diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
index a50dbf1ddaf21..af6607bf3b096 100644
--- a/docs/CHANGELOG.asciidoc
+++ b/docs/CHANGELOG.asciidoc
@@ -74,6 +74,63 @@ coming::[7.15.0]
 
 For information about the 7.14.1 release, review the following information.
 
+[float]
+[[security-updates-v7.14.1]]
+=== Security updates
+
+Review the security updates that were found in previous versions of {kib}.
+
+[discrete]
+[[code-execution-issue]]
+.Code execution issue
+[%collapsible]
+====
+*Details* +
+In {kib} 7.10.2 to 7.14.0, users with Fleet admin privileges could insecurely upload malicious packages. Due to an older version of the js-yaml library, attackers were able to execute commands on the {kib} server. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22150[CVE-2021-22150]
+*Solution* +
+Upgrade to {kib} 7.14.1.
+====    
+
+[discrete]
+[[path-traversal-issue]]
+.Path traversal issue
+[%collapsible]
+====
+*Details* +
+In {kib} 7.13.4 and earlier, {kib} was not validating the user supplied paths that upload .pbf files, allowing malicious users to arbitrarily traverse the {kib} host to load internal files that end in the .pbf extension. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22151[CVE-2021-22151]
+Thanks to Luat Nguyen of CyberJutsu for reporting this issue.
+*Solution* +
+Upgrade to {kib} 7.14.1.
+====    
+
+[discrete]
+[[html-injection-issue]]
+.HTML injection issue
+[%collapsible]
+====
+*Details* +
+In {kib} 7.14.0, {kib} was not sanitizing document fields that contain HTML snippets, allowing attackers with the ability to write documents to an {es} index to inject HTML. When *Discover* highlighted a search term that contained the HTML, the term was rendered. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37936[CVE-2021-37936]
+*Solution* +
+In <<advanced-options,*Advanced Settings*>>, set `doc_table:highlight` to `false`. If you do not want to change the *Advanced Settings*, upgrade to {kib} 7.14.1.
+====    
+
+[discrete]
+[[nodejs-security-vulnerabilities]]
+.Node.js security vulnerabilities
+[%collapsible]
+====
+*Details* +
+In {kib} 7.14.0 and earlier, Node.js 14.17.3 is affected by the following security vulnerabilities: 
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930[CVE-2021-22930]
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672[CVE-2021-3672]
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931[CVE-2021-22931]
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930[CVE-2021-22930]
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939[CVE-2021-22939]
+We do not believe an attacker can exploit the security vulnerabilities against {kib}, but are upgrading Node.js out of an abudance of caution. To resolve the security vulnerabilities, {kib} 7.14.1 upgrades Node.js to 14.17.5.
+*Solution* +
+Upgrade to {kib} 7.14.1.
+====    
+
 [float]
 [[breaking-changes-v7.14.1]]
 === Breaking changes
diff --git a/docs/developer/index.asciidoc b/docs/developer/index.asciidoc
index cfa25e5cb315a..fd899b2e10fd6 100644
--- a/docs/developer/index.asciidoc
+++ b/docs/developer/index.asciidoc
@@ -31,7 +31,6 @@ include::advanced/index.asciidoc[]
 
 include::plugin-list.asciidoc[]
 
-include::plugin-api-changes/plugin-api-changes-7_12.asciidoc[]
+include::plugin-api-changes/plugin-api-changes.asciidoc[]
 
 include::telemetry.asciidoc[]
-
diff --git a/docs/developer/plugin-api-changes/plugin-api-changes-7_12.asciidoc b/docs/developer/plugin-api-changes/plugin-api-changes-7_12.asciidoc
deleted file mode 100644
index 887ae0829acaf..0000000000000
--- a/docs/developer/plugin-api-changes/plugin-api-changes-7_12.asciidoc
+++ /dev/null
@@ -1,14 +0,0 @@
-[[plugin-api-changes]]
-== Plugin API changes in 7.13
-++++
-<titleabbrev>Plugin API changes</titleabbrev>
-++++
-
-This page discusses the plugin API changes that you need to be aware of when migrating
-your application to {kib} 7.13.
-
-Other versions: {kibana-ref-all}/7.12/plugin-api-changes.html[7.12] |
-{kibana-ref-all}/7.11/plugin-api-changes-7-11.html[7.11] |
-{kibana-ref-all}/7.10/breaking-changes-7.10.html#general-plugin-API-changes-7-10[7.10] |
-{kibana-ref-all}/7.9/breaking-changes-7.9.html#general-plugin-API-changes-79[7.9] |
-{kibana-ref-all}/7.8/breaking-changes-7.8.html#general-plugin-API-changes-78[7.8]
diff --git a/docs/developer/plugin-api-changes/plugin-api-changes.asciidoc b/docs/developer/plugin-api-changes/plugin-api-changes.asciidoc
new file mode 100644
index 0000000000000..32cd24950566c
--- /dev/null
+++ b/docs/developer/plugin-api-changes/plugin-api-changes.asciidoc
@@ -0,0 +1,151 @@
+[[plugin-api-changes]]
+== Plugin API changes in {minor-version}
+++++
+<titleabbrev>Plugin API changes</titleabbrev>
+++++
+
+This page discusses the plugin API changes that you need to be aware of when migrating
+your application to {kib} {minor-version}.
+
+Other versions: {kibana-ref-all}/7.14/plugin-api-changes.html[7.14] |
+{kibana-ref-all}/7.13/plugin-api-changes.html[7.13] |
+{kibana-ref-all}/7.12/plugin-api-changes.html[7.12] |
+{kibana-ref-all}/7.11/plugin-api-changes-7-11.html[7.11] |
+{kibana-ref-all}/7.10/breaking-changes-7.10.html#general-plugin-API-changes-7-10[7.10] |
+{kibana-ref-all}/7.9/breaking-changes-7.9.html#general-plugin-API-changes-79[7.9] |
+{kibana-ref-all}/7.8/breaking-changes-7.8.html#general-plugin-API-changes-78[7.8]
+
+[[breaking_plugin_v7.15.0_107173]]
+.`fieldFormats` extracted from `data` plugin
+[%collapsible]
+====
+
+`fieldFormats` were extracted from the `data` plugin into a separate plugin.
+For an example on how to use them, check `examples/field_formats_example`.
+
+Refer to https://github.com/elastic/kibana/pull/107173[#107173].
+
+====
+
+[[breaking_plugin_v7.15.0_106973]]
+.@kbn/field-types extracted to a package
+[%collapsible]
+====
+
+`kbn_field_types` were extracted from the `data` plugin into a separate `@kbn/field-types` package.
+
+*via https://github.com/elastic/kibana/pull/106973[#106973]*
+
+====
+
+[[breaking_plugin_v7.15.0_106828]]
+.Start contract for field formatters fixed
+[%collapsible]
+====
+
+Previously, the field formatter start contract exposed the `register` method.
+Now, it is available only on the setup contract.
+
+Refer to https://github.com/elastic/kibana/pull/106828[#106828].
+
+====
+
+[[breaking_plugin_v7.15.0_103744]]
+.Warnings handled inside of headers
+[%collapsible]
+====
+
+The `data.search` service now returns a `warning` property that
+includes any warnings returned from {es} in the headers.
+
+Refer to https://github.com/elastic/kibana/pull/103744[#103744].
+
+====
+
+[[breaking_plugin_v7.15.0_103727]]
+.Scoring support added to KQL
+[%collapsible]
+====
+
+`buildEsQuery` (and in turn, `fromKuery`) now support an additional option,
+`filtersInMustClause`, which will generate KQL queries in the
+`must` clause rather than the `filter` clause.
+This change supports use cases such as sorting by `_score`.
+
+`SearchSource` now automatically sets `filtersInMustClause` to `true` when
+`_score` is included in the `sort` clause.
+
+Refer to https://github.com/elastic/kibana/pull/103727[#103727].
+
+====
+
+[[breaking_plugin_v7.15.0_103530]]
+.Key types and functions related to query generation moved to a package
+[%collapsible]
+====
+
+Import the following types and functions from `@kbn/es-query`.
+Importing them from the `data` plugin is deprecated and support will be removed in `v8.0`.
+
+ * *Index Pattern base types* (New types, not re-exported from the `data` plugin)
+    ** `IndexPatternBase`
+    ** `IndexPatternFieldBase`
+    ** `IFieldSubType`
+ * *Filter Types*
+    ** `RangeFilter`
+    ** `RangeFilterMeta`
+    ** `RangeFilterParams`
+    ** `ExistsFilter`
+    ** `PhrasesFilter`
+    ** `PhraseFilter`
+    ** `CustomFilter`
+    ** `MatchAllFilter`
+ * *Filter type guards*
+    ** `isExistsFilter`
+    ** `isFilterPinned`
+    ** `isMatchAllFilter`
+    ** `isMissingFilter`
+    ** `isPhraseFilter`
+    ** `isPhrasesFilter`
+    ** `isQueryStringFilter`
+    ** `isRangeFilter`
+ * *Filter generators*
+    ** `buildEmptyFilter`
+    ** `buildExistsFilter`
+    ** `buildPhraseFilter`
+    ** `buildPhrasesFilter`
+    ** `buildQueryFilter`
+    ** `buildRangeFilter`
+ * *Filter utilities*
+    ** `getPhraseFilterField`
+    ** `getPhraseFilterValue`
+    ** `toggleFilterNegated`
+    ** `disableFilter`
+ * *KQL helpers*
+    ** `KueryNode`
+    ** `fromKueryExpression`
+    ** `toElasticsearchQuery`
+    ** `nodeTypes`
+    ** `buildEsQuery`
+    ** `buildQueryFromFilters`
+    ** `luceneStringToDsl`
+    ** `decorateQuery`
+    ** `EsQueryConfig`
+
+Refer to https://github.com/elastic/kibana/pull/103530[#103530].
+
+====
+
+[[breaking_plugin_v7.15.0_103494]]
+.Expression functions that generate an aggregation configuration were updated
+[%collapsible]
+====
+
+These expression no longer take
+JSON blobs as arguments. Corresponding expression functions
+were added to generate any complex argument types. Update
+your expressions if you use aggregation functions.
+
+Refer to https://github.com/elastic/kibana/pull/103494[#103494].
+
+====
diff --git a/docs/discover/images/add-field-to-pattern.png b/docs/discover/images/add-field-to-pattern.png
index 9a206f5f1bd1d..54d6610ca7bb4 100644
Binary files a/docs/discover/images/add-field-to-pattern.png and b/docs/discover/images/add-field-to-pattern.png differ
diff --git a/docs/discover/images/customer.png b/docs/discover/images/customer.png
index 4c1ff2f2fddbd..904741631eb34 100644
Binary files a/docs/discover/images/customer.png and b/docs/discover/images/customer.png differ
diff --git a/docs/discover/images/discover-from-visualize.png b/docs/discover/images/discover-from-visualize.png
index 42d46e6cbd5b5..6c976f01bc9f4 100644
Binary files a/docs/discover/images/discover-from-visualize.png and b/docs/discover/images/discover-from-visualize.png differ
diff --git a/docs/discover/images/discover-search-for-relevance.png b/docs/discover/images/discover-search-for-relevance.png
index 64cfd87b7aac2..15945b3515530 100644
Binary files a/docs/discover/images/discover-search-for-relevance.png and b/docs/discover/images/discover-search-for-relevance.png differ
diff --git a/docs/discover/images/document-table-expanded.png b/docs/discover/images/document-table-expanded.png
index ebbd2e607eb5a..3abc9ee7c1cbf 100644
Binary files a/docs/discover/images/document-table-expanded.png and b/docs/discover/images/document-table-expanded.png differ
diff --git a/docs/discover/images/document-table.png b/docs/discover/images/document-table.png
index 5b5dbc08d6e64..98764f34350bf 100644
Binary files a/docs/discover/images/document-table.png and b/docs/discover/images/document-table.png differ
diff --git a/docs/discover/images/double-arrow.png b/docs/discover/images/double-arrow.png
index ba4ee11ebf738..80b87b4a35326 100644
Binary files a/docs/discover/images/double-arrow.png and b/docs/discover/images/double-arrow.png differ
diff --git a/docs/discover/images/downward-arrow.png b/docs/discover/images/downward-arrow.png
index 47b03cfe82b34..a0b153bfe3b39 100644
Binary files a/docs/discover/images/downward-arrow.png and b/docs/discover/images/downward-arrow.png differ
diff --git a/docs/discover/images/hello-field.png b/docs/discover/images/hello-field.png
index 5c6348d4e90fe..fc2c79c13a5d2 100644
Binary files a/docs/discover/images/hello-field.png and b/docs/discover/images/hello-field.png differ
diff --git a/docs/discover/search-for-relevance.asciidoc b/docs/discover/search-for-relevance.asciidoc
index f3cf1c3a7f52c..eab310c1b5b01 100644
--- a/docs/discover/search-for-relevance.asciidoc
+++ b/docs/discover/search-for-relevance.asciidoc
@@ -1,6 +1,5 @@
 [[discover-search-for-relevance]]
 == Search for relevance
-Sometimes you might be unsure which documents best match your search.
 {es} assigns a relevancy, or score to each document, so you can
 can narrow your search to the documents with the most relevant results.
 The higher the score, the better it matches your query.
@@ -12,9 +11,7 @@ the <<gs-get-data-into-kibana, sample flights data set>>, or you can use your ow
 .  In *Discover*, open the index pattern dropdown, and select that data you want to work with.
 +
 For the sample flights data, set the index pattern to *kibana_sample_data_flights*.
-.  In the query bar, click  *KQL*, and then turn it off.
-+
-You're now using the <<lucene-query, Lucene query syntax>>.
+
 .  Run your search.  For the sample data, try:
 +
 ```ts
@@ -22,15 +19,15 @@ Warsaw OR Venice OR Clear
 ```
 . If you don't see any results, expand the <<set-time-filter,time range>>, for example to *Last 7 days*.
 . From the list of *Available fields*, add `_score` and any other fields you want to the document table.
-. To sort the `_score` column in descending order, hover over its header, and then click twice on
-the arrow icon
-image:images/double-arrow.png[Double arrow icon to indicate sorting] so it changes to
+. To sort the `_score` column in descending order, hover over its header, and set
+the sort icon to
 image:images/downward-arrow.png[Downward pointing arrow to indicate descending sorting].
 +
 At this point, you're doing a multi-column sort: first by `Time`, and then by `_score`.
-. To turn off sorting for the `Time` field, hover over its header, and then click the down arrow.
+. To turn off sorting for the `Time` field, hover over its header, and set the sort icon to
+image:images/double-arrow.png[Arrow on both ends of the icon indicates sorting is off].
 +
 Your table now sorts documents from most to least relevant.
 +
 [role="screenshot"]
-image::images/discover-search-for-relevance.png["Example of a search for relevance"]
+image::images/discover-search-for-relevance.png["Documents are sorted from most relevant to least relevant."]
diff --git a/docs/management/connectors/action-types/email.asciidoc b/docs/management/connectors/action-types/email.asciidoc
index bab04b8052674..869fb86796b53 100644
--- a/docs/management/connectors/action-types/email.asciidoc
+++ b/docs/management/connectors/action-types/email.asciidoc
@@ -107,7 +107,7 @@ For other email servers, you can check the list of well-known services that Node
 [[elasticcloud]]
 ==== Sending email from Elastic Cloud
 
-IMPORTANT: These instructions require you to link:{cloud}/ec-watcher.html#ec-watcher-whitelist[whitelist] the email addresses that notifications get sent first.
+IMPORTANT: These instructions require you to link:{cloud}/ec-watcher.html#ec-watcher-whitelist[allowlist] the email addresses that notifications get sent.
 
 Use the following connector settings to send email from Elastic Cloud: 
 
diff --git a/docs/spaces/images/edit-space-feature-visibility.png b/docs/spaces/images/edit-space-feature-visibility.png
index f1852d3cc03b5..b6ee4740e1d20 100644
Binary files a/docs/spaces/images/edit-space-feature-visibility.png and b/docs/spaces/images/edit-space-feature-visibility.png differ
diff --git a/docs/spaces/images/edit-space.png b/docs/spaces/images/edit-space.png
index 9785dd9e77aba..97d7ec009ade4 100644
Binary files a/docs/spaces/images/edit-space.png and b/docs/spaces/images/edit-space.png differ
diff --git a/docs/spaces/images/spaces-roles.png b/docs/spaces/images/spaces-roles.png
index 031b319cfad3e..b9003a91092bf 100644
Binary files a/docs/spaces/images/spaces-roles.png and b/docs/spaces/images/spaces-roles.png differ
diff --git a/docs/spaces/index.asciidoc b/docs/spaces/index.asciidoc
index aeeb7b45ccd8a..6722503eb0323 100644
--- a/docs/spaces/index.asciidoc
+++ b/docs/spaces/index.asciidoc
@@ -8,29 +8,18 @@ the dashboards and saved objects that belong to that space.
 
 {kib} creates a default space for you.
 After you create your own
-spaces, you're asked to choose a space when you log in to Kibana. You can change your
+spaces, you're asked to choose a space when you log in to {kib}. You can change your
 current space at any time by using the menu.
 
 [role="screenshot"]
 image::images/change-space.png["Change current space menu"]
 
-Kibana supports spaces in several ways.  You can:
-
-[[spaces-getting-started]]
-
-* <<spaces-managing, View&comma; create&comma; and delete spaces>>
-* <<spaces-control-feature-visibility, Control feature access based on user needs>>
-* <<spaces-control-user-access, Control feature access based on user privileges>>
-* <<spaces-moving-objects, Move objects between spaces>>
-* <<spaces-default-route, Configure a Space-level landing page>>
-* <<spaces-delete-started, Disable the Spaces feature>>
-
 [float]
-==== Required permissions
+==== Required privileges
 
 The `kibana_admin` role or equivalent is required to manage **Spaces**.
 
-TIP: Looking to support multiple tenants? See <<xpack-security-multiple-tenants, the Security documentation>> for more information.
+TIP: Looking to support multiple tenants? Refer to <<xpack-security-multiple-tenants, the Security documentation>> for more information.
 
 [float]
 [[spaces-managing]]
@@ -71,14 +60,14 @@ You can't delete the default space, but you can customize it to your liking.
 === Control feature access based on user needs
 
 You have control over which features are visible in each space.
-For example, you might hide Dev Tools
-in your "Executive" space or show Stack Monitoring only in your "Admin" space.
+For example, you might hide *Dev Tools*
+in your "Executive" space or show *Stack Monitoring* only in your "Admin" space.
 You can define which features to show or hide when you add or edit a space.
 
 Controlling feature
 visibility is not a security feature. To secure access
 to specific features on a per-user basis, you must configure
-<<xpack-security-authorization, Kibana Security>>.
+<<xpack-security-authorization, {kib} Security>>.
 
 [role="screenshot"]
 image::images/edit-space-feature-visibility.png["Controlling features visiblity"]
@@ -87,12 +76,12 @@ image::images/edit-space-feature-visibility.png["Controlling features visiblity"
 [[spaces-control-user-access]]
 === Control feature access based on user privileges
 
-When using Kibana with security, you can configure applications and features
+When using {kib} with security, you can configure applications and features
 based on your users’ privileges. This means different roles can have access
 to different features in the same space.
 Power users might have privileges to create and edit visualizations and dashboards,
-while analysts or executives might have Dashboard and Canvas with read-only privileges.
-See <<adding_kibana_privileges>> for details.
+while analysts or executives might have read-only privileges for *Dashboard* and *Canvas*.
+Refer to <<adding_kibana_privileges>> for details.
 
 [role="screenshot"]
 image::images/spaces-roles.png["Controlling features visiblity"]
@@ -105,7 +94,7 @@ To move saved objects between spaces, you can <<managing-saved-objects-copy-to-s
 
 [float]
 [[spaces-default-route]]
-=== Configure a Space-level landing page
+=== Configure a space-level landing page
 
 You can create a custom experience for users by configuring the {kib} landing page on a per-space basis.
 The landing page can route users to a specific dashboard, application, or saved object as they enter each space.
@@ -123,9 +112,8 @@ image::images/spaces-configure-landing-page.png["Configure space-level landing p
 === Disable and version updates
 
 Spaces are automatically enabled in {kib}. If you don't want use this feature,
-you can disable it
-by setting `xpack.spaces.enabled` to `false` in your
-`kibana.yml` configuration file.
+you can disable it. For more information, refer to <<spaces-settings-kb,Spaces settings in {kib}>>.
+
+When you upgrade {kib}, the default space contains all of your existing saved objects.
+
 
-If you are upgrading your
-version of {kib}, the default space will contain all of your existing saved objects.
diff --git a/docs/user/alerting/rule-types/es-query.asciidoc b/docs/user/alerting/rule-types/es-query.asciidoc
index 5615c79a6c9c7..65d39ba170c3c 100644
--- a/docs/user/alerting/rule-types/es-query.asciidoc
+++ b/docs/user/alerting/rule-types/es-query.asciidoc
@@ -60,4 +60,32 @@ image::user/alerting/images/rule-types-es-query-valid.png[Test {es} query return
 * An error message is shown if the query is invalid.
 +
 [role="screenshot"]
-image::user/alerting/images/rule-types-es-query-invalid.png[Test {es} query shows error when invalid]
\ No newline at end of file
+image::user/alerting/images/rule-types-es-query-invalid.png[Test {es} query shows error when invalid]
+
+[float]
+==== Match de-duplication
+
+The {es} query rule type performs de-duplication of document matches across rule executions. If you configure the rule with a schedule interval smaller than the time window, and a document matches a query in multiple rule executions, it will be alerted on only once.
+
+Suppose you have a rule configured to run every minute.  The rule uses a time window of 1 hour and checks if there are more than 99 matches for the query. The {es} query rule type will do the following:
+
+[cols="3*<"]
+|===
+
+| `Execution 1 (0:00)`
+| Rule finds 113 matches in the last hour: `113 > 99`
+| Rule is active and user will be alerted.
+
+| `Execution 2 (0:01)`
+| Rule finds 127 matches in the last hour. 105 of the matches are duplicates that were alerted on in Execution 1, so you actually have 22 matches: `22 !> 99`
+| No alert.
+
+| `Execution 3 (0:02)`
+| Rule finds 159 matches in the last hour. 88 of the matches are duplicates that were alerted on in Execution 1, so you actually have 71 matches: `71 !> 99`
+| No alert.
+
+| `Execution 4 (0:03)`
+| Rule finds 190 matches in the last hour. 71 of them are duplicates that were alerted on in Exeuction 1, so you actually have 119 matches: `119 > 99`
+| Rule is active and user will be alerted.
+
+|===
\ No newline at end of file
diff --git a/docs/user/alerting/troubleshooting/alerting-common-issues.asciidoc b/docs/user/alerting/troubleshooting/alerting-common-issues.asciidoc
index c57e9876a4118..408b18143f27f 100644
--- a/docs/user/alerting/troubleshooting/alerting-common-issues.asciidoc
+++ b/docs/user/alerting/troubleshooting/alerting-common-issues.asciidoc
@@ -68,7 +68,7 @@ Rules  are taking a long time to execute and are impacting the overall health of
 
 [IMPORTANT]
 ==============================================
-By default, only users with a `superuser` role can query the {kib} event log because it is a system index. To enable additional users to execute this query, assign `read` privileges to the `.kibana-event-log*` index.
+By default, only users with a `superuser` role can query the experimental[] {kib} event log because it is a system index. To enable additional users to execute this query, assign `read` privileges to the `.kibana-event-log*` index.
 ==============================================
 
 *Solution*
diff --git a/docs/user/alerting/troubleshooting/event-log-index.asciidoc b/docs/user/alerting/troubleshooting/event-log-index.asciidoc
index fa5b5831c04ee..393b982b279f5 100644
--- a/docs/user/alerting/troubleshooting/event-log-index.asciidoc
+++ b/docs/user/alerting/troubleshooting/event-log-index.asciidoc
@@ -2,6 +2,8 @@
 [[event-log-index]]
 === Event log index
 
+experimental[]
+
 Use the event log index to determine:
 
 * Whether a rule successfully ran but its associated actions did not
diff --git a/docs/user/dashboard/dashboard.asciidoc b/docs/user/dashboard/dashboard.asciidoc
index 6430c5d246dc6..1284c057af2da 100644
--- a/docs/user/dashboard/dashboard.asciidoc
+++ b/docs/user/dashboard/dashboard.asciidoc
@@ -283,37 +283,15 @@ To enable series interactions, refer to <<settings-explore-data-in-chart,`xpack.
 [[download-csv]]
 == Download panel data
 
-Download panel data in a CSV file. You can download most panels in a CSV file, but there is a shortcut available
-for *Lens* panels.
-
-[float]
-[role="xpack"]
-[[download-lens-data]]
-=== Download Lens data
-
-When you download *Lens* panel data, each layer produces a single CSV file with columns.
-When you download multiple layers, the file names combine the visualization and layer index names.
-
-. Open the *Lens* panel menu
-
-. Select *More > Download as CSV*.
-
-[float]
-[[download-other-panel-data]]
-=== Download all other panel data
-
-Download the data for non-*Lens* panels.  
+Download panel data in a CSV file. When you download visualization panels with multiple layers, each layer produces a CSV file, and the file names contain the visualization and layer index names.
 
 . Open the panel menu, then select *Inspect*.
 
-. Click *Download CSV*, then select the CSV type from the dropdown:
+. Click *Download CSV*, then select the format type from the dropdown:
 
 * *Formatted CSV* &mdash; Contains human-readable dates and numbers.
 
 * *Unformatted* &mdash; Best used for computer use.
-+
-[role="screenshot"]
-image:images/Dashboard_inspect.png[Inspect in dashboard]
 
 [float]
 [[defer-loading-panels-below-the-fold]]
diff --git a/docs/user/dashboard/lens.asciidoc b/docs/user/dashboard/lens.asciidoc
index 774b50caeba6a..6b61c9fe6a9a3 100644
--- a/docs/user/dashboard/lens.asciidoc
+++ b/docs/user/dashboard/lens.asciidoc
@@ -1,14 +1,18 @@
 [[lens]]
-=== Lens
+=== Create visualizations with Lens
+++++
+<titleabbrev>Lens</titleabbrev>
+++++
 
-To create visualization panels with *Lens*, you drag the data fields you want to visualize to the workspace, then *Lens* uses heuristics to apply each field and create a visualization for you. 
+To create a visualization, drag the data fields you want to visualize to the workspace, then *Lens* uses visualization best practices to apply the fields and create a visualization that best displays the data. 
 
 With *Lens*, you can:
 
-* Create area, line, and bar charts with multiple layers, indices, and visualization types.
-* Change the aggregation function and labels to customize the data.
+* Create area, line, and bar charts with layers to display multiple indices and chart types.
+* Change the aggregation function to change the data in the visualization.
 * Perform math on aggregations using *Formula*.
-* Use time shifts to compare data for two time intervals, such as month over month.
+* Use time shifts to compare the data in two time intervals, such as month over month.
+* Create custom tables.
 
 ++++
 <script type="text/javascript" async 
@@ -32,15 +36,23 @@ If you're unsure about the visualization type you want to use, or how you want t
 
 If you already know the visualization type you want to use, and how you want to display the data, use the following process:
 
-* *Choose the visualization type.* Open the *Chart type* dropdown, then select the visualization type before you drag any fields.  
-+
-To view more visualizations that *Lens* automatically created for the fields, click the *Suggestions*. If one of the *Suggestions* meets your visualization needs, click *Save and return* to add it to the dashboard.
+Choose the visualization type. 
 
-* *Choose the data you want to visualize.* Drag the fields directly to the layer pane. *Lens* automatically selects the aggregation function.
-+
-If you want to learn more about the data a field contains, click *i* next to the field.
+. Before you drag fields to the workspace, open the *Chart type* dropdown, then select the visualization type.  
+
+. To view more visualizations that *Lens* automatically created for the fields, click *Suggestions*. If one of the *Suggestions* meets your visualization needs, click *Save and return* to add it to the dashboard.
+
+Choose the data you want to visualize.
+
+. Drag the fields directly to the layer pane. *Lens* automatically selects the aggregation function.
 
-* *Edit and delete.* To change the *Quick function* and display options, click the field in the layer pane. To delete a field, close the configuration options, then click *X* next to the field.
+. If you want to learn more about the data a field contains, click the field.
+
+Edit and delete.
+
+. To change the aggregation *Quick function* and display options, click the field in the layer pane. 
+
+. To delete a field, close the configuration options, then click *X* next to the field.
 
 [float]
 [[change-the-fields]]
@@ -59,60 +71,11 @@ image:images/runtime-field-menu.png[Dropdown menu located next to index pattern
 +
 For more information about adding fields to index patterns and examples, refer to <<runtime-fields>>.
 
-[float]
-[[lens-formulas]]
-==== Use formulas to perform math
-
-Formulas allow you to perform math on aggregated data. The most common formulas divide two values to produce a percent.
-
-. In the layer pane, click a field.
-
-. Click *Formula*, then enter the formula. 
-+
-Filter ratio example:: Use `kql=''` to filter one set of documents, then compare the document set to other documents within the same grouping:
-+
-See how the error rate changes over time:
-+
-```
-count(kql='response.status_code > 400') / count()
-```
-+
-Week over week example:: Use `shift='1w'` to get the value of each grouping from the previous week. Time shift should not be used with the *Top values* function.
-+
-```
-percentile(system.network.in.bytes, percentile=99) /
-percentile(system.network.in.bytes, percentile=99, shift='1w')
-```
-+
-Percent of total example:: Formulas can calculate `overall_sum` for all the groupings,
-which lets you convert each grouping into a percent of total:
-+
-```
-sum(products.base_price) / overall_sum(sum(products.base_price))
-```
-TIP: For detailed information on formulas, click image:dashboard/images/formula_reference.png[Formula reference icon].
-
-. To accurately display the formula, select *Percent* from the *Value format* dropdown.
-
-[float]
-[[compare-data-with-time-offsets]]
-==== Compare differences over time
-
-Compare your real-time data set to the results that are offset by a time increment. For example, you can compare the real-time percentage of a user CPU time spent to the results offset by one hour. 
-
-. In the layer pane, click the field you want to offset.
-
-. From the *Add advanced options* dropdown, select *Time shift*.
-
-. Select the time offset increment. 
-
-For a time shift example, refer to <<compare-time-ranges>>.
-
 [float]
 [[create-custom-tables]]
 ==== Create custom tables
 
-*Lens* tables are highly customizable, and provide you with text alignment, value formatting, coloring options, and more.
+Tables are highly customizable, and provide you with text alignment, value formatting, coloring options, and more.
 
 . From the *Chart type* dropdown, select *Table*. 
 
@@ -167,35 +130,80 @@ image::images/lens_drag_drop_3.gif[Using drag and drop to reorder]
 . To confirm the action, press Space bar. To cancel, press Esc.
 
 [float]
-[[configure-the-visualization-components]]
-==== Configure the visualization components
+[[lens-formulas]]
+==== Use formulas to perform math
 
-Each visualiztion type comes with a set of components that you can configure, such as data labels, legend, axes, and more.
+Formulas allow you to perform math on aggregated data. The most common formulas divide two values to produce a percent.
 
-For example, to add data labels to bar and horizontal bar charts, use the *Values* menu.
+. In the layer pane, click a field.
 
-[role="screenshot"]
-image::images/lens_value_labels_xychart_toggle.png[Lens Bar chart value labels menu]
+. Click *Formula*, then enter the formula. 
++
+Filter ratio example:: To filter a document set, use `kql=''`, then compare to other documents within the same grouping:
++
+```
+count(kql='response.status_code > 400') / count()
+```
++
+Week over week example:: To get the value for each grouping from the previous week, use `shift='1w'`.
++
+```
+percentile(system.network.in.bytes, percentile=99) /
+percentile(system.network.in.bytes, percentile=99, shift='1w')
+```
+You are unable to combine different time shifts, such as `count(shift="1w") - count()` and `count(shift="1w") - count(shift="1m")`, with the *Top values* function.
++
+Percent of total example:: To convert each grouping into a percent of the total, formulas calculate `overall_sum` for all groupings:
++
+```
+sum(products.base_price) / overall_sum(sum(products.base_price))
+```
+TIP: For detailed information on formulas, click image:dashboard/images/formula_reference.png[Formula reference icon].
 
-To add data labels to pie charts, donut charts, or treemaps, use the *Labels* menu.
+. To accurately display the formula, select *Percent* from the *Value format* dropdown.
 
-[role="screenshot"]
-image::images/lens_value_labels_partition_toggle.png[Lens Pie chart value labels menu]
+[float]
+[[compare-data-with-time-offsets]]
+==== Compare differences over time
+
+Compare your real-time data set to the results that are offset by a time increment. For example, you can compare the real-time percentage of a user CPU time spent to the results offset by one hour. 
+
+. In the layer pane, click the field you want to offset.
+
+. From the *Add advanced options* dropdown, select *Time shift*.
+
+. Select the time offset increment. 
+
+For a time shift example, refer to <<compare-time-ranges>>.
 
 [float]
 [[filter-the-data]]
-==== Filter the data
+==== Apply filters with the legend
 
-Apply filters to visualizations directly from the values in the legend. Only *Bar*, *Line and area*, and *Proportion* visualizations support legend filters.
+Apply filters to visualizations directly from the values in the legend. *Bar*, *Line and area*, and *Proportion* visualizations support legend filters.
 
-. In the legend, click the field.
-
-. Choose one of the following options:
+In the legend, click the field, then choose one of the following options:
 
 * *Filter for value* &mdash; Applies a filter that displays only the field data in the visualization.
 
 * *Filter out value* &mdash; Applies a filter that removes the field data from the visualization.
 
