/dissect-processor.md b/reference/ingestion-tools/fleet/dissect-processor.md
index 75d48e5296..cdcc3d016e 100644
--- a/reference/ingestion-tools/fleet/dissect-processor.md
+++ b/reference/ingestion-tools/fleet/dissect-processor.md
@@ -81,7 +81,7 @@ This configuration produces fields like:
},
```
-`service.name` is an ECS [keyword field](elasticsearch://docs/reference/elasticsearch/mapping-reference/keyword.md), which means that you can use it in {{es}} for filtering, sorting, and aggregations.
+`service.name` is an ECS [keyword field](asciidocalypse://docs/reference/elasticsearch/mapping-reference/keyword.md), which means that you can use it in {{es}} for filtering, sorting, and aggregations.
-When possible, use ECS-compatible field names. For more information, see the [Elastic Common Schema](ecs://docs/reference/index.md) documentation.
+When possible, use ECS-compatible field names. For more information, see the [Elastic Common Schema](asciidocalypse://docs/reference/index.md) documentation.
diff --git a/reference/ingestion-tools/fleet/dynamic-input-configuration.md b/reference/ingestion-tools/fleet/dynamic-input-configuration.md
index 832c095624..05a961931d 100644
--- a/reference/ingestion-tools/fleet/dynamic-input-configuration.md
+++ b/reference/ingestion-tools/fleet/dynamic-input-configuration.md
@@ -206,7 +206,7 @@ inputs:
### Condition syntax [condition-syntax]
-The conditions supported by {{agent}} are based on [EQL](elasticsearch://docs/reference/query-languages/eql-syntax.md)'s boolean syntax, but add support for variables from providers and functions to manipulate the values.
+The conditions supported by {{agent}} are based on [EQL](asciidocalypse://docs/reference/query-languages/eql-syntax.md)'s boolean syntax, but add support for variables from providers and functions to manipulate the values.
**Supported operators:**
diff --git a/reference/ingestion-tools/fleet/elastic-agent-input-configuration.md b/reference/ingestion-tools/fleet/elastic-agent-input-configuration.md
index 8aab3bcfbe..2a8596c1e6 100644
--- a/reference/ingestion-tools/fleet/elastic-agent-input-configuration.md
+++ b/reference/ingestion-tools/fleet/elastic-agent-input-configuration.md
@@ -41,7 +41,7 @@ By default {{agent}} collects system metrics, such as CPU, memory, network, and
2. A unique ID for the input.
3. A user-defined namespace.
4. The name of the `output` to use. If not specified, `default` will be used.
-5. The set of enabled module metricsets.Refer to the {{metricbeat}} [System module](beats://docs/reference/metricbeat/metricbeat-module-system.md) for a list of available options. The metricset fields can be configured.
+5. The set of enabled module metricsets.Refer to the {{metricbeat}} [System module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-system.md) for a list of available options. The metricset fields can be configured.
6. A user-defined dataset. It can contain anything that makes sense to signify the source of the data.
@@ -65,7 +65,7 @@ To enable {{agent}} to collect log files, you can use a configuration like the f
1. The name of the input. Refer to [{{agent}} inputs](/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md) for the list of what’s available.
2. A unique ID for the input.
3. A unique ID for the data stream to track the state of the ingested files.
-4. The streams block is required only if multiple streams are used on the same input. Refer to the {{filebeat}} [filestream](beats://docs/reference/filebeat/filebeat-input-filestream.md) documentation for a list of available options. Also, specifically for the `filestream` input type, refer to the [simplified log ingestion](/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md) for an example of ingesting a set of logs specified as an array.
+4. The streams block is required only if multiple streams are used on the same input. Refer to the {{filebeat}} [filestream](asciidocalypse://docs/reference/filebeat/filebeat-input-filestream.md) documentation for a list of available options. Also, specifically for the `filestream` input type, refer to the [simplified log ingestion](/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md) for an example of ingesting a set of logs specified as an array.
The input in this example harvests all files in the path `/var/log/*.log`, that is, all logs in the directory `/var/log/` that end with `.log`. All patterns supported by [Go Glob](https://golang.org/pkg/path/filepath/#Glob) are also supported here.
diff --git a/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md b/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md
index 8609e55b97..9ab7b0f4b2 100644
--- a/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md
+++ b/reference/ingestion-tools/fleet/elastic-agent-inputs-list.md
@@ -14,9 +14,9 @@ When you [configure inputs](/reference/ingestion-tools/fleet/elastic-agent-input
| Input | Description | Learn more |
| --- | --- | --- |
-| `audit/auditd` | Receives audit events from the Linux Audit Framework that is a part of the Linux kernel. | [Auditd Module](beats://docs/reference/auditbeat/auditbeat-module-auditd.md) ({{auditbeat}} docs) |
-| `audit/file_integrity` | Sends events when a file is changed (created, updated, or deleted) on disk. The events contain file metadata and hashes. | [File Integrity Module](beats://docs/reference/auditbeat/auditbeat-module-file_integrity.md) ({{auditbeat}} docs) |
-| `audit/system` | [beta] Collects various security related information about a system. All datasets send both periodic state information (e.g. all currently running processes) and real-time changes (e.g. when a new process starts or stops). | [System Module](beats://docs/reference/auditbeat/auditbeat-module-system.md) ({{auditbeat}} docs) |
+| `audit/auditd` | Receives audit events from the Linux Audit Framework that is a part of the Linux kernel. | [Auditd Module](asciidocalypse://docs/reference/auditbeat/auditbeat-module-auditd.md) ({{auditbeat}} docs) |
+| `audit/file_integrity` | Sends events when a file is changed (created, updated, or deleted) on disk. The events contain file metadata and hashes. | [File Integrity Module](asciidocalypse://docs/reference/auditbeat/auditbeat-module-file_integrity.md) ({{auditbeat}} docs) |
+| `audit/system` | [beta] Collects various security related information about a system. All datasets send both periodic state information (e.g. all currently running processes) and real-time changes (e.g. when a new process starts or stops). | [System Module](asciidocalypse://docs/reference/auditbeat/auditbeat-module-system.md) ({{auditbeat}} docs) |
::::
@@ -26,48 +26,48 @@ When you [configure inputs](/reference/ingestion-tools/fleet/elastic-agent-input
| Input | Description | Learn more |
| --- | --- | --- |
-| `activemq/metrics` | Periodically fetches JMX metrics from Apache ActiveMQ. | [ActiveMQ module](beats://docs/reference/metricbeat/metricbeat-module-activemq.md) ({{metricbeat}} docs) |
-| `apache/metrics` | Periodically fetches metrics from [Apache HTTPD](https://httpd.apache.org/) servers. | [Apache module](beats://docs/reference/metricbeat/metricbeat-module-apache.md) ({{metricbeat}} docs) |
-| `aws/metrics` | Periodically fetches monitoring metrics from AWS CloudWatch using [GetMetricData API](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.md) for AWS services. | [AWS module](beats://docs/reference/metricbeat/metricbeat-module-aws.md) ({{metricbeat}} docs) |
-| `awsfargate/metrics` | [beta] Retrieves various metadata, network metrics, and Docker stats about tasks and containers. | [AWS Fargate module](beats://docs/reference/metricbeat/metricbeat-module-awsfargate.md) ({{metricbeat}} docs) |
-| `azure/metrics` | Collects and aggregates Azure logs and metrics from a variety of sources into a common data platform where it can be used for analysis, visualization, and alerting. | [Azure module](beats://docs/reference/metricbeat/metricbeat-module-azure.md) ({{metricbeat}} docs) |
-| `beat/metrics` | Collects metrics about any Beat or other software based on libbeat. | [Beat module](beats://docs/reference/metricbeat/metricbeat-module-beat.md) ({{metricbeat}} docs) |
-| `cloudfoundry/metrics` | Connects to Cloud Foundry loggregator to gather container, counter, and value metrics into a common data platform where it can be used for analysis, visualization, and alerting. | [Cloudfoundry module](beats://docs/reference/metricbeat/metricbeat-module-cloudfoundry.md) ({{metricbeat}} docs) |
-| `containerd/metrics` | [beta] Collects cpu, memory and blkio statistics about running containers controlled by containerd runtime. | [Containerd module](beats://docs/reference/metricbeat/metricbeat-module-containerd.md) ({{metricbeat}} docs) |
-| `docker/metrics` | Fetches metrics from [Docker](https://www.docker.com/) containers. | [Docker module](beats://docs/reference/metricbeat/metricbeat-module-docker.md) ({{metricbeat}} docs) |
-| `elasticsearch/metrics` | Collects metrics about {{es}}. | [Elasticsearch module](beats://docs/reference/metricbeat/metricbeat-module-elasticsearch.md) ({{metricbeat}} docs) |
-| `etcd/metrics` | This module targets Etcd V2 and V3. When using V2, metrics are collected using [Etcd v2 API](https://coreos.com/etcd/docs/latest/v2/api.md). When using V3, metrics are retrieved from the `/metrics`` endpoint as intended for [Etcd v3](https://coreos.com/etcd/docs/latest/metrics.md). | [Etcd module](beats://docs/reference/metricbeat/metricbeat-module-etcd.md) ({{metricbeat}} docs) |
-| `gcp/metrics` | Periodically fetches monitoring metrics from Google Cloud Platform using [Stackdriver Monitoring API](https://cloud.google.com/monitoring/api/metrics_gcp) for Google Cloud Platform services. | [Google Cloud Platform module](beats://docs/reference/metricbeat/metricbeat-module-gcp.md) ({{metricbeat}} docs) |
-| `haproxy/metrics` | Collects stats from [HAProxy](http://www.haproxy.org/). It supports collection from TCP sockets, UNIX sockets, or HTTP with or without basic authentication. | [HAProxy module](beats://docs/reference/metricbeat/metricbeat-overview.md) ({{metricbeat}} docs) |
-| `http/metrics` | Used to call arbitrary HTTP endpoints for which a dedicated Metricbeat module is not available. | [HTTP module](beats://docs/reference/metricbeat/metricbeat-module-http.md) ({{metricbeat}} docs) |
-| `iis/metrics` | Periodically retrieve IIS web server related metrics. | [IIS module](beats://docs/reference/metricbeat/metricbeat-module-iis.md) ({{metricbeat}} docs) |
-| `jolokia/metrics` | Collects metrics from [Jolokia agents](https://jolokia.org/reference/html/agents.md) running on a target JMX server or dedicated proxy server. | [Jolokia module](beats://docs/reference/metricbeat/metricbeat-module-jolokia.md) ({{metricbeat}} docs) |
-| `kafka/metrics` | Collects metrics from the [Apache Kafka](https://kafka.apache.org/intro) event streaming platform. | [Kafka module](beats://docs/reference/metricbeat/metricbeat-module-kafka.md) ({{metricbeat}} docs) |
-| `kibana/metrics` | Collects metrics about {{Kibana}}. | [{{kib}} module](beats://docs/reference/metricbeat/metricbeat-module-kibana.md) ({{metricbeat}} docs) |
-| `kubernetes/metrics` | As one of the main pieces provided for Kubernetes monitoring, this module is capable of fetching metrics from several components. | [Kubernetes module](beats://docs/reference/metricbeat/metricbeat-module-kubernetes.md) ({{metricbeat}} docs) |
-| `linux/metrics` | [beta] Reports on metrics exclusive to the Linux kernel and GNU/Linux OS. | [Linux module](beats://docs/reference/metricbeat/metricbeat-module-linux.md) ({{metricbeat}} docs) |
-| `logstash/metrics` | collects metrics about {{ls}}. | [{{ls}} module](beats://docs/reference/metricbeat/metricbeat-module-logstash.md) ({{metricbeat}} docs) |
-| `memcached/metrics` | Collects metrics about the [memcached](https://memcached.org/) memory object caching system. | [Memcached module](beats://docs/reference/metricbeat/metricbeat-module-memcached.md) ({{metricbeat}} docs) |
-| `mongodb/metrics` | Periodically fetches metrics from [MongoDB](https://www.mongodb.com/) servers. | [MongoDB module](beats://docs/reference/metricbeat/metricbeat-module-mongodb.md) ({{metricbeat}} docs) |
-| `mssql/metrics` | The [Microsoft SQL 2017](https://www.microsoft.com/en-us/sql-server/sql-server-2017) Metricbeat module. It is still under active development to add new Metricsets and introduce enhancements. | [MSSQL module](beats://docs/reference/metricbeat/metricbeat-module-mssql.md) ({{metricbeat}} docs) |
-| `mysql/metrics` | Periodically fetches metrics from [MySQL](https://www.mysql.com/) servers. | [MySQL module](beats://docs/reference/metricbeat/metricbeat-module-mysql.md) ({{metricbeat}} docs) |
-| `nats/metrics` | Uses the [Nats monitoring server APIs](https://nats.io/documentation/managing_the_server/monitoring/) to collect metrics. | [NATS module](beats://docs/reference/metricbeat/metricbeat-module-nats.md) ({{metricbeat}} docs) |
-| `nginx/metrics` | Periodically fetches metrics from [Nginx](https://nginx.org/) servers. | [Nginx module](beats://docs/reference/metricbeat/metricbeat-module-nginx.md) ({{metricbeat}} docs) |
-| `oracle/metrics` | The [Oracle](https://www.oracle.com/) module for Metricbeat. It is under active development with feedback from the community. A single Metricset for Tablespace monitoring is added so the community can start gathering metrics from their nodes and contributing to the module. | [Oracle module](beats://docs/reference/metricbeat/metricbeat-module-oracle.md) ({{metricbeat}} docs) |
-| `postgresql/metrics` | Periodically fetches metrics from [PostgreSQL](https://www.postgresql.org/) servers. | [PostgresSQL module](beats://docs/reference/metricbeat/metricbeat-module-postgresql.md) ({{metricbeat}} docs) |
-| `prometheus/metrics` | Periodically scrapes metrics from [Prometheus exporters](https://prometheus.io/docs/instrumenting/exporters/). | [Prometheus module](beats://docs/reference/metricbeat/metricbeat-module-prometheus.md) ({{metricbeat}} docs) |
-| `rabbitmq/metrics` | Uses the [HTTP API](http://www.rabbitmq.com/management.md) created by the management plugin to collect RabbitMQ metrics. | [RabbitMQ module](beats://docs/reference/metricbeat/metricbeat-module-rabbitmq.md) ({{metricbeat}} docs) |
-| `redis/metrics` | Periodically fetches metrics from [Redis](http://redis.io/) servers. | [Redis module](beats://docs/reference/metricbeat/metricbeat-module-redis.md) ({{metricbeat}} docs) |
-| `sql/metrics` | Allows you to execute custom queries against an SQL database and store the results in {{es}}. | [SQL module](beats://docs/reference/metricbeat/metricbeat-module-sql.md) ({{metricbeat}} docs) |
-| `stan/metrics` | Uses [STAN monitoring server APIs](https://github.com/nats-io/nats-streaming-server/blob/master/server/monitor.go) to collect metrics. | [Stan module](beats://docs/reference/metricbeat/metricbeat-module-stan.md) ({{metricbeat}} docs) |
-| `statsd/metrics` | Spawns a UDP server and listens for metrics in StatsD compatible format. | [Statsd module](beats://docs/reference/metricbeat/metricbeat-module-statsd.md) ({{metricbeat}} docs) |
-| `syncgateway/metrics` | [beta] Monitor a Sync Gateway instance by using its REST API. | [SyncGateway module](beats://docs/reference/metricbeat/metricbeat-module-syncgateway.md) ({{metricbeat}} docs) |
-| `system/metrics` | Allows you to monitor your server metrics, including CPU, load, memory, network, processes, sockets, filesystem, fsstat, uptime, and more. | [System module](beats://docs/reference/metricbeat/metricbeat-module-system.md) ({{metricbeat}} docs) |
-| `traefik/metrics` | Periodically fetches metrics from a [Traefik](https://traefik.io/) instance. | [Traefik module](beats://docs/reference/metricbeat/metricbeat-module-traefik.md) ({{metricbeat}} docs) |
-| `uwsgi/metrics` | By default, collects the uWSGI stats metricset, using [StatsServer](https://uwsgi-docs.readthedocs.io/en/latest/StatsServer.md). | [uWSGI module](beats://docs/reference/metricbeat/metricbeat-module-uwsgi.md) ({{metricbeat}} docs) |
-| `vsphere/metrics` | Uses the [Govmomi](https://github.com/vmware/govmomi) library to collect metrics from any Vmware SDK URL (ESXi/VCenter). | [vSphere module](beats://docs/reference/metricbeat/metricbeat-module-vsphere.md) ({{metricbeat}} docs) |
