Merge remote-tracking branch 'origin/master' into lens/extra-dimensio…

…n-panel

.ci/Jenkinsfile_flaky

@@ -70,6 +70,8 @@ def getWorkerFromParams(isXpack, job, ciGroup) {
           "run `node scripts/mocha`"
         )
       })
+    } else if (job == 'accessibility') {
+      return kibanaPipeline.functionalTestProcess('kibana-accessibility', './test/scripts/jenkins_accessibility.sh')
     } else if (job == 'firefoxSmoke') {
       return kibanaPipeline.functionalTestProcess('firefoxSmoke', './test/scripts/jenkins_firefox_smoke.sh')
     } else if(job == 'visualRegression') {
@@ -79,7 +81,9 @@ def getWorkerFromParams(isXpack, job, ciGroup) {
     }
   }
 
-  if (job == 'firefoxSmoke') {
+  if (job == 'accessibility') {
+    return kibanaPipeline.functionalTestProcess('xpack-accessibility', './test/scripts/jenkins_xpack_accessibility.sh')
+  } else if (job == 'firefoxSmoke') {
     return kibanaPipeline.functionalTestProcess('xpack-firefoxSmoke', './test/scripts/jenkins_xpack_firefox_smoke.sh')
   } else if(job == 'visualRegression') {
     return kibanaPipeline.functionalTestProcess('xpack-visualRegression', './test/scripts/jenkins_xpack_visual_regression.sh')

.github/CODEOWNERS

@@ -158,7 +158,6 @@
 /x-pack/legacy/plugins/security/  @elastic/kibana-security
 /x-pack/legacy/plugins/spaces/  @elastic/kibana-security
 /x-pack/plugins/spaces/  @elastic/kibana-security
-/x-pack/legacy/plugins/encrypted_saved_objects/  @elastic/kibana-security
 /x-pack/plugins/encrypted_saved_objects/  @elastic/kibana-security
 /x-pack/plugins/security/  @elastic/kibana-security
 /x-pack/test/api_integration/apis/security/ @elastic/kibana-security

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.indexpatternfield.md

@@ -31,6 +31,7 @@ export declare class Field implements IFieldType
 |  [indexPattern](./kibana-plugin-plugins-data-public.indexpatternfield.indexpattern.md) |  | <code>IndexPattern</code> |  |
 |  [lang](./kibana-plugin-plugins-data-public.indexpatternfield.lang.md) |  | <code>string</code> |  |
 |  [name](./kibana-plugin-plugins-data-public.indexpatternfield.name.md) |  | <code>string</code> |  |
+|  [readFromDocValues](./kibana-plugin-plugins-data-public.indexpatternfield.readfromdocvalues.md) |  | <code>boolean</code> |  |
 |  [script](./kibana-plugin-plugins-data-public.indexpatternfield.script.md) |  | <code>string</code> |  |
 |  [scripted](./kibana-plugin-plugins-data-public.indexpatternfield.scripted.md) |  | <code>boolean</code> |  |
 |  [searchable](./kibana-plugin-plugins-data-public.indexpatternfield.searchable.md) |  | <code>boolean</code> |  |

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.indexpatternfield.readfromdocvalues.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) &gt; [IndexPatternField](./kibana-plugin-plugins-data-public.indexpatternfield.md) &gt; [readFromDocValues](./kibana-plugin-plugins-data-public.indexpatternfield.readfromdocvalues.md)
+
+## IndexPatternField.readFromDocValues property
+
+<b>Signature:</b>
+
+```typescript
+readFromDocValues?: boolean;
+```

docs/user/alerting/index.asciidoc

@@ -160,7 +160,7 @@ If you are using an *on-premises* Elastic Stack deployment:
 
 If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
 
-* Transport Layer Security (TLS) must be configured for communication <<configuring-tls-kib-es, between {es} and {kib}>>. {kib} alerting uses <<api-keys, API keys>> to secure background alert checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface].
+* You must enable Transport Layer Security (TLS) for communication <<configuring-tls-kib-es, between {es} and {kib}>>. {kib} alerting uses <<api-keys, API keys>> to secure background alert checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. A proxy will not suffice.
 
 [float]
 [[alerting-security]]

docs/user/dashboard.asciidoc

@@ -160,7 +160,7 @@ When you're finished adding and arranging the panels, save the dashboard.
 . Enter the dashboard *Title* and optional *Description*, then *Save* the dashboard.
 
 [[sharing-dashboards]]
-=== Share the dashboard
+== Share the dashboard
 
 [[embedding-dashboards]]
 Share your dashboard outside of {kib}.

docs/user/management.asciidoc

@@ -1,123 +1,171 @@
 [[management]]
-= Management
+= Stack Management
 
 [partintro]
 --
-*Management* is home to UIs for managing all things Elastic Stack—
+*Stack Management* is home to UIs for managing all things Elastic Stack—
 indices, clusters, licenses, UI settings, index patterns, spaces, and more.
 