+[float]
+[[configure-the-visualization-components]]
+==== Configure the visualization components
+
+Each visualiztion type comes with a set of components that you access from the editor toolbar.
+
+The following component menus are available:
+
+* *Visual options* &mdash; Specifies how to display area, line, and bar chart options. For example, you can specify how to display the labels in bar charts.
+
+* *Labels* &mdash; Specifies how to display the labels for donut charts, pie charts, and treemaps. 
+
+* *Legend* &mdash; Specifies how to display the legend. For example, you can display the legend inside the visualization and truncate the legend values.
+
+* *Left axis*, *Bottom axis*, and *Right axis* &mdash; Specify how you want to display the chart axes. For example, add axis labels and change the orientation and bounds.
+
 [float]
 [[lens-faq]]
 ==== Frequently asked questions
@@ -287,7 +295,7 @@ Use formulas to compare multiple {es} aggregations that can be filtered or shift
 
 [discrete]
 [[is-it-possible-to-have-more-than-one-Y-axis-scale]]
-.*Can I add more than one y-axis scale to a visualization?*
+.*Can I add more than one y-axis scale?*
 [%collapsible]
 ====
 For each y-axis, you can select *Left* and *Right*, and configure a different scale.
@@ -327,12 +335,12 @@ refer to <<explore-fields-in-your-data,Explore the fields in your data>>.
 .*Why is my field missing from the fields list?*
 [%collapsible]
 ====
-Fields do not appear in the *Available fields* in the following scenarios:
+The following field types do not appear in the *Available fields* list:
 
-* The field is a full-text field.
-* The field is a `geo_point` field
-* The field is a `flattened` field.
-* The field is a `object` field.
+* Full-text
+* geo_point
+* flattened
+* object
 
 Verify if the field appears in the *Empty fields* list. *Lens* uses heuristics to determine if the fields contain values. For sparse data sets, the heuristics are less precise.
 ====
diff --git a/docs/user/discover.asciidoc b/docs/user/discover.asciidoc
index 1e716a840095d..e52531f9decdc 100644
--- a/docs/user/discover.asciidoc
+++ b/docs/user/discover.asciidoc
@@ -78,7 +78,7 @@ If you are using the sample data, this value was set when you added the data.
 If you  are using your own data, and it does not have a time field, the range selection is not available.
 
 . To view the count of documents for a given time in the specified range,
-click and drag the mouse over the histogram.
+click and drag the mouse over the chart.
 
 [float]
 [[explore-fields-in-your-data]]
@@ -108,7 +108,7 @@ them to your document table. Your table should look similar to this:
 image:images/document-table.png[Document table with fields for manufacturer, customer_first_name, and customer_last_name]
 
 . To rearrange the table columns, hover the mouse over a
-column header, and then use the move controls.
+column header, and then use the move control.
 
 . To view more of the document table, click *Hide chart*.
 
@@ -275,7 +275,7 @@ image:images/discover-maps.png[Map containing documents]
 [[share-your-findings]]
 === Share your findings
 
-To share your findings with a larger audience, click *Share* in the toolbar. For detailed information about the sharing options, refer to <<reporting-getting-started,Reporting>>.
+To share your findings with a larger audience, click *Share* in the *Discover* toolbar. For detailed information about the sharing options, refer to <<reporting-getting-started,Reporting>>.
 
 
 [float]
@@ -285,8 +285,6 @@ To share your findings with a larger audience, click *Share* in the toolbar. For
 
 * <<discover-search-for-relevance, Search for relevance>>.
 
-* <<reporting-getting-started, Present your findings in a report>>.
-
 * <<kibana-discover-settings, Configure Discover>> to better meet your needs.
 Go to **Advanced Settings** to configure the number of documents to show,
 the table columns that display by default, and more.
diff --git a/docs/user/production-considerations/alerting-production-considerations.asciidoc b/docs/user/production-considerations/alerting-production-considerations.asciidoc
index 57cc2a72a8895..cd8a60a1d5fe3 100644
--- a/docs/user/production-considerations/alerting-production-considerations.asciidoc
+++ b/docs/user/production-considerations/alerting-production-considerations.asciidoc
@@ -54,6 +54,8 @@ Predicting the buffer required to account for actions depends heavily on the rul
 [[event-log-ilm]]
 === Event log index lifecycle managment
 
+experimental[]
+
 Alerts and actions log activity in a set of "event log" indices.  These indices are configured with an index lifecycle management (ILM) policy, which you can customize.  The default policy rolls over the index when it reaches 50GB, or after 30 days.  Indices over 90 days old are deleted.
 
 The name of the index policy is `kibana-event-log-policy`.  {kib} creates the index policy on startup, if it doesn't already exist.  The index policy can be customized for your environment, but {kib} never modifies the index policy after creating it.
diff --git a/package.json b/package.json
index 1c8bd82c55c4f..8bd50eac8b821 100644
--- a/package.json
+++ b/package.json
@@ -349,7 +349,7 @@
     "react-moment-proptypes": "^1.7.0",
     "react-monaco-editor": "^0.41.2",
     "react-popper-tooltip": "^2.10.1",
-    "react-query": "^3.21.0",
+    "react-query": "^3.21.1",
     "react-redux": "^7.2.0",
     "react-resizable": "^1.7.5",
     "react-resize-detector": "^4.2.0",
diff --git a/packages/kbn-rule-data-utils/src/technical_field_names.ts b/packages/kbn-rule-data-utils/src/technical_field_names.ts
index 1566c4aecd139..f4f54a52cae66 100644
--- a/packages/kbn-rule-data-utils/src/technical_field_names.ts
+++ b/packages/kbn-rule-data-utils/src/technical_field_names.ts
@@ -28,7 +28,7 @@ const ALERT_DURATION = `${ALERT_NAMESPACE}.duration.us` as const;
 const ALERT_END = `${ALERT_NAMESPACE}.end` as const;
 const ALERT_EVALUATION_THRESHOLD = `${ALERT_NAMESPACE}.evaluation.threshold` as const;
 const ALERT_EVALUATION_VALUE = `${ALERT_NAMESPACE}.evaluation.value` as const;
-const ALERT_ID = `${ALERT_NAMESPACE}.id` as const;
+const ALERT_INSTANCE_ID = `${ALERT_NAMESPACE}.instance.id` as const;
 const ALERT_REASON = `${ALERT_NAMESPACE}.reason` as const;
 const ALERT_RISK_SCORE = `${ALERT_NAMESPACE}.risk_score` as const;
 const ALERT_SEVERITY = `${ALERT_NAMESPACE}.severity` as const;
@@ -95,7 +95,7 @@ const fields = {
   ALERT_END,
   ALERT_EVALUATION_THRESHOLD,
   ALERT_EVALUATION_VALUE,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_PRODUCER,
   ALERT_REASON,
@@ -145,7 +145,7 @@ export {
   ALERT_END,
   ALERT_EVALUATION_THRESHOLD,
   ALERT_EVALUATION_VALUE,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_NAMESPACE,
   ALERT_RULE_NAMESPACE,
   ALERT_RULE_CONSUMER,
diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
index c7c1d9661fc81..c95276dd2724b 100755
--- a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
+++ b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
@@ -389,6 +389,7 @@ kibana_vars=(
     xpack.security.session.lifespan
     xpack.security.sessionTimeout
     xpack.securitySolution.alertMergeStrategy
+    xpack.securitySolution.alertIgnoreFields
     xpack.securitySolution.endpointResultListDefaultFirstPageIndex
     xpack.securitySolution.endpointResultListDefaultPageSize
     xpack.securitySolution.maxRuleImportExportSize
diff --git a/src/plugins/charts/public/services/palettes/helpers.ts b/src/plugins/charts/public/services/palettes/helpers.ts
index d4b1e98f94cc8..bd1f8350ba9f3 100644
--- a/src/plugins/charts/public/services/palettes/helpers.ts
+++ b/src/plugins/charts/public/services/palettes/helpers.ts
@@ -70,7 +70,10 @@ export function workoutColorForValue(
   const comparisonFn = (v: number, threshold: number) => v - threshold;
 
   // if steps are defined consider the specific rangeMax/Min as data boundaries
-  const maxRange = stops.length ? rangeMax : dataRangeArguments[1];
+  // as of max reduce its value by 1/colors.length for correct continuity checks
+  const maxRange = stops.length
+    ? rangeMax
+    : dataRangeArguments[1] - (dataRangeArguments[1] - dataRangeArguments[0]) / colors.length;
   const minRange = stops.length ? rangeMin : dataRangeArguments[0];
 
   // in case of shorter rangers, extends the steps on the sides to cover the whole set
diff --git a/src/plugins/dashboard/public/application/hooks/use_dashboard_app_state.ts b/src/plugins/dashboard/public/application/hooks/use_dashboard_app_state.ts
index a20f9ffeb2258..5a034ab20538a 100644
--- a/src/plugins/dashboard/public/application/hooks/use_dashboard_app_state.ts
+++ b/src/plugins/dashboard/public/application/hooks/use_dashboard_app_state.ts
@@ -33,7 +33,7 @@ import {
   syncDashboardFilterState,
   loadSavedDashboardState,
   buildDashboardContainer,
-  loadDashboardUrlState,
+  syncDashboardUrlState,
   diffDashboardState,
   areTimeRangesEqual,
 } from '../lib';
@@ -148,11 +148,16 @@ export const useDashboardAppState = ({
        * Combine initial state from the saved object, session storage, and URL, then dispatch it to Redux.
        */
       const dashboardSessionStorageState = dashboardSessionStorage.getState(savedDashboardId) || {};
-      const dashboardURLState = loadDashboardUrlState(dashboardBuildContext);
+
+      const { initialDashboardStateFromUrl, stopWatchingAppStateInUrl } = syncDashboardUrlState({
+        ...dashboardBuildContext,
+        savedDashboard,
+      });
+
       const initialDashboardState = {
         ...savedDashboardState,
         ...dashboardSessionStorageState,
-        ...dashboardURLState,
+        ...initialDashboardStateFromUrl,
 
         // if there is an incoming embeddable, dashboard always needs to be in edit mode to receive it.
         ...(incomingEmbeddable ? { viewMode: ViewMode.EDIT } : {}),
@@ -283,6 +288,7 @@ export const useDashboardAppState = ({
 
       onDestroy = () => {
         stopSyncingContainerInput();
+        stopWatchingAppStateInUrl();
         stopSyncingDashboardFilterState();
         lastSavedSubscription.unsubscribe();
         indexPatternsSubscription.unsubscribe();
diff --git a/src/plugins/dashboard/public/application/lib/index.ts b/src/plugins/dashboard/public/application/lib/index.ts
index 937c1d2a77c06..d67e2ced998a6 100644
--- a/src/plugins/dashboard/public/application/lib/index.ts
+++ b/src/plugins/dashboard/public/application/lib/index.ts
@@ -12,7 +12,7 @@ export { saveDashboard } from './save_dashboard';
 export { migrateAppState } from './migrate_app_state';
 export { addHelpMenuToAppChrome } from './help_menu_util';
 export { getTagsFromSavedDashboard } from './dashboard_tagging';
-export { loadDashboardUrlState } from './load_dashboard_url_state';
+export { syncDashboardUrlState } from './sync_dashboard_url_state';
 export { DashboardSessionStorage } from './dashboard_session_storage';
 export { loadSavedDashboardState } from './load_saved_dashboard_state';
 export { attemptLoadDashboardByTitle } from './load_dashboard_by_title';
diff --git a/src/plugins/dashboard/public/application/lib/sync_dashboard_filter_state.ts b/src/plugins/dashboard/public/application/lib/sync_dashboard_filter_state.ts
index 2cfd7da6145ee..ea4ecf8dc7a3d 100644
--- a/src/plugins/dashboard/public/application/lib/sync_dashboard_filter_state.ts
+++ b/src/plugins/dashboard/public/application/lib/sync_dashboard_filter_state.ts
@@ -48,34 +48,13 @@ export const syncDashboardFilterState = ({
   const { filterManager, queryString, timefilter } = queryService;
   const { timefilter: timefilterService } = timefilter;
 
-  // apply initial filters to the query service and to the saved dashboard
-  filterManager.setAppFilters(_.cloneDeep(initialDashboardState.filters));
-  savedDashboard.searchSource.setField('filter', initialDashboardState.filters);
-
-  // apply initial query to the query service and to the saved dashboard
-  queryString.setQuery(initialDashboardState.query);
-  savedDashboard.searchSource.setField('query', initialDashboardState.query);
-
-  /**
-   * If a global time range is not set explicitly and the time range was saved with the dashboard, apply
-   * initial time range and refresh interval to the query service.
-   */
-  if (initialDashboardState.timeRestore) {
-    const initialGlobalQueryState = kbnUrlStateStorage.get<QueryState>('_g');
-    if (!initialGlobalQueryState?.time) {
-      if (savedDashboard.timeFrom && savedDashboard.timeTo) {
-        timefilterService.setTime({
-          from: savedDashboard.timeFrom,
-          to: savedDashboard.timeTo,
-        });
-      }
-    }
-    if (!initialGlobalQueryState?.refreshInterval) {
-      if (savedDashboard.refreshInterval) {
-        timefilterService.setRefreshInterval(savedDashboard.refreshInterval);
-      }
-    }
-  }
+  // apply initial dashboard filter state.
+  applyDashboardFilterState({
+    currentDashboardState: initialDashboardState,
+    kbnUrlStateStorage,
+    savedDashboard,
+    queryService,
+  });
 
   // this callback will be used any time new filters and query need to be applied.
   const applyFilters = (query: Query, filters: Filter[]) => {
@@ -155,3 +134,49 @@ export const syncDashboardFilterState = ({
 
   return { applyFilters, stopSyncingDashboardFilterState };
 };
+
+interface ApplyDashboardFilterStateProps {
+  kbnUrlStateStorage: DashboardBuildContext['kbnUrlStateStorage'];
+  queryService: DashboardBuildContext['query'];
+  currentDashboardState: DashboardState;
+  savedDashboard: DashboardSavedObject;
+}
+
+export const applyDashboardFilterState = ({
+  currentDashboardState,
+  kbnUrlStateStorage,
+  savedDashboard,
+  queryService,
+}: ApplyDashboardFilterStateProps) => {
+  const { filterManager, queryString, timefilter } = queryService;
+  const { timefilter: timefilterService } = timefilter;
+
+  // apply filters to the query service and to the saved dashboard
+  filterManager.setAppFilters(_.cloneDeep(currentDashboardState.filters));
+  savedDashboard.searchSource.setField('filter', currentDashboardState.filters);
+
+  // apply query to the query service and to the saved dashboard
+  queryString.setQuery(currentDashboardState.query);
+  savedDashboard.searchSource.setField('query', currentDashboardState.query);
+
+  /**
+   * If a global time range is not set explicitly and the time range was saved with the dashboard, apply
+   * time range and refresh interval to the query service.
+   */
+  if (currentDashboardState.timeRestore) {
+    const globalQueryState = kbnUrlStateStorage.get<QueryState>('_g');
+    if (!globalQueryState?.time) {
+      if (savedDashboard.timeFrom && savedDashboard.timeTo) {
+        timefilterService.setTime({
+          from: savedDashboard.timeFrom,
+          to: savedDashboard.timeTo,
+        });
+      }
+    }
+    if (!globalQueryState?.refreshInterval) {
+      if (savedDashboard.refreshInterval) {
+        timefilterService.setRefreshInterval(savedDashboard.refreshInterval);
+      }
+    }
+  }
+};
diff --git a/src/plugins/dashboard/public/application/lib/load_dashboard_url_state.ts b/src/plugins/dashboard/public/application/lib/sync_dashboard_url_state.ts
similarity index 53%
rename from src/plugins/dashboard/public/application/lib/load_dashboard_url_state.ts
rename to src/plugins/dashboard/public/application/lib/sync_dashboard_url_state.ts
index efff2ba6bc087..17c5a83cf5539 100644
--- a/src/plugins/dashboard/public/application/lib/load_dashboard_url_state.ts
+++ b/src/plugins/dashboard/public/application/lib/sync_dashboard_url_state.ts
@@ -9,7 +9,11 @@
 import _ from 'lodash';
 
 import { migrateAppState } from '.';
+import { DashboardSavedObject } from '../..';
+import { setDashboardState } from '../state';
+import { migrateLegacyQuery } from './migrate_legacy_query';
 import { replaceUrlHashQuery } from '../../../../kibana_utils/public';
+import { applyDashboardFilterState } from './sync_dashboard_filter_state';
 import { DASHBOARD_STATE_STORAGE_KEY } from '../../dashboard_constants';
 import { convertSavedDashboardPanelToPanelState } from '../../../common/embeddable/embeddable_saved_object_converters';
 import {
@@ -19,16 +23,59 @@ import {
   RawDashboardState,
   SavedDashboardPanel,
 } from '../../types';
-import { migrateLegacyQuery } from './migrate_legacy_query';
+
+type SyncDashboardUrlStateProps = DashboardBuildContext & { savedDashboard: DashboardSavedObject };
+
+export const syncDashboardUrlState = ({
+  dispatchDashboardStateChange,
+  getLatestDashboardState,
+  query: queryService,
+  kbnUrlStateStorage,
+  usageCollection,
+  savedDashboard,
+  kibanaVersion,
+}: SyncDashboardUrlStateProps) => {
+  // load initial state before subscribing to avoid state removal triggering update.
+  const loadDashboardStateProps = { kbnUrlStateStorage, usageCollection, kibanaVersion };
+  const initialDashboardStateFromUrl = loadDashboardUrlState(loadDashboardStateProps);
+
+  const appStateSubscription = kbnUrlStateStorage
+    .change$(DASHBOARD_STATE_STORAGE_KEY)
+    .subscribe(() => {
+      const stateFromUrl = loadDashboardUrlState(loadDashboardStateProps);
+
+      const updatedDashboardState = { ...getLatestDashboardState(), ...stateFromUrl };
+      applyDashboardFilterState({
+        currentDashboardState: updatedDashboardState,
+        kbnUrlStateStorage,
+        queryService,
+        savedDashboard,
+      });
+
+      if (Object.keys(stateFromUrl).length === 0) return;
+      dispatchDashboardStateChange(setDashboardState(updatedDashboardState));
+    });
+
+  const stopWatchingAppStateInUrl = () => {
+    appStateSubscription.unsubscribe();
+  };
+  return { initialDashboardStateFromUrl, stopWatchingAppStateInUrl };
+};
+
+interface LoadDashboardUrlStateProps {
+  kibanaVersion: DashboardBuildContext['kibanaVersion'];
+  usageCollection: DashboardBuildContext['usageCollection'];
+  kbnUrlStateStorage: DashboardBuildContext['kbnUrlStateStorage'];
+}
 
 /**
  * Loads any dashboard state from the URL, and removes the state from the URL.
  */
-export const loadDashboardUrlState = ({
+const loadDashboardUrlState = ({
   kibanaVersion,
   usageCollection,
   kbnUrlStateStorage,
-}: DashboardBuildContext): Partial<DashboardState> => {
+}: LoadDashboardUrlStateProps): Partial<DashboardState> => {
   const rawAppStateInUrl = kbnUrlStateStorage.get<RawDashboardState>(DASHBOARD_STATE_STORAGE_KEY);
   if (!rawAppStateInUrl) return {};
 
diff --git a/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.test.tsx b/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.test.tsx
new file mode 100644
index 0000000000000..a2434170acdd7
--- /dev/null
+++ b/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.test.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { shallow } from 'enzyme';
+import { DocViewerTab } from './doc_viewer_tab';
+import { ElasticSearchHit } from '../../doc_views/doc_views_types';
+
+describe('DocViewerTab', () => {
+  test('changing columns triggers an update', () => {
+    const props = {
+      title: 'test',
+      component: jest.fn(),
+      id: 1,
+      render: jest.fn(),
+      renderProps: {
+        hit: {} as ElasticSearchHit,
+        columns: ['test'],
+      },
+    };
+
+    const wrapper = shallow(<DocViewerTab {...props} />);
+
+    const nextProps = {
+      ...props,
+      renderProps: {
+        hit: {} as ElasticSearchHit,
+        columns: ['test2'],
+      },
+    };
+
+    const shouldUpdate = (wrapper!.instance() as DocViewerTab).shouldComponentUpdate(nextProps, {
+      hasError: false,
+      error: '',
+    });
+    expect(shouldUpdate).toBe(true);
+  });
+});
diff --git a/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.tsx b/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.tsx
index bad72eb42055d..4ca53d929eeab 100644
--- a/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.tsx
+++ b/src/plugins/discover/public/application/components/doc_viewer/doc_viewer_tab.tsx
@@ -7,6 +7,7 @@
  */
 
 import React from 'react';
+import { isEqual } from 'lodash';
 import { I18nProvider } from '@kbn/i18n/react';
 import { DocViewRenderTab } from './doc_viewer_render_tab';
 import { DocViewerError } from './doc_viewer_render_error';
@@ -46,6 +47,7 @@ export class DocViewerTab extends React.Component<Props, State> {
     return (
       nextProps.renderProps.hit._id !== this.props.renderProps.hit._id ||
       nextProps.id !== this.props.id ||
+      !isEqual(nextProps.renderProps.columns, this.props.renderProps.columns) ||
       nextState.hasError
     );
   }
diff --git a/src/plugins/visualizations/server/embeddable/visualize_embeddable_factory.ts b/src/plugins/visualizations/server/embeddable/visualize_embeddable_factory.ts
index 043f6195cf7b4..43a8ab3d507d8 100644
--- a/src/plugins/visualizations/server/embeddable/visualize_embeddable_factory.ts
+++ b/src/plugins/visualizations/server/embeddable/visualize_embeddable_factory.ts
@@ -16,6 +16,7 @@ import {
   commonMigrateVislibPie,
   commonAddEmptyValueColorRule,
   commonMigrateTagCloud,
+  commonAddDropLastBucketIntoTSVBModel,
 } from '../migrations/visualization_common_migrations';
 
 const byValueAddSupportOfDualIndexSelectionModeInTSVB = (state: SerializableRecord) => {
@@ -32,6 +33,13 @@ const byValueHideTSVBLastValueIndicator = (state: SerializableRecord) => {
   };
 };
 
+const byValueAddDropLastBucketIntoTSVBModel = (state: SerializableRecord) => {
+  return {
+    ...state,
+    savedVis: commonAddDropLastBucketIntoTSVBModel(state.savedVis),
+  };
+};
+
 const byValueRemoveDefaultIndexPatternAndTimeFieldFromTSVBModel = (state: SerializableRecord) => {
   return {
     ...state,
@@ -72,7 +80,12 @@ export const visualizeEmbeddableFactory = (): EmbeddableRegistryDefinition => {
           byValueRemoveDefaultIndexPatternAndTimeFieldFromTSVBModel
         )(state),
       '7.14.0': (state) =>
-        flow(byValueAddEmptyValueColorRule, byValueMigrateVislibPie, byValueMigrateTagcloud)(state),
+        flow(
+          byValueAddEmptyValueColorRule,
+          byValueMigrateVislibPie,
+          byValueMigrateTagcloud,
+          byValueAddDropLastBucketIntoTSVBModel
+        )(state),
     },
   };
 };
diff --git a/src/plugins/visualizations/server/migrations/visualization_common_migrations.ts b/src/plugins/visualizations/server/migrations/visualization_common_migrations.ts
index 17b1470a40062..2503ac2c54b12 100644
--- a/src/plugins/visualizations/server/migrations/visualization_common_migrations.ts
+++ b/src/plugins/visualizations/server/migrations/visualization_common_migrations.ts
@@ -20,6 +20,27 @@ export const commonAddSupportOfDualIndexSelectionModeInTSVB = (visState: any) =>
   return visState;
 };
 
+export const commonAddDropLastBucketIntoTSVBModel = (visState: any) => {
+  if (visState && visState.type === 'metrics') {
+    return {
+      ...visState,
+      params: {
+        ...visState.params,
+        series: visState.params?.series?.map((s: any) =>
+          s.override_index_pattern
+            ? {
+                ...s,
+                series_drop_last_bucket: s.series_drop_last_bucket ?? 1,
+              }
+            : s
+        ),
+        drop_last_bucket: visState.params.drop_last_bucket ?? 1,
+      },
+    };
+  }
+  return visState;
+};
+
 export const commonHideTSVBLastValueIndicator = (visState: any) => {
   if (visState && visState.type === 'metrics' && visState.params.type !== 'timeseries') {
     return {
diff --git a/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.test.ts b/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.test.ts
index 869a9add89066..00c7e26715e6c 100644
--- a/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.test.ts
+++ b/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.test.ts
@@ -2115,6 +2115,87 @@ describe('migration visualization', () => {
     });
   });
 
+  describe('7.14.0 tsvb - add drop last bucket into TSVB model', () => {
+    const migrate = (doc: any) =>
+      visualizationSavedObjectTypeMigrations['7.14.0'](
+        doc as Parameters<SavedObjectMigrationFn>[0],
+        savedObjectMigrationContext
+      );
+
+    const createTestDocWithType = (params: any) => ({
+      attributes: {
+        title: 'My Vis',
+        description: 'This is my super cool vis.',
+        visState: `{
+          "type":"metrics",
+          "params": ${JSON.stringify(params)}
+        }`,
+      },
+    });
+
+    it('should add "drop_last_bucket" into model if it not exist', () => {
+      const params = {};
+      const migratedTestDoc = migrate(createTestDocWithType(params));
+      const { params: migratedParams } = JSON.parse(migratedTestDoc.attributes.visState);
+
+      expect(migratedParams).toMatchInlineSnapshot(`
+        Object {
+          "drop_last_bucket": 1,
+        }
+      `);
+    });
+
+    it('should add "series_drop_last_bucket" into model if it not exist', () => {
+      const params = {
+        series: [
+          {
+            override_index_pattern: 1,
+          },
+          {
+            override_index_pattern: 1,
+          },
+          { override_index_pattern: 0 },
+          {},
+          {
+            override_index_pattern: 1,
+            series_drop_last_bucket: 0,
+          },
+          {
+            override_index_pattern: 1,
+            series_drop_last_bucket: 1,
+          },
+        ],
+      };
+      const migratedTestDoc = migrate(createTestDocWithType(params));
+      const { params: migratedParams } = JSON.parse(migratedTestDoc.attributes.visState);
+
+      expect(migratedParams.series).toMatchInlineSnapshot(`
+        Array [
+          Object {
+            "override_index_pattern": 1,
+            "series_drop_last_bucket": 1,
+          },
+          Object {
+            "override_index_pattern": 1,
+            "series_drop_last_bucket": 1,
+          },
+          Object {
+            "override_index_pattern": 0,
+          },
+          Object {},
+          Object {
+            "override_index_pattern": 1,
+            "series_drop_last_bucket": 0,
+          },
+          Object {
+            "override_index_pattern": 1,
+            "series_drop_last_bucket": 1,
+          },
+        ]
+      `);
+    });
+  });
+
   describe('7.14.0 update pie visualization defaults', () => {
     const migrate = (doc: any) =>
       visualizationSavedObjectTypeMigrations['7.14.0'](
diff --git a/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.ts b/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.ts
index 1f50e26ea9ec1..fd08ecd748668 100644
--- a/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.ts
+++ b/src/plugins/visualizations/server/migrations/visualization_saved_object_migrations.ts
@@ -18,6 +18,7 @@ import {
   commonMigrateVislibPie,
   commonAddEmptyValueColorRule,
   commonMigrateTagCloud,
+  commonAddDropLastBucketIntoTSVBModel,
 } from './visualization_common_migrations';
 
 const migrateIndexPattern: SavedObjectMigrationFn<any, any> = (doc) => {
@@ -945,6 +946,23 @@ const hideTSVBLastValueIndicator: SavedObjectMigrationFn<any, any> = (doc) => {
   return doc;
 };
 
+const addDropLastBucketIntoTSVBModel: SavedObjectMigrationFn<any, any> = (doc) => {
+  try {
+    const visState = JSON.parse(doc.attributes.visState);
+    const newVisState = commonAddDropLastBucketIntoTSVBModel(visState);
+    return {
+      ...doc,
+      attributes: {
+        ...doc.attributes,
+        visState: JSON.stringify(newVisState),
+      },
+    };
+  } catch (e) {
+    // Let it go, the data is invalid and we'll leave it as is
+  }
+  return doc;
+};
+
 const removeDefaultIndexPatternAndTimeFieldFromTSVBModel: SavedObjectMigrationFn<any, any> = (
   doc
 ) => {
@@ -1100,6 +1118,7 @@ export const visualizationSavedObjectTypeMigrations = {
     addEmptyValueColorRule,
     migrateVislibPie,
     migrateTagCloud,
-    replaceIndexPatternReference
+    replaceIndexPatternReference,
+    addDropLastBucketIntoTSVBModel
   ),
 };
diff --git a/test/functional/apps/dashboard/dashboard_back_button.ts b/test/functional/apps/dashboard/dashboard_back_button.ts
index 1e901cdbd48be..3b03ea525b903 100644
--- a/test/functional/apps/dashboard/dashboard_back_button.ts
+++ b/test/functional/apps/dashboard/dashboard_back_button.ts
@@ -14,12 +14,14 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const kibanaServer = getService('kibanaServer');
   const PageObjects = getPageObjects(['dashboard', 'header', 'common', 'visualize', 'timePicker']);
   const browser = getService('browser');
+  const security = getService('security');
 
   describe('dashboard back button', () => {
     before(async () => {
       await esArchiver.loadIfNeeded(
         'test/functional/fixtures/es_archiver/dashboard/current/kibana'
       );
+      await security.testUser.setRoles(['kibana_admin', 'animals', 'test_logstash_reader']);
       await kibanaServer.uiSettings.replace({
         defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
       });
@@ -27,6 +29,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await PageObjects.dashboard.preserveCrossAppState();
     });
 
+    after(async () => {
+      await security.testUser.restoreDefaults();
+    });
+
     it('after navigation from listing page to dashboard back button works', async () => {
       await PageObjects.dashboard.gotoDashboardLandingPage();
       await PageObjects.dashboard.loadSavedDashboard('dashboard with everything');
diff --git a/test/functional/apps/dashboard/dashboard_filter_bar.ts b/test/functional/apps/dashboard/dashboard_filter_bar.ts
index e1a15009afe51..2f561f3220158 100644
--- a/test/functional/apps/dashboard/dashboard_filter_bar.ts
+++ b/test/functional/apps/dashboard/dashboard_filter_bar.ts
@@ -20,6 +20,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
   const browser = getService('browser');
+  const security = getService('security');
   const PageObjects = getPageObjects([
     'common',
     'dashboard',
@@ -32,12 +33,17 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   describe('dashboard filter bar', () => {
     before(async () => {
       await esArchiver.load('test/functional/fixtures/es_archiver/dashboard/current/kibana');
+      await security.testUser.setRoles(['kibana_admin', 'test_logstash_reader', 'animals']);
       await kibanaServer.uiSettings.replace({
         defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
       });
       await PageObjects.common.navigateToApp('dashboard');
     });
 
+    after(async () => {
+      await security.testUser.restoreDefaults();
+    });
+
     describe('Add a filter bar', function () {
       before(async () => {
         await PageObjects.dashboard.gotoDashboardLandingPage();
@@ -181,7 +187,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       it('are added when a cell magnifying glass is clicked', async function () {
         await dashboardAddPanel.addSavedSearch('Rendering-Test:-saved-search');
         await PageObjects.dashboard.waitForRenderComplete();
-        const isLegacyDefault = PageObjects.discover.useLegacyTable();
+        const isLegacyDefault = await PageObjects.discover.useLegacyTable();
         if (isLegacyDefault) {
           await testSubjects.click('docTableCellFilter');
         } else {
diff --git a/test/functional/apps/dashboard/dashboard_state.ts b/test/functional/apps/dashboard/dashboard_state.ts
index ea2031f370eba..8200ba8aae92e 100644
--- a/test/functional/apps/dashboard/dashboard_state.ts
+++ b/test/functional/apps/dashboard/dashboard_state.ts
@@ -206,7 +206,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     };
 
     const hardRefresh = async (newUrl: string) => {
-      // We need to add a timestamp to the URL because URL changes now only work with a hard refresh.
+      // We add a timestamp here to force a hard refresh
       await browser.get(newUrl.toString());
       const alert = await browser.getAlert();
       await alert?.accept();
@@ -221,16 +221,23 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await PageObjects.timePicker.setHistoricalDataRange();
       });
 
-      it('for query parameter', async function () {
-        const currentQuery = await queryBar.getQueryString();
-        expect(currentQuery).to.equal('');
+      const changeQuery = async (useHardRefresh: boolean, newQuery: string) => {
+        await queryBar.clickQuerySubmitButton();
+        const oldQuery = await queryBar.getQueryString();
         const currentUrl = await getUrlFromShare();
-        const newUrl = currentUrl.replace(`query:''`, `query:'hi:hello'`);
+        const newUrl = currentUrl.replace(`query:'${oldQuery}'`, `query:'${newQuery}'`);
+
+        await browser.get(newUrl.toString(), !useHardRefresh);
+        const queryBarContentsAfterRefresh = await queryBar.getQueryString();
+        expect(queryBarContentsAfterRefresh).to.equal(newQuery);
+      };
+
+      it('for query parameter with soft refresh', async function () {
+        await changeQuery(false, 'hi:goodbye');
+      });
 
-        // We need to add a timestamp to the URL because URL changes now only work with a hard refresh.
-        await browser.get(newUrl.toString());
-        const newQuery = await queryBar.getQueryString();
-        expect(newQuery).to.equal('hi:hello');
+      it('for query parameter with hard refresh', async function () {
+        await changeQuery(true, 'hi:hello');
         await queryBar.clearQuery();
         await queryBar.clickQuerySubmitButton();
       });
diff --git a/test/functional/apps/dashboard/data_shared_attributes.ts b/test/functional/apps/dashboard/data_shared_attributes.ts
index 34fd4ddb346ed..4b993287ffe42 100644
--- a/test/functional/apps/dashboard/data_shared_attributes.ts
+++ b/test/functional/apps/dashboard/data_shared_attributes.ts
@@ -15,6 +15,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
   const dashboardPanelActions = getService('dashboardPanelActions');
+  const security = getService('security');
   const PageObjects = getPageObjects(['common', 'dashboard', 'timePicker']);
 
   describe('dashboard data-shared attributes', function describeIndexTests() {
@@ -22,6 +23,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
     before(async () => {
       await esArchiver.load('test/functional/fixtures/es_archiver/dashboard/current/kibana');
+      await security.testUser.setRoles(['kibana_admin', 'test_logstash_reader', 'animals']);
       await kibanaServer.uiSettings.replace({
         defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
       });
@@ -31,6 +33,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await PageObjects.dashboard.waitForRenderComplete();
     });
 