-| `windows/metrics` | Collects metrics from Windows systems. | [Windows module](beats://docs/reference/metricbeat/metricbeat-module-windows.md) ({{metricbeat}} docs) |
-| `zookeeper/metrics` | Fetches statistics from the ZooKeeper service. | [ZooKeeper module](beats://docs/reference/metricbeat/metricbeat-module-zookeeper.md) ({{metricbeat}} docs) |
+| `activemq/metrics` | Periodically fetches JMX metrics from Apache ActiveMQ. | [ActiveMQ module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-activemq.md) ({{metricbeat}} docs) |
+| `apache/metrics` | Periodically fetches metrics from [Apache HTTPD](https://httpd.apache.org/) servers. | [Apache module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-apache.md) ({{metricbeat}} docs) |
+| `aws/metrics` | Periodically fetches monitoring metrics from AWS CloudWatch using [GetMetricData API](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.md) for AWS services. | [AWS module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-aws.md) ({{metricbeat}} docs) |
+| `awsfargate/metrics` | [beta] Retrieves various metadata, network metrics, and Docker stats about tasks and containers. | [AWS Fargate module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-awsfargate.md) ({{metricbeat}} docs) |
+| `azure/metrics` | Collects and aggregates Azure logs and metrics from a variety of sources into a common data platform where it can be used for analysis, visualization, and alerting. | [Azure module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-azure.md) ({{metricbeat}} docs) |
+| `beat/metrics` | Collects metrics about any Beat or other software based on libbeat. | [Beat module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-beat.md) ({{metricbeat}} docs) |
+| `cloudfoundry/metrics` | Connects to Cloud Foundry loggregator to gather container, counter, and value metrics into a common data platform where it can be used for analysis, visualization, and alerting. | [Cloudfoundry module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-cloudfoundry.md) ({{metricbeat}} docs) |
+| `containerd/metrics` | [beta] Collects cpu, memory and blkio statistics about running containers controlled by containerd runtime. | [Containerd module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-containerd.md) ({{metricbeat}} docs) |
+| `docker/metrics` | Fetches metrics from [Docker](https://www.docker.com/) containers. | [Docker module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-docker.md) ({{metricbeat}} docs) |
+| `elasticsearch/metrics` | Collects metrics about {{es}}. | [Elasticsearch module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-elasticsearch.md) ({{metricbeat}} docs) |
+| `etcd/metrics` | This module targets Etcd V2 and V3. When using V2, metrics are collected using [Etcd v2 API](https://coreos.com/etcd/docs/latest/v2/api.md). When using V3, metrics are retrieved from the `/metrics`` endpoint as intended for [Etcd v3](https://coreos.com/etcd/docs/latest/metrics.md). | [Etcd module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-etcd.md) ({{metricbeat}} docs) |
+| `gcp/metrics` | Periodically fetches monitoring metrics from Google Cloud Platform using [Stackdriver Monitoring API](https://cloud.google.com/monitoring/api/metrics_gcp) for Google Cloud Platform services. | [Google Cloud Platform module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-gcp.md) ({{metricbeat}} docs) |
+| `haproxy/metrics` | Collects stats from [HAProxy](http://www.haproxy.org/). It supports collection from TCP sockets, UNIX sockets, or HTTP with or without basic authentication. | [HAProxy module](asciidocalypse://docs/reference/metricbeat/metricbeat-overview.md) ({{metricbeat}} docs) |
+| `http/metrics` | Used to call arbitrary HTTP endpoints for which a dedicated Metricbeat module is not available. | [HTTP module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-http.md) ({{metricbeat}} docs) |
+| `iis/metrics` | Periodically retrieve IIS web server related metrics. | [IIS module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-iis.md) ({{metricbeat}} docs) |
+| `jolokia/metrics` | Collects metrics from [Jolokia agents](https://jolokia.org/reference/html/agents.md) running on a target JMX server or dedicated proxy server. | [Jolokia module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-jolokia.md) ({{metricbeat}} docs) |
+| `kafka/metrics` | Collects metrics from the [Apache Kafka](https://kafka.apache.org/intro) event streaming platform. | [Kafka module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-kafka.md) ({{metricbeat}} docs) |
+| `kibana/metrics` | Collects metrics about {{Kibana}}. | [{{kib}} module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-kibana.md) ({{metricbeat}} docs) |
+| `kubernetes/metrics` | As one of the main pieces provided for Kubernetes monitoring, this module is capable of fetching metrics from several components. | [Kubernetes module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-kubernetes.md) ({{metricbeat}} docs) |
+| `linux/metrics` | [beta] Reports on metrics exclusive to the Linux kernel and GNU/Linux OS. | [Linux module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-linux.md) ({{metricbeat}} docs) |
+| `logstash/metrics` | collects metrics about {{ls}}. | [{{ls}} module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-logstash.md) ({{metricbeat}} docs) |
+| `memcached/metrics` | Collects metrics about the [memcached](https://memcached.org/) memory object caching system. | [Memcached module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-memcached.md) ({{metricbeat}} docs) |
+| `mongodb/metrics` | Periodically fetches metrics from [MongoDB](https://www.mongodb.com/) servers. | [MongoDB module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-mongodb.md) ({{metricbeat}} docs) |
+| `mssql/metrics` | The [Microsoft SQL 2017](https://www.microsoft.com/en-us/sql-server/sql-server-2017) Metricbeat module. It is still under active development to add new Metricsets and introduce enhancements. | [MSSQL module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-mssql.md) ({{metricbeat}} docs) |
+| `mysql/metrics` | Periodically fetches metrics from [MySQL](https://www.mysql.com/) servers. | [MySQL module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-mysql.md) ({{metricbeat}} docs) |
+| `nats/metrics` | Uses the [Nats monitoring server APIs](https://nats.io/documentation/managing_the_server/monitoring/) to collect metrics. | [NATS module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-nats.md) ({{metricbeat}} docs) |
+| `nginx/metrics` | Periodically fetches metrics from [Nginx](https://nginx.org/) servers. | [Nginx module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-nginx.md) ({{metricbeat}} docs) |
+| `oracle/metrics` | The [Oracle](https://www.oracle.com/) module for Metricbeat. It is under active development with feedback from the community. A single Metricset for Tablespace monitoring is added so the community can start gathering metrics from their nodes and contributing to the module. | [Oracle module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-oracle.md) ({{metricbeat}} docs) |
+| `postgresql/metrics` | Periodically fetches metrics from [PostgreSQL](https://www.postgresql.org/) servers. | [PostgresSQL module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-postgresql.md) ({{metricbeat}} docs) |
+| `prometheus/metrics` | Periodically scrapes metrics from [Prometheus exporters](https://prometheus.io/docs/instrumenting/exporters/). | [Prometheus module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-prometheus.md) ({{metricbeat}} docs) |
+| `rabbitmq/metrics` | Uses the [HTTP API](http://www.rabbitmq.com/management.md) created by the management plugin to collect RabbitMQ metrics. | [RabbitMQ module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-rabbitmq.md) ({{metricbeat}} docs) |
+| `redis/metrics` | Periodically fetches metrics from [Redis](http://redis.io/) servers. | [Redis module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-redis.md) ({{metricbeat}} docs) |
+| `sql/metrics` | Allows you to execute custom queries against an SQL database and store the results in {{es}}. | [SQL module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-sql.md) ({{metricbeat}} docs) |
+| `stan/metrics` | Uses [STAN monitoring server APIs](https://github.com/nats-io/nats-streaming-server/blob/master/server/monitor.go) to collect metrics. | [Stan module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-stan.md) ({{metricbeat}} docs) |
+| `statsd/metrics` | Spawns a UDP server and listens for metrics in StatsD compatible format. | [Statsd module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-statsd.md) ({{metricbeat}} docs) |
+| `syncgateway/metrics` | [beta] Monitor a Sync Gateway instance by using its REST API. | [SyncGateway module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-syncgateway.md) ({{metricbeat}} docs) |
+| `system/metrics` | Allows you to monitor your server metrics, including CPU, load, memory, network, processes, sockets, filesystem, fsstat, uptime, and more. | [System module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-system.md) ({{metricbeat}} docs) |
+| `traefik/metrics` | Periodically fetches metrics from a [Traefik](https://traefik.io/) instance. | [Traefik module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-traefik.md) ({{metricbeat}} docs) |
+| `uwsgi/metrics` | By default, collects the uWSGI stats metricset, using [StatsServer](https://uwsgi-docs.readthedocs.io/en/latest/StatsServer.md). | [uWSGI module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-uwsgi.md) ({{metricbeat}} docs) |
+| `vsphere/metrics` | Uses the [Govmomi](https://github.com/vmware/govmomi) library to collect metrics from any Vmware SDK URL (ESXi/VCenter). | [vSphere module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-vsphere.md) ({{metricbeat}} docs) |
+| `windows/metrics` | Collects metrics from Windows systems. | [Windows module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-windows.md) ({{metricbeat}} docs) |
+| `zookeeper/metrics` | Fetches statistics from the ZooKeeper service. | [ZooKeeper module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-zookeeper.md) ({{metricbeat}} docs) |
::::
@@ -77,40 +77,40 @@ When you [configure inputs](/reference/ingestion-tools/fleet/elastic-agent-input
| Input | Description | Learn more |
| --- | --- | --- |
-| `aws-cloudwatch` | Stores log filesfrom Amazon Elastic Compute Cloud(EC2), AWS CloudTrail, Route53, and other sources. | [AWS CloudWatch input](beats://docs/reference/filebeat/filebeat-input-aws-cloudwatch.md) ({{filebeat}} docs) |
-| `aws-s3` | Retrieves logs from S3 objects that are pointed to by S3 notification events read from an SQS queue or directly polling list of S3 objects in an S3 bucket. | [AWS S3 input](beats://docs/reference/filebeat/filebeat-input-aws-s3.md) ({{filebeat}} docs) |
-| `azure-blob-storage` | Reads content from files stored in containers which reside on your Azure Cloud. | [Azure Blob Storage](beats://docs/reference/filebeat/filebeat-input-azure-blob-storage.md) ({{filebeat}} docs) |
-| `azure-eventhub` | Reads messages from an azure eventhub. | [Azure eventhub input](beats://docs/reference/filebeat/filebeat-input-azure-eventhub.md) ({{filebeat}} docs) |
-| `cel` | Reads messages from a file path or HTTP API with a variety of payloads using the [Common Expression Language (CEL)](https://opensource.google.com/projects/cel) and the [mito](https://pkg.go.dev/github.com/elastic/mito/lib) CEL extension libraries. | [Common Expression Language input](beats://docs/reference/filebeat/filebeat-input-cel.md) ({{filebeat}} docs) |
-| `cloudfoundry` | Gets HTTP access logs, container logs and error logs from Cloud Foundry. | [Cloud Foundry input](beats://docs/reference/filebeat/filebeat-input-cloudfoundry.md) ({{filebeat}} docs) |
-| `cometd` | Streams the real-time events from a Salesforce generic subscription Push Topic. | [CometD input](beats://docs/reference/filebeat/filebeat-input-cometd.md) ({{filebeat}} docs) |
-| `container` | Reads containers log files. | [Container input](beats://docs/reference/filebeat/filebeat-input-container.md) ({{filebeat}} docs) |
+| `aws-cloudwatch` | Stores log filesfrom Amazon Elastic Compute Cloud(EC2), AWS CloudTrail, Route53, and other sources. | [AWS CloudWatch input](asciidocalypse://docs/reference/filebeat/filebeat-input-aws-cloudwatch.md) ({{filebeat}} docs) |
+| `aws-s3` | Retrieves logs from S3 objects that are pointed to by S3 notification events read from an SQS queue or directly polling list of S3 objects in an S3 bucket. | [AWS S3 input](asciidocalypse://docs/reference/filebeat/filebeat-input-aws-s3.md) ({{filebeat}} docs) |
+| `azure-blob-storage` | Reads content from files stored in containers which reside on your Azure Cloud. | [Azure Blob Storage](asciidocalypse://docs/reference/filebeat/filebeat-input-azure-blob-storage.md) ({{filebeat}} docs) |
+| `azure-eventhub` | Reads messages from an azure eventhub. | [Azure eventhub input](asciidocalypse://docs/reference/filebeat/filebeat-input-azure-eventhub.md) ({{filebeat}} docs) |
+| `cel` | Reads messages from a file path or HTTP API with a variety of payloads using the [Common Expression Language (CEL)](https://opensource.google.com/projects/cel) and the [mito](https://pkg.go.dev/github.com/elastic/mito/lib) CEL extension libraries. | [Common Expression Language input](asciidocalypse://docs/reference/filebeat/filebeat-input-cel.md) ({{filebeat}} docs) |
+| `cloudfoundry` | Gets HTTP access logs, container logs and error logs from Cloud Foundry. | [Cloud Foundry input](asciidocalypse://docs/reference/filebeat/filebeat-input-cloudfoundry.md) ({{filebeat}} docs) |
+| `cometd` | Streams the real-time events from a Salesforce generic subscription Push Topic. | [CometD input](asciidocalypse://docs/reference/filebeat/filebeat-input-cometd.md) ({{filebeat}} docs) |
+| `container` | Reads containers log files. | [Container input](asciidocalypse://docs/reference/filebeat/filebeat-input-container.md) ({{filebeat}} docs) |
| `docker` | Alias for `container`. | - |
| `log/docker` | Alias for `container`. | n/a |
-| `entity-analytics` | Collects identity assets, such as users, from external identity providers. | [Entity Analytics input](beats://docs/reference/filebeat/filebeat-input-entity-analytics.md) ({{filebeat}} docs) |
+| `entity-analytics` | Collects identity assets, such as users, from external identity providers. | [Entity Analytics input](asciidocalypse://docs/reference/filebeat/filebeat-input-entity-analytics.md) ({{filebeat}} docs) |
| `event/file` | Alias for `log`. | n/a |
| `event/tcp` | Alias for `tcp`. | n/a |
-| `filestream` | Reads lines from active log files. Replaces and imporoves on the `log` input. | [filestream input](beats://docs/reference/filebeat/filebeat-input-filestream.md) ({{filebeat}} docs) |
-| `gcp-pubsub` | Reads messages from a Google Cloud Pub/Sub topic subscription. | [GCP Pub/Sub input](beats://docs/reference/filebeat/filebeat-input-gcp-pubsub.md) ({{filebeat}} docs) |
-| `gcs` | [beta] Reads content from files stored in buckets which reside on your Google Cloud. | [Google Cloud Storage input](beats://docs/reference/filebeat/filebeat-input-gcs.md) ({{filebeat}} docs) |
-| `http_endpoint` | [beta] Initializes a listening HTTP server that collects incoming HTTP POST requests containing a JSON body. | [HTTP Endpoint input](beats://docs/reference/filebeat/filebeat-input-http_endpoint.md) ({{filebeat}} docs) |
-| `httpjson` | Read messages from an HTTP API with JSON payloads. | [HTTP JSON input](beats://docs/reference/filebeat/filebeat-input-httpjson.md) ({{filebeat}} docs) |
-| `journald` | [beta] A system service that collects and stores logging data. | [Journald input](beats://docs/reference/filebeat/filebeat-input-journald.md) ({{filebeat}} docs) |
-| `kafka` | Reads from topics in a Kafka cluster. | [Kafka input](beats://docs/reference/filebeat/filebeat-input-kafka.md) ({{filebeat}} docs) |
+| `filestream` | Reads lines from active log files. Replaces and imporoves on the `log` input. | [filestream input](asciidocalypse://docs/reference/filebeat/filebeat-input-filestream.md) ({{filebeat}} docs) |