 [float]
-[[manage-Elasticsearch]]
-== Manage {es}
+[[manage-ingest]]
+== Ingest
 
 [cols="50, 50"]
 |===
 
-a| <<managing-cross-cluster-replication, *Cross-Cluster Replication*>>
-
-Replicate indices on a remote cluster and copy them to a follower index on a local cluster.
-This is important for
-disaster recovery. It also keeps data local for faster queries.
-
-| <<index-lifecycle-policies, *Index Lifecycle Policies*>>
-
-Create a policy for defining the lifecycle of an index as it ages
-through the hot, warm, cold, and delete phases.
-Such policies help you control operation costs
-because you can put data in different resource tiers.
+| <<ingest-node-pipelines, Ingest Node Pipelines>>
+| Create and manage {es}
+pipelines that enable you to perform common transformations and
+enrichments on your data.
 
-a| <<managing-indices, *Index Management*>>
+| {logstash-ref}/logstash-centralized-pipeline-management.html[Logstash Pipelines]
+| Create, edit, and delete your Logstash pipeline configurations.
 
-View index settings, mappings, and statistics and perform operations, such as refreshing,
-flushing, and clearing the cache. Practicing good index management ensures
-that your data is stored cost effectively.
+| <<managing-beats, Beats Central Management>>
+| Manage your Beats configurations in a central location and
+quickly deploy configuration changes to all Beats running across your enterprise.
 
-a| <<ingest-node-pipelines, *Ingest Node Pipelines*>>
 
-Create and manage {es}
-pipelines that enable you to perform common transformations and
-enrichments on your data.
+|===
 
-| <<managing-licenses, *License Management*>>
+[float]
+[[manage-data]]
+== Data
 
-View the status of your license, start a trial, or install a new license. For
-the full list of features that are included in your license,
-see the https://www.elastic.co/subscriptions[subscription page].
+[cols="50, 50"]
+|===
 
-| <<working-remote-clusters, *Remote Clusters*>>
+a| <<managing-indices, Index Management>>
+| View index settings, mappings, and statistics and perform operations, such as refreshing,
+flushing, and clearing the cache. Practicing good index management ensures
+that your data is stored cost effectively.
 
-Manage your remote clusters for use with cross-cluster search and cross-cluster replication.
-You can add and remove remote clusters, and check their connectivity.
+| <<index-lifecycle-policies, Index Lifecycle Policies>>
+|Create a policy for defining the lifecycle of an index as it ages
+through the hot, warm, cold, and delete phases.
+Such policies help you control operation costs
+because you can put data in different resource tiers.
 
-| <<data-rollups, *Rollup Jobs*>>
+| <<snapshot-repositories, Snapshot and Restore>>
+|Define a policy that creates, schedules, and automatically deletes snapshots to ensure that you
+have backups of your cluster in case something goes wrong.
 
-Create a job that periodically aggregates data from one or more indices, and then
+| <<data-rollups, Rollup Jobs>>
+|Create a job that periodically aggregates data from one or more indices, and then
 rolls it into a new, compact index. Rollup indices are a good way to store months or
 years of historical data in combination with your raw data.
 
-| <<snapshot-repositories, *Snapshot and Restore*>>
+| {ref}/transforms.html[Transforms]
+|Use transforms to pivot existing {es} indices into summarized or entity-centric indices.
 
-Define a policy that creates, schedules, and automatically deletes snapshots to ensure that you
-have backups of your cluster in case something goes wrong.
+| <<managing-cross-cluster-replication, Cross-Cluster Replication>>
+|Replicate indices on a remote cluster and copy them to a follower index on a local cluster.
+This is important for
+disaster recovery. It also keeps data local for faster queries.
 
-| {ref}/transforms.html[*Transforms*]
+| <<working-remote-clusters, Remote Clusters>>
+|Manage your remote clusters for use with cross-cluster search and cross-cluster replication.
+You can add and remove remote clusters, and check their connectivity.
+|===
 
-Use transforms to pivot existing {es} indices into summarized or entity-centric indices.
+[float]
+[[manage-alerts-insights]]
+== Alerts and Insights
 
-| <<upgrade-assistant, *Upgrade Assistant*>>
+[cols="50, 50"]
+|===
 
-Identify the issues that you need to address before upgrading to the
-next major version of {es}, and then reindex, if needed.
+| <<managing-alerts-and-actions, Alerts&nbsp;and Actions>>
+| Centrally manage your alerts across {kib}. Create and manage reusable
+connectors for triggering actions.
 
-| <<watcher-ui, *Watcher*>>
+| <<reporting-getting-started, Reporting>>
+| Monitor the generation of reports&mdash;PDF, PNG, and CSV&mdash;and download reports that you previously generated.
+A report can contain a dashboard, visualization, saved search, or Canvas workpad.
+
+| {ml-docs}/ml-jobs.html[Machine Learning Jobs]
+| View your {anomaly-jobs} and {dfanalytics-jobs}. Open the Single Metric
+Viewer or Anomaly Explorer to see your {ml} results.
 