+    after(async () => {
+      await security.testUser.restoreDefaults();
+    });
+
     it('should have time picker with data-shared-timefilter-duration', async () => {
       await retry.try(async () => {
         const sharedData = await PageObjects.timePicker.getTimeDurationForSharing();
diff --git a/test/functional/apps/dashboard/legacy_urls.ts b/test/functional/apps/dashboard/legacy_urls.ts
index 96c7a5aac3f4b..b449c0f6728a5 100644
--- a/test/functional/apps/dashboard/legacy_urls.ts
+++ b/test/functional/apps/dashboard/legacy_urls.ts
@@ -32,7 +32,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('legacy urls', function describeIndexTests() {
     before(async function () {
-      await security.testUser.setRoles(['kibana_admin', 'animals']);
+      await security.testUser.setRoles(['kibana_admin', 'test_logstash_reader', 'animals']);
       await esArchiver.load('test/functional/fixtures/es_archiver/dashboard/current/kibana');
       await PageObjects.common.navigateToApp('dashboard');
       await PageObjects.dashboard.clickNewDashboard();
diff --git a/test/functional/apps/dashboard/view_edit.ts b/test/functional/apps/dashboard/view_edit.ts
index b29b07f9df4e4..f0ee5aad7a7cf 100644
--- a/test/functional/apps/dashboard/view_edit.ts
+++ b/test/functional/apps/dashboard/view_edit.ts
@@ -18,10 +18,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const PageObjects = getPageObjects(['dashboard', 'header', 'common', 'visualize', 'timePicker']);
   const dashboardName = 'dashboard with filter';
   const filterBar = getService('filterBar');
+  const security = getService('security');
 
   describe('dashboard view edit mode', function viewEditModeTests() {
     before(async () => {
       await esArchiver.load('test/functional/fixtures/es_archiver/dashboard/current/kibana');
+      await security.testUser.setRoles(['kibana_admin', 'test_logstash_reader', 'animals']);
       await kibanaServer.uiSettings.replace({
         defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
       });
@@ -29,6 +31,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await PageObjects.dashboard.preserveCrossAppState();
     });
 
+    after(async () => {
+      await security.testUser.restoreDefaults();
+    });
+
     it('create new dashboard opens in edit mode', async function () {
       await PageObjects.dashboard.gotoDashboardLandingPage();
       await PageObjects.dashboard.clickNewDashboard();
diff --git a/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx b/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx
index 2b45e6872f295..2b463d1cdd064 100644
--- a/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx
+++ b/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx
@@ -10,7 +10,7 @@ import {
   ALERT_EVALUATION_THRESHOLD,
   ALERT_RULE_TYPE_ID,
   ALERT_EVALUATION_VALUE,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_PRODUCER,
   ALERT_RULE_CONSUMER,
   ALERT_SEVERITY,
@@ -54,7 +54,7 @@ const alert: Alert = {
   [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
   'event.action': ['active'],
   '@timestamp': ['2021-06-01T16:16:05.183Z'],
-  [ALERT_ID]: ['apm.transaction_duration_All'],
+  [ALERT_INSTANCE_ID]: ['apm.transaction_duration_All'],
   'processor.event': ['transaction'],
   [ALERT_EVALUATION_THRESHOLD]: [500000],
   [ALERT_START]: ['2021-06-01T16:15:02.304Z'],
diff --git a/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx b/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx
index da3b24197c4c2..204ebf577cc37 100644
--- a/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx
+++ b/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx
@@ -10,7 +10,7 @@ import {
   ALERT_EVALUATION_THRESHOLD,
   ALERT_RULE_TYPE_ID,
   ALERT_EVALUATION_VALUE,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_SEVERITY,
   ALERT_START,
   ALERT_STATUS,
@@ -142,7 +142,7 @@ Example.args = {
         [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
         'event.action': ['active'],
         '@timestamp': ['2021-06-01T20:27:48.833Z'],
-        [ALERT_ID]: ['apm.transaction_duration_All'],
+        [ALERT_INSTANCE_ID]: ['apm.transaction_duration_All'],
         'processor.event': ['transaction'],
         [ALERT_EVALUATION_THRESHOLD]: [500000],
         [ALERT_START]: ['2021-06-02T04:00:00.000Z'],
@@ -164,7 +164,7 @@ Example.args = {
         [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
         'event.action': ['active'],
         '@timestamp': ['2021-06-01T20:27:48.833Z'],
-        [ALERT_ID]: ['apm.transaction_duration_All'],
+        [ALERT_INSTANCE_ID]: ['apm.transaction_duration_All'],
         'processor.event': ['transaction'],
         [ALERT_EVALUATION_THRESHOLD]: [500000],
         [ALERT_START]: ['2021-06-02T10:45:00.000Z'],
@@ -186,7 +186,7 @@ Example.args = {
         [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
         'event.action': ['active'],
         '@timestamp': ['2021-06-01T20:27:48.833Z'],
-        [ALERT_ID]: ['apm.transaction_duration_All'],
+        [ALERT_INSTANCE_ID]: ['apm.transaction_duration_All'],
         'processor.event': ['transaction'],
         [ALERT_EVALUATION_THRESHOLD]: [500000],
         [ALERT_START]: ['2021-06-02T16:50:00.000Z'],
diff --git a/x-pack/plugins/cases/public/components/all_cases/all_cases_generic.tsx b/x-pack/plugins/cases/public/components/all_cases/all_cases_generic.tsx
index 72491a2bc1e31..9cbb13f7227a3 100644
--- a/x-pack/plugins/cases/public/components/all_cases/all_cases_generic.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/all_cases_generic.tsx
@@ -203,7 +203,8 @@ export const AllCasesGeneric = React.memo<AllCasesGenericProps>(
       handleIsLoading,
       isLoadingCases: loading,
       refreshCases,
-      showActions,
+      // isSelectorView is boolean | undefined. We need to convert it to a boolean.
+      isSelectorView: !!isSelectorView,
       userCanCrud,
       connectors,
     });
diff --git a/x-pack/plugins/cases/public/components/all_cases/columns.tsx b/x-pack/plugins/cases/public/components/all_cases/columns.tsx
index 8b755b0c60968..c0bd6536f1b73 100644
--- a/x-pack/plugins/cases/public/components/all_cases/columns.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/columns.tsx
@@ -72,7 +72,7 @@ export interface GetCasesColumn {
   handleIsLoading: (a: boolean) => void;
   isLoadingCases: string[];
   refreshCases?: (a?: boolean) => void;
-  showActions: boolean;
+  isSelectorView: boolean;
   userCanCrud: boolean;
   connectors?: ActionConnector[];
 }
@@ -84,7 +84,7 @@ export const useCasesColumns = ({
   handleIsLoading,
   isLoadingCases,
   refreshCases,
-  showActions,
+  isSelectorView,
   userCanCrud,
   connectors = [],
 }: GetCasesColumn): CasesColumns[] => {
@@ -281,38 +281,42 @@ export const useCasesColumns = ({
         return getEmptyTagValue();
       },
     },
-    {
-      name: i18n.STATUS,
-      render: (theCase: Case) => {
-        if (theCase?.subCases == null || theCase.subCases.length === 0) {
-          if (theCase.status == null || theCase.type === CaseType.collection) {
-            return getEmptyTagValue();
-          }
-          return (
-            <StatusContextMenu
-              currentStatus={theCase.status}
-              disabled={!userCanCrud || isLoadingCases.length > 0}
-              onStatusChanged={(status) =>
-                handleDispatchUpdate({
-                  updateKey: 'status',
-                  updateValue: status,
-                  caseId: theCase.id,
-                  version: theCase.version,
-                })
+    ...(!isSelectorView
+      ? [
+          {
+            name: i18n.STATUS,
+            render: (theCase: Case) => {
+              if (theCase?.subCases == null || theCase.subCases.length === 0) {
+                if (theCase.status == null || theCase.type === CaseType.collection) {
+                  return getEmptyTagValue();
+                }
+                return (
+                  <StatusContextMenu
+                    currentStatus={theCase.status}
+                    disabled={!userCanCrud || isLoadingCases.length > 0}
+                    onStatusChanged={(status) =>
+                      handleDispatchUpdate({
+                        updateKey: 'status',
+                        updateValue: status,
+                        caseId: theCase.id,
+                        version: theCase.version,
+                      })
+                    }
+                  />
+                );
               }
-            />
-          );
-        }
 
-        const badges = getSubCasesStatusCountsBadges(theCase.subCases);
-        return badges.map(({ color, count }, index) => (
-          <EuiBadge key={index} color={color}>
-            {count}
-          </EuiBadge>
-        ));
-      },
-    },
-    ...(showActions
+              const badges = getSubCasesStatusCountsBadges(theCase.subCases);
+              return badges.map(({ color, count }, index) => (
+                <EuiBadge key={index} color={color}>
+                  {count}
+                </EuiBadge>
+              ));
+            },
+          },
+        ]
+      : []),
+    ...(userCanCrud && !isSelectorView
       ? [
           {
             name: (
diff --git a/x-pack/plugins/cases/public/components/all_cases/index.test.tsx b/x-pack/plugins/cases/public/components/all_cases/index.test.tsx
index 9e6928d43c862..3fff43108772d 100644
--- a/x-pack/plugins/cases/public/components/all_cases/index.test.tsx
+++ b/x-pack/plugins/cases/public/components/all_cases/index.test.tsx
@@ -144,7 +144,7 @@ describe('AllCasesGeneric', () => {
     filterStatus: CaseStatuses.open,
     handleIsLoading: jest.fn(),
     isLoadingCases: [],
-    showActions: true,
+    isSelectorView: false,
     userCanCrud: true,
   };
 
@@ -377,7 +377,7 @@ describe('AllCasesGeneric', () => {
         isLoadingCases: [],
         filterStatus: CaseStatuses.open,
         handleIsLoading: jest.fn(),
-        showActions: false,
+        isSelectorView: true,
         userCanCrud: true,
       })
     );
@@ -926,4 +926,27 @@ describe('AllCasesGeneric', () => {
       ).toBeFalsy();
     });
   });
+
+  it('should not render status when isSelectorView=true', async () => {
+    const wrapper = mount(
+      <TestProviders>
+        <AllCases {...defaultAllCasesProps} isSelectorView={true} />
+      </TestProviders>
+    );
+
+    const { result } = renderHook<GetCasesColumn, CasesColumns[]>(() =>
+      useCasesColumns({
+        ...defaultColumnArgs,
+        isSelectorView: true,
+      })
+    );
+
+    expect(result.current.find((i) => i.name === 'Status')).toBeFalsy();
+
+    await waitFor(() => {
+      expect(wrapper.find('[data-test-subj="cases-table"]').exists()).toBeTruthy();
+    });
+
+    expect(wrapper.find('[data-test-subj="case-view-status-dropdown"]').exists()).toBeFalsy();
+  });
 });
diff --git a/x-pack/plugins/cases/public/components/connectors/jira/use_get_fields_by_issue_type.tsx b/x-pack/plugins/cases/public/components/connectors/jira/use_get_fields_by_issue_type.tsx
index a4958d91c88aa..686df1022a0d7 100644
--- a/x-pack/plugins/cases/public/components/connectors/jira/use_get_fields_by_issue_type.tsx
+++ b/x-pack/plugins/cases/public/components/connectors/jira/use_get_fields_by_issue_type.tsx
@@ -57,8 +57,8 @@ export const useGetFieldsByIssueType = ({
         });
 
         if (!didCancel.current) {
-          setIsLoading(false);
           setFields(res.data ?? {});
+          setIsLoading(false);
           if (res.status && res.status === 'error') {
             toastNotifications.addDanger({
               title: i18n.FIELDS_API_ERROR,
diff --git a/x-pack/plugins/cases/public/components/connectors/jira/use_get_issue_types.tsx b/x-pack/plugins/cases/public/components/connectors/jira/use_get_issue_types.tsx
index 447491d2a2fff..0d7073f3bf2d4 100644
--- a/x-pack/plugins/cases/public/components/connectors/jira/use_get_issue_types.tsx
+++ b/x-pack/plugins/cases/public/components/connectors/jira/use_get_issue_types.tsx
@@ -56,13 +56,14 @@ export const useGetIssueTypes = ({
         });
 
         if (!didCancel.current) {
-          setIsLoading(false);
           const asOptions = (res.data ?? []).map((type) => ({
             text: type.name ?? '',
             value: type.id ?? '',
           }));
+
           setIssueTypes(res.data ?? []);
           handleIssueType(asOptions);
+          setIsLoading(false);
           if (res.status && res.status === 'error') {
             toastNotifications.addDanger({
               title: i18n.ISSUE_TYPES_API_ERROR,
diff --git a/x-pack/plugins/cases/public/components/edit_connector/index.test.tsx b/x-pack/plugins/cases/public/components/edit_connector/index.test.tsx
index fb45bf6ac3ae0..eec84cdd8d90f 100644
--- a/x-pack/plugins/cases/public/components/edit_connector/index.test.tsx
+++ b/x-pack/plugins/cases/public/components/edit_connector/index.test.tsx
@@ -7,16 +7,14 @@
 
 import React from 'react';
 import { mount } from 'enzyme';
-import { waitFor } from '@testing-library/react';
+import { render, waitFor, screen } from '@testing-library/react';
 
 import { EditConnector, EditConnectorProps } from './index';
-import { getFormMock, useFormMock } from '../__mock__/form';
 import { TestProviders } from '../../common/mock';
 import { connectorsMock } from '../../containers/configure/mock';
 import { basicCase, basicPush, caseUserActions } from '../../containers/mock';
 import { useKibana } from '../../common/lib/kibana';
 
-jest.mock('../../../../../../src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_form');
 jest.mock('../../common/lib/kibana');
 const useKibanaMock = useKibana as jest.Mocked<typeof useKibana>;
 
@@ -50,17 +48,32 @@ const defaultProps: EditConnectorProps = {
 };
 
 describe('EditConnector ', () => {
-  const sampleConnector = '123';
-  const formHookMock = getFormMock({ connectorId: sampleConnector });
   beforeEach(() => {
     jest.clearAllMocks();
-    useFormMock.mockImplementation(() => ({ form: formHookMock }));
     useKibanaMock().services.triggersActionsUi.actionTypeRegistry.get = jest.fn().mockReturnValue({
       actionTypeTitle: '.servicenow',
       iconClass: 'logoSecurity',
     });
   });
 
+  it('Renders servicenow connector from case initially', async () => {
+    const serviceNowProps = {
+      ...defaultProps,
+      caseData: {
+        ...defaultProps.caseData,
+        connector: { ...defaultProps.caseData.connector, id: 'servicenow-1' },
+      },
+    };
+
+    render(
+      <TestProviders>
+        <EditConnector {...serviceNowProps} />
+      </TestProviders>
+    );
+
+    expect(await screen.findByText('My Connector')).toBeInTheDocument();
+  });
+
   it('Renders no connector, and then edit', async () => {
     const wrapper = mount(
       <TestProviders>
@@ -98,58 +111,81 @@ describe('EditConnector ', () => {
     expect(wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().exists()).toBeTruthy();
 
     wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().simulate('click');
-    await waitFor(() => expect(onSubmit.mock.calls[0][0]).toBe(sampleConnector));
+    await waitFor(() => expect(onSubmit.mock.calls[0][0]).toBe('resilient-2'));
   });
 
   it('Revert to initial external service on error', async () => {
     onSubmit.mockImplementation((connector, onSuccess, onError) => {
       onError(new Error('An error has occurred'));
     });
+
+    const props = {
+      ...defaultProps,
+      caseData: {
+        ...defaultProps.caseData,
+        connector: { ...defaultProps.caseData.connector, id: 'servicenow-1' },
+      },
+    };
+
     const wrapper = mount(
       <TestProviders>
-        <EditConnector {...defaultProps} />
+        <EditConnector {...props} />
       </TestProviders>
     );
-    wrapper.find('[data-test-subj="connector-edit"] button').simulate('click');
 
+    wrapper.find('[data-test-subj="connector-edit"] button').simulate('click');
     wrapper.find('button[data-test-subj="dropdown-connectors"]').simulate('click');
-    wrapper.update();
-    wrapper.find('button[data-test-subj="dropdown-connector-resilient-2"]').simulate('click');
-    wrapper.update();
-
-    expect(wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().exists()).toBeTruthy();
+    await waitFor(() => {
+      wrapper.update();
+      wrapper.find('button[data-test-subj="dropdown-connector-resilient-2"]').simulate('click');
+      wrapper.update();
+      expect(
+        wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().exists()
+      ).toBeTruthy();
+      wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().simulate('click');
+    });
 
-    wrapper.find(`[data-test-subj="edit-connectors-submit"]`).last().simulate('click');
     await waitFor(() => {
       wrapper.update();
-      expect(formHookMock.setFieldValue).toHaveBeenCalledWith('connectorId', 'none');
+      expect(wrapper.find(`[data-test-subj="edit-connectors-submit"]`).exists()).toBeFalsy();
     });
+
+    /**
+     * If an error is being throw on submit the selected connector should
+     * be reverted to the initial one. In our test the initial one is the .servicenow-1
+     * connector. The title of the .servicenow-1 connector is My Connector.
+     */
+    expect(wrapper.text().includes('My Connector')).toBeTruthy();
   });
 
   it('Resets selector on cancel', async () => {
     const props = {
       ...defaultProps,
+      caseData: {
+        ...defaultProps.caseData,
+        connector: { ...defaultProps.caseData.connector, id: 'servicenow-1' },
+      },
     };
+
     const wrapper = mount(
       <TestProviders>
         <EditConnector {...props} />
       </TestProviders>
     );
-    wrapper.find('[data-test-subj="connector-edit"] button').simulate('click');
 
+    wrapper.find('[data-test-subj="connector-edit"] button').simulate('click');
     wrapper.find('button[data-test-subj="dropdown-connectors"]').simulate('click');
     wrapper.update();
     wrapper.find('button[data-test-subj="dropdown-connector-resilient-2"]').simulate('click');
     wrapper.update();
-
     wrapper.find(`[data-test-subj="edit-connectors-cancel"]`).last().simulate('click');
+
     await waitFor(() => {
       wrapper.update();
-      expect(formHookMock.setFieldValue).toBeCalledWith(
-        'connectorId',
-        defaultProps.caseData.connector.id
-      );
+      expect(wrapper.find(`[data-test-subj="edit-connectors-submit"]`).exists()).toBeFalsy();
     });
+
+    expect(wrapper.text().includes('My Connector')).toBeTruthy();
   });
 
   it('Renders loading spinner', async () => {
diff --git a/x-pack/plugins/cases/public/components/edit_connector/index.tsx b/x-pack/plugins/cases/public/components/edit_connector/index.tsx
index df7855fb9ce33..70845f28e1f6b 100644
--- a/x-pack/plugins/cases/public/components/edit_connector/index.tsx
+++ b/x-pack/plugins/cases/public/components/edit_connector/index.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { useCallback, useReducer } from 'react';
+import React, { useCallback, useEffect, useReducer } from 'react';
 import deepEqual from 'fast-deep-equal';
 import {
   EuiText,
@@ -144,17 +144,43 @@ export const EditConnector = React.memo(
       { ...initialState, fields: caseFields }
     );
 
+    useEffect(() => {
+      // Initialize the current connector with the connector information attached to the case if we can find that
+      // connector in the retrieved connectors from the API call
+      if (!isLoading) {
+        dispatch({
+          type: 'SET_CURRENT_CONNECTOR',
+          payload: getConnectorById(caseData.connector.id, connectors),
+        });
+
+        // Set the fields initially to whatever is present in the case, this should match with
+        // the latest user action for an update connector as well
+        dispatch({
+          type: 'SET_FIELDS',
+          payload: caseFields,
+        });
+      }
+    }, [caseData.connector.id, connectors, isLoading, caseFields]);
+
+    /**
+     * There is a race condition with this callback. At some point during the initial mounting of this component, this
+     * callback will be called. There are a couple problems with this:
+     *
+     * 1. If the call occurs before the above useEffect does its dispatches (aka while the connectors are still loading) this will
+     *  result in setting the current connector to null when in fact we might have a valid connector. It could also
+     *  cause issues when setting the fields because if there are no user actions then the getConnectorFieldsFromUserActions
+     *  will return null even when the caseData.connector.fields is valid and populated.
+     *
+     * 2. If the call occurs after the above useEffect then the currentConnector should === newConnectorId
+     *
+     * As far as I know dispatch is synchronous so if the useEffect runs first it should successfully set currentConnector. If
+     * onChangeConnector runs first and sets stuff to null, then when useEffect runs it'll switch everything back to what we need it to be
+     * initially.
+     */
     const onChangeConnector = useCallback(
       (newConnectorId) => {
-        // Init
-        if (currentConnector == null) {
-          dispatch({
-            type: 'SET_CURRENT_CONNECTOR',
-            payload: getConnectorById(newConnectorId, connectors),
-          });
-        }
-        // change connect on dropdown action
-        else if (currentConnector.id !== newConnectorId) {
+        // change connector on dropdown action
+        if (currentConnector?.id !== newConnectorId) {
           dispatch({
             type: 'SET_CURRENT_CONNECTOR',
             payload: getConnectorById(newConnectorId, connectors),
@@ -163,14 +189,9 @@ export const EditConnector = React.memo(
             type: 'SET_FIELDS',
             payload: getConnectorFieldsFromUserActions(newConnectorId, userActions ?? []),
           });
-        } else if (fields === null) {
-          dispatch({
-            type: 'SET_FIELDS',
-            payload: getConnectorFieldsFromUserActions(newConnectorId, userActions ?? []),
-          });
         }
       },
-      [currentConnector, fields, userActions, connectors]
+      [currentConnector, userActions, connectors]
     );
 
     const onFieldsChange = useCallback(
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.test.ts
index addee72ae4bd2..b2dc665fc2b85 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.test.ts
@@ -13,8 +13,8 @@ import {
 } from '../../../../../__mocks__/kea_logic';
 import '../../../../__mocks__/engine_logic.mock';
 
-jest.mock('../../crawler_overview_logic', () => ({
-  CrawlerOverviewLogic: {
+jest.mock('../../crawler_logic', () => ({
+  CrawlerLogic: {
     actions: {
       onReceiveCrawlerData: jest.fn(),
     },
@@ -28,7 +28,7 @@ jest.mock('./utils', () => ({
 
 import { nextTick } from '@kbn/test/jest';
 
-import { CrawlerOverviewLogic } from '../../crawler_overview_logic';
+import { CrawlerLogic } from '../../crawler_logic';
 import { CrawlerDomain } from '../../types';
 
 import { AddDomainLogic, AddDomainLogicValues } from './add_domain_logic';
@@ -310,7 +310,7 @@ describe('AddDomainLogic', () => {
           AddDomainLogic.actions.submitNewDomain();
           await nextTick();
 
-          expect(CrawlerOverviewLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith({
+          expect(CrawlerLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith({
             domains: [],
           });
         });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.ts
index 17b16a55a8fa3..23bc147a7291d 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/add_domain_logic.ts
@@ -17,7 +17,7 @@ import { KibanaLogic } from '../../../../../shared/kibana';
 import { ENGINE_CRAWLER_DOMAIN_PATH } from '../../../../routes';
 import { EngineLogic, generateEnginePath } from '../../../engine';
 
-import { CrawlerOverviewLogic } from '../../crawler_overview_logic';
+import { CrawlerLogic } from '../../crawler_logic';
 import {
   CrawlerDataFromServer,
   CrawlerDomain,
@@ -262,7 +262,7 @@ export const AddDomainLogic = kea<MakeLogicType<AddDomainLogicValues, AddDomainL
         });
 
         const crawlerData = crawlerDataServerToClient(response as CrawlerDataFromServer);
-        CrawlerOverviewLogic.actions.onReceiveCrawlerData(crawlerData);
+        CrawlerLogic.actions.onReceiveCrawlerData(crawlerData);
         const newDomain = crawlerData.domains[crawlerData.domains.length - 1];
         if (newDomain) {
           actions.onSubmitNewDomainSuccess(newDomain);
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/utils.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/utils.ts
index fb72c1da0a6b1..b0dc8418c4ca9 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/utils.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/utils.ts
@@ -62,10 +62,12 @@ export const getDomainWithProtocol = async (domain: string) => {
 
 export const domainValidationStateToPanelColor = (
   state: CrawlerDomainValidationStepState
-): 'success' | 'danger' | 'subdued' => {
+): 'success' | 'warning' | 'danger' | 'subdued' => {
   switch (state) {
     case 'valid':
       return 'success';
+    case 'warning':
+      return 'warning';
     case 'invalid':
       return 'danger';
     default:
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.test.tsx
index 2c27e99e02ef6..8bb82f93e3ec4 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.test.tsx
@@ -20,6 +20,12 @@ describe('ValidationStateIcon', () => {
     expect(wrapper.find(EuiIcon).prop('color')).toEqual('success');
   });
 
+  it('shows a warning icon when warning', () => {
+    const wrapper = shallow(<ValidationStateIcon state="warning" />);
+
+    expect(wrapper.find(EuiIcon).prop('color')).toEqual('warning');
+  });
+
   it('shows a danger icon when invalid', () => {
     const wrapper = shallow(<ValidationStateIcon state="invalid" />);
 
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.tsx
index 0c3d5329c47b7..3d85455ec7a8a 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_state_icon.tsx
@@ -14,7 +14,14 @@ import { CrawlerDomainValidationStepState } from '../../types';
 export const ValidationStateIcon: React.FC<{ state: CrawlerDomainValidationStepState }> = ({
   state,
 }) => {
-  if (state === 'valid') return <EuiIcon color="success" type="checkInCircleFilled" />;
-  if (state === 'invalid') return <EuiIcon color="danger" type="crossInACircleFilled" />;
-  return <EuiLoadingSpinner />;
+  switch (state) {
+    case 'valid':
+      return <EuiIcon color="success" type="check" />;
+    case 'warning':
+      return <EuiIcon color="warning" type="alert" />;
+    case 'invalid':
+      return <EuiIcon color="danger" type="cross" />;
+    default:
+      return <EuiLoadingSpinner />;
+  }
 };
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.test.tsx
index a02a29c9854dd..c022b09d4638c 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.test.tsx
@@ -19,12 +19,15 @@ describe('ValidationStepPanel', () => {
     const wrapper = shallow(
       <ValidationStepPanel step={{ state: 'valid' }} label={'Initial validation'} />
     );
+
     it('passed the correct color to the EuiPanel', () => {
       expect(wrapper.find(EuiPanel).prop('color')).toEqual('success');
     });
+
     it('contains a validation state icon', () => {
       expect(wrapper.find(ValidationStateIcon)).toHaveLength(1);
     });
+
     it('renders a label', () => {
       expect(wrapper.find('h3').text()).toEqual('Initial validation');
     });
@@ -32,11 +35,26 @@ describe('ValidationStepPanel', () => {
   describe('invalid messages and actions', () => {
     const errorMessage = 'Error message';
     const action = <div data-test-subj="action" />;
+
     it('displays the passed error message and action is invalid', () => {
       const wrapper = shallow(
         <ValidationStepPanel
           step={{ state: 'invalid', message: errorMessage }}
-          label={'initialValidation'}
+          label="initialValidation"
+          action={action}
+        />
+      );
+      expect(wrapper.find('[data-test-subj="errorMessage"]').dive().text()).toContain(
+        'Error message'
+      );
+      expect(wrapper.find('[data-test-subj="action"]')).toHaveLength(1);
+    });
+
+    it('displays the passed error message and action when state is warning', () => {
+      const wrapper = shallow(
+        <ValidationStepPanel
+          step={{ state: 'warning', message: errorMessage }}
+          label="initialValidation"
           action={action}
         />
       );
@@ -45,11 +63,12 @@ describe('ValidationStepPanel', () => {
       );
       expect(wrapper.find('[data-test-subj="action"]')).toHaveLength(1);
     });
-    it('does not display the passed error message or action when state is not invalid', () => {
+
+    it('does not display the passed error message or action when state is loading', () => {
       const wrapper = shallow(
         <ValidationStepPanel
           step={{ state: 'loading', message: errorMessage }}
-          label={'initialValidation'}
+          label="initialValidation"
           action={action}
         />
       );
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.tsx
index 8d3faed1fbc58..804c2d86ca099 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/add_domain/validation_step_panel.tsx
@@ -25,11 +25,13 @@ export const ValidationStepPanel: React.FC<ValidationStepPanelProps> = ({
   label,
   action,
 }) => {
+  const showErrorMessage = step.state === 'invalid' || step.state === 'warning';
+
   return (
     <EuiPanel hasShadow={false} color={domainValidationStateToPanelColor(step.state)}>
       <EuiFlexGroup gutterSize="s" alignItems="center">
         <EuiFlexItem grow={false}>
-          <ValidationStateIcon state={step?.state} />
+          <ValidationStateIcon state={step.state} />
         </EuiFlexItem>
         <EuiFlexItem>
           <EuiTitle size="xs">
@@ -37,7 +39,7 @@ export const ValidationStepPanel: React.FC<ValidationStepPanelProps> = ({
           </EuiTitle>
         </EuiFlexItem>
       </EuiFlexGroup>
-      {step.state === 'invalid' && (
+      {showErrorMessage && (
         <>
           <EuiText size="s" data-test-subj="errorMessage">
             <p>{step.message}</p>
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.test.tsx
index c9a540b9bf72b..13a7c641822b9 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.test.tsx
@@ -16,38 +16,12 @@ import { EuiBasicTable, EuiEmptyPrompt } from '@elastic/eui';
 
 import { mountWithIntl } from '../../../../test_helpers';
 
-import {
-  CrawlerDomain,
-  CrawlerPolicies,
-  CrawlerRules,
-  CrawlerStatus,
-  CrawlRequest,
-} from '../types';
+import { CrawlerStatus, CrawlRequest } from '../types';
 
 import { CrawlRequestsTable } from './crawl_requests_table';
 
-const values: { domains: CrawlerDomain[]; crawlRequests: CrawlRequest[] } = {
-  // CrawlerOverviewLogic
-  domains: [
-    {
-      id: '507f1f77bcf86cd799439011',
-      createdOn: 'Mon, 31 Aug 2020 17:00:00 +0000',
-      url: 'elastic.co',
-      documentCount: 13,
-      sitemaps: [],
-      entryPoints: [],
-      crawlRules: [],
-      defaultCrawlRule: {
-        id: '-',
-        policy: CrawlerPolicies.allow,
-        rule: CrawlerRules.regex,
-        pattern: '.*',
-      },
-      deduplicationEnabled: false,
-      deduplicationFields: ['title'],
-      availableDeduplicationFields: ['title', 'description'],
-    },
-  ],
+const values: { crawlRequests: CrawlRequest[] } = {
+  // CrawlerLogic
   crawlRequests: [
     {
       id: '618d0e66abe97bc688328900',
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.tsx
index 19b1a543ad207..8a2b08878ff78 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_requests_table.tsx
@@ -13,7 +13,7 @@ import { EuiBasicTable, EuiEmptyPrompt, EuiTableFieldDataColumnType } from '@ela
 
 import { i18n } from '@kbn/i18n';
 
-import { CrawlerOverviewLogic } from '../crawler_overview_logic';
+import { CrawlerLogic } from '../crawler_logic';
 import { CrawlRequest, readableCrawlerStatuses } from '../types';
 
 import { CustomFormattedTimestamp } from './custom_formatted_timestamp';
@@ -53,7 +53,7 @@ const columns: Array<EuiTableFieldDataColumnType<CrawlRequest>> = [
 ];
 
 export const CrawlRequestsTable: React.FC = () => {
-  const { crawlRequests } = useValues(CrawlerOverviewLogic);
+  const { crawlRequests } = useValues(CrawlerLogic);
 
   return (
     <EuiBasicTable
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_banner.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_banner.tsx
index 833db286fc2e5..527eff6ab25a5 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_banner.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_banner.tsx
@@ -13,11 +13,11 @@ import { EuiCallOut } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
 
-import { CrawlerOverviewLogic } from '../crawler_overview_logic';
+import { CrawlerLogic } from '../crawler_logic';
 import { CrawlerStatus } from '../types';
 
 export const CrawlerStatusBanner: React.FC = () => {
-  const { mostRecentCrawlRequestStatus } = useValues(CrawlerOverviewLogic);
+  const { mostRecentCrawlRequestStatus } = useValues(CrawlerLogic);
   if (
     mostRecentCrawlRequestStatus === CrawlerStatus.Running ||
     mostRecentCrawlRequestStatus === CrawlerStatus.Starting ||
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_indicator/crawler_status_indicator.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_indicator/crawler_status_indicator.tsx
index c1b8ad2073444..c02e45f02c407 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_indicator/crawler_status_indicator.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawler_status_indicator/crawler_status_indicator.tsx
@@ -13,14 +13,14 @@ import { EuiButton } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
 
-import { CrawlerOverviewLogic } from '../../crawler_overview_logic';
+import { CrawlerLogic } from '../../crawler_logic';
 import { CrawlerStatus } from '../../types';
 
 import { StopCrawlPopoverContextMenu } from './stop_crawl_popover_context_menu';
 
 export const CrawlerStatusIndicator: React.FC = () => {
-  const { domains, mostRecentCrawlRequestStatus } = useValues(CrawlerOverviewLogic);
-  const { startCrawl, stopCrawl } = useActions(CrawlerOverviewLogic);
+  const { domains, mostRecentCrawlRequestStatus } = useValues(CrawlerLogic);
+  const { startCrawl, stopCrawl } = useActions(CrawlerLogic);
 
   const disabledButton = (
     <EuiButton disabled>
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/domains_table.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/domains_table.tsx
index 9dd0a518f233b..7214eace25e2d 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/domains_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/domains_table.tsx
@@ -20,6 +20,7 @@ import { KibanaLogic } from '../../../../shared/kibana';
 import { AppLogic } from '../../../app_logic';
 import { ENGINE_CRAWLER_DOMAIN_PATH } from '../../../routes';
 import { generateEnginePath } from '../../engine';
+import { CrawlerLogic } from '../crawler_logic';
 import { CrawlerOverviewLogic } from '../crawler_overview_logic';
 import { CrawlerDomain } from '../types';
 