+| `gcp-pubsub` | Reads messages from a Google Cloud Pub/Sub topic subscription. | [GCP Pub/Sub input](asciidocalypse://docs/reference/filebeat/filebeat-input-gcp-pubsub.md) ({{filebeat}} docs) |
+| `gcs` | [beta] Reads content from files stored in buckets which reside on your Google Cloud. | [Google Cloud Storage input](asciidocalypse://docs/reference/filebeat/filebeat-input-gcs.md) ({{filebeat}} docs) |
+| `http_endpoint` | [beta] Initializes a listening HTTP server that collects incoming HTTP POST requests containing a JSON body. | [HTTP Endpoint input](asciidocalypse://docs/reference/filebeat/filebeat-input-http_endpoint.md) ({{filebeat}} docs) |
+| `httpjson` | Read messages from an HTTP API with JSON payloads. | [HTTP JSON input](asciidocalypse://docs/reference/filebeat/filebeat-input-httpjson.md) ({{filebeat}} docs) |
+| `journald` | [beta] A system service that collects and stores logging data. | [Journald input](asciidocalypse://docs/reference/filebeat/filebeat-input-journald.md) ({{filebeat}} docs) |
+| `kafka` | Reads from topics in a Kafka cluster. | [Kafka input](asciidocalypse://docs/reference/filebeat/filebeat-input-kafka.md) ({{filebeat}} docs) |
| `log` | DEPRECATED: Please use the `filestream` input instead. | n/a |
| `logfile` | Alias for `log`. | n/a |
| `log/redis_slowlog` | Alias for `redis`. | n/a |
| `log/syslog` | Alias for `syslog`. | n/a |
-| `mqtt` | Reads data transmitted using lightweight messaging protocol for small and mobile devices, optimized for high-latency or unreliable networks. | [MQTT input](beats://docs/reference/filebeat/filebeat-input-mqtt.md) ({{filebeat}} docs) |
-| `netflow` | Reads NetFlow and IPFIX exported flows and options records over UDP. | [NetFlow input](beats://docs/reference/filebeat/filebeat-input-netflow.md) ({{filebeat}} docs) |
-| `o365audit` | [beta] Retrieves audit messages from Office 365 and Azure AD activity logs. | [Office 365 Management Activity API input](beats://docs/reference/filebeat/filebeat-input-o365audit.md) ({{filebeat}} docs) |
+| `mqtt` | Reads data transmitted using lightweight messaging protocol for small and mobile devices, optimized for high-latency or unreliable networks. | [MQTT input](asciidocalypse://docs/reference/filebeat/filebeat-input-mqtt.md) ({{filebeat}} docs) |
+| `netflow` | Reads NetFlow and IPFIX exported flows and options records over UDP. | [NetFlow input](asciidocalypse://docs/reference/filebeat/filebeat-input-netflow.md) ({{filebeat}} docs) |
+| `o365audit` | [beta] Retrieves audit messages from Office 365 and Azure AD activity logs. | [Office 365 Management Activity API input](asciidocalypse://docs/reference/filebeat/filebeat-input-o365audit.md) ({{filebeat}} docs) |
| `osquery` | Collects and decodes the result logs written by [osqueryd](https://osquery.readthedocs.io/en/latest/introduction/using-osqueryd/) in the JSON format. | - |
-| `redis` | [beta] Reads entries from Redis slowlogs. | [Redis input](beats://docs/reference/filebeat/filebeat-overview.md) ({{filebeat}} docs) |
-| `syslog` | Reads Syslog events as specified by RFC 3164 and RFC 5424, over TCP, UDP, or a Unix stream socket. | [Syslog input](beats://docs/reference/filebeat/filebeat-input-syslog.md) ({{filebeat}} docs) |
-| `tcp` | Reads events over TCP. | [TCP input](beats://docs/reference/filebeat/filebeat-input-tcp.md) ({{filebeat}} docs) |
-| `udp` | Reads events over UDP. | [UDP input](beats://docs/reference/filebeat/filebeat-input-udp.md) ({{filebeat}} docs) |
-| `unix` | [beta] Reads events over a stream-oriented Unix domain socket. | [Unix input](beats://docs/reference/filebeat/filebeat-overview.md) ({{filebeat}} docs) |
-| `winlog` | Reads from one or more event logs using Windows APIs, filters the events based on user-configured criteria, then sends the event data to the configured outputs ({{es}} or {{ls}}). | [Winlogbeat Overview](beats://docs/reference/winlogbeat/_winlogbeat_overview.md) ({{winlogbeat}} docs) |
+| `redis` | [beta] Reads entries from Redis slowlogs. | [Redis input](asciidocalypse://docs/reference/filebeat/filebeat-overview.md) ({{filebeat}} docs) |
+| `syslog` | Reads Syslog events as specified by RFC 3164 and RFC 5424, over TCP, UDP, or a Unix stream socket. | [Syslog input](asciidocalypse://docs/reference/filebeat/filebeat-input-syslog.md) ({{filebeat}} docs) |
+| `tcp` | Reads events over TCP. | [TCP input](asciidocalypse://docs/reference/filebeat/filebeat-input-tcp.md) ({{filebeat}} docs) |
+| `udp` | Reads events over UDP. | [UDP input](asciidocalypse://docs/reference/filebeat/filebeat-input-udp.md) ({{filebeat}} docs) |
+| `unix` | [beta] Reads events over a stream-oriented Unix domain socket. | [Unix input](asciidocalypse://docs/reference/filebeat/filebeat-overview.md) ({{filebeat}} docs) |
+| `winlog` | Reads from one or more event logs using Windows APIs, filters the events based on user-configured criteria, then sends the event data to the configured outputs ({{es}} or {{ls}}). | [Winlogbeat Overview](asciidocalypse://docs/reference/winlogbeat/_winlogbeat_overview.md) ({{winlogbeat}} docs) |
::::
@@ -120,9 +120,9 @@ When you [configure inputs](/reference/ingestion-tools/fleet/elastic-agent-input
| Input | Description | Learn more |
| --- | --- | --- |
-| `synthetics/http` | Connect via HTTP and optionally verify that the host returns the expected response. | [HTTP options](beats://docs/reference/heartbeat/monitor-http-options.md) ({{heartbeat}} docs) |
-| `synthetics/icmp` | Use ICMP (v4 and v6) Echo Requests to check the configured hosts. | [ICMP options](beats://docs/reference/heartbeat/monitor-icmp-options.md) ({{heartbeat}} docs) |
-| `synthetics/tcp` | Connect via TCP and optionally verify the endpoint by sending and/or receiving a custom payload. | [TCP options](beats://docs/reference/heartbeat/monitor-tcp-options.md) ({{heartbeat}} docs) |
+| `synthetics/http` | Connect via HTTP and optionally verify that the host returns the expected response. | [HTTP options](asciidocalypse://docs/reference/heartbeat/monitor-http-options.md) ({{heartbeat}} docs) |
+| `synthetics/icmp` | Use ICMP (v4 and v6) Echo Requests to check the configured hosts. | [ICMP options](asciidocalypse://docs/reference/heartbeat/monitor-icmp-options.md) ({{heartbeat}} docs) |
+| `synthetics/tcp` | Connect via TCP and optionally verify the endpoint by sending and/or receiving a custom payload. | [TCP options](asciidocalypse://docs/reference/heartbeat/monitor-tcp-options.md) ({{heartbeat}} docs) |
::::
@@ -132,7 +132,7 @@ When you [configure inputs](/reference/ingestion-tools/fleet/elastic-agent-input
| Input | Description | Learn more |
| --- | --- | --- |
-| `packet` | Sniffs the traffic between your servers, parses the application-level protocols on the fly, and correlates the messages into transactions. | [Packetbeat overview](beats://docs/reference/packetbeat/packetbeat-overview.md) ({{packetbeat}} docs) |
+| `packet` | Sniffs the traffic between your servers, parses the application-level protocols on the fly, and correlates the messages into transactions. | [Packetbeat overview](asciidocalypse://docs/reference/packetbeat/packetbeat-overview.md) ({{packetbeat}} docs) |
::::
diff --git a/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md b/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md
index a715be21d7..99b0d616b2 100644
--- a/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md
+++ b/reference/ingestion-tools/fleet/elastic-agent-simplified-input-configuration.md
@@ -20,5 +20,5 @@ inputs:
3. An array containing all log file paths.
-For other custom options to configure the input, refer to the [filestream input](beats://docs/reference/filebeat/filebeat-input-filestream.md) in the {{filebeat}} documentation.
+For other custom options to configure the input, refer to the [filestream input](asciidocalypse://docs/reference/filebeat/filebeat-input-filestream.md) in the {{filebeat}} documentation.
diff --git a/reference/ingestion-tools/fleet/elastic-agent-unprivileged.md b/reference/ingestion-tools/fleet/elastic-agent-unprivileged.md
index 57e3c58194..ee9a0822e0 100644
--- a/reference/ingestion-tools/fleet/elastic-agent-unprivileged.md
+++ b/reference/ingestion-tools/fleet/elastic-agent-unprivileged.md
@@ -100,12 +100,12 @@ As well, a warning is displayed in {{kib}} if you try to add an integration that
Examples of integrations that require {{agent}} to have administrative privileges are:
-* [{{elastic-defend}}](integration-docs://docs/reference/endpoint.md)
-* [Auditd Manager](integration-docs://docs/reference/auditd_manager.md)
-* [File Integrity Monitoring](integration-docs://docs/reference/fim.md)
-* [Network Packet Capture](integration-docs://docs/reference/network_traffic.md)
-* [System Audit](integration-docs://docs/reference/system_audit.md)
-* [Universal Profiling Agent](integration-docs://docs/reference/profiler_agent.md)
+* [{{elastic-defend}}](asciidocalypse://docs/reference/endpoint.md)
+* [Auditd Manager](asciidocalypse://docs/reference/auditd_manager.md)
+* [File Integrity Monitoring](asciidocalypse://docs/reference/fim.md)
+* [Network Packet Capture](asciidocalypse://docs/reference/network_traffic.md)
+* [System Audit](asciidocalypse://docs/reference/system_audit.md)
+* [Universal Profiling Agent](asciidocalypse://docs/reference/profiler_agent.md)
## Viewing an {{agent}} privilege mode [unprivileged-view-mode]
diff --git a/reference/ingestion-tools/fleet/epr-proxy-setting.md b/reference/ingestion-tools/fleet/epr-proxy-setting.md
index b28a9e80ca..e9a11c1e8f 100644
--- a/reference/ingestion-tools/fleet/epr-proxy-setting.md
+++ b/reference/ingestion-tools/fleet/epr-proxy-setting.md
@@ -7,7 +7,7 @@ mapped_pages:
{{fleet}} might be unable to access the {{package-registry}} because {{kib}} is behind a proxy server.
-Also your organization might have network traffic restrictions that prevent {{kib}} from reaching the public {{package-registry}} (EPR) endpoints, like [epr.elastic.co](https://epr.elastic.co/), to download package metadata and content. You can route traffic to the public endpoint of EPR through a network gateway, then configure proxy settings in the [{{kib}} configuration file](kibana://docs/reference/configuration-reference/fleet-settings.md), `kibana.yml`. For example:
+Also your organization might have network traffic restrictions that prevent {{kib}} from reaching the public {{package-registry}} (EPR) endpoints, like [epr.elastic.co](https://epr.elastic.co/), to download package metadata and content. You can route traffic to the public endpoint of EPR through a network gateway, then configure proxy settings in the [{{kib}} configuration file](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md), `kibana.yml`. For example:
```yaml
xpack.fleet.registryProxyUrl: your-nat-gateway.corp.net
diff --git a/reference/ingestion-tools/fleet/es-output-settings.md b/reference/ingestion-tools/fleet/es-output-settings.md
index c14ef87b8f..a46846b1f0 100644
--- a/reference/ingestion-tools/fleet/es-output-settings.md
+++ b/reference/ingestion-tools/fleet/es-output-settings.md
@@ -46,7 +46,7 @@ Specify these settings to send data over a secure connection to {{es}}. In the {
| `compression_level` | 1 | 1 | 1 | 1 |
| `idle_connection_timeout` | 3 | 15 | 1 | 60 |
-For descriptions of each setting, refer to [Advanced YAML configuration](#es-output-settings-yaml-config). For the `queue.mem.events`, `queue.mem.flush.min_events` and `queue.mem.flush.timeout` settings, refer to the [internal queue configuration settings](beats://docs/reference/filebeat/configuring-internal-queue.md) in the {{filebeat}} documentation.
+For descriptions of each setting, refer to [Advanced YAML configuration](#es-output-settings-yaml-config). For the `queue.mem.events`, `queue.mem.flush.min_events` and `queue.mem.flush.timeout` settings, refer to the [internal queue configuration settings](asciidocalypse://docs/reference/filebeat/configuring-internal-queue.md) in the {{filebeat}} documentation.
`Balanced` represents the new default setting (out of the box behaviour). Relative to `Balanced`, `Optimized for throughput` setting will improve EPS by 4 times, `Optimized for Scale` will perform on par and `Optimized for Latency` will show a 20% degredation in EPS (Events Per Second). These relative performance numbers were calculated from a performance testbed which operates in a controlled setting ingesting a large log file.
diff --git a/reference/ingestion-tools/fleet/example-standalone-monitor-nginx-serverless.md b/reference/ingestion-tools/fleet/example-standalone-monitor-nginx-serverless.md
index 1a83419bbb..7ef6930954 100644
--- a/reference/ingestion-tools/fleet/example-standalone-monitor-nginx-serverless.md
+++ b/reference/ingestion-tools/fleet/example-standalone-monitor-nginx-serverless.md
@@ -311,4 +311,4 @@ Congratulations! You have successfully set up monitoring for nginx using standal
## What’s next? [_whats_next]
* Learn more about [{{fleet}} and {{agent}}](/reference/ingestion-tools/fleet/index.md).
-* Learn more about [{{integrations}}](integration-docs://docs/reference/index.md).
+* Learn more about [{{integrations}}](asciidocalypse://docs/reference/index.md).
diff --git a/reference/ingestion-tools/fleet/example-standalone-monitor-nginx.md b/reference/ingestion-tools/fleet/example-standalone-monitor-nginx.md
index 75971edf57..b5b748353b 100644
--- a/reference/ingestion-tools/fleet/example-standalone-monitor-nginx.md
+++ b/reference/ingestion-tools/fleet/example-standalone-monitor-nginx.md
@@ -310,4 +310,4 @@ Congratulations! You have successfully set up monitoring for nginx using standal
## What’s next? [_whats_next_2]
* Learn more about [{{fleet}} and {{agent}}](/reference/ingestion-tools/fleet/index.md).
-* Learn more about [{{integrations}}](integration-docs://docs/reference/index.md).
+* Learn more about [{{integrations}}](asciidocalypse://docs/reference/index.md).
diff --git a/reference/ingestion-tools/fleet/fleet-enrollment-tokens.md b/reference/ingestion-tools/fleet/fleet-enrollment-tokens.md
index 0b465a0dae..24edfbcf62 100644
--- a/reference/ingestion-tools/fleet/fleet-enrollment-tokens.md
+++ b/reference/ingestion-tools/fleet/fleet-enrollment-tokens.md
@@ -78,7 +78,7 @@ To revoke an enrollment token:
To re-enroll your {{agent}}s, use an active enrollment token.
-Note that when an enrollment token is revoked it is not immediately deleted. Deletion occurs automatically after the duration specified in the {{es}} [`xpack.security.authc.api_key.delete.retention_period`](elasticsearch://docs/reference/elasticsearch/configuration-reference/security-settings.md#api-key-service-settings-delete-retention-period) setting has expired (see [Invalidate API key API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-invalidate-api-key) for details).
+Note that when an enrollment token is revoked it is not immediately deleted. Deletion occurs automatically after the duration specified in the {{es}} [`xpack.security.authc.api_key.delete.retention_period`](asciidocalypse://docs/reference/elasticsearch/configuration-reference/security-settings.md#api-key-service-settings-delete-retention-period) setting has expired (see [Invalidate API key API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-invalidate-api-key) for details).
Until the enrollment token has been deleted:
diff --git a/reference/ingestion-tools/fleet/fleet-roles-privileges.md b/reference/ingestion-tools/fleet/fleet-roles-privileges.md
index bbb3770849..3443eadc57 100644
--- a/reference/ingestion-tools/fleet/fleet-roles-privileges.md
+++ b/reference/ingestion-tools/fleet/fleet-roles-privileges.md
@@ -36,7 +36,7 @@ To create a new role with full access to use and manage {{fleet}} and Integratio
2. In the **Security** section, select **Roles**.
3. Select **Create role**.
4. Specify a name for the role.
-5. Leave the {{es}} settings at their defaults, or refer to [Security privileges](elasticsearch://docs/reference/elasticsearch/security-privileges.md) for descriptions of the available settings.
+5. Leave the {{es}} settings at their defaults, or refer to [Security privileges](asciidocalypse://docs/reference/elasticsearch/security-privileges.md) for descriptions of the available settings.
6. In the {{kib}} section, select **Add Kibana privilege**.
7. In the **Spaces** menu, select *** All Spaces**. Since many Integrations assets are shared across spaces, the users needs the {{kib}} privileges in all spaces.