-Detect changes in your data by creating, managing, and monitoring alerts.
-For example, create an alert when the maximum total CPU usage on a machine goes
+| <<watcher-ui, Watcher>>
+| Detect changes in your data by creating, managing, and monitoring alerts.
+For example, you might create an alert when the maximum total CPU usage on a machine goes
 above a certain percentage.
 
 |===
 
 [float]
-[[manage-kibana]]
-== Manage {kib}
+[[manage-security]]
+== Security
 
 [cols="50, 50"]
 |===
 
-a| <<advanced-options, *Advanced Settings*>>
-
-Customize {kib} to suit your needs. Change the format for displaying dates, turn on dark mode,
-set the timespan for notification messages, and much more.
+a| <<xpack-security, Users>>
+|View the users that have been defined on your cluster.
+Add or delete users and assign roles that give users
+specific privileges.
 
-| <<managing-alerts-and-actions, *Alerts and Actions*>>
+| <<xpack-kibana-role-management, Roles>>
+|View the roles that exist on your cluster. Customize
+the actions that a user with the role can perform, on a cluster, index, and space level.
 
-Centrally manage your alerts across {kib}. Create and manage reusable
-connectors for triggering actions.
+| <<api-keys, API Keys>>
+| Create secondary credentials so that you can send requests on behalf of the user.
+Secondary credentials have the same or lower access rights.
 
-| <<managing-fields, *Index Patterns*>>
+| <<role-mappings, Role Mappings>>
+| Assign roles to your users using a set of rules. Role mappings are required
+when authenticating via an external identity provider, such as Active Directory,
+Kerberos, PKI, OIDC, and SAML.
 
-Create and manage the index patterns that help you retrieve your data from {es}.
+|===
 
-| <<reporting-getting-started, *Reporting*>>
+[float]
+[[manage-kibana]]
+== {kib}
 
-Monitor the generation of reports&mdash;PDF, PNG, and CSV&mdash;and download reports that you previously generated.
-A report can contain a dashboard, visualization, saved search, or Canvas workpad.
+[cols="50, 50"]
+|===
 
-| <<managing-saved-objects, *Saved Objects*>>
+a| <<managing-fields, Index Patterns>>
+|Create and manage the index patterns that retrieve your data from {es}.
 
-Copy, edit, delete, import, and export your saved objects.
+| <<managing-saved-objects, Saved Objects>>
+| Copy, edit, delete, import, and export your saved objects.
 These include dashboards, visualizations, maps, index patterns, Canvas workpads, and more.
 
-| <<xpack-spaces, *Spaces*>>
-
-Create spaces to organize your dashboards and other saved objects into categories.
+| <<xpack-spaces, Spaces>>
+| Create spaces to organize your dashboards and other saved objects into categories.
 A space is isolated from all other spaces,
 so you can tailor it to your needs without impacting others.
 
-| &nbsp;
+a| <<advanced-options, Advanced Settings>>
+| Customize {kib} to suit your needs. Change the format for displaying dates, turn on dark mode,
+set the timespan for notification messages, and much more.
+
+|===
+
+[float]
+[[manage-stack]]
+== Stack
+
+[cols="50, 50"]
+|===
+
+| <<managing-licenses, License Management>>
+| View the status of your license, start a trial, or install a new license. For
+the full list of features that are included in your license,
+see the https://www.elastic.co/subscriptions[subscription page].
+
+| <<upgrade-assistant, Upgrade Assistant>>
+| Identify the issues that you need to address before upgrading to the
+next major version of {es}, and then reindex, if needed.
 
 |===
 
+
+
 --
 
 include::{kib-repo-dir}/management/advanced-options.asciidoc[]

docs/user/security/authorization/index.asciidoc

@@ -2,16 +2,17 @@
 [[xpack-security-authorization]]
 
 === Granting access to {kib}
-The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. 
+The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
 
 When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces.
 
 NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
 
 [role="xpack"]
+[[xpack-kibana-role-management]]
 === {kib} role management
 
-To create a role that grants {kib} privileges, go to **Management -> Security -> Roles** and click **Create role**. 
+To create a role that grants {kib} privileges, go to **Management -> Security -> Roles** and click **Create role**.
 
 [[adding_kibana_privileges]]
 ==== Adding {kib} privileges
@@ -63,7 +64,7 @@ Features are available to users when their roles grant access to the features, *
 
 Using the same role, it’s possible to assign different privileges to different spaces. After you’ve added space privileges, click **Add space privilege**. If you’ve already added privileges for either *** Global (all spaces)** or an individual space, you will not be able to select these in the **Spaces** selection control.
 
-Additionally, if you’ve already assigned privileges at *** Global (all spaces)**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, space privileges are also a union. If you’ve already granted the user the **All** privilege at *** Global (all spaces)**, you’re not able to restrict the role to only the **Read** privilege at an individual space. 
+Additionally, if you’ve already assigned privileges at *** Global (all spaces)**, you are only able to assign additional privileges to individual spaces. Similar to the behavior of multiple roles granting the union of all privileges, space privileges are also a union. If you’ve already granted the user the **All** privilege at *** Global (all spaces)**, you’re not able to restrict the role to only the **Read** privilege at an individual space.
 
 
 ==== Privilege summary
@@ -111,4 +112,3 @@ image::user/security/images/privilege-example-2.png[Privilege example 2]
 
 [role="screenshot"]
 image::user/security/images/privilege-example-3.png[Privilege example 3]
-