@@ -28,7 +29,7 @@ import { getDeleteDomainConfirmationMessage } from '../utils';
 import { CustomFormattedTimestamp } from './custom_formatted_timestamp';
 
 export const DomainsTable: React.FC = () => {
-  const { domains } = useValues(CrawlerOverviewLogic);
+  const { domains } = useValues(CrawlerLogic);
 
   const { deleteDomain } = useActions(CrawlerOverviewLogic);
 
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.test.ts
new file mode 100644
index 0000000000000..6dbc84451280f
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.test.ts
@@ -0,0 +1,411 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  LogicMounter,
+  mockHttpValues,
+  mockFlashMessageHelpers,
+} from '../../../__mocks__/kea_logic';
+import '../../__mocks__/engine_logic.mock';
+
+import { nextTick } from '@kbn/test/jest';
+
+import { CrawlerLogic, CrawlerValues } from './crawler_logic';
+import {
+  CrawlerData,
+  CrawlerDataFromServer,
+  CrawlerPolicies,
+  CrawlerRules,
+  CrawlerStatus,
+  CrawlRequest,
+  CrawlRule,
+} from './types';
+import { crawlerDataServerToClient } from './utils';
+
+const DEFAULT_VALUES: CrawlerValues = {
+  crawlRequests: [],
+  dataLoading: true,
+  domains: [],
+  mostRecentCrawlRequestStatus: CrawlerStatus.Success,
+  timeoutId: null,
+};
+
+const DEFAULT_CRAWL_RULE: CrawlRule = {
+  id: '-',
+  policy: CrawlerPolicies.allow,
+  rule: CrawlerRules.regex,
+  pattern: '.*',
+};
+
+const MOCK_SERVER_CRAWLER_DATA: CrawlerDataFromServer = {
+  domains: [
+    {
+      id: '507f1f77bcf86cd799439011',
+      name: 'elastic.co',
+      created_on: 'Mon, 31 Aug 2020 17:00:00 +0000',
+      document_count: 13,
+      sitemaps: [],
+      entry_points: [],
+      crawl_rules: [],
+      deduplication_enabled: false,
+      deduplication_fields: ['title'],
+      available_deduplication_fields: ['title', 'description'],
+    },
+  ],
+};
+
+const MOCK_CLIENT_CRAWLER_DATA = crawlerDataServerToClient(MOCK_SERVER_CRAWLER_DATA);
+
+describe('CrawlerLogic', () => {
+  const { mount, unmount } = new LogicMounter(CrawlerLogic);
+  const { http } = mockHttpValues;
+  const { flashAPIErrors } = mockFlashMessageHelpers;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    jest.useFakeTimers(); // this should be run before every test to reset these mocks
+    mount();
+  });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+
+  it('has expected default values', () => {
+    expect(CrawlerLogic.values).toEqual(DEFAULT_VALUES);
+  });
+
+  describe('actions', () => {
+    describe('clearTimeoutId', () => {
+      it('clears the timeout in the logic', () => {
+        mount({
+          timeoutId: setTimeout(() => {}, 1),
+        });
+
+        CrawlerLogic.actions.clearTimeoutId();
+
+        expect(CrawlerLogic.values.timeoutId).toEqual(null);
+      });
+    });
+
+    describe('onCreateNewTimeout', () => {
+      it('sets the timeout in the logic', () => {
+        const timeout = setTimeout(() => {}, 1);
+
+        CrawlerLogic.actions.onCreateNewTimeout(timeout);
+
+        expect(CrawlerLogic.values.timeoutId).toEqual(timeout);
+      });
+    });
+
+    describe('onReceiveCrawlerData', () => {
+      const crawlerData: CrawlerData = {
+        domains: [
+          {
+            id: '507f1f77bcf86cd799439011',
+            createdOn: 'Mon, 31 Aug 2020 17:00:00 +0000',
+            url: 'elastic.co',
+            documentCount: 13,
+            sitemaps: [],
+            entryPoints: [],
+            crawlRules: [],
+            defaultCrawlRule: DEFAULT_CRAWL_RULE,
+            deduplicationEnabled: false,
+            deduplicationFields: ['title'],
+            availableDeduplicationFields: ['title', 'description'],
+          },
+        ],
+      };
+
+      beforeEach(() => {
+        CrawlerLogic.actions.onReceiveCrawlerData(crawlerData);
+      });
+
+      it('should set all received data as top-level values', () => {
+        expect(CrawlerLogic.values.domains).toEqual(crawlerData.domains);
+      });
+
+      it('should set dataLoading to false', () => {
+        expect(CrawlerLogic.values.dataLoading).toEqual(false);
+      });
+    });
+
+    describe('onReceiveCrawlRequests', () => {
+      const crawlRequests: CrawlRequest[] = [
+        {
+          id: '618d0e66abe97bc688328900',
+          status: CrawlerStatus.Pending,
+          createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
+          beganAt: null,
+          completedAt: null,
+        },
+      ];
+
+      beforeEach(() => {
+        CrawlerLogic.actions.onReceiveCrawlRequests(crawlRequests);
+      });
+
+      it('should set the crawl requests', () => {
+        expect(CrawlerLogic.values.crawlRequests).toEqual(crawlRequests);
+      });
+    });
+  });
+
+  describe('listeners', () => {
+    describe('fetchCrawlerData', () => {
+      it('updates logic with data that has been converted from server to client', async () => {
+        jest.spyOn(CrawlerLogic.actions, 'onReceiveCrawlerData');
+        http.get.mockReturnValueOnce(Promise.resolve(MOCK_SERVER_CRAWLER_DATA));
+
+        CrawlerLogic.actions.fetchCrawlerData();
+        await nextTick();
+
+        expect(http.get).toHaveBeenCalledWith('/api/app_search/engines/some-engine/crawler');
+        expect(CrawlerLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith(
+          MOCK_CLIENT_CRAWLER_DATA
+        );
+      });
+
+      it('calls flashApiErrors when there is an error on the request for crawler data', async () => {
+        http.get.mockReturnValueOnce(Promise.reject('error'));
+
+        CrawlerLogic.actions.fetchCrawlerData();
+        await nextTick();
+
+        expect(flashAPIErrors).toHaveBeenCalledWith('error');
+      });
+    });
+
+    describe('startCrawl', () => {
+      describe('success path', () => {
+        it('creates a new crawl request and then fetches the latest crawl requests', async () => {
+          jest.spyOn(CrawlerLogic.actions, 'getLatestCrawlRequests');
+          http.post.mockReturnValueOnce(Promise.resolve());
+
+          CrawlerLogic.actions.startCrawl();
+          await nextTick();
+
+          expect(http.post).toHaveBeenCalledWith(
+            '/api/app_search/engines/some-engine/crawler/crawl_requests'
+          );
+          expect(CrawlerLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
+        });
+      });
+
+      describe('on failure', () => {
+        it('flashes an error message', async () => {
+          http.post.mockReturnValueOnce(Promise.reject('error'));
+
+          CrawlerLogic.actions.startCrawl();
+          await nextTick();
+
+          expect(flashAPIErrors).toHaveBeenCalledWith('error');
+        });
+      });
+    });
+
+    describe('stopCrawl', () => {
+      describe('success path', () => {
+        it('stops the crawl starts and then fetches the latest crawl requests', async () => {
+          jest.spyOn(CrawlerLogic.actions, 'getLatestCrawlRequests');
+          http.post.mockReturnValueOnce(Promise.resolve());
+
+          CrawlerLogic.actions.stopCrawl();
+          await nextTick();
+
+          expect(http.post).toHaveBeenCalledWith(
+            '/api/app_search/engines/some-engine/crawler/crawl_requests/cancel'
+          );
+          expect(CrawlerLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
+        });
+      });
+
+      describe('on failure', () => {
+        it('flashes an error message', async () => {
+          jest.spyOn(CrawlerLogic.actions, 'getLatestCrawlRequests');
+          http.post.mockReturnValueOnce(Promise.reject('error'));
+
+          CrawlerLogic.actions.stopCrawl();
+          await nextTick();
+
+          expect(flashAPIErrors).toHaveBeenCalledWith('error');
+        });
+      });
+    });
+
+    describe('createNewTimeoutForCrawlRequests', () => {
+      it('saves the timeout ID in the logic', () => {
+        jest.spyOn(CrawlerLogic.actions, 'onCreateNewTimeout');
+        jest.spyOn(CrawlerLogic.actions, 'getLatestCrawlRequests');
+
+        CrawlerLogic.actions.createNewTimeoutForCrawlRequests(2000);
+
+        expect(setTimeout).toHaveBeenCalledWith(expect.any(Function), 2000);
+        expect(CrawlerLogic.actions.onCreateNewTimeout).toHaveBeenCalled();
+
+        jest.runAllTimers();
+
+        expect(CrawlerLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
+      });
+
+      it('clears a timeout if one already exists', () => {
+        const timeoutId = setTimeout(() => {}, 1);
+        mount({
+          timeoutId,
+        });
+
+        CrawlerLogic.actions.createNewTimeoutForCrawlRequests(2000);
+
+        expect(clearTimeout).toHaveBeenCalledWith(timeoutId);
+      });
+    });
+
+    describe('getLatestCrawlRequests', () => {
+      describe('on success', () => {
+        [
+          CrawlerStatus.Pending,
+          CrawlerStatus.Starting,
+          CrawlerStatus.Running,
+          CrawlerStatus.Canceling,
+        ].forEach((status) => {
+          it(`creates a new timeout for status ${status}`, async () => {
+            jest.spyOn(CrawlerLogic.actions, 'createNewTimeoutForCrawlRequests');
+            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
+
+            CrawlerLogic.actions.getLatestCrawlRequests();
+            await nextTick();
+
+            expect(CrawlerLogic.actions.createNewTimeoutForCrawlRequests).toHaveBeenCalled();
+          });
+        });
+
+        [CrawlerStatus.Success, CrawlerStatus.Failed, CrawlerStatus.Canceled].forEach((status) => {
+          it(`clears the timeout and fetches data for status ${status}`, async () => {
+            jest.spyOn(CrawlerLogic.actions, 'clearTimeoutId');
+            jest.spyOn(CrawlerLogic.actions, 'fetchCrawlerData');
+            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
+
+            CrawlerLogic.actions.getLatestCrawlRequests();
+            await nextTick();
+
+            expect(CrawlerLogic.actions.clearTimeoutId).toHaveBeenCalled();
+            expect(CrawlerLogic.actions.fetchCrawlerData).toHaveBeenCalled();
+          });
+
+          it(`optionally supresses fetching data for status ${status}`, async () => {
+            jest.spyOn(CrawlerLogic.actions, 'clearTimeoutId');
+            jest.spyOn(CrawlerLogic.actions, 'fetchCrawlerData');
+            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
+
+            CrawlerLogic.actions.getLatestCrawlRequests(false);
+            await nextTick();
+
+            expect(CrawlerLogic.actions.clearTimeoutId).toHaveBeenCalled();
+            expect(CrawlerLogic.actions.fetchCrawlerData).toHaveBeenCalledTimes(0);
+          });
+        });
+      });
+
+      describe('on failure', () => {
+        it('creates a new timeout', async () => {
+          jest.spyOn(CrawlerLogic.actions, 'createNewTimeoutForCrawlRequests');
+          http.get.mockReturnValueOnce(Promise.reject());
+
+          CrawlerLogic.actions.getLatestCrawlRequests();
+          await nextTick();
+
+          expect(CrawlerLogic.actions.createNewTimeoutForCrawlRequests).toHaveBeenCalled();
+        });
+      });
+    });
+  });
+
+  describe('selectors', () => {
+    describe('mostRecentCrawlRequestStatus', () => {
+      it('is Success when there are no crawl requests', () => {
+        mount({
+          crawlRequests: [],
+        });
+
+        expect(CrawlerLogic.values.mostRecentCrawlRequestStatus).toEqual(CrawlerStatus.Success);
+      });
+
+      it('is Success when there are only crawl requests', () => {
+        mount({
+          crawlRequests: [
+            {
+              id: '2',
+              status: CrawlerStatus.Skipped,
+              createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
+              beganAt: null,
+              completedAt: null,
+            },
+            {
+              id: '1',
+              status: CrawlerStatus.Skipped,
+              createdAt: 'Mon, 30 Aug 2020 17:00:00 +0000',
+              beganAt: null,
+              completedAt: null,
+            },
+          ],
+        });
+
+        expect(CrawlerLogic.values.mostRecentCrawlRequestStatus).toEqual(CrawlerStatus.Success);
+      });
+
+      it('is the first non-skipped crawl request status', () => {
+        mount({
+          crawlRequests: [
+            {
+              id: '3',
+              status: CrawlerStatus.Skipped,
+              createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
+              beganAt: null,
+              completedAt: null,
+            },
+            {
+              id: '2',
+              status: CrawlerStatus.Failed,
+              createdAt: 'Mon, 30 Aug 2020 17:00:00 +0000',
+              beganAt: null,
+              completedAt: null,
+            },
+            {
+              id: '1',
+              status: CrawlerStatus.Success,
+              createdAt: 'Mon, 29 Aug 2020 17:00:00 +0000',
+              beganAt: null,
+              completedAt: null,
+            },
+          ],
+        });
+
+        expect(CrawlerLogic.values.mostRecentCrawlRequestStatus).toEqual(CrawlerStatus.Failed);
+      });
+    });
+  });
+
+  describe('events', () => {
+    describe('beforeUnmount', () => {
+      it('clears the timeout if there is one', () => {
+        jest.spyOn(global, 'setTimeout');
+
+        mount({
+          timeoutId: setTimeout(() => {}, 1),
+        });
+        unmount();
+
+        expect(setTimeout).toHaveBeenCalled();
+      });
+
+      it('does not crash if no timeout exists', () => {
+        mount({ timeoutId: null });
+        unmount();
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.ts
new file mode 100644
index 0000000000000..b9782d84a74cc
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_logic.ts
@@ -0,0 +1,190 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { kea, MakeLogicType } from 'kea';
+
+import { flashAPIErrors } from '../../../shared/flash_messages';
+
+import { HttpLogic } from '../../../shared/http';
+import { EngineLogic } from '../engine';
+
+import {
+  CrawlerData,
+  CrawlerDomain,
+  CrawlRequest,
+  CrawlRequestFromServer,
+  CrawlerStatus,
+} from './types';
+import { crawlerDataServerToClient, crawlRequestServerToClient } from './utils';
+
+const POLLING_DURATION = 1000;
+const POLLING_DURATION_ON_FAILURE = 5000;
+
+export interface CrawlerValues {
+  crawlRequests: CrawlRequest[];
+  dataLoading: boolean;
+  domains: CrawlerDomain[];
+  mostRecentCrawlRequestStatus: CrawlerStatus;
+  timeoutId: NodeJS.Timeout | null;
+}
+
+interface CrawlerActions {
+  clearTimeoutId(): void;
+  createNewTimeoutForCrawlRequests(duration: number): { duration: number };
+  fetchCrawlerData(): void;
+  getLatestCrawlRequests(refreshData?: boolean): { refreshData?: boolean };
+  onCreateNewTimeout(timeoutId: NodeJS.Timeout): { timeoutId: NodeJS.Timeout };
+  onReceiveCrawlerData(data: CrawlerData): { data: CrawlerData };
+  onReceiveCrawlRequests(crawlRequests: CrawlRequest[]): { crawlRequests: CrawlRequest[] };
+  startCrawl(): void;
+  stopCrawl(): void;
+}
+
+export const CrawlerLogic = kea<MakeLogicType<CrawlerValues, CrawlerActions>>({
+  path: ['enterprise_search', 'app_search', 'crawler', 'crawler_overview'],
+  actions: {
+    clearTimeoutId: true,
+    createNewTimeoutForCrawlRequests: (duration) => ({ duration }),
+    fetchCrawlerData: true,
+    getLatestCrawlRequests: (refreshData) => ({ refreshData }),
+    onCreateNewTimeout: (timeoutId) => ({ timeoutId }),
+    onReceiveCrawlerData: (data) => ({ data }),
+    onReceiveCrawlRequests: (crawlRequests) => ({ crawlRequests }),
+    startCrawl: () => null,
+    stopCrawl: () => null,
+  },
+  reducers: {
+    dataLoading: [
+      true,
+      {
+        onReceiveCrawlerData: () => false,
+      },
+    ],
+    domains: [
+      [],
+      {
+        onReceiveCrawlerData: (_, { data: { domains } }) => domains,
+      },
+    ],
+    crawlRequests: [
+      [],
+      {
+        onReceiveCrawlRequests: (_, { crawlRequests }) => crawlRequests,
+      },
+    ],
+    timeoutId: [
+      null,
+      {
+        clearTimeoutId: () => null,
+        onCreateNewTimeout: (_, { timeoutId }) => timeoutId,
+      },
+    ],
+  },
+  selectors: ({ selectors }) => ({
+    mostRecentCrawlRequestStatus: [
+      () => [selectors.crawlRequests],
+      (crawlRequests: CrawlerValues['crawlRequests']) => {
+        const eligibleCrawlRequests = crawlRequests.filter(
+          (req) => req.status !== CrawlerStatus.Skipped
+        );
+        if (eligibleCrawlRequests.length === 0) {
+          return CrawlerStatus.Success;
+        }
+        return eligibleCrawlRequests[0].status;
+      },
+    ],
+  }),
+  listeners: ({ actions, values }) => ({
+    fetchCrawlerData: async () => {
+      const { http } = HttpLogic.values;
+      const { engineName } = EngineLogic.values;
+
+      try {
+        const response = await http.get(`/api/app_search/engines/${engineName}/crawler`);
+
+        const crawlerData = crawlerDataServerToClient(response);
+
+        actions.onReceiveCrawlerData(crawlerData);
+      } catch (e) {
+        flashAPIErrors(e);
+      }
+    },
+    startCrawl: async () => {
+      const { http } = HttpLogic.values;
+      const { engineName } = EngineLogic.values;
+
+      try {
+        await http.post(`/api/app_search/engines/${engineName}/crawler/crawl_requests`);
+        actions.getLatestCrawlRequests();
+      } catch (e) {
+        flashAPIErrors(e);
+      }
+    },
+    stopCrawl: async () => {
+      const { http } = HttpLogic.values;
+      const { engineName } = EngineLogic.values;
+
+      try {
+        await http.post(`/api/app_search/engines/${engineName}/crawler/crawl_requests/cancel`);
+        actions.getLatestCrawlRequests();
+      } catch (e) {
+        flashAPIErrors(e);
+      }
+    },
+    createNewTimeoutForCrawlRequests: ({ duration }) => {
+      if (values.timeoutId) {
+        clearTimeout(values.timeoutId);
+      }
+
+      const timeoutIdId = setTimeout(() => {
+        actions.getLatestCrawlRequests();
+      }, duration);
+
+      actions.onCreateNewTimeout(timeoutIdId);
+    },
+    getLatestCrawlRequests: async ({ refreshData = true }) => {
+      const { http } = HttpLogic.values;
+      const { engineName } = EngineLogic.values;
+
+      try {
+        const crawlRequestsFromServer: CrawlRequestFromServer[] = await http.get(
+          `/api/app_search/engines/${engineName}/crawler/crawl_requests`
+        );
+        const crawlRequests = crawlRequestsFromServer.map(crawlRequestServerToClient);
+        actions.onReceiveCrawlRequests(crawlRequests);
+        if (
+          [
+            CrawlerStatus.Pending,
+            CrawlerStatus.Starting,
+            CrawlerStatus.Running,
+            CrawlerStatus.Canceling,
+          ].includes(crawlRequests[0]?.status)
+        ) {
+          actions.createNewTimeoutForCrawlRequests(POLLING_DURATION);
+        } else if (
+          [CrawlerStatus.Success, CrawlerStatus.Failed, CrawlerStatus.Canceled].includes(
+            crawlRequests[0]?.status
+          )
+        ) {
+          actions.clearTimeoutId();
+          if (refreshData) {
+            actions.fetchCrawlerData();
+          }
+        }
+      } catch (e) {
+        actions.createNewTimeoutForCrawlRequests(POLLING_DURATION_ON_FAILURE);
+      }
+    },
+  }),
+  events: ({ values }) => ({
+    beforeUnmount: () => {
+      if (values.timeoutId) {
+        clearTimeout(values.timeoutId);
+      }
+    },
+  }),
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.test.tsx
index 97c7a3e47ae59..705dfc44baa88 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.test.tsx
@@ -5,8 +5,7 @@
  * 2.0.
  */
 
-import { setMockActions, setMockValues } from '../../../__mocks__/kea_logic';
-import '../../../__mocks__/shallow_useeffect.mock';
+import { setMockValues } from '../../../__mocks__/kea_logic';
 import '../../__mocks__/engine_logic.mock';
 
 import React from 'react';
@@ -84,11 +83,6 @@ const crawlRequests: CrawlRequestFromServer[] = [
 ];
 
 describe('CrawlerOverview', () => {
-  const mockActions = {
-    fetchCrawlerData: jest.fn(),
-    getLatestCrawlRequests: jest.fn(),
-  };
-
   const mockValues = {
     dataLoading: false,
     domains,
@@ -97,32 +91,27 @@ describe('CrawlerOverview', () => {
 
   beforeEach(() => {
     jest.clearAllMocks();
-    setMockActions(mockActions);
-  });
-
-  it('calls fetchCrawlerData and starts polling on page load', () => {
-    setMockValues(mockValues);
-
-    shallow(<CrawlerOverview />);
-
-    expect(mockActions.fetchCrawlerData).toHaveBeenCalledTimes(1);
-    expect(mockActions.getLatestCrawlRequests).toHaveBeenCalledWith(false);
   });
 
   it('contains a crawler status banner', () => {
     setMockValues(mockValues);
+
     const wrapper = shallow(<CrawlerOverview />);
 
     expect(wrapper.find(CrawlerStatusBanner)).toHaveLength(1);
   });
 
   it('contains a crawler status indicator', () => {
+    setMockValues(mockValues);
+
     const wrapper = shallow(<CrawlerOverview />);
 
     expect(getPageHeaderActions(wrapper).find(CrawlerStatusIndicator)).toHaveLength(1);
   });
 
   it('contains a popover to manage crawls', () => {
+    setMockValues(mockValues);
+
     const wrapper = shallow(<CrawlerOverview />);
 
     expect(getPageHeaderActions(wrapper).find(ManageCrawlsPopover)).toHaveLength(1);
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.tsx
index e268acbae5c90..78e093f4199da 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview.tsx
@@ -5,9 +5,9 @@
  * 2.0.
  */
 
-import React, { useEffect } from 'react';
+import React from 'react';
 
-import { useActions, useValues } from 'kea';
+import { useValues } from 'kea';
 
 import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiSpacer, EuiText, EuiTitle } from '@elastic/eui';
 
@@ -26,17 +26,10 @@ import { CrawlerStatusIndicator } from './components/crawler_status_indicator/cr
 import { DomainsTable } from './components/domains_table';
 import { ManageCrawlsPopover } from './components/manage_crawls_popover/manage_crawls_popover';
 import { CRAWLER_TITLE } from './constants';
-import { CrawlerOverviewLogic } from './crawler_overview_logic';
+import { CrawlerLogic } from './crawler_logic';
 
 export const CrawlerOverview: React.FC = () => {
-  const { crawlRequests, dataLoading, domains } = useValues(CrawlerOverviewLogic);
-
-  const { fetchCrawlerData, getLatestCrawlRequests } = useActions(CrawlerOverviewLogic);
-
-  useEffect(() => {
-    fetchCrawlerData();
-    getLatestCrawlRequests(false);
-  }, []);
+  const { crawlRequests, dataLoading, domains } = useValues(CrawlerLogic);
 
   return (
     <AppSearchPageTemplate
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.test.ts
index 97a050152a543..d5026ad117073 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.test.ts
@@ -12,35 +12,21 @@ import {
 } from '../../../__mocks__/kea_logic';
 import '../../__mocks__/engine_logic.mock';
 
-import { nextTick } from '@kbn/test/jest';
+jest.mock('./crawler_logic', () => ({
+  CrawlerLogic: {
+    actions: {
+      onReceiveCrawlerData: jest.fn(),
+    },
+  },
+}));
 
-import { CrawlerOverviewLogic, CrawlerOverviewValues } from './crawler_overview_logic';
-import {
-  CrawlerData,
-  CrawlerDataFromServer,
-  CrawlerDomain,
-  CrawlerPolicies,
-  CrawlerRules,
-  CrawlerStatus,
-  CrawlRequest,
-  CrawlRule,
-} from './types';
-import { crawlerDataServerToClient } from './utils';
+import { nextTick } from '@kbn/test/jest';
 
-const DEFAULT_VALUES: CrawlerOverviewValues = {
-  crawlRequests: [],
-  dataLoading: true,
-  domains: [],
-  mostRecentCrawlRequestStatus: CrawlerStatus.Success,
-  timeoutId: null,
-};
+import { CrawlerLogic } from './crawler_logic';
+import { CrawlerOverviewLogic } from './crawler_overview_logic';
 
-const DEFAULT_CRAWL_RULE: CrawlRule = {
-  id: '-',
-  policy: CrawlerPolicies.allow,
-  rule: CrawlerRules.regex,
-  pattern: '.*',
-};
+import { CrawlerDataFromServer, CrawlerDomain } from './types';
+import { crawlerDataServerToClient } from './utils';
 
 const MOCK_SERVER_CRAWLER_DATA: CrawlerDataFromServer = {
   domains: [
@@ -62,128 +48,19 @@ const MOCK_SERVER_CRAWLER_DATA: CrawlerDataFromServer = {
 const MOCK_CLIENT_CRAWLER_DATA = crawlerDataServerToClient(MOCK_SERVER_CRAWLER_DATA);
 
 describe('CrawlerOverviewLogic', () => {
-  const { mount, unmount } = new LogicMounter(CrawlerOverviewLogic);
+  const { mount } = new LogicMounter(CrawlerOverviewLogic);
   const { http } = mockHttpValues;
   const { flashAPIErrors, flashSuccessToast } = mockFlashMessageHelpers;
 
   beforeEach(() => {
     jest.clearAllMocks();
-    jest.useFakeTimers(); // this should be run before every test to reset these mocks
     mount();
   });
 
-  afterAll(() => {
-    jest.useRealTimers();
-  });
-
-  it('has expected default values', () => {
-    expect(CrawlerOverviewLogic.values).toEqual(DEFAULT_VALUES);
-  });
-
-  describe('actions', () => {
-    describe('clearTimeoutId', () => {
-      it('clears the timeout in the logic', () => {
-        mount({
-          timeoutId: setTimeout(() => {}, 1),
-        });
-
-        CrawlerOverviewLogic.actions.clearTimeoutId();
-
-        expect(CrawlerOverviewLogic.values.timeoutId).toEqual(null);
-      });
-    });
-
-    describe('onCreateNewTimeout', () => {
-      it('sets the timeout in the logic', () => {
-        const timeout = setTimeout(() => {}, 1);
-
-        CrawlerOverviewLogic.actions.onCreateNewTimeout(timeout);
-
-        expect(CrawlerOverviewLogic.values.timeoutId).toEqual(timeout);
-      });
-    });
-
-    describe('onReceiveCrawlerData', () => {
-      const crawlerData: CrawlerData = {
-        domains: [
-          {
-            id: '507f1f77bcf86cd799439011',
-            createdOn: 'Mon, 31 Aug 2020 17:00:00 +0000',
-            url: 'elastic.co',
-            documentCount: 13,
-            sitemaps: [],
-            entryPoints: [],
-            crawlRules: [],
-            defaultCrawlRule: DEFAULT_CRAWL_RULE,
-            deduplicationEnabled: false,
-            deduplicationFields: ['title'],
-            availableDeduplicationFields: ['title', 'description'],
-          },
-        ],
-      };
-
-      beforeEach(() => {
-        CrawlerOverviewLogic.actions.onReceiveCrawlerData(crawlerData);
-      });
-
-      it('should set all received data as top-level values', () => {
-        expect(CrawlerOverviewLogic.values.domains).toEqual(crawlerData.domains);
-      });
-
-      it('should set dataLoading to false', () => {
-        expect(CrawlerOverviewLogic.values.dataLoading).toEqual(false);
-      });
-    });
-
-    describe('onReceiveCrawlRequests', () => {
-      const crawlRequests: CrawlRequest[] = [
-        {
-          id: '618d0e66abe97bc688328900',
-          status: CrawlerStatus.Pending,
-          createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
-          beganAt: null,
-          completedAt: null,
-        },
-      ];
-
-      beforeEach(() => {
-        CrawlerOverviewLogic.actions.onReceiveCrawlRequests(crawlRequests);
-      });
-
-      it('should set the crawl requests', () => {
-        expect(CrawlerOverviewLogic.values.crawlRequests).toEqual(crawlRequests);
-      });
-    });
-  });
-
   describe('listeners', () => {
-    describe('fetchCrawlerData', () => {
-      it('updates logic with data that has been converted from server to client', async () => {
-        jest.spyOn(CrawlerOverviewLogic.actions, 'onReceiveCrawlerData');
-        http.get.mockReturnValueOnce(Promise.resolve(MOCK_SERVER_CRAWLER_DATA));
-
-        CrawlerOverviewLogic.actions.fetchCrawlerData();
-        await nextTick();
-
-        expect(http.get).toHaveBeenCalledWith('/api/app_search/engines/some-engine/crawler');
-        expect(CrawlerOverviewLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith(
-          MOCK_CLIENT_CRAWLER_DATA
-        );
-      });
-
-      it('calls flashApiErrors when there is an error on the request for crawler data', async () => {
-        http.get.mockReturnValueOnce(Promise.reject('error'));
-
-        CrawlerOverviewLogic.actions.fetchCrawlerData();
-        await nextTick();
-
-        expect(flashAPIErrors).toHaveBeenCalledWith('error');
-      });
-    });
-
     describe('deleteDomain', () => {
       it('calls onReceiveCrawlerData with retrieved data that has been converted from server to client', async () => {
-        jest.spyOn(CrawlerOverviewLogic.actions, 'onReceiveCrawlerData');
+        jest.spyOn(CrawlerLogic.actions, 'onReceiveCrawlerData');
         http.delete.mockReturnValue(Promise.resolve(MOCK_SERVER_CRAWLER_DATA));
 