8. Expand the **Management** section.
diff --git a/reference/ingestion-tools/fleet/fleet-server-scalability.md b/reference/ingestion-tools/fleet/fleet-server-scalability.md
index 07f03f466a..f398198c9e 100644
--- a/reference/ingestion-tools/fleet/fleet-server-scalability.md
+++ b/reference/ingestion-tools/fleet/fleet-server-scalability.md
@@ -212,7 +212,7 @@ If you are using {{agent}} with [{{serverless-full}}](/deploy-manage/deploy/elas
**{{agents}}**
-When you use {{fleet}} to manage a large volume (10k or more) of {{agents}}, the check-in from each of the multiple agents triggers an {{es}} authentication request. To help reduce the possibility of cache eviction and to speed up propagation of {{agent}} policy changes and actions, we recommend setting the [API key cache size](elasticsearch://docs/reference/elasticsearch/configuration-reference/security-settings.md#api-key-service-settings) in your {{es}} configuration to 2x the maximum number of agents.
+When you use {{fleet}} to manage a large volume (10k or more) of {{agents}}, the check-in from each of the multiple agents triggers an {{es}} authentication request. To help reduce the possibility of cache eviction and to speed up propagation of {{agent}} policy changes and actions, we recommend setting the [API key cache size](asciidocalypse://docs/reference/elasticsearch/configuration-reference/security-settings.md#api-key-service-settings) in your {{es}} configuration to 2x the maximum number of agents.
For example, with 25,000 running {{agents}} you could set the cache value to `50000`:
diff --git a/reference/ingestion-tools/fleet/fleet-settings.md b/reference/ingestion-tools/fleet/fleet-settings.md
index 06b11f3847..10a9ad082b 100644
--- a/reference/ingestion-tools/fleet/fleet-settings.md
+++ b/reference/ingestion-tools/fleet/fleet-settings.md
@@ -6,7 +6,7 @@ mapped_pages:
# Fleet settings [fleet-settings]
::::{note}
-The settings described here are configurable through the {{fleet}} UI. Refer to [{{fleet}} settings in {{kib}}](kibana://docs/reference/configuration-reference/fleet-settings.md) for a list of settings that you can configure in the `kibana.yml` configuration file.
+The settings described here are configurable through the {{fleet}} UI. Refer to [{{fleet}} settings in {{kib}}](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md) for a list of settings that you can configure in the `kibana.yml` configuration file.
::::
@@ -18,7 +18,7 @@ On the **Settings** tab in **Fleet**, you can configure global settings availabl
Click **Edit hosts** and specify the host URLs your {{agent}}s will use to connect to a {{fleet-server}}.
::::{tip}
-If the **Edit hosts** option is grayed out, {{fleet-server}} hosts are configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](kibana://docs/reference/configuration-reference/fleet-settings.md).
+If the **Edit hosts** option is grayed out, {{fleet-server}} hosts are configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md).
::::
@@ -93,7 +93,7 @@ To add or edit an output:
5. Click **Save and apply settings**.
::::{tip}
-If the options for editing an output are grayed out, outputs are configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](kibana://docs/reference/configuration-reference/fleet-settings.md).
+If the options for editing an output are grayed out, outputs are configured outside of {{fleet}}. For more information, refer to [{{fleet}} settings in {{kib}}](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md).
::::
diff --git a/reference/ingestion-tools/fleet/hints-annotations-autodiscovery.md b/reference/ingestion-tools/fleet/hints-annotations-autodiscovery.md
index afee96a4b3..58515a2c99 100644
--- a/reference/ingestion-tools/fleet/hints-annotations-autodiscovery.md
+++ b/reference/ingestion-tools/fleet/hints-annotations-autodiscovery.md
@@ -41,9 +41,9 @@ The host to use for metrics retrieval. If not defined, the host will be set as t
### `co.elastic.hints/data_stream` [_co_elastic_hintsdata_stream]
-The list of data streams to enable. If not specified, the integration’s default data streams are used. To find the defaults, refer to the [Elastic integrations documentation](integration-docs://docs/reference/index.md).
+The list of data streams to enable. If not specified, the integration’s default data streams are used. To find the defaults, refer to the [Elastic integrations documentation](asciidocalypse://docs/reference/index.md).
-If data streams are specified, additional hints can be defined per data stream. For example, `co.elastic.hints/info.period: 5m` if the data stream specified is `info` for the [Redis module](beats://docs/reference/metricbeat/metricbeat-module-redis.md).
+If data streams are specified, additional hints can be defined per data stream. For example, `co.elastic.hints/info.period: 5m` if the data stream specified is `info` for the [Redis module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-redis.md).
```yaml
apiVersion: v1
diff --git a/reference/ingestion-tools/fleet/index.md b/reference/ingestion-tools/fleet/index.md
index 00dcae54c8..d58a6e5fdd 100644
--- a/reference/ingestion-tools/fleet/index.md
+++ b/reference/ingestion-tools/fleet/index.md
@@ -34,7 +34,7 @@ Looking for a general guide that explores all of your options for ingesting data
## {{integrations}}
-[{{integrations}}](integration-docs://docs/reference/index.md) provide an easy way to connect Elastic to external services and systems, and quickly get insights or take action. They can collect new sources of data, and they often ship with out-of-the-box assets like dashboards, visualizations, and pipelines to extract structured fields out of logs and events. This makes it easier to get insights within seconds. Integrations are available for popular services and platforms like Nginx or AWS, as well as many generic input types like log files.
+[{{integrations}}](asciidocalypse://docs/reference/index.md) provide an easy way to connect Elastic to external services and systems, and quickly get insights or take action. They can collect new sources of data, and they often ship with out-of-the-box assets like dashboards, visualizations, and pipelines to extract structured fields out of logs and events. This makes it easier to get insights within seconds. Integrations are available for popular services and platforms like Nginx or AWS, as well as many generic input types like log files.
{{kib}} provides a web-based UI to add and manage integrations. You can browse a unified view of available integrations that shows both {{agent}} and {{beats}} integrations.
diff --git a/reference/ingestion-tools/fleet/ingest-pipeline-kubernetes.md b/reference/ingestion-tools/fleet/ingest-pipeline-kubernetes.md
index ef607fadd7..9e4cfba834 100644
--- a/reference/ingestion-tools/fleet/ingest-pipeline-kubernetes.md
+++ b/reference/ingestion-tools/fleet/ingest-pipeline-kubernetes.md
@@ -11,7 +11,7 @@ Custom pipelines can be used to add custom data processing, like adding fields,
## Metadata enrichment for Kubernetes [_metadata_enrichment_for_kubernetes]
-The [{{k8s}} Integration](integration-docs://docs/reference/kubernetes.md) is used to collect logs and metrics from Kubernetes clusters with {{agent}}. During the collection, the integration enhances the collected information with extra useful information that users can correlate with different Kubernetes assets. This additional information added on top of collected data, such as labels, annotations, ancestor names of Kubernetes assets, and others, are called metadata.
+The [{{k8s}} Integration](asciidocalypse://docs/reference/kubernetes.md) is used to collect logs and metrics from Kubernetes clusters with {{agent}}. During the collection, the integration enhances the collected information with extra useful information that users can correlate with different Kubernetes assets. This additional information added on top of collected data, such as labels, annotations, ancestor names of Kubernetes assets, and others, are called metadata.
The [{{k8s}} Provider](/reference/ingestion-tools/fleet/kubernetes-provider.md) offers the `add_resource_metadata` option to configure the metadata enrichment options.
diff --git a/reference/ingestion-tools/fleet/install-elastic-agents.md b/reference/ingestion-tools/fleet/install-elastic-agents.md
index 278cd3c820..9120982d6f 100644
--- a/reference/ingestion-tools/fleet/install-elastic-agents.md
+++ b/reference/ingestion-tools/fleet/install-elastic-agents.md
@@ -75,7 +75,7 @@ Using our lab environment as an example, we can observe the following resource c
### CPU and RSS memory size [_cpu_and_rss_memory_size]
-We tested using an AWS `m7i.large` instance type with 2 vCPUs, 8.0 GB of memory, and up to 12.5 Gbps of bandwidth. The tests ingested a single log file using both the [throughput and scale preset](/reference/ingestion-tools/fleet/elasticsearch-output.md#output-elasticsearch-performance-tuning-settings) with self monitoring enabled. These tests are representative of use cases that attempt to ingest data as fast as possible. This does not represent the resource overhead when using [{{elastic-defend}}](integration-docs://docs/reference/endpoint.md).
+We tested using an AWS `m7i.large` instance type with 2 vCPUs, 8.0 GB of memory, and up to 12.5 Gbps of bandwidth. The tests ingested a single log file using both the [throughput and scale preset](/reference/ingestion-tools/fleet/elasticsearch-output.md#output-elasticsearch-performance-tuning-settings) with self monitoring enabled. These tests are representative of use cases that attempt to ingest data as fast as possible. This does not represent the resource overhead when using [{{elastic-defend}}](asciidocalypse://docs/reference/endpoint.md).
| | | |
| --- | --- | --- |
diff --git a/reference/ingestion-tools/fleet/integrations-assets-best-practices.md b/reference/ingestion-tools/fleet/integrations-assets-best-practices.md
index e16b654835..5fe25a1d33 100644
--- a/reference/ingestion-tools/fleet/integrations-assets-best-practices.md
+++ b/reference/ingestion-tools/fleet/integrations-assets-best-practices.md
@@ -36,7 +36,7 @@ The {{fleet}} integration assets are not supposed to work when sending arbitrary
While it’s possible to include {{fleet}} and {{agent}} integration assets in a custom integration, this is not recommended nor supported. Assets from another integration should not be referenced directly from a custom integration.
-As an example scenario, one may want to ingest Redis logs from Kafka. This can be done using the [Redis integration](integration-docs://docs/reference/redis-intro.md), but only certain files and paths are allowed. It’s technically possible to use the [Custom Kafka Logs integration](integration-docs://docs/reference/kafka_log.md) with a custom ingest pipeline, referencing the ingest pipeline of the Redis integration to ingest logs into the index templates of the Custom Kafka Logs integration data streams.
+As an example scenario, one may want to ingest Redis logs from Kafka. This can be done using the [Redis integration](asciidocalypse://docs/reference/redis-intro.md), but only certain files and paths are allowed. It’s technically possible to use the [Custom Kafka Logs integration](asciidocalypse://docs/reference/kafka_log.md) with a custom ingest pipeline, referencing the ingest pipeline of the Redis integration to ingest logs into the index templates of the Custom Kafka Logs integration data streams.
However, referencing assets of an integration from another custom integration is not recommended nor supported. A configuration as described above can break when the integration is upgraded, as can happen automatically.
diff --git a/reference/ingestion-tools/fleet/kafka-output-settings.md b/reference/ingestion-tools/fleet/kafka-output-settings.md
index 41d4d446b4..3fae354b9e 100644
--- a/reference/ingestion-tools/fleet/kafka-output-settings.md
+++ b/reference/ingestion-tools/fleet/kafka-output-settings.md
@@ -28,8 +28,8 @@ Select the mechanism that {{agent}} uses to authenticate with Kafka.
| | |
| --- | --- |
| $$$kafka-output-authentication-none$$$
**None**
| No authentication is used between {{agent}} and Kafka. This is the default option. In production, it’s recommended to have an authentication method selected.
Plaintext
: Set this option for traffic between {{agent}} and Kafka to be sent as plaintext, without any transport layer security.
This is the default option when no authentication is set.
Encryption
: Set this option for traffic between {{agent}} and Kafka to use transport layer security.
When **Encryption*** is selected, the ***Server SSL certificate authorities** and **Verification mode** mode options become available.
|
-| $$$kafka-output-authentication-basic$$$
**Username / Password**
| Connect to Kafka with a username and password.
Provide your username and password, and select a SASL (Simple Authentication and Security Layer) mechanism for your login credentials.
When SCRAM is enabled, {{agent}} uses the [SCRAM](https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism) mechanism to authenticate the user credential. SCRAM is based on the IETF RFC5802 standard which describes a challenge-response mechanism for authenticating users.
* Plain - SCRAM is not used to authenticate
* SCRAM-SHA-256 - uses the SHA-256 hashing function
* SCRAM-SHA-512 - uses the SHA-512 hashing function
To prevent unauthorized access your Kafka password is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](kibana://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
-| $$$kafka-output-authentication-ssl$$$
**SSL**
| Authenticate using the Secure Sockets Layer (SSL) protocol. Provide the following details for your SSL certificate:
Client SSL certificate
: The certificate generated for the client. Copy and paste in the full contents of the certificate. This is the certificate that all the agents will use to connect to Kafka.
In cases where each client has a unique certificate, the local path to that certificate can be placed here. The agents will pick the certificate in that location when establishing a connection to Kafka.
Client SSL certificate key
: The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. This is the certificate key that all the agents will use to connect to Kafka.
In cases where each client has a unique certificate key, the local path to that certificate key can be placed here. The agents will pick the certificate key in that location when establishing a connection to Kafka.
To prevent unauthorized access the certificate key is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the key as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](kibana://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
+| $$$kafka-output-authentication-basic$$$
**Username / Password**
| Connect to Kafka with a username and password.
Provide your username and password, and select a SASL (Simple Authentication and Security Layer) mechanism for your login credentials.
When SCRAM is enabled, {{agent}} uses the [SCRAM](https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism) mechanism to authenticate the user credential. SCRAM is based on the IETF RFC5802 standard which describes a challenge-response mechanism for authenticating users.
* Plain - SCRAM is not used to authenticate
* SCRAM-SHA-256 - uses the SHA-256 hashing function
* SCRAM-SHA-512 - uses the SHA-512 hashing function
To prevent unauthorized access your Kafka password is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
+| $$$kafka-output-authentication-ssl$$$
**SSL**
| Authenticate using the Secure Sockets Layer (SSL) protocol. Provide the following details for your SSL certificate:
Client SSL certificate
: The certificate generated for the client. Copy and paste in the full contents of the certificate. This is the certificate that all the agents will use to connect to Kafka.
In cases where each client has a unique certificate, the local path to that certificate can be placed here. The agents will pick the certificate in that location when establishing a connection to Kafka.
Client SSL certificate key
: The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. This is the certificate key that all the agents will use to connect to Kafka.
In cases where each client has a unique certificate key, the local path to that certificate key can be placed here. The agents will pick the certificate key in that location when establishing a connection to Kafka.
To prevent unauthorized access the certificate key is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the key as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
| **Server SSL certificate authorities**
| The CA certificate to use to connect to Kafka. This is the CA used to generate the certificate and key for Kafka. Copy and paste in the full contents for the CA certificate.
This setting is optional. This setting is not available when the authentication `None` and `Plaintext` options are selected.
Click **Add row** to specify additional certificate authories.
|
| **Verification mode**
| Controls the verification of server certificates. Valid values are:
`Full`
: Verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate.
`None`
: Performs *no verification* of the server’s certificate. This mode disables many of the security benefits of SSL/TLS and should only be used after cautious consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.
`Strict`
: Verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate. If the Subject Alternative Name is empty, it returns an error.
`Certificate`
: Verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.
The default value is `Full`. This setting is not available when the authentication `None` and `Plaintext` options are selected.
|
@@ -51,7 +51,7 @@ Use this option to set the Kafka topic for each {{agent}} event.
| | |
| --- | --- |
-| $$$kafka-output-topics-default$$$
**Default topic**
| Set a default topic to use for events sent by {{agent}} to the Kafka output.
You can set a static topic, for example `elastic-agent`, or you can choose to set a topic dynamically based on an [Elastic Common Scheme (ECS)][Elastic Common Schema (ECS)](ecs://docs/reference/index.md)) field. Available fields include:
* `data_stream_type`
* `data_stream.dataset`
* `data_stream.namespace`
* `@timestamp`
* `event-dataset`
You can also set a custom field. This is useful if you’re using the [`add_fields` processor](/reference/ingestion-tools/fleet/add_fields-processor.md) as part of your {{agent}} input. Otherwise, setting a custom field is not recommended.
|
+| $$$kafka-output-topics-default$$$
**Default topic**
| Set a default topic to use for events sent by {{agent}} to the Kafka output.