         CrawlerOverviewLogic.actions.deleteDomain({ id: '1234' } as CrawlerDomain);
@@ -195,7 +72,7 @@ describe('CrawlerOverviewLogic', () => {
             query: { respond_with: 'crawler_details' },
           }
         );
-        expect(CrawlerOverviewLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith(
+        expect(CrawlerLogic.actions.onReceiveCrawlerData).toHaveBeenCalledWith(
           MOCK_CLIENT_CRAWLER_DATA
         );
         expect(flashSuccessToast).toHaveBeenCalled();
@@ -210,241 +87,5 @@ describe('CrawlerOverviewLogic', () => {
         expect(flashAPIErrors).toHaveBeenCalledWith('error');
       });
     });
-
-    describe('startCrawl', () => {
-      describe('success path', () => {
-        it('creates a new crawl request and then fetches the latest crawl requests', async () => {
-          jest.spyOn(CrawlerOverviewLogic.actions, 'getLatestCrawlRequests');
-          http.post.mockReturnValueOnce(Promise.resolve());
-
-          CrawlerOverviewLogic.actions.startCrawl();
-          await nextTick();
-
-          expect(http.post).toHaveBeenCalledWith(
-            '/api/app_search/engines/some-engine/crawler/crawl_requests'
-          );
-          expect(CrawlerOverviewLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
-        });
-      });
-
-      describe('on failure', () => {
-        it('flashes an error message', async () => {
-          http.post.mockReturnValueOnce(Promise.reject('error'));
-
-          CrawlerOverviewLogic.actions.startCrawl();
-          await nextTick();
-
-          expect(flashAPIErrors).toHaveBeenCalledWith('error');
-        });
-      });
-    });
-
-    describe('stopCrawl', () => {
-      describe('success path', () => {
-        it('stops the crawl starts and then fetches the latest crawl requests', async () => {
-          jest.spyOn(CrawlerOverviewLogic.actions, 'getLatestCrawlRequests');
-          http.post.mockReturnValueOnce(Promise.resolve());
-
-          CrawlerOverviewLogic.actions.stopCrawl();
-          await nextTick();
-
-          expect(http.post).toHaveBeenCalledWith(
-            '/api/app_search/engines/some-engine/crawler/crawl_requests/cancel'
-          );
-          expect(CrawlerOverviewLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
-        });
-      });
-
-      describe('on failure', () => {
-        it('flashes an error message', async () => {
-          jest.spyOn(CrawlerOverviewLogic.actions, 'getLatestCrawlRequests');
-          http.post.mockReturnValueOnce(Promise.reject('error'));
-
-          CrawlerOverviewLogic.actions.stopCrawl();
-          await nextTick();
-
-          expect(flashAPIErrors).toHaveBeenCalledWith('error');
-        });
-      });
-    });
-
-    describe('createNewTimeoutForCrawlRequests', () => {
-      it('saves the timeout ID in the logic', () => {
-        jest.spyOn(CrawlerOverviewLogic.actions, 'onCreateNewTimeout');
-        jest.spyOn(CrawlerOverviewLogic.actions, 'getLatestCrawlRequests');
-
-        CrawlerOverviewLogic.actions.createNewTimeoutForCrawlRequests(2000);
-
-        expect(setTimeout).toHaveBeenCalledWith(expect.any(Function), 2000);
-        expect(CrawlerOverviewLogic.actions.onCreateNewTimeout).toHaveBeenCalled();
-
-        jest.runAllTimers();
-
-        expect(CrawlerOverviewLogic.actions.getLatestCrawlRequests).toHaveBeenCalled();
-      });
-
-      it('clears a timeout if one already exists', () => {
-        const timeoutId = setTimeout(() => {}, 1);
-        mount({
-          timeoutId,
-        });
-
-        CrawlerOverviewLogic.actions.createNewTimeoutForCrawlRequests(2000);
-
-        expect(clearTimeout).toHaveBeenCalledWith(timeoutId);
-      });
-    });
-
-    describe('getLatestCrawlRequests', () => {
-      describe('on success', () => {
-        [
-          CrawlerStatus.Pending,
-          CrawlerStatus.Starting,
-          CrawlerStatus.Running,
-          CrawlerStatus.Canceling,
-        ].forEach((status) => {
-          it(`creates a new timeout for status ${status}`, async () => {
-            jest.spyOn(CrawlerOverviewLogic.actions, 'createNewTimeoutForCrawlRequests');
-            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
-
-            CrawlerOverviewLogic.actions.getLatestCrawlRequests();
-            await nextTick();
-
-            expect(
-              CrawlerOverviewLogic.actions.createNewTimeoutForCrawlRequests
-            ).toHaveBeenCalled();
-          });
-        });
-
-        [CrawlerStatus.Success, CrawlerStatus.Failed, CrawlerStatus.Canceled].forEach((status) => {
-          it(`clears the timeout and fetches data for status ${status}`, async () => {
-            jest.spyOn(CrawlerOverviewLogic.actions, 'clearTimeoutId');
-            jest.spyOn(CrawlerOverviewLogic.actions, 'fetchCrawlerData');
-            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
-
-            CrawlerOverviewLogic.actions.getLatestCrawlRequests();
-            await nextTick();
-
-            expect(CrawlerOverviewLogic.actions.clearTimeoutId).toHaveBeenCalled();
-            expect(CrawlerOverviewLogic.actions.fetchCrawlerData).toHaveBeenCalled();
-          });
-
-          it(`optionally supresses fetching data for status ${status}`, async () => {
-            jest.spyOn(CrawlerOverviewLogic.actions, 'clearTimeoutId');
-            jest.spyOn(CrawlerOverviewLogic.actions, 'fetchCrawlerData');
-            http.get.mockReturnValueOnce(Promise.resolve([{ status }]));
-
-            CrawlerOverviewLogic.actions.getLatestCrawlRequests(false);
-            await nextTick();
-
-            expect(CrawlerOverviewLogic.actions.clearTimeoutId).toHaveBeenCalled();
-            expect(CrawlerOverviewLogic.actions.fetchCrawlerData).toHaveBeenCalledTimes(0);
-          });
-        });
-      });
-
-      describe('on failure', () => {
-        it('creates a new timeout', async () => {
-          jest.spyOn(CrawlerOverviewLogic.actions, 'createNewTimeoutForCrawlRequests');
-          http.get.mockReturnValueOnce(Promise.reject());
-
-          CrawlerOverviewLogic.actions.getLatestCrawlRequests();
-          await nextTick();
-
-          expect(CrawlerOverviewLogic.actions.createNewTimeoutForCrawlRequests).toHaveBeenCalled();
-        });
-      });
-    });
-  });
-
-  describe('selectors', () => {
-    describe('mostRecentCrawlRequestStatus', () => {
-      it('is Success when there are no crawl requests', () => {
-        mount({
-          crawlRequests: [],
-        });
-
-        expect(CrawlerOverviewLogic.values.mostRecentCrawlRequestStatus).toEqual(
-          CrawlerStatus.Success
-        );
-      });
-
-      it('is Success when there are only crawl requests', () => {
-        mount({
-          crawlRequests: [
-            {
-              id: '2',
-              status: CrawlerStatus.Skipped,
-              createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
-              beganAt: null,
-              completedAt: null,
-            },
-            {
-              id: '1',
-              status: CrawlerStatus.Skipped,
-              createdAt: 'Mon, 30 Aug 2020 17:00:00 +0000',
-              beganAt: null,
-              completedAt: null,
-            },
-          ],
-        });
-
-        expect(CrawlerOverviewLogic.values.mostRecentCrawlRequestStatus).toEqual(
-          CrawlerStatus.Success
-        );
-      });
-
-      it('is the first non-skipped crawl request status', () => {
-        mount({
-          crawlRequests: [
-            {
-              id: '3',
-              status: CrawlerStatus.Skipped,
-              createdAt: 'Mon, 31 Aug 2020 17:00:00 +0000',
-              beganAt: null,
-              completedAt: null,
-            },
-            {
-              id: '2',
-              status: CrawlerStatus.Failed,
-              createdAt: 'Mon, 30 Aug 2020 17:00:00 +0000',
-              beganAt: null,
-              completedAt: null,
-            },
-            {
-              id: '1',
-              status: CrawlerStatus.Success,
-              createdAt: 'Mon, 29 Aug 2020 17:00:00 +0000',
-              beganAt: null,
-              completedAt: null,
-            },
-          ],
-        });
-
-        expect(CrawlerOverviewLogic.values.mostRecentCrawlRequestStatus).toEqual(
-          CrawlerStatus.Failed
-        );
-      });
-    });
-  });
-
-  describe('events', () => {
-    describe('beforeUnmount', () => {
-      it('clears the timeout if there is one', () => {
-        jest.spyOn(global, 'setTimeout');
-
-        mount({
-          timeoutId: setTimeout(() => {}, 1),
-        });
-        unmount();
-
-        expect(setTimeout).toHaveBeenCalled();
-      });
-
-      it('does not crash if no timeout exists', () => {
-        mount({ timeoutId: null });
-        unmount();
-      });
-    });
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.ts
index 0506f4ba647f7..79e3326347d68 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_overview_logic.ts
@@ -12,115 +12,20 @@ import { flashAPIErrors, flashSuccessToast } from '../../../shared/flash_message
 import { HttpLogic } from '../../../shared/http';
 import { EngineLogic } from '../engine';
 
-import {
-  CrawlerData,
-  CrawlerDomain,
-  CrawlRequest,
-  CrawlRequestFromServer,
-  CrawlerStatus,
-} from './types';
-import {
-  crawlerDataServerToClient,
-  crawlRequestServerToClient,
-  getDeleteDomainSuccessMessage,
-} from './utils';
-
-const POLLING_DURATION = 1000;
-const POLLING_DURATION_ON_FAILURE = 5000;
-
-export interface CrawlerOverviewValues {
-  crawlRequests: CrawlRequest[];
-  dataLoading: boolean;
-  domains: CrawlerDomain[];
-  mostRecentCrawlRequestStatus: CrawlerStatus;
-  timeoutId: NodeJS.Timeout | null;
-}
+import { CrawlerLogic } from './crawler_logic';
+import { CrawlerDomain } from './types';
+import { crawlerDataServerToClient, getDeleteDomainSuccessMessage } from './utils';
 
 interface CrawlerOverviewActions {
-  clearTimeoutId(): void;
-  createNewTimeoutForCrawlRequests(duration: number): { duration: number };
   deleteDomain(domain: CrawlerDomain): { domain: CrawlerDomain };
-  fetchCrawlerData(): void;
-  getLatestCrawlRequests(refreshData?: boolean): { refreshData?: boolean };
-  onCreateNewTimeout(timeoutId: NodeJS.Timeout): { timeoutId: NodeJS.Timeout };
-  onReceiveCrawlerData(data: CrawlerData): { data: CrawlerData };
-  onReceiveCrawlRequests(crawlRequests: CrawlRequest[]): { crawlRequests: CrawlRequest[] };
-  startCrawl(): void;
-  stopCrawl(): void;
 }
 
-export const CrawlerOverviewLogic = kea<
-  MakeLogicType<CrawlerOverviewValues, CrawlerOverviewActions>
->({
+export const CrawlerOverviewLogic = kea<MakeLogicType<{}, CrawlerOverviewActions>>({
   path: ['enterprise_search', 'app_search', 'crawler', 'crawler_overview'],
   actions: {
-    clearTimeoutId: true,
-    createNewTimeoutForCrawlRequests: (duration) => ({ duration }),
     deleteDomain: (domain) => ({ domain }),
-    fetchCrawlerData: true,
-    getLatestCrawlRequests: (refreshData) => ({ refreshData }),
-    onCreateNewTimeout: (timeoutId) => ({ timeoutId }),
-    onReceiveCrawlerData: (data) => ({ data }),
-    onReceiveCrawlRequests: (crawlRequests) => ({ crawlRequests }),
-    startCrawl: () => null,
-    stopCrawl: () => null,
-  },
-  reducers: {
-    dataLoading: [
-      true,
-      {
-        onReceiveCrawlerData: () => false,
-      },
-    ],
-    domains: [
-      [],
-      {
-        onReceiveCrawlerData: (_, { data: { domains } }) => domains,
-      },
-    ],
-    crawlRequests: [
-      [],
-      {
-        onReceiveCrawlRequests: (_, { crawlRequests }) => crawlRequests,
-      },
-    ],
-    timeoutId: [
-      null,
-      {
-        clearTimeoutId: () => null,
-        onCreateNewTimeout: (_, { timeoutId }) => timeoutId,
-      },
-    ],
   },
-  selectors: ({ selectors }) => ({
-    mostRecentCrawlRequestStatus: [
-      () => [selectors.crawlRequests],
-      (crawlRequests: CrawlerOverviewValues['crawlRequests']) => {
-        const eligibleCrawlRequests = crawlRequests.filter(
-          (req) => req.status !== CrawlerStatus.Skipped
-        );
-        if (eligibleCrawlRequests.length === 0) {
-          return CrawlerStatus.Success;
-        }
-        return eligibleCrawlRequests[0].status;
-      },
-    ],
-  }),
   listeners: ({ actions, values }) => ({
-    fetchCrawlerData: async () => {
-      const { http } = HttpLogic.values;
-      const { engineName } = EngineLogic.values;
-
-      try {
-        const response = await http.get(`/api/app_search/engines/${engineName}/crawler`);
-
-        const crawlerData = crawlerDataServerToClient(response);
-
-        actions.onReceiveCrawlerData(crawlerData);
-      } catch (e) {
-        flashAPIErrors(e);
-      }
-    },
     deleteDomain: async ({ domain }) => {
       const { http } = HttpLogic.values;
       const { engineName } = EngineLogic.values;
@@ -135,84 +40,11 @@ export const CrawlerOverviewLogic = kea<
           }
         );
         const crawlerData = crawlerDataServerToClient(response);
-        actions.onReceiveCrawlerData(crawlerData);
+        CrawlerLogic.actions.onReceiveCrawlerData(crawlerData);
         flashSuccessToast(getDeleteDomainSuccessMessage(domain.url));
       } catch (e) {
         flashAPIErrors(e);
       }
     },
-    startCrawl: async () => {
-      const { http } = HttpLogic.values;
-      const { engineName } = EngineLogic.values;
-
-      try {
-        await http.post(`/api/app_search/engines/${engineName}/crawler/crawl_requests`);
-        actions.getLatestCrawlRequests();
-      } catch (e) {
-        flashAPIErrors(e);
-      }
-    },
-    stopCrawl: async () => {
-      const { http } = HttpLogic.values;
-      const { engineName } = EngineLogic.values;
-
-      try {
-        await http.post(`/api/app_search/engines/${engineName}/crawler/crawl_requests/cancel`);
-        actions.getLatestCrawlRequests();
-      } catch (e) {
-        flashAPIErrors(e);
-      }
-    },
-    createNewTimeoutForCrawlRequests: ({ duration }) => {
-      if (values.timeoutId) {
-        clearTimeout(values.timeoutId);
-      }
-
-      const timeoutIdId = setTimeout(() => {
-        actions.getLatestCrawlRequests();
-      }, duration);
-
-      actions.onCreateNewTimeout(timeoutIdId);
-    },
-    getLatestCrawlRequests: async ({ refreshData = true }) => {
-      const { http } = HttpLogic.values;
-      const { engineName } = EngineLogic.values;
-
-      try {
-        const crawlRequestsFromServer: CrawlRequestFromServer[] = await http.get(
-          `/api/app_search/engines/${engineName}/crawler/crawl_requests`
-        );
-        const crawlRequests = crawlRequestsFromServer.map(crawlRequestServerToClient);
-        actions.onReceiveCrawlRequests(crawlRequests);
-        if (
-          [
-            CrawlerStatus.Pending,
-            CrawlerStatus.Starting,
-            CrawlerStatus.Running,
-            CrawlerStatus.Canceling,
-          ].includes(crawlRequests[0]?.status)
-        ) {
-          actions.createNewTimeoutForCrawlRequests(POLLING_DURATION);
-        } else if (
-          [CrawlerStatus.Success, CrawlerStatus.Failed, CrawlerStatus.Canceled].includes(
-            crawlRequests[0]?.status
-          )
-        ) {
-          actions.clearTimeoutId();
-          if (refreshData) {
-            actions.fetchCrawlerData();
-          }
-        }
-      } catch (e) {
-        actions.createNewTimeoutForCrawlRequests(POLLING_DURATION_ON_FAILURE);
-      }
-    },
-  }),
-  events: ({ values }) => ({
-    beforeUnmount: () => {
-      if (values.timeoutId) {
-        clearTimeout(values.timeoutId);
-      }
-    },
   }),
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.test.tsx
index 20c377b67d191..8c49e97d6462b 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.test.tsx
@@ -4,6 +4,9 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { setMockActions } from '../../../__mocks__/kea_logic';
+import '../../../__mocks__/shallow_useeffect.mock';
+import '../../__mocks__/engine_logic.mock';
 
 import React from 'react';
 
@@ -14,14 +17,25 @@ import { CrawlerRouter } from './crawler_router';
 import { CrawlerSingleDomain } from './crawler_single_domain';
 
 describe('CrawlerRouter', () => {
+  const mockActions = {
+    fetchCrawlerData: jest.fn(),
+    getLatestCrawlRequests: jest.fn(),
+  };
+
   let wrapper: ShallowWrapper;
 
   beforeEach(() => {
     jest.clearAllMocks();
+    setMockActions(mockActions);
     wrapper = shallow(<CrawlerRouter />);
   });
 
-  it('renders a crawler single domain view', () => {
+  it('calls fetchCrawlerData and starts polling on page load', () => {
+    expect(mockActions.fetchCrawlerData).toHaveBeenCalledTimes(1);
+    expect(mockActions.getLatestCrawlRequests).toHaveBeenCalledWith(false);
+  });
+
+  it('renders a crawler views', () => {
     expect(wrapper.find(CrawlerOverview)).toHaveLength(1);
     expect(wrapper.find(CrawlerSingleDomain)).toHaveLength(1);
   });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.tsx
index 436dcc4d3ea23..f95423cd2c704 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_router.tsx
@@ -5,15 +5,26 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { useEffect } from 'react';
 import { Route, Switch } from 'react-router-dom';
 
+import { useActions } from 'kea';
+
 import { ENGINE_CRAWLER_DOMAIN_PATH, ENGINE_CRAWLER_PATH } from '../../routes';
 
+import { CrawlerLogic } from './crawler_logic';
+
 import { CrawlerOverview } from './crawler_overview';
 import { CrawlerSingleDomain } from './crawler_single_domain';
 
 export const CrawlerRouter: React.FC = () => {
+  const { fetchCrawlerData, getLatestCrawlRequests } = useActions(CrawlerLogic);
+
+  useEffect(() => {
+    fetchCrawlerData();
+    getLatestCrawlRequests(false);
+  }, []);
+
   return (
     <Switch>
       <Route exact path={ENGINE_CRAWLER_PATH}>
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/types.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/types.ts
index 932af7a6ac93b..8cfbce6c10315 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/types.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/types.ts
@@ -135,7 +135,7 @@ export interface CrawlerDomainValidationResultFromServer {
   }>;
 }
 
-export type CrawlerDomainValidationStepState = '' | 'loading' | 'valid' | 'invalid';
+export type CrawlerDomainValidationStepState = '' | 'loading' | 'valid' | 'warning' | 'invalid';
 
 export interface CrawlerDomainValidationStep {
   state: CrawlerDomainValidationStepState;
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.test.ts
index 1844932bac926..b679a7cc9c12c 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.test.ts
@@ -203,7 +203,7 @@ describe('crawlDomainValidationToResult', () => {
 
     expect(crawlDomainValidationToResult(data)).toEqual({
       blockingFailure: false,
-      state: 'invalid',
+      state: 'warning',
       message: 'A warning, not failure',
     } as CrawlerDomainValidationStep);
   });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.ts
index 1f54db12a0217..e44e6c0e652fa 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/utils.ts
@@ -99,7 +99,7 @@ export function crawlDomainValidationToResult(
 
   if (warningResult) {
     return {
-      state: 'invalid',
+      state: 'warning',
       blockingFailure: !data.valid,
       message: warningResult.comment,
     };
diff --git a/x-pack/plugins/fleet/server/services/epm/archive/storage.ts b/x-pack/plugins/fleet/server/services/epm/archive/storage.ts
index dde6459addcbc..d3bc4afae6229 100644
--- a/x-pack/plugins/fleet/server/services/epm/archive/storage.ts
+++ b/x-pack/plugins/fleet/server/services/epm/archive/storage.ts
@@ -23,6 +23,8 @@ import type {
 } from '../../../../common';
 import { pkgToPkgKey } from '../registry';
 
+import { appContextService } from '../../app_context';
+
 import { getArchiveEntry, setArchiveEntry, setArchiveFilelist, setPackageInfo } from './index';
 import type { ArchiveEntry } from './index';
 import { parseAndVerifyPolicyTemplates, parseAndVerifyStreams } from './validation';
@@ -165,6 +167,7 @@ export const getEsPackage = async (
   references: PackageAssetReference[],
   savedObjectsClient: SavedObjectsClientContract
 ) => {
+  const logger = appContextService.getLogger();
   const pkgKey = pkgToPkgKey({ name: pkgName, version: pkgVersion });
   const bulkRes = await savedObjectsClient.bulkGet<PackageAsset>(
     references.map((reference) => ({
@@ -172,8 +175,27 @@ export const getEsPackage = async (
       fields: ['asset_path', 'data_utf8', 'data_base64'],
     }))
   );
+  const errors = bulkRes.saved_objects.filter((so) => so.error || !so.attributes);
   const assets = bulkRes.saved_objects.map((so) => so.attributes);
 
+  if (errors.length) {
+    const resolvedErrors = errors.map((so) =>
+      so.error
+        ? { type: so.type, id: so.id, error: so.error }
+        : !so.attributes
+        ? { type: so.type, id: so.id, error: { error: `No attributes retrieved` } }
+        : { type: so.type, id: so.id, error: { error: `Unknown` } }
+    );
+
+    logger.warn(
+      `Failed to retrieve ${pkgName}-${pkgVersion} package from ES storage. bulkGet failed for assets: ${JSON.stringify(
+        resolvedErrors
+      )}`
+    );
+
+    return undefined;
+  }
+
   const paths: string[] = [];
   const entries: ArchiveEntry[] = assets.map(packageAssetToArchiveEntry);
   entries.forEach(({ path, buffer }) => {
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/get.ts b/x-pack/plugins/fleet/server/services/epm/packages/get.ts
index e493095bc4b36..0e23981b95fcd 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/get.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/get.ts
@@ -217,7 +217,10 @@ export async function getPackageFromSource(options: {
         installedPkg.package_assets,
         savedObjectsClient
       );
-      logger.debug(`retrieved installed package ${pkgName}-${pkgVersion} from ES`);
+
+      if (res) {
+        logger.debug(`retrieved installed package ${pkgName}-${pkgVersion} from ES`);
+      }
     }
     // for packages not in cache or package storage and installed from registry, check registry
     if (!res && pkgInstallSource === 'registry') {
diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts
index b6dd54d6bc095..4a3f1c1c9c2c4 100644
--- a/x-pack/plugins/fleet/server/services/package_policy.ts
+++ b/x-pack/plugins/fleet/server/services/package_policy.ts
@@ -429,9 +429,9 @@ class PackagePolicyService {
           name: packagePolicy.name,
           success: true,
           package: {
-            name: packagePolicy.name,
-            title: '',
-            version: packagePolicy.version || '',
+            name: packagePolicy.package?.name || '',
+            title: packagePolicy.package?.title || '',
+            version: packagePolicy.package?.version || '',
           },
         });
       } catch (error) {
diff --git a/x-pack/plugins/global_search/public/services/search_service.test.ts b/x-pack/plugins/global_search/public/services/search_service.test.ts
index 4b3c06f03dcc8..b0e6a72290438 100644
--- a/x-pack/plugins/global_search/public/services/search_service.test.ts
+++ b/x-pack/plugins/global_search/public/services/search_service.test.ts
@@ -272,6 +272,43 @@ describe('SearchService', () => {
         });
       });
 
+      it('catches errors from providers', async () => {
+        const { registerResultProvider } = service.setup({
+          config: createConfig(),
+        });
+
+        getTestScheduler().run(({ expectObservable, hot }) => {
+          registerResultProvider(
+            createProvider('A', {
+              source: hot('a---c-|', {
+                a: [providerResult('A1'), providerResult('A2')],
+                c: [providerResult('A3')],
+              }),
+            })
+          );
+          registerResultProvider(
+            createProvider('B', {
+              source: hot(
+                '-b-#  ',
+                {
+                  b: [providerResult('B1')],
+                },
+                new Error('something went bad')
+              ),
+            })
+          );
+
+          const { find } = service.start(startDeps());
+          const results = find({ term: 'foobar' }, {});
+
+          expectObservable(results).toBe('ab--c-|', {
+            a: expectedBatch('A1', 'A2'),
+            b: expectedBatch('B1'),
+            c: expectedBatch('A3'),
+          });
+        });
+      });
+
       it('return mixed server/client providers results', async () => {
         const { registerResultProvider } = service.setup({
           config: createConfig(),
@@ -304,6 +341,33 @@ describe('SearchService', () => {
         });
       });
 
+      it('catches errors from the server', async () => {
+        const { registerResultProvider } = service.setup({
+          config: createConfig(),
+        });
+
+        getTestScheduler().run(({ expectObservable, hot }) => {
+          fetchServerResultsMock.mockReturnValue(hot('#', {}, new Error('fetch error')));
+
+          registerResultProvider(
+            createProvider('A', {
+              source: hot('a-b-|', {
+                a: [providerResult('P1')],
+                b: [providerResult('P2')],
+              }),
+            })
+          );
+
+          const { find } = service.start(startDeps());
+          const results = find({ term: 'foobar' }, {});
+
+          expectObservable(results).toBe('a-b-|', {
+            a: expectedBatch('P1'),
+            b: expectedBatch('P2'),
+          });
+        });
+      });
+
       it('handles the `aborted$` option', async () => {
         const { registerResultProvider } = service.setup({
           config: createConfig(),
diff --git a/x-pack/plugins/global_search/public/services/search_service.ts b/x-pack/plugins/global_search/public/services/search_service.ts
index bf06aa04061ed..85f4d4143a609 100644
--- a/x-pack/plugins/global_search/public/services/search_service.ts
+++ b/x-pack/plugins/global_search/public/services/search_service.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { merge, Observable, timer, throwError } from 'rxjs';
-import { map, takeUntil } from 'rxjs/operators';
+import { merge, Observable, timer, throwError, EMPTY } from 'rxjs';
+import { map, takeUntil, catchError } from 'rxjs/operators';
 import { uniq } from 'lodash';
 import { duration } from 'moment';
 import { i18n } from '@kbn/i18n';
@@ -177,16 +177,16 @@ export class SearchService {
     const serverResults$ = fetchServerResults(this.http!, params, {
       preference,
       aborted$,
-    });
+    }).pipe(catchError(() => EMPTY));
 
     const providersResults$ = [...this.providers.values()].map((provider) =>
       provider.find(params, providerOptions).pipe(
+        catchError(() => EMPTY),
         takeInArray(this.maxProviderResults),
         takeUntil(aborted$),
         map((results) => results.map((r) => processResult(r)))
       )
     );
-
     return merge(...providersResults$, serverResults$).pipe(
       map((results) => ({
         results,
diff --git a/x-pack/plugins/global_search/server/services/search_service.test.ts b/x-pack/plugins/global_search/server/services/search_service.test.ts
index 246fbd675aba2..45824fde26afe 100644
--- a/x-pack/plugins/global_search/server/services/search_service.test.ts
+++ b/x-pack/plugins/global_search/server/services/search_service.test.ts
@@ -178,6 +178,44 @@ describe('SearchService', () => {
         });
       });
 
+      it('catches errors from providers', async () => {
+        const { registerResultProvider } = service.setup({
+          config: createConfig(),
+          basePath,
+        });
+
+        getTestScheduler().run(({ expectObservable, hot }) => {
+          registerResultProvider(
+            createProvider('A', {
+              source: hot('a---c-|', {
+                a: [result('A1'), result('A2')],
+                c: [result('A3')],
+              }),
+            })
+          );
+          registerResultProvider(
+            createProvider('B', {
+              source: hot(
+                '-b-#  ',
+                {
+                  b: [result('B1')],
+                },
+                new Error('something went bad')
+              ),
+            })
+          );
+
+          const { find } = service.start({ core: coreStart, licenseChecker });
+          const results = find({ term: 'foobar' }, {}, request);
+
+          expectObservable(results).toBe('ab--c-|', {
+            a: expectedBatch('A1', 'A2'),
+            b: expectedBatch('B1'),
+            c: expectedBatch('A3'),
+          });
+        });
+      });
+
       it('handles the `aborted$` option', async () => {
         const { registerResultProvider } = service.setup({
           config: createConfig(),
diff --git a/x-pack/plugins/global_search/server/services/search_service.ts b/x-pack/plugins/global_search/server/services/search_service.ts
index a6c2a7ee234d6..22bac036544ab 100644
--- a/x-pack/plugins/global_search/server/services/search_service.ts
+++ b/x-pack/plugins/global_search/server/services/search_service.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { Observable, timer, merge, throwError } from 'rxjs';
-import { map, takeUntil } from 'rxjs/operators';
+import { Observable, timer, merge, throwError, EMPTY } from 'rxjs';
+import { map, takeUntil, catchError } from 'rxjs/operators';
 import { uniq } from 'lodash';
 import { i18n } from '@kbn/i18n';
 import { KibanaRequest, CoreStart, IBasePath } from 'src/core/server';
@@ -174,6 +174,7 @@ export class SearchService {
 
     const providersResults$ = [...this.providers.values()].map((provider) =>
       provider.find(params, findOptions, context).pipe(
+        catchError(() => EMPTY),
         takeInArray(this.maxProviderResults),
         takeUntil(aborted$),
         map((results) => results.map((r) => processResult(r)))
diff --git a/x-pack/plugins/infra/common/http_api/metrics_api.ts b/x-pack/plugins/infra/common/http_api/metrics_api.ts
index 94d26abc701fe..c2449707647d7 100644
--- a/x-pack/plugins/infra/common/http_api/metrics_api.ts
+++ b/x-pack/plugins/infra/common/http_api/metrics_api.ts
@@ -78,7 +78,9 @@ export const MetricsAPISeriesRT = rt.intersection([
 ]);
 
 export const MetricsAPIResponseRT = rt.type({
-  series: rt.array(MetricsAPISeriesRT),
+  series: rt.array(
+    rt.intersection([MetricsAPISeriesRT, rt.partial({ metricsets: rt.array(rt.string) })])
+  ),
   info: MetricsAPIPageInfoRT,
 });
 
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts
index 6d99b6e2f5fe3..9a8f2267e7efe 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { mapValues, first, last, isNaN } from 'lodash';
+import { mapValues, first, last, isNaN, isNumber, isObject, has } from 'lodash';
 import moment from 'moment';
 import { ElasticsearchClient } from 'kibana/server';
 import {
@@ -23,7 +23,11 @@ import { UNGROUPED_FACTORY_KEY } from '../../common/utils';
 import { MetricExpressionParams, Comparator, Aggregators } from '../types';
 import { getElasticsearchMetricQuery } from './metric_query';
 
-interface Aggregation {
+interface AggregationWithoutIntervals {
+  aggregatedValue: { value: number; values?: Array<{ key: number; value: number }> };
+}
+
+interface AggregationWithIntervals {
   aggregatedIntervals: {
     buckets: Array<{
       aggregatedValue: { value: number; values?: Array<{ key: number; value: number }> };
@@ -35,6 +39,14 @@ interface Aggregation {
   };
 }
 
+type Aggregation = AggregationWithIntervals | AggregationWithoutIntervals;
+
+function isAggregationWithIntervals(
+  subject: Aggregation | undefined
+): subject is AggregationWithIntervals {
+  return isObject(subject) && has(subject, 'aggregatedIntervals');
+}
+
 interface CompositeAggregationsResponse {
   groupings: {
     buckets: Aggregation[];
@@ -52,7 +64,7 @@ export const evaluateAlert = <Params extends EvaluatedAlertParams = EvaluatedAle
   esClient: ElasticsearchClient,
   params: Params,
   config: InfraSource['configuration'],
-  timeframe?: { start: number; end: number }
+  timeframe?: { start?: number; end: number }
 ) => {
   const { criteria, groupBy, filterQuery, shouldDropPartialBuckets } = params;
   return Promise.all(
@@ -105,7 +117,7 @@ const getMetric: (
   timefield: string,
   groupBy: string | undefined | string[],
   filterQuery: string | undefined,
-  timeframe?: { start: number; end: number },
+  timeframe?: { start?: number; end: number },
   shouldDropPartialBuckets?: boolean
 ) => Promise<Record<string, number[]>> = async function (
   esClient,
@@ -124,10 +136,7 @@ const getMetric: (
   const intervalAsSeconds = getIntervalInSeconds(interval);
   const intervalAsMS = intervalAsSeconds * 1000;
 
-  const to = moment(timeframe ? timeframe.end : Date.now())
-    .add(1, timeUnit)
-    .startOf(timeUnit)
-    .valueOf();
+  const to = moment(timeframe ? timeframe.end : Date.now()).valueOf();
 
   // Rate aggregations need 5 buckets worth of data
   const minimumBuckets = aggType === Aggregators.RATE ? 5 : 1;
@@ -135,7 +144,7 @@ const getMetric: (
   const minimumFrom = to - intervalAsMS * minimumBuckets;
 
   const from = roundTimestamp(
-    timeframe && timeframe.start <= minimumFrom ? timeframe.start : minimumFrom,
+    timeframe && timeframe.start && timeframe.start <= minimumFrom ? timeframe.start : minimumFrom,
     timeUnit
   );
 
@@ -172,16 +181,26 @@ const getMetric: (
         searchBody,
         bucketSelector,
         afterKeyHandler
-      )) as Array<Aggregation & { key: Record<string, string> }>;
-      return compositeBuckets.reduce(
+      )) as Array<Aggregation & { key: Record<string, string>; doc_count: number }>;
+      const groupedResults = compositeBuckets.reduce(
         (result, bucket) => ({
           ...result,
           [Object.values(bucket.key)
             .map((value) => value)
-            .join(', ')]: getValuesFromAggregations(bucket, aggType, dropPartialBucketsOptions),
+            .join(', ')]: getValuesFromAggregations(
+            bucket,
+            aggType,
+            dropPartialBucketsOptions,
+            {
+              start: from,
+              end: to,
+            },
+            bucket.doc_count
+          ),
         }),
         {}
       );
+      return groupedResults;
     }
     const { body: result } = await esClient.search({
       body: searchBody,
@@ -192,7 +211,9 @@ const getMetric: (
       [UNGROUPED_FACTORY_KEY]: getValuesFromAggregations(
         (result.aggregations! as unknown) as Aggregation,
         aggType,
-        dropPartialBucketsOptions
+        dropPartialBucketsOptions,
+        { start: from, end: to },
+        isNumber(result.hits.total) ? result.hits.total : result.hits.total.value
       ),
     };
   } catch (e) {
@@ -221,7 +242,7 @@ interface DropPartialBucketOptions {
 const dropPartialBuckets = ({ from, to, bucketSizeInMillis }: DropPartialBucketOptions) => (
   row: {
     key: string;
-    value: number;
+    value: number | null;
   } | null
 ) => {
   if (row == null) return null;
@@ -230,20 +251,45 @@ const dropPartialBuckets = ({ from, to, bucketSizeInMillis }: DropPartialBucketO
 };
 
 const getValuesFromAggregations = (
-  aggregations: Aggregation,
+  aggregations: Aggregation | undefined,
   aggType: MetricExpressionParams['aggType'],
-  dropPartialBucketsOptions: DropPartialBucketOptions | null
+  dropPartialBucketsOptions: DropPartialBucketOptions | null,
+  timeFrame: { start: number; end: number },
+  docCount?: number
 ) => {
   try {
-    const { buckets } = aggregations.aggregatedIntervals;
+    let buckets;
+    if (aggType === Aggregators.COUNT) {
+      buckets = [
+        {
+          doc_count: docCount,
+          to_as_string: moment(timeFrame.end).toISOString(),
+          from_as_string: moment(timeFrame.start).toISOString(),
+          key_as_string: moment(timeFrame.start).toISOString(),
+        },
+      ];
+    } else if (isAggregationWithIntervals(aggregations)) {
+      buckets = aggregations.aggregatedIntervals.buckets;
+    } else {
+      buckets = [
+        {
+          ...aggregations,
+          doc_count: docCount,
+          to_as_string: moment(timeFrame.end).toISOString(),
+          from_as_string: moment(timeFrame.start).toISOString(),
+          key_as_string: moment(timeFrame.start).toISOString(),
+        },
+      ];
+    }
+
     if (!buckets.length) return null; // No Data state
 
-    let mappedBuckets;
+    let mappedBuckets: Array<{ key: string; value: number | null } | null>;
 
     if (aggType === Aggregators.COUNT) {
       mappedBuckets = buckets.map((bucket) => ({
         key: bucket.from_as_string,
-        value: bucket.doc_count,
+        value: bucket.doc_count || null,
       }));
     } else if (aggType === Aggregators.P95 || aggType === Aggregators.P99) {
       mappedBuckets = buckets.map((bucket) => {
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.test.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.test.ts
index dd29437275243..2ba8365d6b4a9 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.test.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.test.ts
@@ -64,30 +64,4 @@ describe("The Metric Threshold Alert's getElasticsearchMetricQuery", () => {
       );
     });
   });
-
-  describe('when passed a timeframe of 1 hour', () => {
-    const testTimeframe = {
-      start: moment().subtract(1, 'hour').valueOf(),
-      end: moment().valueOf(),
-    };
-    const searchBodyWithoutGroupBy = getElasticsearchMetricQuery(
-      expressionParams,
-      timefield,
-      testTimeframe
-    );
-    const searchBodyWithGroupBy = getElasticsearchMetricQuery(
-      expressionParams,
-      timefield,
-      testTimeframe,
-      groupBy
-    );
-    test("generates 1 hour's worth of buckets", () => {
-      // @ts-ignore
-      expect(searchBodyWithoutGroupBy.aggs.aggregatedIntervals.date_range.ranges.length).toBe(60);
-      expect(
-        // @ts-ignore
-        searchBodyWithGroupBy.aggs.groupings.aggs.aggregatedIntervals.date_range.ranges.length
-      ).toBe(60);
-    });
-  });
 });
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts
index 66e112640c357..f5ff4448ecb60 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts
@@ -7,7 +7,6 @@
 
 import { networkTraffic } from '../../../../../common/inventory_models/shared/metrics/snapshot/network_traffic';
 import { MetricExpressionParams, Aggregators } from '../types';
-import { getIntervalInSeconds } from '../../../../utils/get_interval_in_seconds';
 import { createPercentileAggregation } from './create_percentile_aggregation';
 import { calculateDateHistogramOffset } from '../../../metrics/lib/calculate_date_histogram_offset';
 
@@ -34,13 +33,9 @@ export const getElasticsearchMetricQuery = (
     throw new Error('Can only aggregate without a metric if using the document count aggregator');
   }
   const interval = `${timeSize}${timeUnit}`;
-  const intervalAsSeconds = getIntervalInSeconds(interval);
-  const intervalAsMS = intervalAsSeconds * 1000;
   const to = timeframe.end;
   const from = timeframe.start;
 
-  const deliveryDelay = 60 * 1000; // INFO: This allows us to account for any delay ES has in indexing the most recent data.
-
   const aggregations =
     aggType === Aggregators.COUNT
       ? {}
@@ -72,21 +67,7 @@ export const getElasticsearchMetricQuery = (
             aggregations,
           },
         }
-      : {
-          aggregatedIntervals: {
-            date_range: {
-              field: timefield,
-              // Generate an array of buckets, starting at `from` and ending at `to`
-              // This is usually only necessary for alert previews or rate aggs. Most alert evaluations
-              // will generate only one bucket from this logic.
-              ranges: Array.from(Array(Math.floor((to - from) / intervalAsMS)), (_, i) => ({
-                from: from + intervalAsMS * i - deliveryDelay,
-                to: from + intervalAsMS * (i + 1) - deliveryDelay,
-              })),
-            },
-            aggregations,
-          },
-        };
+      : aggregations;
 
   const aggs = groupBy
     ? {
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts
index 18de1a2ad5c00..8eb19ad582057 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts
@@ -515,7 +515,7 @@ services.scopedClusterClient.asCurrentUser.search.mockImplementation((params?: a
   }
   if (metric === 'test.metric.2') {
     return elasticsearchClientMock.createSuccessTransportRequestPromise(
-      mocks.alternateMetricResponse(from)
+      mocks.alternateMetricResponse()
     );
   } else if (metric === 'test.metric.3') {
     return elasticsearchClientMock.createSuccessTransportRequestPromise(
@@ -524,9 +524,7 @@ services.scopedClusterClient.asCurrentUser.search.mockImplementation((params?: a
         : mocks.emptyMetricResponse
     );
   }
-  return elasticsearchClientMock.createSuccessTransportRequestPromise(
-    mocks.basicMetricResponse(from)
-  );
+  return elasticsearchClientMock.createSuccessTransportRequestPromise(mocks.basicMetricResponse());
 });
 services.savedObjectsClient.get.mockImplementation(async (type: string, sourceId: string) => {
   if (sourceId === 'alternate')
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
index 409a4329aa65c..b1173f2d611c8 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
@@ -103,20 +103,26 @@ const bucketsC = (from: number) => [
   },
 ];
 
-export const basicMetricResponse = (from: number) => ({
-  aggregations: {
-    aggregatedIntervals: {
-      buckets: bucketsA(from),
+export const basicMetricResponse = () => ({
+  hits: {
+    total: {
+      value: 1,
     },
   },
+  aggregations: {
+    aggregatedValue: { value: 1.0, values: [{ key: 95.0, value: 1.0 }] },
+  },
 });
 
-export const alternateMetricResponse = (from: number) => ({
-  aggregations: {
-    aggregatedIntervals: {
-      buckets: bucketsB(from),
+export const alternateMetricResponse = () => ({
+  hits: {
+    total: {
+      value: 1,
     },
   },
+  aggregations: {
+    aggregatedValue: { value: 3, values: [{ key: 99.0, value: 3 }] },
+  },
 });
 
 export const emptyMetricResponse = {
diff --git a/x-pack/plugins/infra/server/lib/metrics/index.ts b/x-pack/plugins/infra/server/lib/metrics/index.ts
index a2d9ad2b401d4..131f6944b0484 100644
--- a/x-pack/plugins/infra/server/lib/metrics/index.ts
+++ b/x-pack/plugins/infra/server/lib/metrics/index.ts
@@ -91,12 +91,14 @@ export const query = async (
     return {
       series: groupings.buckets.map((bucket) => {
         const keys = Object.values(bucket.key);
-        return convertHistogramBucketsToTimeseries(
+        const metricsetNames = bucket.metricsets.buckets.map((m) => m.key);
+        const timeseries = convertHistogramBucketsToTimeseries(
           keys,
           options,
           bucket.histogram.buckets,
           bucketSize * 1000
         );
+        return { ...timeseries, metricsets: metricsetNames };
       }),
       info: {
         afterKey: returnAfterKey ? afterKey : null,
diff --git a/x-pack/plugins/infra/server/lib/metrics/lib/__snapshots__/create_aggregations.test.ts.snap b/x-pack/plugins/infra/server/lib/metrics/lib/__snapshots__/create_aggregations.test.ts.snap
index c7acfb147aa7e..d35d7ce1a4b81 100644
--- a/x-pack/plugins/infra/server/lib/metrics/lib/__snapshots__/create_aggregations.test.ts.snap
+++ b/x-pack/plugins/infra/server/lib/metrics/lib/__snapshots__/create_aggregations.test.ts.snap
@@ -20,6 +20,11 @@ Object {
       "offset": "-60000ms",
     },
   },
+  "metricsets": Object {
+    "terms": Object {
+      "field": "metricset.name",
+    },
+  },
 }
 `;
 
@@ -45,6 +50,11 @@ Object {
           "offset": "0s",
         },
       },
+      "metricsets": Object {
+        "terms": Object {
+          "field": "metricset.name",
+        },
+      },
     },
     "composite": Object {
       "size": 20,
@@ -82,5 +92,10 @@ Object {
       "offset": "0s",
     },
   },
+  "metricsets": Object {
+    "terms": Object {
+      "field": "metricset.name",
+    },
+  },
 }
 `;
diff --git a/x-pack/plugins/infra/server/lib/metrics/lib/create_aggregations.ts b/x-pack/plugins/infra/server/lib/metrics/lib/create_aggregations.ts
index 1fb87499b8f44..65cd4ebe2d501 100644
--- a/x-pack/plugins/infra/server/lib/metrics/lib/create_aggregations.ts
+++ b/x-pack/plugins/infra/server/lib/metrics/lib/create_aggregations.ts
@@ -25,6 +25,11 @@ export const createAggregations = (options: MetricsAPIRequest) => {
       },
       aggregations: createMetricsAggregations(options),
     },
+    metricsets: {
+      terms: {
+        field: 'metricset.name',
+      },
+    },
   };
 
   if (Array.isArray(options.groupBy) && options.groupBy.length) {
diff --git a/x-pack/plugins/infra/server/lib/metrics/types.ts b/x-pack/plugins/infra/server/lib/metrics/types.ts
index e1f5ecd45e363..b18486f88cc4c 100644
--- a/x-pack/plugins/infra/server/lib/metrics/types.ts
+++ b/x-pack/plugins/infra/server/lib/metrics/types.ts
@@ -63,6 +63,14 @@ export const HistogramResponseRT = rt.type({
   histogram: rt.type({
     buckets: rt.array(HistogramBucketRT),
   }),
+  metricsets: rt.type({
+    buckets: rt.array(
+      rt.type({
+        key: rt.string,
+        doc_count: rt.number,
+      })
+    ),
+  }),
 });
 
 const GroupingBucketRT = rt.intersection([
diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts
index 0fef75faed07e..f59756e0c5b25 100644
--- a/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts
+++ b/x-pack/plugins/infra/server/routes/snapshot/lib/get_nodes.ts
@@ -10,7 +10,7 @@ import { ESSearchClient } from '../../../lib/metrics/types';
 import { InfraSource } from '../../../lib/sources';
 import { transformRequestToMetricsAPIRequest } from './transform_request_to_metrics_api_request';
 import { queryAllData } from './query_all_data';
-import { transformMetricsApiResponseToSnapshotResponse } from './trasform_metrics_ui_response';
+import { transformMetricsApiResponseToSnapshotResponse } from './transform_metrics_ui_response';
 import { copyMissingMetrics } from './copy_missing_metrics';
 import { LogQueryFields } from '../../../services/log_queries/get_log_query_fields';
 
diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.test.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.test.ts
new file mode 100644
index 0000000000000..159f6d0b646ec
--- /dev/null
+++ b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.test.ts
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { transformMetricsApiResponseToSnapshotResponse } from './transform_metrics_ui_response';
+
+jest.mock('./apply_metadata_to_last_path', () => ({
+  applyMetadataToLastPath: (series: any) => [{ label: series.id }],
+}));
+
+const now = 1630597319235;
+
+describe('transformMetricsApiResponseToSnapshotResponse', () => {
+  test('filters out nodes from APM which report no data', () => {
+    const result = transformMetricsApiResponseToSnapshotResponse(
+      {
+        // @ts-ignore
+        metrics: [{ id: 'cpu' }],
+      },
+      {
+        includeTimeseries: false,
+        nodeType: 'host',
+      },
+      {},
+      {
+        info: {
+          interval: 60,
+        },
+        series: [
+          {
+            metricsets: ['app'],
+            id: 'apm-node-with-no-data',
+            columns: [],
+            rows: [
+              {
+                timestamp: now,
+                cpu: null,
+              },
+            ],
+          },
+          {
+            metricsets: ['app'],
+            id: 'apm-node-with-data',
+            columns: [],
+            rows: [
+              {
+                timestamp: now,
+                cpu: 1.0,
+              },
+            ],
+          },
+          {
+            metricsets: ['cpu'],
+            id: 'metricbeat-node',
+            columns: [],
+            rows: [
+              {
+                timestamp: now,
+                cpu: 1.0,
+              },
+            ],
+          },
+        ],
+      }
+    );
+    const nodeNames = result.nodes.map((n) => n.name);
+    expect(nodeNames).toEqual(expect.arrayContaining(['metricbeat-node', 'apm-node-with-data']));
+    expect(nodeNames).not.toEqual(expect.arrayContaining(['apm-node']));
+  });
+});
diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.ts
new file mode 100644
index 0000000000000..a76093f78e08c
--- /dev/null
+++ b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_metrics_ui_response.ts
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { get, max, sum, last, isNumber } from 'lodash';
+import { SnapshotMetricType } from '../../../../common/inventory_models/types';
+import {
+  MetricsAPIResponse,
+  SnapshotNodeResponse,
+  MetricsAPIRequest,
+  MetricsExplorerColumnType,
+  MetricsAPIRow,
+  SnapshotRequest,
+  SnapshotNodePath,
+  SnapshotNodeMetric,
+  SnapshotNode,
+} from '../../../../common/http_api';
+import { META_KEY } from './constants';
+import { InfraSource } from '../../../lib/sources';
+import { applyMetadataToLastPath } from './apply_metadata_to_last_path';
+
+const getMetricValue = (row: MetricsAPIRow) => {
+  if (!isNumber(row.metric_0)) return null;
+  const value = row.metric_0;
+  return isFinite(value) ? value : null;
+};
+
+const calculateMax = (rows: MetricsAPIRow[]) => {
+  return max(rows.map(getMetricValue)) || 0;
+};
+
+const calculateAvg = (rows: MetricsAPIRow[]): number => {
+  return sum(rows.map(getMetricValue)) / rows.length || 0;
+};
+
+const getLastValue = (rows: MetricsAPIRow[]) => {
+  const row = last(rows);
+  if (!row) return null;
+  return getMetricValue(row);
+};
+
+export const transformMetricsApiResponseToSnapshotResponse = (
+  options: MetricsAPIRequest,
+  snapshotRequest: SnapshotRequest,
+  source: InfraSource,
+  metricsApiResponse: MetricsAPIResponse
+): SnapshotNodeResponse => {
+  const nodes = metricsApiResponse.series
+    .map((series) => {
+      const node = {
+        metrics: options.metrics
+          .filter((m) => m.id !== META_KEY)
+          .map((metric) => {
+            const name = metric.id as SnapshotMetricType;
+            const timeseries = {
+              id: name,
+              columns: [
+                { name: 'timestamp', type: 'date' as MetricsExplorerColumnType },
+                { name: 'metric_0', type: 'number' as MetricsExplorerColumnType },
+              ],
+              rows: series.rows.map((row) => {
+                return { timestamp: row.timestamp, metric_0: get(row, metric.id, null) };
+              }),
+            };
+            const maxValue = calculateMax(timeseries.rows);
+            const avg = calculateAvg(timeseries.rows);
+            const value = getLastValue(timeseries.rows);
+            const nodeMetric: SnapshotNodeMetric = { name, max: maxValue, value, avg };
+            if (snapshotRequest.includeTimeseries) {
+              nodeMetric.timeseries = timeseries;
+            }
+            return nodeMetric;
+          }),
+        path:
+          series.keys?.map((key) => {
+            return { value: key, label: key } as SnapshotNodePath;
+          }) ?? [],
+        name: '',
+      };
+
+      const isNoData = node.metrics.every((m) => m.value === null);
+      const isAPMNode = series.metricsets?.includes('app');
+      if (isNoData && isAPMNode) return null;
+
+      const path = applyMetadataToLastPath(series, node, snapshotRequest, source);
+      const lastPath = last(path);
+      const name = lastPath?.label ?? 'N/A';
+
+      return { ...node, path, name };
+    })
+    .filter((n) => n !== null) as SnapshotNode[];
+  return { nodes, interval: `${metricsApiResponse.info.interval}s` };
+};
diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/trasform_metrics_ui_response.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/trasform_metrics_ui_response.ts
deleted file mode 100644
index 21b3e07e83588..0000000000000
--- a/x-pack/plugins/infra/server/routes/snapshot/lib/trasform_metrics_ui_response.ts
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { get, max, sum, last, isNumber } from 'lodash';
-import { SnapshotMetricType } from '../../../../common/inventory_models/types';
-import {
-  MetricsAPIResponse,
-  SnapshotNodeResponse,
-  MetricsAPIRequest,
-  MetricsExplorerColumnType,
-  MetricsAPIRow,
-  SnapshotRequest,
-  SnapshotNodePath,
-  SnapshotNodeMetric,
-} from '../../../../common/http_api';
-import { META_KEY } from './constants';
-import { InfraSource } from '../../../lib/sources';
-import { applyMetadataToLastPath } from './apply_metadata_to_last_path';
-
-const getMetricValue = (row: MetricsAPIRow) => {
-  if (!isNumber(row.metric_0)) return null;
-  const value = row.metric_0;
-  return isFinite(value) ? value : null;
-};
-
-const calculateMax = (rows: MetricsAPIRow[]) => {
-  return max(rows.map(getMetricValue)) || 0;
-};
-
-const calculateAvg = (rows: MetricsAPIRow[]): number => {
-  return sum(rows.map(getMetricValue)) / rows.length || 0;
-};
-
-const getLastValue = (rows: MetricsAPIRow[]) => {
-  const row = last(rows);
-  if (!row) return null;
-  return getMetricValue(row);
-};
-
-export const transformMetricsApiResponseToSnapshotResponse = (
-  options: MetricsAPIRequest,
-  snapshotRequest: SnapshotRequest,
-  source: InfraSource,
-  metricsApiResponse: MetricsAPIResponse
-): SnapshotNodeResponse => {
-  const nodes = metricsApiResponse.series.map((series) => {
-    const node = {
-      metrics: options.metrics
-        .filter((m) => m.id !== META_KEY)
-        .map((metric) => {
-          const name = metric.id as SnapshotMetricType;
-          const timeseries = {
-            id: name,
-            columns: [
-              { name: 'timestamp', type: 'date' as MetricsExplorerColumnType },
-              { name: 'metric_0', type: 'number' as MetricsExplorerColumnType },
-            ],
-            rows: series.rows.map((row) => {
-              return { timestamp: row.timestamp, metric_0: get(row, metric.id, null) };
-            }),
-          };
-          const maxValue = calculateMax(timeseries.rows);
-          const avg = calculateAvg(timeseries.rows);
-          const value = getLastValue(timeseries.rows);
-          const nodeMetric: SnapshotNodeMetric = { name, max: maxValue, value, avg };
-          if (snapshotRequest.includeTimeseries) {
-            nodeMetric.timeseries = timeseries;
-          }
-          return nodeMetric;
-        }),
-      path:
-        series.keys?.map((key) => {
-          return { value: key, label: key } as SnapshotNodePath;
-        }) ?? [],
-      name: '',
-    };
-
-    const path = applyMetadataToLastPath(series, node, snapshotRequest, source);
-    const lastPath = last(path);
-    const name = (lastPath && lastPath.label) || 'N/A';
-    return { ...node, path, name };
-  });
-  return { nodes, interval: `${metricsApiResponse.info.interval}s` };
-};
diff --git a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.test.tsx b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.test.tsx
index ad1755bdbe85c..cda891871168e 100644
--- a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.test.tsx
+++ b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.test.tsx
@@ -6,7 +6,7 @@
  */
 
 import React from 'react';
-import { EuiColorPalettePickerPaletteProps } from '@elastic/eui';
+import { EuiButtonGroup, EuiColorPalettePickerPaletteProps } from '@elastic/eui';
 import { mountWithIntl } from '@kbn/test/jest';
 import { chartPluginMock } from 'src/plugins/charts/public/mocks';
 import type { PaletteOutput, PaletteRegistry } from 'src/plugins/charts/public';
@@ -14,6 +14,7 @@ import { ReactWrapper } from 'enzyme';
 import type { CustomPaletteParams } from '../../../common';
 import { applyPaletteParams } from './utils';
 import { CustomizablePalette } from './palette_configuration';
+import { act } from 'react-dom/test-utils';
 
 // mocking random id generator function
 jest.mock('@elastic/eui', () => {
@@ -128,71 +129,136 @@ describe('palette panel', () => {
       });
     });
 
-    describe('reverse option', () => {
-      beforeEach(() => {
-        props = {
-          activePalette: { type: 'palette', name: 'positive' },
-          palettes: paletteRegistry,
-          setPalette: jest.fn(),
-          dataBounds: { min: 0, max: 100 },
-        };
-      });
+    it('should rewrite the min/max range values on palette change', () => {
+      const instance = mountWithIntl(<CustomizablePalette {...props} />);
+
+      changePaletteIn(instance, 'custom');
 
-      function toggleReverse(instance: ReactWrapper, checked: boolean) {
-        return instance
-          .find('[data-test-subj="lnsPalettePanel_dynamicColoring_reverse"]')
-          .first()
-          .prop('onClick')!({} as React.MouseEvent);
-      }
-
-      it('should reverse the colorStops on click', () => {
-        const instance = mountWithIntl(<CustomizablePalette {...props} />);
-
-        toggleReverse(instance, true);
-
-        expect(props.setPalette).toHaveBeenCalledWith(
-          expect.objectContaining({
-            params: expect.objectContaining({
-              reverse: true,
-            }),
-          })
-        );
+      expect(props.setPalette).toHaveBeenCalledWith({
+        type: 'palette',
+        name: 'custom',
+        params: expect.objectContaining({
+          rangeMin: 0,
+          rangeMax: 50,
+        }),
       });
     });
+  });
+
+  describe('reverse option', () => {
+    beforeEach(() => {
+      props = {
+        activePalette: { type: 'palette', name: 'positive' },
+        palettes: paletteRegistry,
+        setPalette: jest.fn(),
+        dataBounds: { min: 0, max: 100 },
+      };
+    });
+
+    function toggleReverse(instance: ReactWrapper, checked: boolean) {
+      return instance
+        .find('[data-test-subj="lnsPalettePanel_dynamicColoring_reverse"]')
+        .first()
+        .prop('onClick')!({} as React.MouseEvent);
+    }
+
+    it('should reverse the colorStops on click', () => {
+      const instance = mountWithIntl(<CustomizablePalette {...props} />);
+
+      toggleReverse(instance, true);
+
+      expect(props.setPalette).toHaveBeenCalledWith(
+        expect.objectContaining({
+          params: expect.objectContaining({
+            reverse: true,
+          }),
+        })
+      );
+    });
+  });
+
+  describe('percentage / number modes', () => {
+    beforeEach(() => {
+      props = {
+        activePalette: { type: 'palette', name: 'positive' },
+        palettes: paletteRegistry,
+        setPalette: jest.fn(),
+        dataBounds: { min: 5, max: 200 },
+      };
+    });
 
-    describe('custom stops', () => {
-      beforeEach(() => {
-        props = {
-          activePalette: { type: 'palette', name: 'positive' },
-          palettes: paletteRegistry,
-          setPalette: jest.fn(),
-          dataBounds: { min: 0, max: 100 },
-        };
+    it('should switch mode and range boundaries on click', () => {
+      const instance = mountWithIntl(<CustomizablePalette {...props} />);
+      act(() => {
+        instance
+          .find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_range_groups"]')
+          .find(EuiButtonGroup)
+          .prop('onChange')!('number');
       });
-      it('should be visible for predefined palettes', () => {
-        const instance = mountWithIntl(<CustomizablePalette {...props} />);
-        expect(
-          instance.find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_stops"]').exists()
-        ).toEqual(true);
+
+      act(() => {
+        instance
+          .find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_range_groups"]')
+          .find(EuiButtonGroup)
+          .prop('onChange')!('percent');
       });
 
-      it('should be visible for custom palettes', () => {
-        const instance = mountWithIntl(
-          <CustomizablePalette
-            {...props}
-            activePalette={{
-              type: 'palette',
+      expect(props.setPalette).toHaveBeenNthCalledWith(
+        1,
+        expect.objectContaining({
+          params: expect.objectContaining({
+            rangeType: 'number',
+            rangeMin: 5,
+            rangeMax: 102.5 /* (200 - (200-5)/ colors.length: 2) */,
+          }),
+        })
+      );
+
+      expect(props.setPalette).toHaveBeenNthCalledWith(
+        2,
+        expect.objectContaining({
+          params: expect.objectContaining({
+            rangeType: 'percent',
+            rangeMin: 0,
+            rangeMax: 50 /* 100 - (100-0)/ colors.length: 2 */,
+          }),
+        })
+      );
+    });
+  });
+
+  describe('custom stops', () => {
+    beforeEach(() => {
+      props = {
+        activePalette: { type: 'palette', name: 'positive' },
+        palettes: paletteRegistry,
+        setPalette: jest.fn(),
+        dataBounds: { min: 0, max: 100 },
+      };
+    });
+    it('should be visible for predefined palettes', () => {
+      const instance = mountWithIntl(<CustomizablePalette {...props} />);
+      expect(
+        instance.find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_stops"]').exists()
+      ).toEqual(true);
+    });
+
+    it('should be visible for custom palettes', () => {
+      const instance = mountWithIntl(
+        <CustomizablePalette
+          {...props}
+          activePalette={{
+            type: 'palette',
+            name: 'custom',
+            params: {
               name: 'custom',
-              params: {
-                name: 'custom',
-              },
-            }}
-          />
-        );
-        expect(
-          instance.find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_stops"]').exists()
-        ).toEqual(true);
-      });
+            },
+          }}
+        />
+      );
+      expect(
+        instance.find('[data-test-subj="lnsPalettePanel_dynamicColoring_custom_stops"]').exists()
+      ).toEqual(true);
     });
   });
 });
diff --git a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
index bc6a590db0cb7..1d1e212b87c0c 100644
--- a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
+++ b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
@@ -108,16 +108,21 @@ export function CustomizablePalette({
                 colorStops: undefined,
               };
 
+              const newColorStops = getColorStops(palettes, [], activePalette, dataBounds);
               if (isNewPaletteCustom) {
-                newParams.colorStops = getColorStops(palettes, [], activePalette, dataBounds);
+                newParams.colorStops = newColorStops;
               }
 
               newParams.stops = getPaletteStops(palettes, newParams, {
                 prevPalette:
                   isNewPaletteCustom || isCurrentPaletteCustom ? undefined : newPalette.name,
                 dataBounds,
+                mapFromMinValue: true,
               });
 
+              newParams.rangeMin = newColorStops[0].stop;
+              newParams.rangeMax = newColorStops[newColorStops.length - 1].stop;
+
               setPalette({
                 ...newPalette,
                 params: newParams,
@@ -266,18 +271,18 @@ export function CustomizablePalette({
               ) as RequiredPaletteParamTypes['rangeType'];
 
               const params: CustomPaletteParams = { rangeType: newRangeType };
+              const { min: newMin, max: newMax } = getDataMinMax(newRangeType, dataBounds);
+              const { min: oldMin, max: oldMax } = getDataMinMax(
+                activePalette.params?.rangeType,
+                dataBounds
+              );
+              const newColorStops = remapStopsByNewInterval(colorStopsToShow, {
+                oldInterval: oldMax - oldMin,
+                newInterval: newMax - newMin,
+                newMin,
+                oldMin,
+              });
               if (isCurrentPaletteCustom) {
-                const { min: newMin, max: newMax } = getDataMinMax(newRangeType, dataBounds);
-                const { min: oldMin, max: oldMax } = getDataMinMax(
-                  activePalette.params?.rangeType,
-                  dataBounds
-                );
-                const newColorStops = remapStopsByNewInterval(colorStopsToShow, {
-                  oldInterval: oldMax - oldMin,
-                  newInterval: newMax - newMin,
-                  newMin,
-                  oldMin,
-                });
                 const stops = getPaletteStops(
                   palettes,
                   { ...activePalette.params, colorStops: newColorStops, ...params },
@@ -285,8 +290,6 @@ export function CustomizablePalette({
                 );
                 params.colorStops = newColorStops;
                 params.stops = stops;
-                params.rangeMin = newColorStops[0].stop;
-                params.rangeMax = newColorStops[newColorStops.length - 1].stop;
               } else {
                 params.stops = getPaletteStops(
                   palettes,
@@ -294,6 +297,11 @@ export function CustomizablePalette({
                   { prevPalette: activePalette.name, dataBounds }
                 );
               }
+              // why not use newMin/newMax here?
+              // That's because there's the concept of continuity to accomodate, where in some scenarios it has to
+              // take into account the stop value rather than the data value
+              params.rangeMin = newColorStops[0].stop;
+              params.rangeMax = newColorStops[newColorStops.length - 1].stop;
               setPalette(mergePaletteParams(activePalette, params));
             }}
           />
diff --git a/x-pack/plugins/lens/public/shared_components/coloring/utils.test.ts b/x-pack/plugins/lens/public/shared_components/coloring/utils.test.ts
index 97dc2e45c96dc..07d93ca5c40c6 100644
--- a/x-pack/plugins/lens/public/shared_components/coloring/utils.test.ts
+++ b/x-pack/plugins/lens/public/shared_components/coloring/utils.test.ts
@@ -8,6 +8,7 @@
 import { chartPluginMock } from 'src/plugins/charts/public/mocks';
 import {
   applyPaletteParams,
+  getColorStops,
   getContrastColor,
   getDataMinMax,
   getPaletteStops,
@@ -59,6 +60,78 @@ describe('applyPaletteParams', () => {
   });
 });
 
+describe('getColorStops', () => {
+  const paletteRegistry = chartPluginMock.createPaletteRegistry();
+  it('should return the same colorStops if a custom palette is passed, avoiding recomputation', () => {
+    const colorStops = [
+      { stop: 0, color: 'red' },
+      { stop: 100, color: 'blue' },
+    ];
+    expect(
+      getColorStops(
+        paletteRegistry,
+        colorStops,
+        { name: 'custom', type: 'palette' },
+        { min: 0, max: 100 }
+      )
+    ).toBe(colorStops);
+  });
+
+  it('should get a fresh list of colors', () => {
+    expect(
+      getColorStops(
+        paletteRegistry,
+        [
+          { stop: 0, color: 'red' },
+          { stop: 100, color: 'blue' },
+        ],
+        { name: 'mocked', type: 'palette' },
+        { min: 0, max: 100 }
+      )
+    ).toEqual([
+      { color: 'blue', stop: 0 },
+      { color: 'yellow', stop: 50 },
+    ]);
+  });
+
+  it('should get a fresh list of colors even if custom palette but empty colorStops', () => {
+    expect(
+      getColorStops(paletteRegistry, [], { name: 'mocked', type: 'palette' }, { min: 0, max: 100 })
+    ).toEqual([
+      { color: 'blue', stop: 0 },
+      { color: 'yellow', stop: 50 },
+    ]);
+  });
+
+  it('should correctly map the new colorStop to the current data bound and minValue', () => {
+    expect(
+      getColorStops(
+        paletteRegistry,
+        [],
+        { name: 'mocked', type: 'palette', params: { rangeType: 'number' } },
+        { min: 100, max: 1000 }
+      )
+    ).toEqual([
+      { color: 'blue', stop: 100 },
+      { color: 'yellow', stop: 550 },
+    ]);
+  });
+
+  it('should reverse the colors', () => {
+    expect(
+      getColorStops(
+        paletteRegistry,
+        [],
+        { name: 'mocked', type: 'palette', params: { reverse: true } },
+        { min: 100, max: 1000 }
+      )
+    ).toEqual([
+      { color: 'yellow', stop: 0 },
+      { color: 'blue', stop: 50 },
+    ]);
+  });
+});
+
 describe('remapStopsByNewInterval', () => {
   it('should correctly remap the current palette from 0..1 to 0...100', () => {
     expect(
diff --git a/x-pack/plugins/lens/public/shared_components/coloring/utils.ts b/x-pack/plugins/lens/public/shared_components/coloring/utils.ts
index b2969565f5390..413e3708e9c9b 100644
--- a/x-pack/plugins/lens/public/shared_components/coloring/utils.ts
+++ b/x-pack/plugins/lens/public/shared_components/coloring/utils.ts
@@ -269,11 +269,10 @@ export function getColorStops(
   palettes: PaletteRegistry,
   colorStops: Required<CustomPaletteParams>['stops'],
   activePalette: PaletteOutput<CustomPaletteParams>,
-  dataBounds: { min: number; max: number },
-  defaultPalette?: string
+  dataBounds: { min: number; max: number }
 ) {
   // just forward the current stops if custom
-  if (activePalette?.name === CUSTOM_PALETTE) {
+  if (activePalette?.name === CUSTOM_PALETTE && colorStops?.length) {
     return colorStops;
   }
   // for predefined palettes create some stops, then drop the last one.
diff --git a/x-pack/plugins/ml/.gitignore b/x-pack/plugins/ml/.gitignore
index 708c5b199467b..e0f20bbc48bda 100644
--- a/x-pack/plugins/ml/.gitignore
+++ b/x-pack/plugins/ml/.gitignore
@@ -1 +1,2 @@
 routes_doc
+server/routes/apidoc_scripts/header.md
diff --git a/x-pack/plugins/ml/public/application/services/anomaly_explorer_charts_service.ts b/x-pack/plugins/ml/public/application/services/anomaly_explorer_charts_service.ts
index 7a81a7ecb1e34..32c6aeb6b7553 100644
--- a/x-pack/plugins/ml/public/application/services/anomaly_explorer_charts_service.ts
+++ b/x-pack/plugins/ml/public/application/services/anomaly_explorer_charts_service.ts
@@ -590,7 +590,7 @@ export class AnomalyExplorerChartsService {
         return mlResultsService
           .getMetricData(
             Array.isArray(config.datafeedConfig.indices)
-              ? config.datafeedConfig.indices[0]
+              ? config.datafeedConfig.indices.join()
               : config.datafeedConfig.indices,
             entityFields,
             datafeedQuery,
@@ -777,7 +777,7 @@ export class AnomalyExplorerChartsService {
       return mlResultsService
         .getEventDistributionData(
           Array.isArray(config.datafeedConfig.indices)
-            ? config.datafeedConfig.indices[0]
+            ? config.datafeedConfig.indices.join()
             : config.datafeedConfig.indices,
           splitField,
           filterField,
diff --git a/x-pack/plugins/ml/server/routes/job_audit_messages.ts b/x-pack/plugins/ml/server/routes/job_audit_messages.ts
index 4dcaca573fc17..cdef5a9c20dae 100644
--- a/x-pack/plugins/ml/server/routes/job_audit_messages.ts
+++ b/x-pack/plugins/ml/server/routes/job_audit_messages.ts
@@ -101,7 +101,7 @@ export function jobAuditMessagesRoutes({ router, routeGuard }: RouteInitializati
   /**
    * @apiGroup JobAuditMessages
    *
-   * @api {put} /api/ml/job_audit_messages/clear_messages/{jobId} Index annotation
+   * @api {put} /api/ml/job_audit_messages/clear_messages Index annotation
    * @apiName ClearJobAuditMessages
    * @apiDescription Clear the job audit messages.
    *
diff --git a/x-pack/plugins/observability/public/pages/alerts/example_data.ts b/x-pack/plugins/observability/public/pages/alerts/example_data.ts
index 28f8ecec3f34c..1354da592f796 100644
--- a/x-pack/plugins/observability/public/pages/alerts/example_data.ts
+++ b/x-pack/plugins/observability/public/pages/alerts/example_data.ts
@@ -8,7 +8,7 @@
 import {
   ALERT_DURATION,
   ALERT_END,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_SEVERITY,
   ALERT_RULE_TYPE_ID,
   ALERT_START,
@@ -35,7 +35,7 @@ export const apmAlertResponseExample = [
     [ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
     'event.action': ['active'],
     '@timestamp': ['2021-04-12T13:53:49.550Z'],
-    [ALERT_ID]: ['apm.error_rate_opbeans-java_production'],
+    [ALERT_INSTANCE_ID]: ['apm.error_rate_opbeans-java_production'],
     [ALERT_START]: ['2021-04-12T13:50:49.493Z'],
     [ALERT_RULE_PRODUCER]: ['apm'],
     'event.kind': ['state'],
@@ -55,7 +55,7 @@ export const apmAlertResponseExample = [
     [ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
     'event.action': ['close'],
     '@timestamp': ['2021-04-12T13:49:49.446Z'],
-    [ALERT_ID]: ['apm.error_rate_opbeans-java_production'],
+    [ALERT_INSTANCE_ID]: ['apm.error_rate_opbeans-java_production'],
     [ALERT_START]: ['2021-04-12T13:09:30.441Z'],
     [ALERT_RULE_PRODUCER]: ['apm'],
     'event.kind': ['state'],
@@ -116,7 +116,7 @@ export const dynamicIndexPattern = {
       readFromDocValues: true,
     },
     {
-      name: ALERT_ID,
+      name: ALERT_INSTANCE_ID,
       type: 'string',
       esTypes: ['keyword'],
       searchable: true,
diff --git a/x-pack/plugins/osquery/public/action_results/use_action_privileges.tsx b/x-pack/plugins/osquery/public/action_results/use_action_privileges.tsx
index 2c80c874e89fa..6d0477b22edee 100644
--- a/x-pack/plugins/osquery/public/action_results/use_action_privileges.tsx
+++ b/x-pack/plugins/osquery/public/action_results/use_action_privileges.tsx
@@ -6,28 +6,16 @@
  */
 
 import { useQuery } from 'react-query';
-
-import { i18n } from '@kbn/i18n';
 import { useKibana } from '../common/lib/kibana';
-import { useErrorToast } from '../common/hooks/use_error_toast';
 
 export const useActionResultsPrivileges = () => {
   const { http } = useKibana().services;
-  const setErrorToast = useErrorToast();
 
   return useQuery(
     ['actionResultsPrivileges'],
     () => http.get('/internal/osquery/privileges_check'),
     {
       keepPreviousData: true,
-      select: (response) => response?.has_all_requested ?? false,
-      onSuccess: () => setErrorToast(),
-      onError: (error: Error) =>
-        setErrorToast(error, {
-          title: i18n.translate('xpack.osquery.action_results_privileges.fetchError', {
-            defaultMessage: 'Error while fetching action results privileges',
-          }),
-        }),
     }
   );
 };
diff --git a/x-pack/plugins/osquery/public/common/page_paths.ts b/x-pack/plugins/osquery/public/common/page_paths.ts
index 0e0d8310ae8be..8df1006da181a 100644
--- a/x-pack/plugins/osquery/public/common/page_paths.ts
+++ b/x-pack/plugins/osquery/public/common/page_paths.ts
@@ -27,8 +27,6 @@ export interface DynamicPagePathValues {
   [key: string]: string;
 }
 