You can set a static topic, for example `elastic-agent`, or you can choose to set a topic dynamically based on an [Elastic Common Scheme (ECS)][Elastic Common Schema (ECS)](asciidocalypse://docs/reference/index.md)) field. Available fields include:
* `data_stream_type`
* `data_stream.dataset`
* `data_stream.namespace`
* `@timestamp`
* `event-dataset`
You can also set a custom field. This is useful if you’re using the [`add_fields` processor](/reference/ingestion-tools/fleet/add_fields-processor.md) as part of your {{agent}} input. Otherwise, setting a custom field is not recommended.
|
### Header settings [_header_settings]
diff --git a/reference/ingestion-tools/fleet/logstash-output.md b/reference/ingestion-tools/fleet/logstash-output.md
index c04d658b75..8340b30bed 100644
--- a/reference/ingestion-tools/fleet/logstash-output.md
+++ b/reference/ingestion-tools/fleet/logstash-output.md
@@ -58,7 +58,7 @@ output {
3. The API Key used by {{ls}} to ship data to the destination data streams.
-For more information about configuring {{ls}}, refer to [Configuring {{ls}}](logstash://docs/reference/creating-logstash-pipeline.md) and [{{agent}} input plugin](logstash://docs/reference/plugins-inputs-elastic_agent.md).
+For more information about configuring {{ls}}, refer to [Configuring {{ls}}](asciidocalypse://docs/reference/creating-logstash-pipeline.md) and [{{agent}} input plugin](asciidocalypse://docs/reference/plugins-inputs-elastic_agent.md).
## {{ls}} output configuration settings [_ls_output_configuration_settings]
@@ -86,7 +86,7 @@ The `logstash` output supports the following settings, grouped by category. Many
When sending data to a secured cluster through the `logstash` output, {{agent}} can use SSL/TLS. For a list of available settings, refer to [SSL/TLS](/reference/ingestion-tools/fleet/elastic-agent-ssl-configuration.md), specifically the settings under [Table 7, Common configuration options](/reference/ingestion-tools/fleet/elastic-agent-ssl-configuration.md#common-ssl-options) and [Table 8, Client configuration options](/reference/ingestion-tools/fleet/elastic-agent-ssl-configuration.md#client-ssl-options).
::::{note}
-To use SSL/TLS, you must also configure the [{{agent}} input plugin for {{ls}}](logstash://docs/reference/plugins-inputs-beats.md) to use SSL/TLS.
+To use SSL/TLS, you must also configure the [{{agent}} input plugin for {{ls}}](asciidocalypse://docs/reference/plugins-inputs-beats.md) to use SSL/TLS.
::::
diff --git a/reference/ingestion-tools/fleet/ls-output-settings.md b/reference/ingestion-tools/fleet/ls-output-settings.md
index 880219f3f6..5d56f0b42a 100644
--- a/reference/ingestion-tools/fleet/ls-output-settings.md
+++ b/reference/ingestion-tools/fleet/ls-output-settings.md
@@ -54,7 +54,7 @@ output {
| $$$ls-logstash-hosts$$$
**{{ls}} hosts**
| The addresses your {{agent}}s will use to connect to {{ls}}. Use the format `host:port`. Click **add** row to specify additional {{ls}} addresses.
**Examples:**
* `192.0.2.0:5044`
* `mylogstashhost:5044`
Refer to the [{{fleet-server}}](/reference/ingestion-tools/fleet/fleet-server.md) documentation for default ports and other configuration details.
|
| $$$ls-server-ssl-certificate-authorities-setting$$$
**Server SSL certificate authorities**
| The CA certificate to use to connect to {{ls}}. This is the CA used to generate the certificate and key for {{ls}}. Copy and paste in the full contents for the CA certificate.
This setting is optional.
|
| $$$ls-client-ssl-certificate-setting$$$
**Client SSL certificate**
| The certificate generated for the client. Copy and paste in the full contents of the certificate. This is the certificate that all the agents will use to connect to {{ls}}.
In cases where each client has a unique certificate, the local path to that certificate can be placed here. The agents will pick the certificate in that location when establishing a connection to {{ls}}.
|
-| $$$ls-client-ssl-certificate-key-setting$$$
**Client SSL certificate key**
| The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. This is the certificate key that all the agents will use to connect to {{ls}}.
In cases where each client has a unique certificate key, the local path to that certificate key can be placed here. The agents will pick the certificate key in that location when establishing a connection to {{ls}}.
To prevent unauthorized access the certificate key is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the key as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](kibana://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
+| $$$ls-client-ssl-certificate-key-setting$$$
**Client SSL certificate key**
| The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. This is the certificate key that all the agents will use to connect to {{ls}}.
In cases where each client has a unique certificate key, the local path to that certificate key can be placed here. The agents will pick the certificate key in that location when establishing a connection to {{ls}}.
To prevent unauthorized access the certificate key is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the key as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher.
Note that this setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
|
| $$$ls-agent-proxy-output$$$
**Proxy**
| Select a proxy URL for {{agent}} to connect to {{ls}}. To learn about proxy configuration, refer to [Using a proxy server with {{agent}} and {{fleet}}](/reference/ingestion-tools/fleet/fleet-agent-proxy-support.md).
|
| $$$ls-output-advanced-yaml-setting$$$
**Advanced YAML configuration**
| YAML settings that will be added to the {{ls}} output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation.
See [Advanced YAML configuration](#ls-output-settings-yaml-config) for descriptions of the available settings.
|
| $$$ls-agent-integrations-output$$$
**Make this output the default for agent integrations**
| When this setting is on, {{agent}}s use this output to send data if no other output is set in the [agent policy](/reference/ingestion-tools/fleet/agent-policy.md).
Output to {{ls}} is not supported for agent integrations in a policy used by {{fleet-server}} or APM.
|
diff --git a/reference/ingestion-tools/fleet/manage-integrations.md b/reference/ingestion-tools/fleet/manage-integrations.md
index e14773c73f..a315a4a85f 100644
--- a/reference/ingestion-tools/fleet/manage-integrations.md
+++ b/reference/ingestion-tools/fleet/manage-integrations.md
@@ -8,7 +8,7 @@ mapped_pages:
::::{admonition}
-Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://docs/reference/index.md).
+Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](asciidocalypse://docs/reference/index.md).
{{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats.
diff --git a/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md b/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
index d6cc82d3ac..f5d16f9ff1 100644
--- a/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
+++ b/reference/ingestion-tools/fleet/migrate-auditbeat-to-agent.md
@@ -21,20 +21,20 @@ The following table describes the integrations you can use instead of {{auditbea
| If you use… | You can use this instead… | Notes |
| --- | --- | --- |
-| [Auditd](beats://docs/reference/auditbeat/auditbeat-module-auditd.md) module | [Auditd Manager](integration-docs://docs/reference/auditd_manager.md) integration | This integration is a direct replacement of the module. You can port rules andconfiguration to this integration. Starting in {{stack}} 8.4, you can also set the`immutable` flag in the audit configuration. |
-| [Auditd Logs](integration-docs://docs/reference/auditd.md) integration | Use this integration if you don’t need to manage rules. It only parses logs fromthe audit daemon `auditd`. Please note that the events created by this integrationare different than the ones created by[Auditd Manager](integration-docs://docs/reference/auditd_manager.md), since the latter merges allrelated messages in a single event while [Auditd Logs](integration-docs://docs/reference/auditd.md)creates one event per message. |
-| [File Integrity](beats://docs/reference/auditbeat/auditbeat-module-file_integrity.md) module | [File Integrity Monitoring](integration-docs://docs/reference/fim.md) integration | This integration is a direct replacement of the module. It reports real-timeevents, but cannot report who made the changes. If you need to track thisinformation, use [{{elastic-defend}}](/reference/security/elastic-defend/install-endpoint.md)instead. |
-| [System](beats://docs/reference/auditbeat/auditbeat-module-system.md) module | It depends… | There is not a single integration that collects all this information. |
-| [System.host](beats://docs/reference/auditbeat/auditbeat-dataset-system-host.md) dataset | [Osquery](integration-docs://docs/reference/osquery.md) or [Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Schedule collection of information like:
* [system_info](https://www.osquery.io/schema/5.1.0/#system_info) for hostname, unique ID, and architecture
* [os_version](https://www.osquery.io/schema/5.1.0/#os_version)
* [interface_addresses](https://www.osquery.io/schema/5.1.0/#interface_addresses) for IPs and MACs
|
-| [System.login](beats://docs/reference/auditbeat/auditbeat-dataset-system-login.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Report login events. |
-| [Osquery](integration-docs://docs/reference/osquery.md) or [Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Use the [last](https://www.osquery.io/schema/5.1.0/#last) table for Linux and macOS. |
-| {{fleet}} [system](integration-docs://docs/reference/system.md) integration | Collect login events for Windows through the [Security event log](integration-docs://docs/reference/system.md#system-security). |
-| [System.package](beats://docs/reference/auditbeat/auditbeat-dataset-system-package.md) dataset | [System Audit](integration-docs://docs/reference/system_audit.md) integration | This integration is a direct replacement of the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:
* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)
* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)
* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)
|
-| [Osquery](integration-docs://docs/reference/osquery.md) or [Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Schedule collection of information like:
* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)
* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)
* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)
* [apps](https://www.osquery.io/schema/5.1.0/#apps) (MacOS)
* [programs](https://www.osquery.io/schema/5.1.0/#programs) (Windows)
* [npm_packages](https://www.osquery.io/schema/5.1.0/#npm_packages)
* [atom_packages](https://www.osquery.io/schema/5.1.0/#atom_packages)
* [chocolatey_packages](https://www.osquery.io/schema/5.1.0/#chocolatey_packages)
* [portage_packages](https://www.osquery.io/schema/5.1.0/#portage_packages)
* [python_packages](https://www.osquery.io/schema/5.1.0/#python_packages)
|
-| [System.process](beats://docs/reference/auditbeat/auditbeat-dataset-system-process.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Best replacement because out of the box it reports events forevery process in [ECS](ecs://docs/reference/index.md) format and has excellentintegration in [Kibana](/get-started/the-stack.md). |
-| [Custom Windows event log](integration-docs://docs/reference/winlog.md) and{{integrations-docs}}/windows#sysmonoperational[Sysmon] integrations | Provide process data. |
-| [Osquery](integration-docs://docs/reference/osquery.md) or[Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSeswithout polling. |
-| [System.socket](beats://docs/reference/auditbeat/auditbeat-dataset-system-socket.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Best replacement because it supports monitoring network connections on Linux,Windows, and MacOS. Includes process and user metadata. Currently does notdo flow accounting (byte and packet counts) or domain name enrichment (but doescollect DNS queries separately). |
-| [Osquery](integration-docs://docs/reference/osquery.md) or [Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Monitor socket events via the [socket_events](https://www.osquery.io/schema/5.1.0/#socket_events) tablefor Linux and MacOS. |
-| [System.user](beats://docs/reference/auditbeat/auditbeat-dataset-system-user.md) dataset | [Osquery](integration-docs://docs/reference/osquery.md) or [Osquery Manager](integration-docs://docs/reference/osquery_manager.md) integration | Monitor local users via the [user](https://www.osquery.io/schema/5.1.0/#user) table for Linux, Windows, and MacOS. |
+| [Auditd](asciidocalypse://docs/reference/auditbeat/auditbeat-module-auditd.md) module | [Auditd Manager](asciidocalypse://docs/reference/auditd_manager.md) integration | This integration is a direct replacement of the module. You can port rules andconfiguration to this integration. Starting in {{stack}} 8.4, you can also set the`immutable` flag in the audit configuration. |
+| [Auditd Logs](asciidocalypse://docs/reference/auditd.md) integration | Use this integration if you don’t need to manage rules. It only parses logs fromthe audit daemon `auditd`. Please note that the events created by this integrationare different than the ones created by[Auditd Manager](asciidocalypse://docs/reference/auditd_manager.md), since the latter merges allrelated messages in a single event while [Auditd Logs](asciidocalypse://docs/reference/auditd.md)creates one event per message. |
+| [File Integrity](asciidocalypse://docs/reference/auditbeat/auditbeat-module-file_integrity.md) module | [File Integrity Monitoring](asciidocalypse://docs/reference/fim.md) integration | This integration is a direct replacement of the module. It reports real-timeevents, but cannot report who made the changes. If you need to track thisinformation, use [{{elastic-defend}}](/reference/security/elastic-defend/install-endpoint.md)instead. |
+| [System](asciidocalypse://docs/reference/auditbeat/auditbeat-module-system.md) module | It depends… | There is not a single integration that collects all this information. |
+| [System.host](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-host.md) dataset | [Osquery](asciidocalypse://docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Schedule collection of information like:
* [system_info](https://www.osquery.io/schema/5.1.0/#system_info) for hostname, unique ID, and architecture
* [os_version](https://www.osquery.io/schema/5.1.0/#os_version)
* [interface_addresses](https://www.osquery.io/schema/5.1.0/#interface_addresses) for IPs and MACs
|
+| [System.login](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-login.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Report login events. |
+| [Osquery](asciidocalypse://docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Use the [last](https://www.osquery.io/schema/5.1.0/#last) table for Linux and macOS. |
+| {{fleet}} [system](asciidocalypse://docs/reference/system.md) integration | Collect login events for Windows through the [Security event log](asciidocalypse://docs/reference/system.md#system-security). |
+| [System.package](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-package.md) dataset | [System Audit](asciidocalypse://docs/reference/system_audit.md) integration | This integration is a direct replacement of the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:
* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)
* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)
* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)
|
+| [Osquery](asciidocalypse://docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Schedule collection of information like:
* [rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)
* [deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)
* [homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)
* [apps](https://www.osquery.io/schema/5.1.0/#apps) (MacOS)
* [programs](https://www.osquery.io/schema/5.1.0/#programs) (Windows)
* [npm_packages](https://www.osquery.io/schema/5.1.0/#npm_packages)
* [atom_packages](https://www.osquery.io/schema/5.1.0/#atom_packages)
* [chocolatey_packages](https://www.osquery.io/schema/5.1.0/#chocolatey_packages)
* [portage_packages](https://www.osquery.io/schema/5.1.0/#portage_packages)
* [python_packages](https://www.osquery.io/schema/5.1.0/#python_packages)
|
+| [System.process](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-process.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Best replacement because out of the box it reports events forevery process in [ECS](asciidocalypse://docs/reference/index.md) format and has excellentintegration in [Kibana](/get-started/the-stack.md). |
+| [Custom Windows event log](asciidocalypse://docs/reference/winlog.md) and{{integrations-docs}}/windows#sysmonoperational[Sysmon] integrations | Provide process data. |
+| [Osquery](asciidocalypse://docs/reference/osquery.md) or[Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSeswithout polling. |
+| [System.socket](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-socket.md) dataset | [Endpoint](/reference/security/elastic-defend/install-endpoint.md) | Best replacement because it supports monitoring network connections on Linux,Windows, and MacOS. Includes process and user metadata. Currently does notdo flow accounting (byte and packet counts) or domain name enrichment (but doescollect DNS queries separately). |
+| [Osquery](asciidocalypse://docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Monitor socket events via the [socket_events](https://www.osquery.io/schema/5.1.0/#socket_events) tablefor Linux and MacOS. |
+| [System.user](asciidocalypse://docs/reference/auditbeat/auditbeat-dataset-system-user.md) dataset | [Osquery](asciidocalypse://docs/reference/osquery.md) or [Osquery Manager](asciidocalypse://docs/reference/osquery_manager.md) integration | Monitor local users via the [user](https://www.osquery.io/schema/5.1.0/#user) table for Linux, Windows, and MacOS. |
diff --git a/reference/ingestion-tools/fleet/migrate-from-beats-to-elastic-agent.md b/reference/ingestion-tools/fleet/migrate-from-beats-to-elastic-agent.md
index 4208718f2a..a0abecff0f 100644
--- a/reference/ingestion-tools/fleet/migrate-from-beats-to-elastic-agent.md
+++ b/reference/ingestion-tools/fleet/migrate-from-beats-to-elastic-agent.md
@@ -22,7 +22,7 @@ Learn how to replace your existing {{filebeat}} and {{metricbeat}} deployments w
There are currently some limitations and requirements to be aware of before migrating to {{agent}}:
-* **No support for configuring the {{beats}} internal queue.** Each Beat has an internal queue that stores events before batching and publishing them to the output. To improve data throughput, {{beats}} users can set [configuration options](beats://docs/reference/filebeat/configuring-internal-queue.md) to tune the performance of the internal queue. However, the endless fine tuning required to configure the queue is cumbersome and not always fruitful. Instead of expecting users to configure the internal queue, {{agent}} uses sensible defaults. This means you won’t be able to migrate internal queue configurations to {{agent}}.