-export const BASE_PATH = '/app/fleet';
-
 // If routing paths are changed here, please also check to see if
 // `pagePathGetters()`, below, needs any modifications
 export const PAGE_ROUTING_PATHS = {
diff --git a/x-pack/plugins/osquery/public/components/app.tsx b/x-pack/plugins/osquery/public/components/app.tsx
index 44407139ab492..33fb6ac6a2adf 100644
--- a/x-pack/plugins/osquery/public/components/app.tsx
+++ b/x-pack/plugins/osquery/public/components/app.tsx
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+/* eslint-disable react-hooks/rules-of-hooks */
+
 import React, { useMemo } from 'react';
 import { FormattedMessage } from '@kbn/i18n/react';
 import { EuiButtonEmpty, EuiFlexGroup, EuiFlexItem, EuiTabs, EuiTab } from '@elastic/eui';
@@ -14,10 +16,17 @@ import { Container, Nav, Wrapper } from './layouts';
 import { OsqueryAppRoutes } from '../routes';
 import { useRouterNavigate } from '../common/lib/kibana';
 import { ManageIntegrationLink } from './manage_integration_link';
+import { useOsqueryIntegrationStatus } from '../common/hooks';
+import { OsqueryAppEmptyState } from './empty_state';
 
 const OsqueryAppComponent = () => {
   const location = useLocation();
   const section = useMemo(() => location.pathname.split('/')[1] ?? 'overview', [location.pathname]);
+  const { data: osqueryIntegration, isFetched } = useOsqueryIntegrationStatus();
+
+  if (isFetched && osqueryIntegration.install_status !== 'installed') {
+    return <OsqueryAppEmptyState />;
+  }
 
   return (
     <Container>
diff --git a/x-pack/plugins/osquery/public/components/empty_state.tsx b/x-pack/plugins/osquery/public/components/empty_state.tsx
new file mode 100644
index 0000000000000..1ee0d496c0ddc
--- /dev/null
+++ b/x-pack/plugins/osquery/public/components/empty_state.tsx
@@ -0,0 +1,86 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import { FormattedMessage } from '@kbn/i18n/react';
+import { EuiButton } from '@elastic/eui';
+
+import { KibanaPageTemplate } from '../../../../../src/plugins/kibana_react/public';
+import { INTEGRATIONS_PLUGIN_ID } from '../../../fleet/common';
+import { pagePathGetters } from '../../../fleet/public';
+import { isModifiedEvent, isLeftClickEvent, useKibana } from '../common/lib/kibana';
+import { OsqueryIcon } from './osquery_icon';
+import { useBreadcrumbs } from '../common/hooks/use_breadcrumbs';
+import { OSQUERY_INTEGRATION_NAME } from '../../common';
+
+const OsqueryAppEmptyStateComponent = () => {
+  useBreadcrumbs('base');
+
+  const {
+    application: { getUrlForApp, navigateToApp },
+  } = useKibana().services;
+
+  const integrationHref = useMemo(() => {
+    return getUrlForApp(INTEGRATIONS_PLUGIN_ID, {
+      path: pagePathGetters.integration_details_overview({
+        pkgkey: OSQUERY_INTEGRATION_NAME,
+      })[1],
+    });
+  }, [getUrlForApp]);
+
+  const integrationClick = useCallback(
+    (event) => {
+      if (!isModifiedEvent(event) && isLeftClickEvent(event)) {
+        event.preventDefault();
+        return navigateToApp(INTEGRATIONS_PLUGIN_ID, {
+          path: pagePathGetters.integration_details_overview({
+            pkgkey: OSQUERY_INTEGRATION_NAME,
+          })[1],
+        });
+      }
+    },
+    [navigateToApp]
+  );
+
+  const pageHeader = useMemo(
+    () => ({
+      iconType: OsqueryIcon,
+      pageTitle: (
+        <FormattedMessage
+          id="xpack.osquery.emptyState.pageTitle"
+          defaultMessage="Add Osquery Manager"
+        />
+      ),
+      description: (
+        <FormattedMessage
+          id="xpack.osquery.emptyState.pageDescription"
+          defaultMessage="Add this integration to run and schedule queries for Elastic Agent."
+        />
+      ),
+      rightSideItems: [
+        // eslint-disable-next-line @elastic/eui/href-or-on-click
+        <EuiButton
+          key="button"
+          fill
+          href={integrationHref}
+          onClick={integrationClick}
+          iconType="plusInCircleFilled"
+        >
+          <FormattedMessage
+            id="xpack.osquery.emptyState.addOsqueryManagerButton"
+            defaultMessage="Add Osquery Manager"
+          />
+        </EuiButton>,
+      ],
+    }),
+    [integrationClick, integrationHref]
+  );
+
+  return <KibanaPageTemplate isEmptyState={true} pageHeader={pageHeader} />;
+};
+
+export const OsqueryAppEmptyState = React.memo(OsqueryAppEmptyStateComponent);
diff --git a/x-pack/plugins/osquery/public/components/manage_integration_link.tsx b/x-pack/plugins/osquery/public/components/manage_integration_link.tsx
index 44b923860e1a8..32779ded46c50 100644
--- a/x-pack/plugins/osquery/public/components/manage_integration_link.tsx
+++ b/x-pack/plugins/osquery/public/components/manage_integration_link.tsx
@@ -24,11 +24,9 @@ const ManageIntegrationLinkComponent = () => {
   const integrationHref = useMemo(() => {
     if (osqueryIntegration) {
       return getUrlForApp(INTEGRATIONS_PLUGIN_ID, {
-        path:
-          '#' +
-          pagePathGetters.integration_details_policies({
-            pkgkey: `${osqueryIntegration.name}-${osqueryIntegration.version}`,
-          })[1],
+        path: pagePathGetters.integration_details_policies({
+          pkgkey: `${osqueryIntegration.name}-${osqueryIntegration.version}`,
+        })[1],
       });
     }
   }, [getUrlForApp, osqueryIntegration]);
@@ -39,11 +37,9 @@ const ManageIntegrationLinkComponent = () => {
         event.preventDefault();
         if (osqueryIntegration) {
           return navigateToApp(INTEGRATIONS_PLUGIN_ID, {
-            path:
-              '#' +
-              pagePathGetters.integration_details_policies({
-                pkgkey: `${osqueryIntegration.name}-${osqueryIntegration.version}`,
-              })[1],
+            path: pagePathGetters.integration_details_policies({
+              pkgkey: `${osqueryIntegration.name}-${osqueryIntegration.version}`,
+            })[1],
           });
         }
       }
diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
index 987be904c87e6..69b02dee8b9f7 100644
--- a/x-pack/plugins/osquery/public/live_queries/form/index.tsx
+++ b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
@@ -114,7 +114,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
     ),
   });
 
-  const { setFieldValue, submit } = form;
+  const { setFieldValue, submit, isSubmitting } = form;
 
   const actionId = useMemo(() => data?.actions[0].action_id, [data?.actions]);
   const agentIds = useMemo(() => data?.actions[0].agents, [data?.actions]);
@@ -185,7 +185,10 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
             </EuiFlexItem>
           )}
           <EuiFlexItem grow={false}>
-            <EuiButton disabled={!agentSelected || !queryValueProvided} onClick={submit}>
+            <EuiButton
+              disabled={!agentSelected || !queryValueProvided || isSubmitting}
+              onClick={submit}
+            >
               <FormattedMessage
                 id="xpack.osquery.liveQueryForm.form.submitButtonLabel"
                 defaultMessage="Submit"
@@ -196,13 +199,14 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
       </>
     ),
     [
-      agentSelected,
-      permissions.writeSavedQueries,
-      handleShowSaveQueryFlout,
       queryComponentProps,
+      singleAgentMode,
+      permissions.writeSavedQueries,
+      agentSelected,
       queryValueProvided,
       resultsStatus,
-      singleAgentMode,
+      handleShowSaveQueryFlout,
+      isSubmitting,
       submit,
     ]
   );
diff --git a/x-pack/plugins/osquery/public/packs/common/add_pack_query.tsx b/x-pack/plugins/osquery/public/packs/common/add_pack_query.tsx
index 2d58e2dfe9522..d1115898b4e40 100644
--- a/x-pack/plugins/osquery/public/packs/common/add_pack_query.tsx
+++ b/x-pack/plugins/osquery/public/packs/common/add_pack_query.tsx
@@ -51,7 +51,7 @@ const AddPackQueryFormComponent = ({ handleSubmit }) => {
       },
     },
   });
-  const { submit } = form;
+  const { submit, isSubmitting } = form;
 
   const createSavedQueryMutation = useMutation(
     (payload) => http.post(`/internal/osquery/saved_query`, { body: JSON.stringify(payload) }),
@@ -108,7 +108,7 @@ const AddPackQueryFormComponent = ({ handleSubmit }) => {
         <EuiSpacer />
         <CommonUseField path="interval" />
         <EuiSpacer />
-        <EuiButton fill onClick={submit}>
+        <EuiButton isLoading={isSubmitting} fill onClick={submit}>
           {'Add query'}
         </EuiButton>
       </Form>
diff --git a/x-pack/plugins/osquery/public/packs/common/pack_form.tsx b/x-pack/plugins/osquery/public/packs/common/pack_form.tsx
index 86d4d8dff6ba6..ab0984e808943 100644
--- a/x-pack/plugins/osquery/public/packs/common/pack_form.tsx
+++ b/x-pack/plugins/osquery/public/packs/common/pack_form.tsx
@@ -40,7 +40,7 @@ const PackFormComponent = ({ data, handleSubmit }) => {
       },
     },
   });
-  const { submit } = form;
+  const { submit, isSubmitting } = form;
 
   return (
     <Form form={form}>
@@ -50,7 +50,7 @@ const PackFormComponent = ({ data, handleSubmit }) => {
       <EuiSpacer />
       <CommonUseField path="queries" component={PackQueriesField} />
       <EuiSpacer />
-      <EuiButton fill onClick={submit}>
+      <EuiButton isLoading={isSubmitting} fill onClick={submit}>
         {'Save pack'}
       </EuiButton>
     </Form>
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
index a7596575b90c4..617d83821d08d 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/edit/form.tsx
@@ -38,6 +38,7 @@ const EditSavedQueryFormComponent: React.FC<EditSavedQueryFormProps> = ({
     defaultValue,
     handleSubmit,
   });
+  const { submit, isSubmitting } = form;
 
   return (
     <Form form={form}>
@@ -58,12 +59,12 @@ const EditSavedQueryFormComponent: React.FC<EditSavedQueryFormProps> = ({
                   </EuiFlexItem>
                   <EuiFlexItem grow={false}>
                     <EuiButton
-                      // isLoading={isLoading}
+                      isLoading={isSubmitting}
                       color="primary"
                       fill
                       size="m"
                       iconType="save"
-                      onClick={form.submit}
+                      onClick={submit}
                     >
                       <FormattedMessage
                         id="xpack.osquery.editSavedQuery.form.updateQueryButtonLabel"
diff --git a/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx b/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
index 31d0c5637cc3e..ec524086d586b 100644
--- a/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
+++ b/x-pack/plugins/osquery/public/routes/saved_queries/new/form.tsx
@@ -36,6 +36,7 @@ const NewSavedQueryFormComponent: React.FC<NewSavedQueryFormProps> = ({
     defaultValue,
     handleSubmit,
   });
+  const { submit, isSubmitting } = form;
 
   return (
     <Form form={form}>
@@ -54,12 +55,12 @@ const NewSavedQueryFormComponent: React.FC<NewSavedQueryFormProps> = ({
               </EuiFlexItem>
               <EuiFlexItem grow={false}>
                 <EuiButton
-                  // isLoading={isLoading}
+                  isLoading={isSubmitting}
                   color="primary"
                   fill
                   size="m"
                   iconType="save"
-                  onClick={form.submit}
+                  onClick={submit}
                 >
                   <FormattedMessage
                     id="xpack.osquery.addSavedQuery.form.saveQueryButtonLabel"
diff --git a/x-pack/plugins/osquery/public/routes/scheduled_query_groups/edit/index.tsx b/x-pack/plugins/osquery/public/routes/scheduled_query_groups/edit/index.tsx
index 0d63dba2fd1e6..7d816d3c4f7d4 100644
--- a/x-pack/plugins/osquery/public/routes/scheduled_query_groups/edit/index.tsx
+++ b/x-pack/plugins/osquery/public/routes/scheduled_query_groups/edit/index.tsx
@@ -25,7 +25,10 @@ const EditScheduledQueryGroupPageComponent = () => {
 
   const { data } = useScheduledQueryGroup({ scheduledQueryGroupId });
 
-  useBreadcrumbs('scheduled_query_group_edit', { scheduledQueryGroupName: data?.name ?? '' });
+  useBreadcrumbs('scheduled_query_group_edit', {
+    scheduledQueryGroupId: data?.id ?? '',
+    scheduledQueryGroupName: data?.name ?? '',
+  });
 
   const LeftColumn = useMemo(
     () => (
diff --git a/x-pack/plugins/osquery/public/saved_queries/constants.ts b/x-pack/plugins/osquery/public/saved_queries/constants.ts
index 69ca805e3e8fa..8edcfd00d1788 100644
--- a/x-pack/plugins/osquery/public/saved_queries/constants.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/constants.ts
@@ -6,3 +6,4 @@
  */
 
 export const SAVED_QUERIES_ID = 'savedQueryList';
+export const SAVED_QUERY_ID = 'savedQuery';
diff --git a/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx b/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
index 6d14943a6bc84..8c35a359a9baf 100644
--- a/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
+++ b/x-pack/plugins/osquery/public/saved_queries/saved_query_flyout.tsx
@@ -42,6 +42,7 @@ const SavedQueryFlyoutComponent: React.FC<AddQueryFlyoutProps> = ({ defaultValue
     defaultValue,
     handleSubmit,
   });
+  const { submit, isSubmitting } = form;
 
   return (
     <EuiPortal>
@@ -72,7 +73,7 @@ const SavedQueryFlyoutComponent: React.FC<AddQueryFlyoutProps> = ({ defaultValue
               </EuiButtonEmpty>
             </EuiFlexItem>
             <EuiFlexItem grow={false}>
-              <EuiButton onClick={form.submit} fill>
+              <EuiButton isLoading={isSubmitting} onClick={submit} fill>
                 <FormattedMessage
                   id="xpack.osquery.scheduledQueryGroup.queryFlyoutForm.saveButtonLabel"
                   defaultMessage="Save"
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
index 92662cd24fd20..5b736c2cb3217 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts
@@ -12,8 +12,7 @@ import { useKibana } from '../common/lib/kibana';
 import { savedQuerySavedObjectType } from '../../common/types';
 import { pagePathGetters } from '../common/page_paths';
 import { useErrorToast } from '../common/hooks/use_error_toast';
-
-export const SAVED_QUERY_ID = 'savedQuery';
+import { SAVED_QUERY_ID } from './constants';
 
 interface UseSavedQueryProps {
   savedQueryId: string;
diff --git a/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
index fe0d38648b23c..37bb0322c7171 100644
--- a/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
+++ b/x-pack/plugins/osquery/public/saved_queries/use_update_saved_query.ts
@@ -12,7 +12,7 @@ import { useKibana } from '../common/lib/kibana';
 import { savedQuerySavedObjectType } from '../../common/types';
 import { PLUGIN_ID } from '../../common';
 import { pagePathGetters } from '../common/page_paths';
-import { SAVED_QUERIES_ID } from './constants';
+import { SAVED_QUERIES_ID, SAVED_QUERY_ID } from './constants';
 import { useErrorToast } from '../common/hooks/use_error_toast';
 
 interface UseUpdateSavedQueryProps {
@@ -62,6 +62,7 @@ export const useUpdateSavedQuery = ({ savedQueryId }: UseUpdateSavedQueryProps)
       },
       onSuccess: (payload) => {
         queryClient.invalidateQueries(SAVED_QUERIES_ID);
+        queryClient.invalidateQueries([SAVED_QUERY_ID, { savedQueryId }]);
         navigateToApp(PLUGIN_ID, { path: pagePathGetters.saved_queries() });
         toasts.addSuccess(
           i18n.translate('xpack.osquery.editSavedQuery.successToastMessageText', {
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
index 685960ecd202e..3598a9fd2e44c 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
@@ -88,7 +88,7 @@ const ScheduledQueryGroupFormComponent: React.FC<ScheduledQueryGroupFormProps> =
     `scheduled_query_groups/${editMode ? defaultValue?.id : ''}`
   );
 
-  const { isLoading, mutateAsync } = useMutation(
+  const { mutateAsync } = useMutation(
     (payload: Record<string, unknown>) =>
       editMode && defaultValue?.id
         ? http.put(packagePolicyRouteService.getUpdatePath(defaultValue.id), {
@@ -248,7 +248,7 @@ const ScheduledQueryGroupFormComponent: React.FC<ScheduledQueryGroupFormProps> =
     ),
   });
 
-  const { setFieldValue, submit } = form;
+  const { setFieldValue, submit, isSubmitting } = form;
 
   const policyIdEuiFieldProps = useMemo(
     () => ({ isDisabled: !!defaultValue, options: agentPolicyOptions }),
@@ -368,7 +368,7 @@ const ScheduledQueryGroupFormComponent: React.FC<ScheduledQueryGroupFormProps> =
               </EuiFlexItem>
               <EuiFlexItem grow={false}>
                 <EuiButton
-                  isLoading={isLoading}
+                  isLoading={isSubmitting}
                   color="primary"
                   fill
                   size="m"
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx
index bc0cca85f6d87..3b19176d0f581 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/ecs_mapping_editor_field.tsx
@@ -342,7 +342,8 @@ const getEcsFieldValidator = (editForm: boolean) => (
     )
   )(args);
 
-  if (fieldRequiredError && (!!(!editForm && args.formData.value?.field.length) || editForm)) {
+  // @ts-expect-error update types
+  if (fieldRequiredError && ((!editForm && args.formData['value.field'].length) || editForm)) {
     return fieldRequiredError;
   }
 
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/query_flyout.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/query_flyout.tsx
index cae9711694f29..d38c1b2118f24 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/queries/query_flyout.tsx
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/queries/query_flyout.tsx
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { isEmpty } from 'lodash';
 import {
   EuiCallOut,
   EuiFlyout,
@@ -66,7 +67,7 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
         if (isValid && ecsFieldValue) {
           onSave({
             ...payload,
-            ecs_mapping: ecsFieldValue,
+            ...(isEmpty(ecsFieldValue) ? {} : { ecs_mapping: ecsFieldValue }),
           });
           onClose();
         }
@@ -81,7 +82,7 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
     [integrationPackageVersion]
   );
 
-  const { submit, setFieldValue, reset } = form;
+  const { submit, setFieldValue, reset, isSubmitting } = form;
 
   const [{ query }] = useFormData({
     form,
@@ -245,7 +246,7 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
             </EuiButtonEmpty>
           </EuiFlexItem>
           <EuiFlexItem grow={false}>
-            <EuiButton onClick={submit} fill>
+            <EuiButton isLoading={isSubmitting} onClick={submit} fill>
               <FormattedMessage
                 id="xpack.osquery.scheduledQueryGroup.queryFlyoutForm.saveButtonLabel"
                 defaultMessage="Save"
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/scheduled_query_group_queries_status_table.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/scheduled_query_group_queries_status_table.tsx
index 35344f2503eb5..f94b4ba1f8592 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/scheduled_query_group_queries_status_table.tsx
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/scheduled_query_group_queries_status_table.tsx
@@ -21,14 +21,14 @@ import {
   EuiPanel,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
+import { FormattedMessage, FormattedDate, FormattedTime, FormattedRelative } from '@kbn/i18n/react';
 
-import moment from 'moment-timezone';
 import {
   TypedLensByValueInput,
   PersistedIndexPatternLayer,
   PieVisualizationState,
 } from '../../../lens/public';
-import { FilterStateStore } from '../../../../../src/plugins/data/common';
+import { FilterStateStore, IndexPattern } from '../../../../../src/plugins/data/common';
 import { useKibana, isModifiedEvent, isLeftClickEvent } from '../common/lib/kibana';
 import { OsqueryManagerPackagePolicyInputStream } from '../../common/types';
 import { ScheduledQueryErrorsTable } from './scheduled_query_errors_table';
@@ -391,16 +391,21 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
   toggleErrors,
   expanded,
 }) => {
+  const data = useKibana().services.data;
+  const [logsIndexPattern, setLogsIndexPattern] = useState<IndexPattern | undefined>(undefined);
+
   const { data: lastResultsData, isFetched } = useScheduledQueryGroupQueryLastResults({
     actionId,
     agentIds,
     interval,
+    logsIndexPattern,
   });
 
   const { data: errorsData, isFetched: errorsFetched } = useScheduledQueryGroupQueryErrors({
     actionId,
     agentIds,
     interval,
+    logsIndexPattern,
   });
 
   const handleErrorsToggle = useCallback(() => toggleErrors({ queryId, interval }), [
@@ -409,20 +414,41 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
     toggleErrors,
   ]);
 
+  useEffect(() => {
+    const fetchLogsIndexPattern = async () => {
+      const indexPattern = await data.indexPatterns.find('logs-*');
+
+      setLogsIndexPattern(indexPattern[0]);
+    };
+    fetchLogsIndexPattern();
+  }, [data.indexPatterns]);
+
   if (!isFetched || !errorsFetched) {
     return <EuiLoadingSpinner />;
   }
 
-  if (!lastResultsData) {
+  if (!lastResultsData && !errorsData?.total) {
     return <>{'-'}</>;
   }
 
   return (
     <EuiFlexGroup gutterSize="s" alignItems="center">
       <EuiFlexItem grow={4}>
-        {lastResultsData.first_event_ingested_time?.value ? (
-          <EuiToolTip content={lastResultsData.first_event_ingested_time?.value}>
-            <>{moment(lastResultsData.first_event_ingested_time?.value).fromNow()}</>
+        {lastResultsData?.['@timestamp'] ? (
+          <EuiToolTip
+            content={
+              <>
+                <FormattedDate
+                  value={lastResultsData['@timestamp']}
+                  year="numeric"
+                  month="short"
+                  day="2-digit"
+                />{' '}
+                <FormattedTime value={lastResultsData['@timestamp']} timeZoneName="short" />
+              </>
+            }
+          >
+            <FormattedRelative value={lastResultsData['@timestamp']} />
           </EuiToolTip>
         ) : (
           '-'
@@ -432,10 +458,17 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
         <EuiFlexGroup gutterSize="s" alignItems="center" justifyContent="flexEnd">
           <EuiFlexItem grow={false}>
             <EuiNotificationBadge color="subdued">
-              {lastResultsData?.doc_count ?? 0}
+              {lastResultsData?.docCount ?? 0}
             </EuiNotificationBadge>
           </EuiFlexItem>
-          <EuiFlexItem grow={false}>{'Documents'}</EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <FormattedMessage
+              id="xpack.osquery.queriesStatusTable.documentLabelText"
+              defaultMessage="{count, plural, one {Document} other {Documents}}"
+              // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+              values={{ count: lastResultsData?.docCount as number }}
+            />
+          </EuiFlexItem>
         </EuiFlexGroup>
       </EuiFlexItem>
 
@@ -443,10 +476,17 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
         <EuiFlexGroup gutterSize="s" alignItems="center" justifyContent="flexEnd">
           <EuiFlexItem grow={false}>
             <EuiNotificationBadge color="subdued">
-              {lastResultsData?.unique_agents?.value ?? 0}
+              {lastResultsData?.uniqueAgentsCount ?? 0}
             </EuiNotificationBadge>
           </EuiFlexItem>
-          <EuiFlexItem grow={false}>{'Agents'}</EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <FormattedMessage
+              id="xpack.osquery.queriesStatusTable.agentsLabelText"
+              defaultMessage="{count, plural, one {Agent} other {Agents}}"
+              // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+              values={{ count: agentIds?.length }}
+            />
+          </EuiFlexItem>
         </EuiFlexGroup>
       </EuiFlexItem>
 
@@ -458,7 +498,15 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
             </EuiNotificationBadge>
           </EuiFlexItem>
 
-          <EuiFlexItem grow={false}>{'Errors'}</EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            {' '}
+            <FormattedMessage
+              id="xpack.osquery.queriesStatusTable.errorsLabelText"
+              defaultMessage="{count, plural, one {Error} other {Errors}}"
+              // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+              values={{ count: errorsData?.total as number }}
+            />
+          </EuiFlexItem>
 
           <EuiFlexItem grow={false}>
             <EuiButtonIcon
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_errors.ts b/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_errors.ts
index 64e5a20de68c4..338d97f8801c8 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_errors.ts
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_errors.ts
@@ -6,7 +6,7 @@
  */
 
 import { useQuery } from 'react-query';
-import { SortDirection } from '../../../../../src/plugins/data/common';
+import { IndexPattern, SortDirection } from '../../../../../src/plugins/data/common';
 
 import { useKibana } from '../common/lib/kibana';
 
@@ -14,6 +14,7 @@ interface UseScheduledQueryGroupQueryErrorsProps {
   actionId: string;
   agentIds?: string[];
   interval: number;
+  logsIndexPattern?: IndexPattern;
   skip?: boolean;
 }
 
@@ -21,6 +22,7 @@ export const useScheduledQueryGroupQueryErrors = ({
   actionId,
   agentIds,
   interval,
+  logsIndexPattern,
   skip = false,
 }: UseScheduledQueryGroupQueryErrorsProps) => {
   const data = useKibana().services.data;
@@ -28,9 +30,8 @@ export const useScheduledQueryGroupQueryErrors = ({
   return useQuery(
     ['scheduledQueryErrors', { actionId, interval }],
     async () => {
-      const indexPattern = await data.indexPatterns.find('logs-*');
       const searchSource = await data.search.searchSource.create({
-        index: indexPattern[0],
+        index: logsIndexPattern,
         fields: ['*'],
         sort: [
           {
@@ -80,7 +81,7 @@ export const useScheduledQueryGroupQueryErrors = ({
     },
     {
       keepPreviousData: true,
-      enabled: !!(!skip && actionId && interval && agentIds?.length),
+      enabled: !!(!skip && actionId && interval && agentIds?.length && logsIndexPattern),
       select: (response) => response.rawResponse.hits ?? [],
       refetchOnReconnect: false,
       refetchOnWindowFocus: false,
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_last_results.ts b/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_last_results.ts
index f972640e25986..7cfd6be461e05 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_last_results.ts
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/use_scheduled_query_group_query_last_results.ts
@@ -6,13 +6,14 @@
  */
 
 import { useQuery } from 'react-query';
-
+import { IndexPattern } from '../../../../../src/plugins/data/common';
 import { useKibana } from '../common/lib/kibana';
 
 interface UseScheduledQueryGroupQueryLastResultsProps {
   actionId: string;
   agentIds?: string[];
   interval: number;
+  logsIndexPattern?: IndexPattern;
   skip?: boolean;
 }
 
@@ -20,6 +21,7 @@ export const useScheduledQueryGroupQueryLastResults = ({
   actionId,
   agentIds,
   interval,
+  logsIndexPattern,
   skip = false,
 }: UseScheduledQueryGroupQueryLastResultsProps) => {
   const data = useKibana().services.data;
@@ -27,23 +29,9 @@ export const useScheduledQueryGroupQueryLastResults = ({
   return useQuery(
     ['scheduledQueryLastResults', { actionId }],
     async () => {
-      const indexPattern = await data.indexPatterns.find('logs-*');
-      const searchSource = await data.search.searchSource.create({
-        index: indexPattern[0],
-        size: 0,
-        aggs: {
-          runs: {
-            terms: {
-              field: 'response_id',
-              order: { first_event_ingested_time: 'desc' },
-              size: 1,
-            },
-            aggs: {
-              first_event_ingested_time: { min: { field: '@timestamp' } },
-              unique_agents: { cardinality: { field: 'agent.id' } },
-            },
-          },
-        },
+      const lastResultsSearchSource = await data.search.searchSource.create({
+        index: logsIndexPattern,
+        size: 1,
         query: {
           // @ts-expect-error update types
           bool: {
@@ -59,26 +47,62 @@ export const useScheduledQueryGroupQueryLastResults = ({
                   action_id: actionId,
                 },
               },
-              {
-                range: {
-                  '@timestamp': {
-                    gte: `now-${interval * 2}s`,
-                    lte: 'now',
-                  },
-                },
-              },
             ],
           },
         },
       });
 
-      return searchSource.fetch$().toPromise();
+      const lastResultsResponse = await lastResultsSearchSource.fetch$().toPromise();
+
+      const responseId = lastResultsResponse.rawResponse?.hits?.hits[0]?._source?.response_id;
+
+      if (responseId) {
+        const aggsSearchSource = await data.search.searchSource.create({
+          index: logsIndexPattern,
+          size: 0,
+          aggs: {
+            unique_agents: { cardinality: { field: 'agent.id' } },
+          },
+          query: {
+            // @ts-expect-error update types
+            bool: {
+              should: agentIds?.map((agentId) => ({
+                match_phrase: {
+                  'agent.id': agentId,
+                },
+              })),
+              minimum_should_match: 1,
+              filter: [
+                {
+                  match_phrase: {
+                    action_id: actionId,
+                  },
+                },
+                {
+                  match_phrase: {
+                    response_id: responseId,
+                  },
+                },
+              ],
+            },
+          },
+        });
+
+        const aggsResponse = await aggsSearchSource.fetch$().toPromise();
+
+        return {
+          '@timestamp': lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'],
+          // @ts-expect-error update types
+          uniqueAgentsCount: aggsResponse.rawResponse.aggregations?.unique_agents?.value,
+          docCount: aggsResponse.rawResponse?.hits?.total,
+        };
+      }
+
+      return null;
     },
     {
       keepPreviousData: true,
-      enabled: !!(!skip && actionId && interval && agentIds?.length),
-      // @ts-expect-error update types
-      select: (response) => response.rawResponse.aggregations?.runs?.buckets[0] ?? [],
+      enabled: !!(!skip && actionId && interval && agentIds?.length && logsIndexPattern),
       refetchOnReconnect: false,
       refetchOnWindowFocus: false,
     }
diff --git a/x-pack/plugins/osquery/server/routes/privileges_check/privileges_check_route.ts b/x-pack/plugins/osquery/server/routes/privileges_check/privileges_check_route.ts
index 80c335c1c46d3..d9683d23deb13 100644
--- a/x-pack/plugins/osquery/server/routes/privileges_check/privileges_check_route.ts
+++ b/x-pack/plugins/osquery/server/routes/privileges_check/privileges_check_route.ts
@@ -9,7 +9,6 @@ import { OSQUERY_INTEGRATION_NAME, PLUGIN_ID } from '../../../common';
 import { IRouter } from '../../../../../../src/core/server';
 import { OsqueryAppContext } from '../../lib/osquery_app_context_services';
 