+* **No support for configuring the {{beats}} internal queue.** Each Beat has an internal queue that stores events before batching and publishing them to the output. To improve data throughput, {{beats}} users can set [configuration options](asciidocalypse://docs/reference/filebeat/configuring-internal-queue.md) to tune the performance of the internal queue. However, the endless fine tuning required to configure the queue is cumbersome and not always fruitful. Instead of expecting users to configure the internal queue, {{agent}} uses sensible defaults. This means you won’t be able to migrate internal queue configurations to {{agent}}.
For more information about {{agent}} limitations, see [*{{beats}} and {{agent}} capabilities*](/reference/ingestion-tools/fleet/index.md).
@@ -167,7 +167,7 @@ Notice again that the data is duplicated because you still have {{beats}} runnin
## Migrate processor configurations [_migrate_processor_configurations]
-Processors enable you to filter and enhance the data before it’s sent to the output. Each processor receives an event, applies a defined action to the event, and returns the event. If you define a list of processors, they are executed in the order they are defined. Elastic provides a [rich set of processors](beats://docs/reference/filebeat/defining-processors.md) that are supported by all {{beats}} and by {{agent}}.
+Processors enable you to filter and enhance the data before it’s sent to the output. Each processor receives an event, applies a defined action to the event, and returns the event. If you define a list of processors, they are executed in the order they are defined. Elastic provides a [rich set of processors](asciidocalypse://docs/reference/filebeat/defining-processors.md) that are supported by all {{beats}} and by {{agent}}.
Prior to migrating from {{beats}}, you defined processors in the configuration file for each Beat. After migrating to {{agent}}, however, the {{beats}} configuration files are redundant. All configuration is policy-driven from {{fleet}} (or for advanced use cases, specified in a standalone agent policy). Any processors you defined previously in the {{beats}} configuration need to be added to an integration policy; they cannot be defined in the {{beats}} configuration.
diff --git a/reference/ingestion-tools/fleet/monitor-elastic-agent.md b/reference/ingestion-tools/fleet/monitor-elastic-agent.md
index 9089946fee..a903e4ba41 100644
--- a/reference/ingestion-tools/fleet/monitor-elastic-agent.md
+++ b/reference/ingestion-tools/fleet/monitor-elastic-agent.md
@@ -62,7 +62,7 @@ To filter the list of agents by status, click the **Status** dropdown and select
:class: screenshot
:::
-For advanced filtering, use the search bar to create structured queries using [{{kib}} Query Language](elasticsearch://docs/reference/query-languages/kql.md). For example, enter `local_metadata.os.family : "darwin"` to see only agents running on macOS.
+For advanced filtering, use the search bar to create structured queries using [{{kib}} Query Language](asciidocalypse://docs/reference/query-languages/kql.md). For example, enter `local_metadata.os.family : "darwin"` to see only agents running on macOS.
You can also sort the list of agents by host, last activity time, or version, by clicking on the table headings for those fields.
@@ -125,7 +125,7 @@ When {{fleet}} reports an agent status like `Offline` or `Unhealthy`, you might
On the **Logs** tab you can filter, search, and explore the agent logs:
-* Use the search bar to create structured queries using [{{kib}} Query Language](elasticsearch://docs/reference/query-languages/kql.md).
+* Use the search bar to create structured queries using [{{kib}} Query Language](asciidocalypse://docs/reference/query-languages/kql.md).
* Choose one or more datasets to show logs for specific programs, such as {{filebeat}} or {{fleet-server}}.
:::{image} images/kibana-fleet-datasets.png
diff --git a/reference/ingestion-tools/fleet/processor-syntax.md b/reference/ingestion-tools/fleet/processor-syntax.md
index 688699bed2..0f56e56895 100644
--- a/reference/ingestion-tools/fleet/processor-syntax.md
+++ b/reference/ingestion-tools/fleet/processor-syntax.md
@@ -55,7 +55,7 @@ Each condition receives a field to compare. You can specify multiple fields unde
For each field, you can specify a simple field name or a nested map, for example `dns.question.name`.
-Refer to the [integrations documentation](integration-docs://docs/reference/index.md) for a list of all fields created by a specific integration.
+Refer to the [integrations documentation](asciidocalypse://docs/reference/index.md) for a list of all fields created by a specific integration.
The supported conditions are:
diff --git a/reference/ingestion-tools/fleet/remote-elasticsearch-output.md b/reference/ingestion-tools/fleet/remote-elasticsearch-output.md
index 9d92935d06..d3bf8fd425 100644
--- a/reference/ingestion-tools/fleet/remote-elasticsearch-output.md
+++ b/reference/ingestion-tools/fleet/remote-elasticsearch-output.md
@@ -39,7 +39,7 @@ To configure a remote {{es}} cluster for your {{agent}} data:
5. Back in your main cluster, paste the value you copied into the output **Service Token** field.
::::{note}
- To prevent unauthorized access the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](kibana://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
+ To prevent unauthorized access the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](asciidocalypse://docs/reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more.
::::
6. Choose whether or not the remote output should be the default for agent integrations or for agent monitoring data. When set, {{agent}}s use this output to send data if no other output is set in the [agent policy](/reference/ingestion-tools/fleet/agent-policy.md).
diff --git a/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md b/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md
index a889d7cb77..603eaf019f 100644
--- a/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md
+++ b/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md
@@ -14,9 +14,9 @@ On managed Kubernetes solutions like AKS, {{agent}} has no access to several dat
1. Metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components are not available. Consequently metrics are not available for `kube-scheduler` and `kube-controller-manager` components. In this regard, the respective **dashboards** will not be populated with data.
2. **Audit logs** are available only on Kubernetes master nodes as well, hence cannot be collected by {{agent}}.
-3. Fields `orchestrator.cluster.name` and `orchestrator.cluster.url` are not populated. `orchestrator.cluster.name` field is used as a cluster selector for default Kubernetes dashboards, shipped with [Kubernetes integration](integration-docs://docs/reference/kubernetes.md).
+3. Fields `orchestrator.cluster.name` and `orchestrator.cluster.url` are not populated. `orchestrator.cluster.name` field is used as a cluster selector for default Kubernetes dashboards, shipped with [Kubernetes integration](asciidocalypse://docs/reference/kubernetes.md).
- In this regard, you can use [`add_fields` processor](beats://docs/reference/filebeat/add-fields.md) to add `orchestrator.cluster.name` and `orchestrator.cluster.url` fields for each [Kubernetes integration](integration-docs://docs/reference/kubernetes.md)'s component:
+ In this regard, you can use [`add_fields` processor](asciidocalypse://docs/reference/filebeat/add-fields.md) to add `orchestrator.cluster.name` and `orchestrator.cluster.url` fields for each [Kubernetes integration](asciidocalypse://docs/reference/kubernetes.md)'s component:
```yaml
- add_fields:
diff --git a/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md b/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md
index 900cd0e65a..9485abfe0d 100644
--- a/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md
+++ b/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md
@@ -14,9 +14,9 @@ On managed Kubernetes solutions like EKS, {{agent}} has no access to several dat
1. Metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components are not available. Consequently metrics are not available for `kube-scheduler` and `kube-controller-manager` components. In this regard, the respective **dashboards** will not be populated with data.
2. **Audit logs** are available only on Kubernetes master nodes as well, hence cannot be collected by {{agent}}.
-3. Fields `orchestrator.cluster.name` and `orchestrator.cluster.url` are not populated. `orchestrator.cluster.name` field is used as a cluster selector for default Kubernetes dashboards, shipped with [Kubernetes integration](integration-docs://docs/reference/kubernetes.md).
+3. Fields `orchestrator.cluster.name` and `orchestrator.cluster.url` are not populated. `orchestrator.cluster.name` field is used as a cluster selector for default Kubernetes dashboards, shipped with [Kubernetes integration](asciidocalypse://docs/reference/kubernetes.md).
- In this regard, you can use [`add_fields` processor](beats://docs/reference/filebeat/add-fields.md) to add `orchestrator.cluster.name` and `orchestrator.cluster.url` fields for each [Kubernetes integration](integration-docs://docs/reference/kubernetes.md)'s component:
+ In this regard, you can use [`add_fields` processor](asciidocalypse://docs/reference/filebeat/add-fields.md) to add `orchestrator.cluster.name` and `orchestrator.cluster.url` fields for each [Kubernetes integration](asciidocalypse://docs/reference/kubernetes.md)'s component:
```yaml
- add_fields:
diff --git a/reference/ingestion-tools/fleet/running-on-kubernetes-managed-by-fleet.md b/reference/ingestion-tools/fleet/running-on-kubernetes-managed-by-fleet.md
index d464cabd01..cd5d42688f 100644
--- a/reference/ingestion-tools/fleet/running-on-kubernetes-managed-by-fleet.md
+++ b/reference/ingestion-tools/fleet/running-on-kubernetes-managed-by-fleet.md
@@ -39,7 +39,7 @@ mapped_pages:
```
::::{warning}
- On managed Kubernetes solutions, such as AKS, GKE or EKS, {{agent}} does not have the required permissions to collect metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components, like `kube-scheduler` and `kube-controller-manager`. Audit logs are only available on Kubernetes control plane nodes as well, and hence cannot be collected by {{agent}}. Refer [here](integration-docs://docs/reference/kubernetes.md#kubernetes-scheduler-and-controllermanager) to find more information. For more information about specific cloud providers, refer to [Run {{agent}} on Azure AKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md), [Run {{agent}} on GKE managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-gke-managed-by-fleet.md) and [Run {{agent}} on Amazon EKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md)
+ On managed Kubernetes solutions, such as AKS, GKE or EKS, {{agent}} does not have the required permissions to collect metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components, like `kube-scheduler` and `kube-controller-manager`. Audit logs are only available on Kubernetes control plane nodes as well, and hence cannot be collected by {{agent}}. Refer [here](asciidocalypse://docs/reference/kubernetes.md#kubernetes-scheduler-and-controllermanager) to find more information. For more information about specific cloud providers, refer to [Run {{agent}} on Azure AKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md), [Run {{agent}} on GKE managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-gke-managed-by-fleet.md) and [Run {{agent}} on Amazon EKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md)
::::
@@ -78,7 +78,7 @@ The size and the number of nodes in a Kubernetes cluster can be large at times,
### Step 2: Configure {{agent}} policy [_step_2_configure_agent_policy]
-The {{agent}} needs to be assigned to a policy to enable the proper inputs. To achieve Kubernetes observability, the policy needs to include the Kubernetes integration. Refer to [Create a policy](/reference/ingestion-tools/fleet/agent-policy.md#create-a-policy) and [Add an integration to a policy](/reference/ingestion-tools/fleet/agent-policy.md#add-integration) to learn how to configure the [Kubernetes integration](integration-docs://docs/reference/kubernetes.md).
+The {{agent}} needs to be assigned to a policy to enable the proper inputs. To achieve Kubernetes observability, the policy needs to include the Kubernetes integration. Refer to [Create a policy](/reference/ingestion-tools/fleet/agent-policy.md#create-a-policy) and [Add an integration to a policy](/reference/ingestion-tools/fleet/agent-policy.md#add-integration) to learn how to configure the [Kubernetes integration](asciidocalypse://docs/reference/kubernetes.md).
### Step 3: Enroll {{agent}} to the policy [_step_3_enroll_agent_to_the_policy]
diff --git a/reference/ingestion-tools/fleet/running-on-kubernetes-standalone.md b/reference/ingestion-tools/fleet/running-on-kubernetes-standalone.md
index e583a3b680..ce2958b644 100644
--- a/reference/ingestion-tools/fleet/running-on-kubernetes-standalone.md
+++ b/reference/ingestion-tools/fleet/running-on-kubernetes-standalone.md
@@ -37,7 +37,7 @@ mapped_pages:
```
::::{warning}
- On managed Kubernetes solutions, such as AKS, GKE or EKS, {{agent}} does not have the required permissions to collect metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components, like `kube-scheduler` and `kube-controller-manager`. Audit logs are only available on Kubernetes control plane nodes as well, and hence cannot be collected by {{agent}}. Refer [here](integration-docs://docs/reference/kubernetes.md#kubernetes-scheduler-and-controllermanager) to find more information. For more information about specific cloud providers, refer to [Run {{agent}} on Azure AKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md), [Run {{agent}} on GKE managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-gke-managed-by-fleet.md) and [Run {{agent}} on Amazon EKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md)
+ On managed Kubernetes solutions, such as AKS, GKE or EKS, {{agent}} does not have the required permissions to collect metrics from [Kubernetes control plane](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components) components, like `kube-scheduler` and `kube-controller-manager`. Audit logs are only available on Kubernetes control plane nodes as well, and hence cannot be collected by {{agent}}. Refer [here](asciidocalypse://docs/reference/kubernetes.md#kubernetes-scheduler-and-controllermanager) to find more information. For more information about specific cloud providers, refer to [Run {{agent}} on Azure AKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-aks-managed-by-fleet.md), [Run {{agent}} on GKE managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-gke-managed-by-fleet.md) and [Run {{agent}} on Amazon EKS managed by {{fleet}}](/reference/ingestion-tools/fleet/running-on-eks-managed-by-fleet.md)
::::
diff --git a/reference/ingestion-tools/fleet/scaling-on-kubernetes.md b/reference/ingestion-tools/fleet/scaling-on-kubernetes.md
index f48057ad9c..d8747d4347 100644
--- a/reference/ingestion-tools/fleet/scaling-on-kubernetes.md
+++ b/reference/ingestion-tools/fleet/scaling-on-kubernetes.md
@@ -31,7 +31,7 @@ The document is divided in two main sections:
#### Configure agent resources [_configure_agent_resources]
-The {{k8s}} {{observability}} is based on [Elastic {{k8s}} integration](integration-docs://docs/reference/kubernetes.md), which collects metrics from several components:
+The {{k8s}} {{observability}} is based on [Elastic {{k8s}} integration](asciidocalypse://docs/reference/kubernetes.md), which collects metrics from several components:
* **Per node:**
diff --git a/reference/ingestion-tools/fleet/secure-logstash-connections.md b/reference/ingestion-tools/fleet/secure-logstash-connections.md
index c8af46e05f..72d1881e51 100644
--- a/reference/ingestion-tools/fleet/secure-logstash-connections.md
+++ b/reference/ingestion-tools/fleet/secure-logstash-connections.md
@@ -155,9 +155,9 @@ output {
To learn more about the {{ls}} configuration, refer to:
-* [{{agent}} input plugin](logstash://docs/reference/plugins-inputs-elastic_agent.md)
-* [{{es}} output plugin](logstash://docs/reference/plugins-outputs-elasticsearch.md)
-* [Secure your connection to {{es}}](logstash://docs/reference/secure-connection.md)
+* [{{agent}} input plugin](asciidocalypse://docs/reference/plugins-inputs-elastic_agent.md)
+* [{{es}} output plugin](asciidocalypse://docs/reference/plugins-outputs-elasticsearch.md)
+* [Secure your connection to {{es}}](asciidocalypse://docs/reference/secure-connection.md)
When you’re done configuring the pipeline, restart {{ls}}:
diff --git a/reference/ingestion-tools/fleet/structure-config-file.md b/reference/ingestion-tools/fleet/structure-config-file.md
index 5ae91e7f9e..053dd4700d 100644
--- a/reference/ingestion-tools/fleet/structure-config-file.md
+++ b/reference/ingestion-tools/fleet/structure-config-file.md
@@ -7,7 +7,7 @@ mapped_pages:
The `elastic-agent.yml` policy file contains all of the settings that determine how {{agent}} runs. The most important and commonly used settings are described here, including input and output options, providers used for variables and conditional output, security settings, logging options, enabling of special features, and specifications for {{agent}} upgrades.
-An `elastic-agent.yml` file is modular: You can combine input, output, and all other settings to enable the [{{integrations}}](integration-docs://docs/reference/index.md) to use with {{agent}}. Refer to [Create a standalone {{agent}} policy](/reference/ingestion-tools/fleet/create-standalone-agent-policy.md) for the steps to download the settings to use as a starting point, and then refer to the following examples to learn about the available settings:
+An `elastic-agent.yml` file is modular: You can combine input, output, and all other settings to enable the [{{integrations}}](asciidocalypse://docs/reference/index.md) to use with {{agent}}. Refer to [Create a standalone {{agent}} policy](/reference/ingestion-tools/fleet/create-standalone-agent-policy.md) for the steps to download the settings to use as a starting point, and then refer to the following examples to learn about the available settings:
* [Config file examples](/reference/ingestion-tools/fleet/config-file-examples.md)
* [Use standalone {{agent}} to monitor nginx](/reference/ingestion-tools/fleet/example-standalone-monitor-nginx.md).
diff --git a/reference/ingestion-tools/fleet/upgrade-integration.md b/reference/ingestion-tools/fleet/upgrade-integration.md
index 1e93adbf36..b61344075d 100644
--- a/reference/ingestion-tools/fleet/upgrade-integration.md
+++ b/reference/ingestion-tools/fleet/upgrade-integration.md
@@ -53,16 +53,16 @@ Some integration packages, like System, are installed by default during {{fleet}
The following integrations are installed automatically when you select certain options in the {{fleet}} UI. All of them have an option to upgrade integration policies automatically, too:
-* [Elastic Agent](integration-docs://docs/reference/elastic_agent.md) - installed automatically when the default **Collect agent logs** or **Collect agent metrics** option is enabled in an {{agent}} policy).
-* [Fleet Server](integration-docs://docs/reference/fleet_server.md) - installed automatically when {{fleet-server}} is set up through the {{fleet}} UI.
-* [System](integration-docs://docs/reference/system.md) - installed automatically when the default **Collect system logs and metrics** option is enabled in an {{agent}} policy).
+* [Elastic Agent](asciidocalypse://docs/reference/elastic_agent.md) - installed automatically when the default **Collect agent logs** or **Collect agent metrics** option is enabled in an {{agent}} policy).
+* [Fleet Server](asciidocalypse://docs/reference/fleet_server.md) - installed automatically when {{fleet-server}} is set up through the {{fleet}} UI.
+* [System](asciidocalypse://docs/reference/system.md) - installed automatically when the default **Collect system logs and metrics** option is enabled in an {{agent}} policy).
-The [Elastic Defend](integration-docs://docs/reference/endpoint.md) integration also has an option to upgrade installation policies automatically.
+The [Elastic Defend](asciidocalypse://docs/reference/endpoint.md) integration also has an option to upgrade installation policies automatically.
Note that for the following integrations, when the integration is updated automatically the integration policy is upgraded automatically as well. This behavior cannot be disabled.
-* [Elastic APM](integration-docs://docs/reference/apm.md)
-* [Cloud Security Posture Management](integration-docs://docs/reference/cloud_security_posture.md#cloud_security_posture-cloud-security-posture-management-cspm)
+* [Elastic APM](asciidocalypse://docs/reference/apm.md)
+* [Cloud Security Posture Management](asciidocalypse://docs/reference/cloud_security_posture.md#cloud_security_posture-cloud-security-posture-management-cspm)
* [Elastic Synthetics](/solutions/observability/apps/synthetic-monitoring.md)
For integrations that support the option to auto-upgrade the integration policy, when this option is selected (the default), {{fleet}} automatically upgrades your policies when a new version of the integration is available. If there are conflicts during the upgrade, your integration policies will not be upgraded, and you’ll need to [upgrade integration policies manually](#upgrade-integration-policies-manually).
diff --git a/reference/ingestion-tools/fleet/view-integration-policies.md b/reference/ingestion-tools/fleet/view-integration-policies.md
index ec44139153..b09dba1643 100644
--- a/reference/ingestion-tools/fleet/view-integration-policies.md
+++ b/reference/ingestion-tools/fleet/view-integration-policies.md
@@ -7,7 +7,7 @@ mapped_pages:
# View {{agent}} integration policies [view-integration-policies]
-An integration policy is created when you add an [integration](integration-docs://docs/reference/index.md) to an {{agent}} policy.
+An integration policy is created when you add an [integration](asciidocalypse://docs/reference/index.md) to an {{agent}} policy.
To view details about all the integration policies for a specific integration:
diff --git a/reference/observability/elastic-entity-model.md b/reference/observability/elastic-entity-model.md
index 4e8f6b90e6..bbd3a3e83b 100644
--- a/reference/observability/elastic-entity-model.md
+++ b/reference/observability/elastic-entity-model.md
@@ -40,7 +40,7 @@ The following {{es}} privileges are required:
| **Cluster privileges** | `manage_transform`, `manage_ingest_pipelines`, `manage_index_templates` |
| **Application privileges** | application: `kibana-.kibana`, privileges: [`saved_object:entity-definition/*`, `saved_object:entity-discovery-api-key/*`], resources: [*] |
-For more information, refer to [Security privileges](elasticsearch://docs/reference/elasticsearch/security-privileges.md) in the {{es}} documentation.
+For more information, refer to [Security privileges](asciidocalypse://docs/reference/elasticsearch/security-privileges.md) in the {{es}} documentation.
## Disable the Elastic Entity Model [_disable_the_elastic_entity_model]
diff --git a/reference/observability/fields-and-object-schemas.md b/reference/observability/fields-and-object-schemas.md
index cb14ddbbb9..2c242fcf8b 100644
--- a/reference/observability/fields-and-object-schemas.md
+++ b/reference/observability/fields-and-object-schemas.md
@@ -9,7 +9,7 @@ This section lists Elastic Common Schema (ECS) fields the Logs and Infrastructur
ECS is an open source specification that defines a standard set of fields to use when storing event data in {{es}}, such as logs and metrics.
-Beat modules (for example, [{{filebeat}} modules](asciidocalypse://docs/beats/docs/reference/filebeat/filebeat-modules.md)) are ECS-compliant, so manual field mapping is not required, and all data is populated automatically in the Logs and Infrastructure apps. If you cannot use {{beats}}, map your data to [ECS fields](ecs://docs/reference/ecs-converting.md)). You can also try using the experimental [ECS Mapper](https://github.com/elastic/ecs-mapper) tool.
+Beat modules (for example, [{{filebeat}} modules](asciidocalypse://docs/beats/docs/reference/filebeat/filebeat-modules.md)) are ECS-compliant, so manual field mapping is not required, and all data is populated automatically in the Logs and Infrastructure apps. If you cannot use {{beats}}, map your data to [ECS fields](asciidocalypse://docs/reference/ecs-converting.md)). You can also try using the experimental [ECS Mapper](https://github.com/elastic/ecs-mapper) tool.
This reference covers:
diff --git a/reference/observability/fields-and-object-schemas/logs-app-fields.md b/reference/observability/fields-and-object-schemas/logs-app-fields.md
index cb0d361bfd..79949d9321 100644
--- a/reference/observability/fields-and-object-schemas/logs-app-fields.md
+++ b/reference/observability/fields-and-object-schemas/logs-app-fields.md
@@ -5,7 +5,7 @@ mapped_pages:
# Logs Explorer fields [logs-app-fields]
-This section lists the required fields the **Logs Explorer** uses to display data. Please note that some of the fields listed are not [ECS fields](ecs://docs/reference/index.md#_what_is_ecs).
+This section lists the required fields the **Logs Explorer** uses to display data. Please note that some of the fields listed are not [ECS fields](asciidocalypse://docs/reference/index.md#_what_is_ecs).
`@timestamp`
: Date/time when the event originated.
diff --git a/reference/observability/fields-and-object-schemas/metrics-app-fields.md b/reference/observability/fields-and-object-schemas/metrics-app-fields.md
index c04a3a2ed8..456ce09cff 100644
--- a/reference/observability/fields-and-object-schemas/metrics-app-fields.md
+++ b/reference/observability/fields-and-object-schemas/metrics-app-fields.md
@@ -5,7 +5,7 @@ mapped_pages:
# Infrastructure app fields [metrics-app-fields]
-This section lists the required fields the {{infrastructure-app}} uses to display data. Please note that some of the fields listed are not [ECS fields](ecs://docs/reference/index.md#_what_is_ecs).
+This section lists the required fields the {{infrastructure-app}} uses to display data. Please note that some of the fields listed are not [ECS fields](asciidocalypse://docs/reference/index.md#_what_is_ecs).
## Additional field details [_additional_field_details]
diff --git a/reference/observability/serverless/infrastructure-app-fields.md b/reference/observability/serverless/infrastructure-app-fields.md
index 3156a8de31..567b843826 100644
--- a/reference/observability/serverless/infrastructure-app-fields.md
+++ b/reference/observability/serverless/infrastructure-app-fields.md
@@ -5,7 +5,7 @@ mapped_pages:
# Infrastructure app fields [observability-infrastructure-monitoring-required-fields]
-This section lists the fields the Infrastructure UI uses to display data. Please note that some of the fields listed here are not [ECS fields](ecs://docs/reference/index.md#_what_is_ecs).
+This section lists the fields the Infrastructure UI uses to display data. Please note that some of the fields listed here are not [ECS fields](asciidocalypse://docs/reference/index.md#_what_is_ecs).
## Additional field details [observability-infrastructure-monitoring-required-fields-additional-field-details]
diff --git a/reference/overview/index.md b/reference/overview/index.md
index b49f55117d..05bff0f81f 100644
--- a/reference/overview/index.md
+++ b/reference/overview/index.md
@@ -9,9 +9,9 @@ Explore the reference documentation for Elastic APIs.
| | |
| --- | --- |
-| {{es}} | * [{{es}}](elasticsearch://docs/reference/elasticsearch/rest-apis/index.md)
* [{{es}} Serverless](https://www.elastic.co/docs/api/doc/elasticsearch-serverless)
|
+| {{es}} | * [{{es}}](asciidocalypse://docs/reference/elasticsearch/rest-apis/index.md)
* [{{es}} Serverless](https://www.elastic.co/docs/api/doc/elasticsearch-serverless)
|
| {{kib}} | * [{{kib}}](https://www.elastic.co/docs/api/doc/kibana)
* [{{kib}} Serverless](https://www.elastic.co/docs/api/doc/serverless)
* [{{fleet}}](/reference/ingestion-tools/fleet/fleet-api-docs.md)
* [{{observability}} Serverless SLOs](https://www.elastic.co/docs/api/doc/serverless/group/endpoint-slo)
* [{{elastic-sec}}](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-ai-assistant-api)
* [{{elastic-sec}} Serverless](https://www.elastic.co/docs/api/doc/serverless/group/endpoint-security-ai-assistant-api)
|
| {{ls}} | * [Monitoring {{ls}}](https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html)
|
| APM | * [APM](/solutions/observability/apps/apm-server-api.md)
* [APM Serverless](https://www.elastic.co/docs/api/doc/serverless/group/endpoint-apm-agent-configuration)
* [Observability intake Serverless](https://www.elastic.co/docs/api/doc/observability-serverless)
|
-| {{ecloud}} | * [{{ech}}](https://www.elastic.co/docs/api/doc/cloud)
* [{{ecloud}} Serverless](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless)
* [{{ece}}](https://www.elastic.co/docs/api/doc/cloud-enterprise)
* [{{eck}}](cloud-on-k8s://docs/reference/k8s-api-reference.md)
|
+| {{ecloud}} | * [{{ech}}](https://www.elastic.co/docs/api/doc/cloud)
* [{{ecloud}} Serverless](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless)
* [{{ece}}](https://www.elastic.co/docs/api/doc/cloud-enterprise)
* [{{eck}}](asciidocalypse://docs/reference/k8s-api-reference.md)
|
diff --git a/reference/search/search.md b/reference/search/search.md
index 98cbdea4d3..f6fa488172 100644
--- a/reference/search/search.md
+++ b/reference/search/search.md
@@ -6,7 +6,7 @@ navigation_title: "Search"
% Derived from https://www.elastic.co/platform
% Build powerful AI search experiences with the best vector database and platform for RAG.
-This section contains reference information for Elastic Search features, in particular the [Search UI](search-ui://docs/index.md).
+This section contains reference information for Elastic Search features, in particular the [Search UI](asciidocalypse://docs/index.md).
You can also use [Elasticsearch](https://www.elastic.co/docs/api/doc/elasticsearch) or [Elasticsearch Serverless](https://www.elastic.co/docs/api/doc/elasticsearch-serverless) APIs to interface with search features.
For example:
diff --git a/reference/security/elastic-defend/endpoint-diagnostic-data.md b/reference/security/elastic-defend/endpoint-diagnostic-data.md
index d8a83eb233..d6f96a8169 100644
--- a/reference/security/elastic-defend/endpoint-diagnostic-data.md
+++ b/reference/security/elastic-defend/endpoint-diagnostic-data.md
@@ -8,7 +8,7 @@ mapped_pages:
By default, {{elastic-defend}} streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the {{elastic-defend}} integration policy.
::::{note}
-{{kib}} also collects usage telemetry, which includes {{elastic-defend}} diagnostic data. You can modify telemetry preferences in [Advanced Settings](kibana://docs/reference/configuration-reference/telemetry-settings.md).
+{{kib}} also collects usage telemetry, which includes {{elastic-defend}} diagnostic data. You can modify telemetry preferences in [Advanced Settings](asciidocalypse://docs/reference/configuration-reference/telemetry-settings.md).
::::
diff --git a/reference/security/fields-and-object-schemas/alert-schema.md b/reference/security/fields-and-object-schemas/alert-schema.md
index a69e63e2ec..e7d5044bc6 100644
--- a/reference/security/fields-and-object-schemas/alert-schema.md
+++ b/reference/security/fields-and-object-schemas/alert-schema.md
@@ -9,7 +9,7 @@ mapped_pages:
{{elastic-sec}} stores alerts that have been generated by detection rules in hidden {{es}} indices. The index pattern is `.alerts-security.alerts-`.
::::{note}
-Users are advised NOT to use the `_source` field in alert documents, but rather to use the `fields` option in the search API to programmatically obtain the list of fields used in these documents. Learn more about [retrieving selected fields from a search](elasticsearch://docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md).
+Users are advised NOT to use the `_source` field in alert documents, but rather to use the `fields` option in the search API to programmatically obtain the list of fields used in these documents. Learn more about [retrieving selected fields from a search](asciidocalypse://docs/reference/elasticsearch/rest-apis/retrieve-selected-fields.md).
::::
@@ -20,51 +20,51 @@ The non-ECS fields listed below are beta and subject to change.
| Alert field | Description |
| --- | --- |
-| [`@timestamp`](ecs://docs/reference/ecs-base.md#field-timestamp) | ECS field, represents the time when the alert was created or most recently updated. |
-| [`message`](ecs://docs/reference/ecs-base.md#field-message) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
-| [`tags`](ecs://docs/reference/ecs-base.md#field-tags) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
-| [`labels`](ecs://docs/reference/ecs-base.md#field-labels) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
-| [`ecs.version`](ecs://docs/reference/ecs-ecs.md#field-ecs-version) | ECS mapping version of the alert. |
-| [`event.kind`](ecs://docs/reference/ecs-allowed-values-event-kind.md) | ECS field, always `signal` for alert documents. |
-| [`event.category`](ecs://docs/reference/ecs-allowed-values-event-category.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
-| [`event.type`](ecs://docs/reference/ecs-allowed-values-event-type.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
-| [`event.outcome`](ecs://docs/reference/ecs-allowed-values-event-outcome.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
-| [`agent.*`](ecs://docs/reference/ecs-agent.md) | ECS `agent.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`client.*`](ecs://docs/reference/ecs-client.md) | ECS `client.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`cloud.*`](ecs://docs/reference/ecs-cloud.md) | ECS `cloud.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`container.*`](ecs://docs/reference/ecs-container.md) | ECS `container.* fields` copied from the source document, if present, for custom query and indicator match rules. |
-| [`data_stream.*`](ecs://docs/reference/ecs-data_stream.md) | ECS `data_stream.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: These fields may be constant keywords in the source documents, but are copied into the alert documents as keywords. |
-| [`destination.*`](ecs://docs/reference/ecs-destination.md) | ECS `destination.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`dll.*`](ecs://docs/reference/ecs-dll.md) | ECS `dll.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`dns.*`](ecs://docs/reference/ecs-dns.md) | ECS `dns.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`error.*`](ecs://docs/reference/ecs-error.md) | ECS `error.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`event.*`](ecs://docs/reference/ecs-event.md) | ECS `event.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: categorization fields above (`event.kind`, `event.category`, `event.type`, `event.outcome`) are listed separately above. |
-| [`file.*`](ecs://docs/reference/ecs-file.md) | ECS `file.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`group.*`](ecs://docs/reference/ecs-group.md) | ECS `group.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`host.*`](ecs://docs/reference/ecs-host.md) | ECS `host.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`http.*`](ecs://docs/reference/ecs-http.md) | ECS `http.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`log.*`](ecs://docs/reference/ecs-log.md) | ECS `log.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`network.*`](ecs://docs/reference/ecs-network.md) | ECS `network.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`observer.*`](ecs://docs/reference/ecs-observer.md) | ECS `observer.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`orchestrator.*`](ecs://docs/reference/ecs-orchestrator.md) | ECS `orchestrator.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`organization.*`](ecs://docs/reference/ecs-organization.md) | ECS `organization.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`package.*`](ecs://docs/reference/ecs-package.md) | ECS `package.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`process.*`](ecs://docs/reference/ecs-process.md) | ECS `process.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`registry.*`](ecs://docs/reference/ecs-registry.md) | ECS `registry.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`related.*`](ecs://docs/reference/ecs-related.md) | ECS `related.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`rule.*`](ecs://docs/reference/ecs-rule.md) | ECS `rule.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: These fields are not related to the detection rule that generated the alert. |
-| [`server.*`](ecs://docs/reference/ecs-server.md) | ECS `server.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`service.*`](ecs://docs/reference/ecs-service.md) | ECS `service.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`source.*`](ecs://docs/reference/ecs-source.md) | ECS `source.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`span.*`](ecs://docs/reference/ecs-tracing.md#field-span-id) | ECS `span.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`threat.*`](ecs://docs/reference/ecs-threat.md) | ECS `threat.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`tls.*`](ecs://docs/reference/ecs-tls.md) | ECS `tls.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`trace.*`](ecs://docs/reference/ecs-tracing.md) | ECS `trace.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`transaction.*`](ecs://docs/reference/ecs-tracing.md#field-transaction-id) | ECS `transaction.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`url.*`](ecs://docs/reference/ecs-url.md) | ECS `url.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`user.*`](ecs://docs/reference/ecs-user.md) | ECS `user.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`user_agent.*`](ecs://docs/reference/ecs-user_agent.md) | ECS `user_agent.*` fields copied from the source document, if present, for custom query and indicator match rules. |
-| [`vulnerability.*`](ecs://docs/reference/ecs-vulnerability.md) | ECS `vulnerability.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`@timestamp`](asciidocalypse://docs/reference/ecs-base.md#field-timestamp) | ECS field, represents the time when the alert was created or most recently updated. |
+| [`message`](asciidocalypse://docs/reference/ecs-base.md#field-message) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
+| [`tags`](asciidocalypse://docs/reference/ecs-base.md#field-tags) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
+| [`labels`](asciidocalypse://docs/reference/ecs-base.md#field-labels) | ECS field copied from the source document, if present, for custom query and indicator match rules. |
+| [`ecs.version`](asciidocalypse://docs/reference/ecs-ecs.md#field-ecs-version) | ECS mapping version of the alert. |
+| [`event.kind`](asciidocalypse://docs/reference/ecs-allowed-values-event-kind.md) | ECS field, always `signal` for alert documents. |
+| [`event.category`](asciidocalypse://docs/reference/ecs-allowed-values-event-category.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
+| [`event.type`](asciidocalypse://docs/reference/ecs-allowed-values-event-type.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
+| [`event.outcome`](asciidocalypse://docs/reference/ecs-allowed-values-event-outcome.md) | ECS field, copied from the source document, if present, for custom query and indicator match rules. |
+| [`agent.*`](asciidocalypse://docs/reference/ecs-agent.md) | ECS `agent.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`client.*`](asciidocalypse://docs/reference/ecs-client.md) | ECS `client.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`cloud.*`](asciidocalypse://docs/reference/ecs-cloud.md) | ECS `cloud.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`container.*`](asciidocalypse://docs/reference/ecs-container.md) | ECS `container.* fields` copied from the source document, if present, for custom query and indicator match rules. |
+| [`data_stream.*`](asciidocalypse://docs/reference/ecs-data_stream.md) | ECS `data_stream.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: These fields may be constant keywords in the source documents, but are copied into the alert documents as keywords. |
+| [`destination.*`](asciidocalypse://docs/reference/ecs-destination.md) | ECS `destination.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`dll.*`](asciidocalypse://docs/reference/ecs-dll.md) | ECS `dll.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`dns.*`](asciidocalypse://docs/reference/ecs-dns.md) | ECS `dns.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`error.*`](asciidocalypse://docs/reference/ecs-error.md) | ECS `error.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`event.*`](asciidocalypse://docs/reference/ecs-event.md) | ECS `event.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: categorization fields above (`event.kind`, `event.category`, `event.type`, `event.outcome`) are listed separately above. |
+| [`file.*`](asciidocalypse://docs/reference/ecs-file.md) | ECS `file.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`group.*`](asciidocalypse://docs/reference/ecs-group.md) | ECS `group.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`host.*`](asciidocalypse://docs/reference/ecs-host.md) | ECS `host.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`http.*`](asciidocalypse://docs/reference/ecs-http.md) | ECS `http.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`log.*`](asciidocalypse://docs/reference/ecs-log.md) | ECS `log.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`network.*`](asciidocalypse://docs/reference/ecs-network.md) | ECS `network.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`observer.*`](asciidocalypse://docs/reference/ecs-observer.md) | ECS `observer.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`orchestrator.*`](asciidocalypse://docs/reference/ecs-orchestrator.md) | ECS `orchestrator.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`organization.*`](asciidocalypse://docs/reference/ecs-organization.md) | ECS `organization.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`package.*`](asciidocalypse://docs/reference/ecs-package.md) | ECS `package.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`process.*`](asciidocalypse://docs/reference/ecs-process.md) | ECS `process.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`registry.*`](asciidocalypse://docs/reference/ecs-registry.md) | ECS `registry.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`related.*`](asciidocalypse://docs/reference/ecs-related.md) | ECS `related.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`rule.*`](asciidocalypse://docs/reference/ecs-rule.md) | ECS `rule.*` fields copied from the source document, if present, for custom query and indicator match rules.
NOTE: These fields are not related to the detection rule that generated the alert. |
+| [`server.*`](asciidocalypse://docs/reference/ecs-server.md) | ECS `server.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`service.*`](asciidocalypse://docs/reference/ecs-service.md) | ECS `service.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`source.*`](asciidocalypse://docs/reference/ecs-source.md) | ECS `source.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`span.*`](asciidocalypse://docs/reference/ecs-tracing.md#field-span-id) | ECS `span.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`threat.*`](asciidocalypse://docs/reference/ecs-threat.md) | ECS `threat.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`tls.*`](asciidocalypse://docs/reference/ecs-tls.md) | ECS `tls.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`trace.*`](asciidocalypse://docs/reference/ecs-tracing.md) | ECS `trace.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`transaction.*`](asciidocalypse://docs/reference/ecs-tracing.md#field-transaction-id) | ECS `transaction.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`url.*`](asciidocalypse://docs/reference/ecs-url.md) | ECS `url.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`user.*`](asciidocalypse://docs/reference/ecs-user.md) | ECS `user.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`user_agent.*`](asciidocalypse://docs/reference/ecs-user_agent.md) | ECS `user_agent.*` fields copied from the source document, if present, for custom query and indicator match rules. |
+| [`vulnerability.*`](asciidocalypse://docs/reference/ecs-vulnerability.md) | ECS `vulnerability.*` fields copied from the source document, if present, for custom query and indicator match rules. |
| `kibana.alert.ancestors.*` | Type: object |
| `kibana.alert.depth` | Type: Long |
| `kibana.alert.new_terms` | The value of the new term that generated this alert.
Type: keyword |
@@ -132,7 +132,7 @@ The non-ECS fields listed below are beta and subject to change.
| `kibana.alert.suppression.start` | The timestamp of the first document in the suppression group.
Type: date |
| `kibana.alert.suppression.end` | The timestamp of the last document in the suppression group.
Type: date |
| `kibana.alert.suppression.docs_count` | The number of suppressed alerts.
Type: long |
-| `kibana.alert.url` | The shareable URL for the alert.
NOTE: This field appears only if you’ve set the [`server.publicBaseUrl`](kibana://docs/reference/configuration-reference/general-settings.md#server-publicBaseUrl) configuration setting in the `kibana.yml` file.
Type: long |
+| `kibana.alert.url` | The shareable URL for the alert.
NOTE: This field appears only if you’ve set the [`server.publicBaseUrl`](asciidocalypse://docs/reference/configuration-reference/general-settings.md#server-publicBaseUrl) configuration setting in the `kibana.yml` file.
Type: long |
| `kibana.alert.workflow_tags` | List of tags added to an alert.
This field can contain an array of values, for example: `["False Positive", "production"]`
Type: keyword
|
| `kibana.alert.workflow_assignee_ids` | List of users assigned to an alert.
An array of unique identifiers (UIDs) for user profiles, for example: `["u_1-0CcWliOCQ9T2MrK5YDjhpxZ_AcxPKt3pwaICcnAUY_0, u_2-0CcWliOCQ9T2MrK5YDjhpxZ_AcxPKt3pwaICcnAUY_1"]`
UIDs are linked to user profiles that are automatically created when users first log into a deployment. These profiles contain names, emails, profile avatars, and other user settings.
Type: string[]
|
| `kibana.alert.intended_timestamp` | Shows the alert’s estimated timestamp, had the alert been created when the source event initially occurred. The value in this field is determined by the way the rule was run:
* **Scheduled run**: Alerts created by scheduled runs have the same timestamp as the `@timestamp` field, which shows when the alert was created.
* **Manual run**: Alerts created by manual runs have a timestamp that falls within the time range specified for the manual run. For example, if you set a rule to manually run on event data from `10/01/2024 05:00 PM` to `10/07/2024 05:00 PM`, the `kibana.alert.intended_timestamp` value will be a date and time within that range.
Type: date
|
diff --git a/reference/security/fields-and-object-schemas/siem-field-reference.md b/reference/security/fields-and-object-schemas/siem-field-reference.md
index b02e97c6c5..44d60003de 100644
--- a/reference/security/fields-and-object-schemas/siem-field-reference.md
+++ b/reference/security/fields-and-object-schemas/siem-field-reference.md
@@ -9,7 +9,7 @@ mapped_pages:
This section lists [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current to provide an optimal SIEM and security analytics experience to users. These fields are used to display data, provide rule previews, enable detection by prebuilt detection rules, provide context during rule triage and investigation, escalate to cases, and more.
::::{important}
-We recommend you use {{agent}} integrations or {{beats}} to ship your data to {{elastic-sec}}. {{agent}} integrations and Beat modules (for example, [{{filebeat}} modules](asciidocalypse://docs/beats/docs/reference/filebeat/filebeat-modules.md)) are ECS-compliant, which means data they ship to {{elastic-sec}} will automatically populate the relevant ECS fields. If you plan to use a custom implementation to map your data to ECS fields (see [how to map data to ECS](ecs://docs/reference/ecs-converting.md)), ensure the [always required fields](#siem-always-required-fields) are populated. Ideally, all relevant ECS fields should be populated as well.
+We recommend you use {{agent}} integrations or {{beats}} to ship your data to {{elastic-sec}}. {{agent}} integrations and Beat modules (for example, [{{filebeat}} modules](asciidocalypse://docs/beats/docs/reference/filebeat/filebeat-modules.md)) are ECS-compliant, which means data they ship to {{elastic-sec}} will automatically populate the relevant ECS fields. If you plan to use a custom implementation to map your data to ECS fields (see [how to map data to ECS](asciidocalypse://docs/reference/ecs-converting.md)), ensure the [always required fields](#siem-always-required-fields) are populated. Ideally, all relevant ECS fields should be populated as well.
::::
diff --git a/reference/security/fields-and-object-schemas/timeline-object-schema.md b/reference/security/fields-and-object-schemas/timeline-object-schema.md
index d8de62a354..4b2b18bfb7 100644
--- a/reference/security/fields-and-object-schemas/timeline-object-schema.md
+++ b/reference/security/fields-and-object-schemas/timeline-object-schema.md
@@ -9,7 +9,7 @@ mapped_pages:
The Timeline schema lists all the JSON fields and objects required to create a Timeline or a Timeline template using the Create Timeline API.
::::{important}
-All column, dropzone, and filter fields must be [ECS fields](ecs://docs/reference/index.md).
+All column, dropzone, and filter fields must be [ECS fields](asciidocalypse://docs/reference/index.md).
::::
@@ -114,11 +114,11 @@ This screenshot maps the Timeline UI components to their JSON objects:
| Name | Type | Description |
| --- | --- | --- |
-| `exists` | String | [Exists term query](elasticsearch://docs/reference/query-languages/query-dsl-exists-query.md) for thespecified field (`null` when undefined). For example, `{"field":"user.name"}`. |
-| `meta` | meta | Filter details:
* `alias` (string): UI filter name.
* `disabled` (boolean): Indicates if the filter is disabled.
* `key`(string): Field name or unique string ID.
* `negate` (boolean): Indicates if the filter query clause uses `NOT` logic.
* `params` (string): Value of `phrase` filter types.
* `type` (string): Type of filter. For example, `exists` and `range`. For more information about filtering, see [Query DSL](elasticsearch://docs/reference/query-languages/querydsl.md).
|
-| `match_all` | String | [Match all term query](elasticsearch://docs/reference/query-languages/query-dsl-match-all-query.md)for the specified field (`null` when undefined). |
-| `query` | String | [DSL query](elasticsearch://docs/reference/query-languages/querydsl.md) (`null` when undefined). Forexample, `{"match_phrase":{"ecs.version":"1.4.0"}}`. |
-| `range` | String | [Range query](elasticsearch://docs/reference/query-languages/query-dsl-range-query.md) (`null` whenundefined). For example, `{"@timestamp":{"gte":"now-1d","lt":"now"}}"`. |
+| `exists` | String | [Exists term query](asciidocalypse://docs/reference/query-languages/query-dsl-exists-query.md) for thespecified field (`null` when undefined). For example, `{"field":"user.name"}`. |
+| `meta` | meta | Filter details:
* `alias` (string): UI filter name.
* `disabled` (boolean): Indicates if the filter is disabled.
* `key`(string): Field name or unique string ID.
* `negate` (boolean): Indicates if the filter query clause uses `NOT` logic.
* `params` (string): Value of `phrase` filter types.
* `type` (string): Type of filter. For example, `exists` and `range`. For more information about filtering, see [Query DSL](asciidocalypse://docs/reference/query-languages/querydsl.md).
|
+| `match_all` | String | [Match all term query](asciidocalypse://docs/reference/query-languages/query-dsl-match-all-query.md)for the specified field (`null` when undefined). |
+| `query` | String | [DSL query](asciidocalypse://docs/reference/query-languages/querydsl.md) (`null` when undefined). Forexample, `{"match_phrase":{"ecs.version":"1.4.0"}}`. |
+| `range` | String | [Range query](asciidocalypse://docs/reference/query-languages/query-dsl-range-query.md) (`null` whenundefined). For example, `{"@timestamp":{"gte":"now-1d","lt":"now"}}"`. |
## globalNotes object [globalNotes-obj]
diff --git a/release-notes/elastic-cloud-serverless.md b/release-notes/elastic-cloud-serverless.md
index 6542f71be6..1fe6b2b777 100644
--- a/release-notes/elastic-cloud-serverless.md
+++ b/release-notes/elastic-cloud-serverless.md
@@ -9,7 +9,7 @@ Review the changes, fixes, and more to Elastic Cloud Serverless.
For serverless API changes, refer to [APIs Changelog](https://www.elastic.co/docs/api/changes).
-For serverless changes in Cloud Console, check out [Elastic Cloud Hosted release notes](cloud://docs/release-notes/cloud-hosted/index.md).
+For serverless changes in Cloud Console, check out [Elastic Cloud Hosted release notes](asciidocalypse://docs/release-notes/cloud-hosted/index.md).
% Release notes include only features, enhancements, and fixes. Add breaking changes, deprecations, and known issues to the applicable release notes sections.
diff --git a/release-notes/fleet-elastic-agent.md b/release-notes/fleet-elastic-agent.md
index 95e0db2d33..376f33b144 100644
--- a/release-notes/fleet-elastic-agent.md
+++ b/release-notes/fleet-elastic-agent.md
@@ -10,7 +10,7 @@ Review the changes, fixes, and more in each version of Fleet and Elastic Agent.
To check for security updates, go to [Security announcements for the Elastic stack](https://discuss.elastic.co/c/announcements/security-announcements/31).
-Elastic Agent integrates and manages Beats for data collection, and Beats changes may impact Elastic Agent functionality. To check for Elastic Agent changes in Beats, go to [{{beats}} release notes](beats://docs/release-notes/index.md).
+Elastic Agent integrates and manages Beats for data collection, and Beats changes may impact Elastic Agent functionality. To check for Elastic Agent changes in Beats, go to [{{beats}} release notes](asciidocalypse://docs/release-notes/index.md).
% Release notes include only features, enhancements, and fixes. Add breaking changes, deprecations, and known issues to the applicable release notes sections.
% For each new version section, include the Fleet and Elastic Agent and Kibana changes.