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
 export const privilegesCheckRoute = (router: IRouter, osqueryContext: OsqueryAppContext) => {
   router.get(
     {
@@ -20,23 +19,26 @@ export const privilegesCheckRoute = (router: IRouter, osqueryContext: OsqueryApp
       },
     },
     async (context, request, response) => {
-      const esClient = context.core.elasticsearch.client.asCurrentUser;
-
-      const privileges = (
-        await esClient.security.hasPrivileges({
-          body: {
-            index: [
-              {
-                names: [`logs-${OSQUERY_INTEGRATION_NAME}.result*`],
-                privileges: ['read'],
-              },
-            ],
+      if (osqueryContext.security.authz.mode.useRbacForRequest(request)) {
+        const checkPrivileges = osqueryContext.security.authz.checkPrivilegesDynamicallyWithRequest(
+          request
+        );
+        const { hasAllRequested } = await checkPrivileges({
+          elasticsearch: {
+            cluster: [],
+            index: {
+              [`logs-${OSQUERY_INTEGRATION_NAME}.result*`]: ['read'],
+            },
           },
-        })
-      ).body;
+        });
+
+        return response.ok({
+          body: `${hasAllRequested}`,
+        });
+      }
 
       return response.ok({
-        body: privileges,
+        body: 'true',
       });
     }
   );
diff --git a/x-pack/plugins/rule_registry/README.md b/x-pack/plugins/rule_registry/README.md
index b4a9bab9b435d..6643da6e5a52d 100644
--- a/x-pack/plugins/rule_registry/README.md
+++ b/x-pack/plugins/rule_registry/README.md
@@ -130,7 +130,7 @@ The following fields are defined in the technical field component template and s
 - `kibana.alert.rule.name`: the name of the rule (as specified by the user).
 - `kibana.alert.rule.category`: the name of the rule type (as defined by the rule type producer)
 - `kibana.alert.rule.consumer`: the feature which produced the alert (inherited from the rule producer field). Usually a Kibana feature id like `apm`, `siem`...
-- `kibana.alert.id`: the id of the alert, that is unique within the context of the rule execution it was created in. E.g., for a rule that monitors latency for all services in all environments, this might be `opbeans-java:production`.
+- `kibana.alert.instance.id`: the id of the alert instance, that is unique within the context of the rule execution it was created in. E.g., for a rule that monitors latency for all services in all environments, this might be `opbeans-java:production`.
 - `kibana.alert.uuid`: the unique identifier for the alert during its lifespan. If an alert recovers (or closes), this identifier is re-generated when it is opened again.
 - `kibana.alert.status`: the status of the alert. Can be `active` or `recovered`.
 - `kibana.alert.start`: the ISO timestamp of the time at which the alert started.
diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
index c5833709d86c6..cd4b0a2b48a85 100644
--- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
+++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
@@ -21,7 +21,7 @@ export const technicalRuleFieldMap = {
   [Fields.ALERT_RULE_PRODUCER]: { type: 'keyword', required: true },
   [Fields.SPACE_IDS]: { type: 'keyword', array: true, required: true },
   [Fields.ALERT_UUID]: { type: 'keyword', required: true },
-  [Fields.ALERT_ID]: { type: 'keyword', required: true },
+  [Fields.ALERT_INSTANCE_ID]: { type: 'keyword', required: true },
   [Fields.ALERT_START]: { type: 'date' },
   [Fields.ALERT_END]: { type: 'date' },
   [Fields.ALERT_DURATION]: { type: 'long' },
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts
index d8640cf5dfe82..cdc39a7597386 100644
--- a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts
+++ b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts
@@ -6,7 +6,7 @@
  */
 
 import {
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_NAME,
@@ -30,7 +30,7 @@ import { getReadRequest } from './__mocks__/request_responses';
 import { requestMock, serverMock } from './__mocks__/server';
 
 const getMockAlert = (): ParsedTechnicalFields => ({
-  [ALERT_ID]: 'fake-alert-id',
+  [ALERT_INSTANCE_ID]: 'fake-alert-id',
   [ALERT_RULE_CATEGORY]: 'apm.error_rate',
   [ALERT_RULE_CONSUMER]: 'apm',
   [ALERT_RULE_NAME]: 'Check error rate',
diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.test.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.test.ts
index ad09228580637..c65fdece6c5f0 100644
--- a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.test.ts
+++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.test.ts
@@ -7,7 +7,7 @@
 
 import { loggerMock } from '@kbn/logging/mocks';
 import {
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_NAME,
@@ -91,14 +91,14 @@ describe('createLifecycleExecutor', () => {
           // alert documents
           { index: { _id: expect.any(String) } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_0',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_0',
             [ALERT_STATUS]: ALERT_STATUS_ACTIVE,
             [EVENT_ACTION]: 'open',
             [EVENT_KIND]: 'signal',
           }),
           { index: { _id: expect.any(String) } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_1',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_1',
             [ALERT_STATUS]: ALERT_STATUS_ACTIVE,
             [EVENT_ACTION]: 'open',
             [EVENT_KIND]: 'signal',
@@ -128,7 +128,7 @@ describe('createLifecycleExecutor', () => {
           {
             fields: {
               '@timestamp': '',
-              [ALERT_ID]: 'TEST_ALERT_0',
+              [ALERT_INSTANCE_ID]: 'TEST_ALERT_0',
               [ALERT_UUID]: 'ALERT_0_UUID',
               [ALERT_RULE_CATEGORY]: 'RULE_TYPE_NAME',
               [ALERT_RULE_CONSUMER]: 'CONSUMER',
@@ -145,7 +145,7 @@ describe('createLifecycleExecutor', () => {
           {
             fields: {
               '@timestamp': '',
-              [ALERT_ID]: 'TEST_ALERT_1',
+              [ALERT_INSTANCE_ID]: 'TEST_ALERT_1',
               [ALERT_UUID]: 'ALERT_1_UUID',
               [ALERT_RULE_CATEGORY]: 'RULE_TYPE_NAME',
               [ALERT_RULE_CONSUMER]: 'CONSUMER',
@@ -206,7 +206,7 @@ describe('createLifecycleExecutor', () => {
           // alert document
           { index: { _id: 'TEST_ALERT_0_UUID' } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_0',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_0',
             [ALERT_WORKFLOW_STATUS]: 'closed',
             [ALERT_STATUS]: ALERT_STATUS_ACTIVE,
             labels: { LABEL_0_KEY: 'LABEL_0_VALUE' },
@@ -216,7 +216,7 @@ describe('createLifecycleExecutor', () => {
           }),
           { index: { _id: 'TEST_ALERT_1_UUID' } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_1',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_1',
             [ALERT_WORKFLOW_STATUS]: 'open',
             [ALERT_STATUS]: ALERT_STATUS_ACTIVE,
 
@@ -248,7 +248,7 @@ describe('createLifecycleExecutor', () => {
           {
             fields: {
               '@timestamp': '',
-              [ALERT_ID]: 'TEST_ALERT_0',
+              [ALERT_INSTANCE_ID]: 'TEST_ALERT_0',
               [ALERT_UUID]: 'ALERT_0_UUID',
               [ALERT_RULE_CATEGORY]: 'RULE_TYPE_NAME',
               [ALERT_RULE_CONSUMER]: 'CONSUMER',
@@ -264,7 +264,7 @@ describe('createLifecycleExecutor', () => {
           {
             fields: {
               '@timestamp': '',
-              [ALERT_ID]: 'TEST_ALERT_1',
+              [ALERT_INSTANCE_ID]: 'TEST_ALERT_1',
               [ALERT_UUID]: 'ALERT_1_UUID',
               [ALERT_RULE_CATEGORY]: 'RULE_TYPE_NAME',
               [ALERT_RULE_CONSUMER]: 'CONSUMER',
@@ -321,7 +321,7 @@ describe('createLifecycleExecutor', () => {
           // alert document
           { index: { _id: 'TEST_ALERT_0_UUID' } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_0',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_0',
             [ALERT_STATUS]: ALERT_STATUS_RECOVERED,
             labels: { LABEL_0_KEY: 'LABEL_0_VALUE' },
             [EVENT_ACTION]: 'close',
@@ -329,7 +329,7 @@ describe('createLifecycleExecutor', () => {
           }),
           { index: { _id: 'TEST_ALERT_1_UUID' } },
           expect.objectContaining({
-            [ALERT_ID]: 'TEST_ALERT_1',
+            [ALERT_INSTANCE_ID]: 'TEST_ALERT_1',
             [ALERT_STATUS]: ALERT_STATUS_ACTIVE,
             [EVENT_ACTION]: 'active',
             [EVENT_KIND]: 'signal',
diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts
index 231d3060a2c54..259a9e9e8de38 100644
--- a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts
+++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts
@@ -22,7 +22,7 @@ import { ParsedTechnicalFields, parseTechnicalFields } from '../../common/parse_
 import {
   ALERT_DURATION,
   ALERT_END,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_UUID,
   ALERT_START,
   ALERT_STATUS,
@@ -228,7 +228,7 @@ export const createLifecycleExecutor = (
 
     hits.hits.forEach((hit) => {
       const fields = parseTechnicalFields(hit.fields);
-      const alertId = fields[ALERT_ID];
+      const alertId = fields[ALERT_INSTANCE_ID];
       alertsDataMap[alertId] = {
         ...commonRuleFields,
         ...fields,
@@ -255,7 +255,7 @@ export const createLifecycleExecutor = (
       ...alertData,
       ...commonRuleFields,
       [ALERT_DURATION]: (options.startedAt.getTime() - new Date(started).getTime()) * 1000,
-      [ALERT_ID]: alertId,
+      [ALERT_INSTANCE_ID]: alertId,
       [ALERT_START]: started,
       [ALERT_STATUS]: isActive ? ALERT_STATUS_ACTIVE : ALERT_STATUS_RECOVERED,
       [ALERT_WORKFLOW_STATUS]: alertData[ALERT_WORKFLOW_STATUS] ?? 'open',
@@ -281,7 +281,7 @@ export const createLifecycleExecutor = (
     eventsToIndex
       .filter((event) => event[ALERT_STATUS] !== 'closed')
       .map((event) => {
-        const alertId = event[ALERT_ID]!;
+        const alertId = event[ALERT_INSTANCE_ID]!;
         const alertUuid = event[ALERT_UUID]!;
         const started = new Date(event[ALERT_START]!).toISOString();
         return [alertId, { alertId, alertUuid, started }];
diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
index b2cd69be7fdad..6ff418b2ebe47 100644
--- a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
+++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
@@ -198,7 +198,7 @@ describe('createLifecycleRuleTypeFactory', () => {
               "event.action": "open",
               "event.kind": "signal",
               "kibana.alert.duration.us": 0,
-              "kibana.alert.id": "opbeans-java",
+              "kibana.alert.instance.id": "opbeans-java",
               "kibana.alert.rule.category": "ruleTypeName",
               "kibana.alert.rule.consumer": "consumer",
               "kibana.alert.rule.name": "name",
@@ -222,7 +222,7 @@ describe('createLifecycleRuleTypeFactory', () => {
               "event.action": "open",
               "event.kind": "signal",
               "kibana.alert.duration.us": 0,
-              "kibana.alert.id": "opbeans-node",
+              "kibana.alert.instance.id": "opbeans-node",
               "kibana.alert.rule.category": "ruleTypeName",
               "kibana.alert.rule.consumer": "consumer",
               "kibana.alert.rule.name": "name",
diff --git a/x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_factory.ts b/x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_factory.ts
index 1fa51d98c8ab5..57562e34bab78 100644
--- a/x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_factory.ts
+++ b/x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_factory.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ALERT_ID, VERSION } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, VERSION } from '@kbn/rule-data-utils';
 import { getCommonAlertFields } from './get_common_alert_fields';
 import { CreatePersistenceRuleTypeFactory } from './persistence_types';
 
@@ -31,7 +31,7 @@ export const createPersistenceRuleTypeFactory: CreatePersistenceRuleTypeFactory
                 body: alerts.flatMap((event) => [
                   { index: {} },
                   {
-                    [ALERT_ID]: event.id,
+                    [ALERT_INSTANCE_ID]: event.id,
                     [VERSION]: ruleDataClient.kibanaVersion,
                     ...commonRuleFields,
                     ...event.fields,
diff --git a/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts b/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
index 8bba639636ba6..67db667188eaf 100644
--- a/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
+++ b/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
@@ -9,7 +9,7 @@ import { Values } from '@kbn/utility-types';
 import { AlertExecutorOptions } from '../../../alerting/server';
 import { ParsedTechnicalFields } from '../../common/parse_technical_fields';
 import {
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_UUID,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -35,7 +35,7 @@ const commonAlertFieldNames = [
 ];
 export type CommonAlertFieldName = Values<typeof commonAlertFieldNames>;
 
-const commonAlertIdFieldNames = [ALERT_ID, ALERT_UUID];
+const commonAlertIdFieldNames = [ALERT_INSTANCE_ID, ALERT_UUID];
 export type CommonAlertIdFieldName = Values<typeof commonAlertIdFieldNames>;
 
 export type CommonAlertFields = Pick<ParsedTechnicalFields, CommonAlertFieldName>;
diff --git a/x-pack/plugins/rule_registry/server/utils/rule_executor_test_utils.ts b/x-pack/plugins/rule_registry/server/utils/rule_executor_test_utils.ts
index b74fa27879f3d..95a6761152371 100644
--- a/x-pack/plugins/rule_registry/server/utils/rule_executor_test_utils.ts
+++ b/x-pack/plugins/rule_registry/server/utils/rule_executor_test_utils.ts
@@ -24,7 +24,7 @@ export const createDefaultAlertExecutorOptions = <
   InstanceContext extends AlertInstanceContext = {},
   ActionGroupIds extends string = ''
 >({
-  alertId = 'ALERT_ID',
+  alertId = 'ALERT_INSTANCE_ID',
   ruleName = 'ALERT_RULE_NAME',
   params,
   state,
diff --git a/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts b/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
index 9d124258db2be..dc1939605eaa3 100644
--- a/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
@@ -58,7 +58,7 @@ describe('Alert details with unmapped fields', () => {
 
   it('Displays the unmapped field on the table', () => {
     const expectedUnmmappedField = {
-      row: 91,
+      row: 87,
       field: 'unmapped',
       text: 'This is the unmapped field',
     };
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
index e7d04a38305fb..8908adb42f202 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
@@ -52,9 +52,9 @@ describe('Alert details with unmapped fields', () => {
       });
   });
 
-  it.skip('Displays the unmapped field on the table', () => {
+  it('Displays the unmapped field on the table', () => {
     const expectedUnmmappedField = {
-      row: 91,
+      row: 87,
       field: 'unmapped',
       text: 'This is the unmapped field',
     };
diff --git a/x-pack/plugins/security_solution/public/app/home/template_wrapper/global_kql_header/index.tsx b/x-pack/plugins/security_solution/public/app/home/template_wrapper/global_kql_header/index.tsx
index 3e3c91133eab6..ac49d8e90498d 100644
--- a/x-pack/plugins/security_solution/public/app/home/template_wrapper/global_kql_header/index.tsx
+++ b/x-pack/plugins/security_solution/public/app/home/template_wrapper/global_kql_header/index.tsx
@@ -11,7 +11,7 @@ import { useGlobalHeaderPortal } from '../../../../common/hooks/use_global_heade
 
 const StyledStickyWrapper = styled.div`
   position: sticky;
-  z-index: ${(props) => props.theme.eui.euiZLevel2};
+  z-index: ${(props) => props.theme.eui.euiZHeaderBelowDataGrid};
   // TOP location is declared in src/public/rendering/_base.scss to keep in line with Kibana Chrome
 `;
 
diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/events_viewer.tsx b/x-pack/plugins/security_solution/public/common/components/events_viewer/events_viewer.tsx
index b8b6b9766bdde..057d28b0112ad 100644
--- a/x-pack/plugins/security_solution/public/common/components/events_viewer/events_viewer.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/events_viewer.tsx
@@ -321,7 +321,7 @@ const EventsViewerComponent: React.FC<Props> = ({
                 refetch={refetch}
               />
 
-              {graphEventId && <GraphOverlay isEventViewer={true} timelineId={id} />}
+              {graphEventId && <GraphOverlay timelineId={id} />}
               <FullWidthFlexGroup $visible={!graphEventId} gutterSize="none">
                 <ScrollableFlexItem grow={1}>
                   <StatefulBody
diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx b/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx
index c91b646aba967..6bfe61b3eac51 100644
--- a/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx
@@ -147,9 +147,7 @@ const StatefulEventsViewerComponent: React.FC<Props> = ({
   const trailingControlColumns: ControlColumnProps[] = EMPTY_CONTROL_COLUMNS;
   const graphOverlay = useMemo(
     () =>
-      graphEventId != null && graphEventId.length > 0 ? (
-        <GraphOverlay isEventViewer={true} timelineId={id} />
-      ) : null,
+      graphEventId != null && graphEventId.length > 0 ? <GraphOverlay timelineId={id} /> : null,
     [graphEventId, id]
   );
   const setQuery = useCallback(
diff --git a/x-pack/plugins/security_solution/public/common/containers/use_full_screen/index.tsx b/x-pack/plugins/security_solution/public/common/containers/use_full_screen/index.tsx
index e19db8bb94b46..bd9c16e3d88e6 100644
--- a/x-pack/plugins/security_solution/public/common/containers/use_full_screen/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/use_full_screen/index.tsx
@@ -28,7 +28,6 @@ export const resetScroll = () => {
     }
   }, 0);
 };
-
 interface GlobalFullScreen {
   globalFullScreen: boolean;
   setGlobalFullScreen: (fullScreen: boolean) => void;
@@ -46,10 +45,10 @@ export const useGlobalFullScreen = (): GlobalFullScreen => {
   const setGlobalFullScreen = useCallback(
     (fullScreen: boolean) => {
       if (fullScreen) {
-        document.body.classList.add(SCROLLING_DISABLED_CLASS_NAME);
+        document.body.classList.add(SCROLLING_DISABLED_CLASS_NAME, 'euiDataGrid__restrictBody');
         resetScroll();
       } else {
-        document.body.classList.remove(SCROLLING_DISABLED_CLASS_NAME);
+        document.body.classList.remove(SCROLLING_DISABLED_CLASS_NAME, 'euiDataGrid__restrictBody');
         resetScroll();
       }
 
@@ -71,9 +70,15 @@ export const useTimelineFullScreen = (): TimelineFullScreen => {
   const dispatch = useDispatch();
   const timelineFullScreen =
     useShallowEqualSelector(inputsSelectors.timelineFullScreenSelector) ?? false;
-
   const setTimelineFullScreen = useCallback(
-    (fullScreen: boolean) => dispatch(inputsActions.setFullScreen({ id: 'timeline', fullScreen })),
+    (fullScreen: boolean) => {
+      if (fullScreen) {
+        document.body.classList.add('euiDataGrid__restrictBody');
+      } else {
+        document.body.classList.remove('euiDataGrid__restrictBody');
+      }
+      dispatch(inputsActions.setFullScreen({ id: 'timeline', fullScreen }));
+    },
     [dispatch]
   );
   const memoizedReturn = useMemo(
diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
index fb772986bc679..cb6536d585c1e 100644
--- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts
+++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts
@@ -242,6 +242,9 @@ export const mockGlobalState: State = {
         activeTab: TimelineTabs.query,
         prevActiveTab: TimelineTabs.notes,
         deletedEventIds: [],
+        documentType: '',
+        queryFields: [],
+        selectAll: false,
         id: 'test',
         savedObjectId: null,
         columns: defaultHeaders,
diff --git a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts
index e67b61664745e..879cac3299689 100644
--- a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts
+++ b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts
@@ -1979,6 +1979,7 @@ export const mockTimelineModel: TimelineModel = {
   },
   deletedEventIds: [],
   description: 'This is a sample rule description',
+  documentType: '',
   eqlOptions: {
     eventCategoryField: 'event.category',
     tiebreakerField: 'event.sequence',
@@ -2017,6 +2018,7 @@ export const mockTimelineModel: TimelineModel = {
   kqlQuery: {
     filterQuery: null,
   },
+  queryFields: [],
   itemsPerPage: 25,
   itemsPerPageOptions: [10, 25, 50, 100],
   loadingEventIds: [],
@@ -2024,6 +2026,7 @@ export const mockTimelineModel: TimelineModel = {
   pinnedEventIds: {},
   pinnedEventsSaveObject: {},
   savedObjectId: 'ef579e40-jibber-jabber',
+  selectAll: false,
   selectedEventIds: {},
   show: false,
   showCheckboxes: false,
@@ -2110,6 +2113,7 @@ export const defaultTimelineProps: CreateTimelineProps = {
     dateRange: { end: '2018-11-05T19:03:25.937Z', start: '2018-11-05T18:58:25.937Z' },
     deletedEventIds: [],
     description: '',
+    documentType: '',
     eqlOptions: {
       eventCategoryField: 'event.category',
       query: '',
@@ -2141,7 +2145,9 @@ export const defaultTimelineProps: CreateTimelineProps = {
     noteIds: [],
     pinnedEventIds: {},
     pinnedEventsSaveObject: {},
+    queryFields: [],
     savedObjectId: null,
+    selectAll: false,
     selectedEventIds: {},
     show: false,
     showCheckboxes: false,
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx
index 69160d90a011e..e7a8ba91cff8f 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx
@@ -148,6 +148,7 @@ describe('alert actions', () => {
             },
             deletedEventIds: [],
             description: 'This is a sample rule description',
+            documentType: '',
             eqlOptions: {
               eventCategoryField: 'event.category',
               query: '',
@@ -204,7 +205,9 @@ describe('alert actions', () => {
             noteIds: [],
             pinnedEventIds: {},
             pinnedEventsSaveObject: {},
+            queryFields: [],
             savedObjectId: null,
+            selectAll: false,
             selectedEventIds: {},
             show: true,
             showCheckboxes: false,
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
index 9549b3dec33b4..a0514a69a60c8 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -7,7 +7,7 @@
 
 import {
   ALERT_DURATION,
-  ALERT_ID,
+  ALERT_INSTANCE_ID,
   ALERT_RULE_PRODUCER,
   ALERT_START,
   ALERT_WORKFLOW_STATUS,
@@ -276,7 +276,7 @@ export const buildShowBuildingBlockFilterRuleRegistry = (
 
 export const requiredFieldMappingsForActionsRuleRegistry = {
   '@timestamp': '@timestamp',
-  'alert.id': ALERT_ID,
+  'alert.instance.id': ALERT_INSTANCE_ID,
   'event.kind': 'event.kind',
   'alert.start': ALERT_START,
   'alert.uuid': ALERT_UUID,
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
index e179c02987462..3c277d1d4019b 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { EuiLoadingContent, EuiPanel } from '@elastic/eui';
 import { isEmpty } from 'lodash/fp';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { connect, ConnectedProps, useDispatch } from 'react-redux';
@@ -369,11 +368,7 @@ export const AlertsTableComponent: React.FC<AlertsTableComponentProps> = ({
   }, [dispatch, defaultTimelineModel, filterManager, tGridEnabled, timelineId]);
 
   if (loading || indexPatternsLoading || isEmpty(selectedPatterns)) {
-    return (
-      <EuiPanel hasBorder={false} hasShadow={false} paddingSize="none">
-        <EuiLoadingContent data-test-subj="loading-alerts-panel" />
-      </EuiPanel>
-    );
+    return null;
   }
 
   return (
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx
index 2e23ecc648aee..21d0e132599fb 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx
@@ -13,6 +13,10 @@ import {
   setActiveTabTimeline,
   updateTimelineGraphEventId,
 } from '../../../../timelines/store/timeline/actions';
+import {
+  useGlobalFullScreen,
+  useTimelineFullScreen,
+} from '../../../../common/containers/use_full_screen';
 import { TimelineId, TimelineTabs } from '../../../../../common';
 import { ACTION_INVESTIGATE_IN_RESOLVER } from '../../../../timelines/components/timeline/body/translations';
 import { Ecs } from '../../../../../common/ecs';
@@ -35,13 +39,23 @@ export const useInvestigateInResolverContextItem = ({
 }: InvestigateInResolverProps) => {
   const dispatch = useDispatch();
   const isDisabled = useMemo(() => !isInvestigateInResolverActionEnabled(ecsData), [ecsData]);
+  const { setGlobalFullScreen } = useGlobalFullScreen();
+  const { setTimelineFullScreen } = useTimelineFullScreen();
   const handleClick = useCallback(() => {
+    const dataGridIsFullScreen = document.querySelector('.euiDataGrid--fullScreen');
     dispatch(updateTimelineGraphEventId({ id: timelineId, graphEventId: ecsData._id }));
     if (timelineId === TimelineId.active) {
+      if (dataGridIsFullScreen) {
+        setTimelineFullScreen(true);
+      }
       dispatch(setActiveTabTimeline({ id: timelineId, activeTab: TimelineTabs.graph }));
+    } else {
+      if (dataGridIsFullScreen) {
+        setGlobalFullScreen(true);
+      }
     }
     onClose();
-  }, [dispatch, ecsData._id, onClose, timelineId]);
+  }, [dispatch, ecsData._id, onClose, timelineId, setGlobalFullScreen, setTimelineFullScreen]);
   return isDisabled
     ? []
     : [
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
index 4c3db2ae62be3..4d4ac102ea645 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
@@ -695,7 +695,7 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                           enabled={isExistingRule && (rule?.enabled ?? false)}
                           onChange={handleOnChangeEnabledRule}
                         />
-                        <EuiFlexItem>{i18n.ACTIVATED_RULE}</EuiFlexItem>
+                        <EuiFlexItem>{i18n.ACTIVATE_RULE}</EuiFlexItem>
                       </EuiFlexGroup>
                     </EuiToolTip>
                   </EuiFlexItem>
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
index ca3e5a4587a09..a83647f8a9781 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
@@ -28,10 +28,10 @@ export const EXPERIMENTAL = i18n.translate(
   }
 );
 
-export const ACTIVATED_RULE = i18n.translate(
-  'xpack.securitySolution.detectionEngine.ruleDetails.activatedRuleLabel',
+export const ACTIVATE_RULE = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.activateRuleLabel',
   {
-    defaultMessage: 'Activated',
+    defaultMessage: 'Activate',
   }
 );
 
diff --git a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.test.tsx
index 1286208bff9e6..d672a3c699707 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.test.tsx
@@ -44,12 +44,10 @@ describe('GraphOverlay', () => {
   });
 
   describe('when used in an events viewer (i.e. in the Detections view, or the Host > Events view)', () => {
-    const isEventViewer = true;
-
-    test('it has 100% width when isEventViewer is true and NOT in full screen mode', async () => {
+    test('it has 100% width when NOT in full screen mode', async () => {
       const wrapper = mount(
         <TestProviders>
-          <GraphOverlay timelineId={TimelineId.test} isEventViewer={isEventViewer} />
+          <GraphOverlay timelineId={TimelineId.test} />
         </TestProviders>
       );
 
@@ -59,9 +57,9 @@ describe('GraphOverlay', () => {
       });
     });
 
-    test('it has a calculated width that makes room for the Timeline flyout button when isEventViewer is true in full screen mode', async () => {
+    test('it has a fixed position when in full screen mode', async () => {
       (useGlobalFullScreen as jest.Mock).mockReturnValue({
-        globalFullScreen: true, // <-- true when an events viewer is in full screen mode
+        globalFullScreen: true,
         setGlobalFullScreen: jest.fn(),
       });
       (useTimelineFullScreen as jest.Mock).mockReturnValue({
@@ -71,25 +69,24 @@ describe('GraphOverlay', () => {
 
       const wrapper = mount(
         <TestProviders>
-          <GraphOverlay timelineId={TimelineId.test} isEventViewer={isEventViewer} />
+          <GraphOverlay timelineId={TimelineId.test} />
         </TestProviders>
       );
 
       await waitFor(() => {
         const overlayContainer = wrapper.find('[data-test-subj="overlayContainer"]').first();
-        expect(overlayContainer).toHaveStyleRule('width', 'calc(100% - 36px)');
+        expect(overlayContainer).toHaveStyleRule('position', 'fixed');
       });
     });
   });
 
   describe('when used in the active timeline', () => {
-    const isEventViewer = false;
     const timelineId = TimelineId.active;
 
-    test('it has 100% width when isEventViewer is false and NOT in full screen mode', async () => {
+    test('it has 100% width when NOT in full screen mode', async () => {
       const wrapper = mount(
         <TestProviders>
-          <GraphOverlay timelineId={timelineId} isEventViewer={isEventViewer} />
+          <GraphOverlay timelineId={timelineId} />
         </TestProviders>
       );
 
@@ -99,7 +96,7 @@ describe('GraphOverlay', () => {
       });
     });
 
-    test('it has 100% width when isEventViewer is false and the active timeline is in full screen mode', async () => {
+    test('it has 100% width when the active timeline is in full screen mode', async () => {
       (useGlobalFullScreen as jest.Mock).mockReturnValue({
         globalFullScreen: false,
         setGlobalFullScreen: jest.fn(),
@@ -111,7 +108,7 @@ describe('GraphOverlay', () => {
 
       const wrapper = mount(
         <TestProviders>
-          <GraphOverlay timelineId={timelineId} isEventViewer={isEventViewer} />
+          <GraphOverlay timelineId={timelineId} />
         </TestProviders>
       );
 
diff --git a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx
index a8cfea1de8e74..16459381a8431 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx
@@ -41,13 +41,19 @@ import {
 import * as i18n from './translations';
 
 const OverlayContainer = styled.div`
-  ${({ $restrictWidth }: { $restrictWidth: boolean }) =>
-    `
-    display: flex;
-    flex-direction: column;
-    flex: 1;
-    width: ${$restrictWidth ? 'calc(100% - 36px)' : '100%'};
-    `}
+  display: flex;
+  flex-direction: column;
+  flex: 1;
+  width: 100%;
+`;
+
+const FullScreenOverlayContainer = styled.div`
+  position: fixed;
+  top: 0;
+  bottom: 0;
+  left: 0;
+  right: 0;
+  z-index: ${(props) => props.theme.eui.euiZLevel3};
 `;
 
 const StyledResolver = styled(Resolver)`
@@ -59,7 +65,6 @@ const FullScreenButtonIcon = styled(EuiButtonIcon)`
 `;
 
 interface OwnProps {
-  isEventViewer: boolean;
   timelineId: TimelineId;
 }
 
@@ -111,18 +116,15 @@ NavigationComponent.displayName = 'NavigationComponent';
 
 const Navigation = React.memo(NavigationComponent);
 
-const GraphOverlayComponent: React.FC<OwnProps> = ({ isEventViewer, timelineId }) => {
+const GraphOverlayComponent: React.FC<OwnProps> = ({ timelineId }) => {
   const dispatch = useDispatch();
-  const onCloseOverlay = useCallback(() => {
-    dispatch(updateTimelineGraphEventId({ id: timelineId, graphEventId: '' }));
-  }, [dispatch, timelineId]);
+  const { globalFullScreen, setGlobalFullScreen } = useGlobalFullScreen();
+  const { timelineFullScreen, setTimelineFullScreen } = useTimelineFullScreen();
+
   const getTimeline = useMemo(() => timelineSelectors.getTimelineByIdSelector(), []);
   const graphEventId = useDeepEqualSelector(
     (state) => (getTimeline(state, timelineId) ?? timelineDefaults).graphEventId
   );
-
-  const { globalFullScreen, setGlobalFullScreen } = useGlobalFullScreen();
-  const { timelineFullScreen, setTimelineFullScreen } = useTimelineFullScreen();
   const getStartSelector = useMemo(() => startSelector(), []);
   const getEndSelector = useMemo(() => endSelector(), []);
   const getIsLoadingSelector = useMemo(() => isLoadingSelector(), []);
@@ -154,6 +156,16 @@ const GraphOverlayComponent: React.FC<OwnProps> = ({ isEventViewer, timelineId }
     [globalFullScreen, timelineId, timelineFullScreen]
   );
 
+  const isInTimeline = timelineId === TimelineId.active;
+  const onCloseOverlay = useCallback(() => {
+    if (timelineId === TimelineId.active) {
+      setTimelineFullScreen(false);
+    } else {
+      setGlobalFullScreen(false);
+    }
+    dispatch(updateTimelineGraphEventId({ id: timelineId, graphEventId: '' }));
+  }, [dispatch, timelineId, setTimelineFullScreen, setGlobalFullScreen]);
+
   const toggleFullScreen = useCallback(() => {
     if (timelineId === TimelineId.active) {
       setTimelineFullScreen(!timelineFullScreen);
@@ -173,41 +185,71 @@ const GraphOverlayComponent: React.FC<OwnProps> = ({ isEventViewer, timelineId }
     []
   );
   const existingIndexNames = useDeepEqualSelector<string[]>(existingIndexNamesSelector);
-
-  return (
-    <OverlayContainer
-      data-test-subj="overlayContainer"
-      $restrictWidth={isEventViewer && fullScreen}
-    >
-      <EuiHorizontalRule margin="none" />
-      <EuiFlexGroup gutterSize="none" justifyContent="spaceBetween">
-        <EuiFlexItem grow={false}>
-          <Navigation
-            fullScreen={fullScreen}
-            globalFullScreen={globalFullScreen}
-            onCloseOverlay={onCloseOverlay}
-            timelineId={timelineId}
-            timelineFullScreen={timelineFullScreen}
-            toggleFullScreen={toggleFullScreen}
+  if (fullScreen && !isInTimeline) {
+    return (
+      <FullScreenOverlayContainer data-test-subj="overlayContainer">
+        <EuiHorizontalRule margin="none" />
+        <EuiFlexGroup gutterSize="none" justifyContent="spaceBetween">
+          <EuiFlexItem grow={false}>
+            <Navigation
+              fullScreen={fullScreen}
+              globalFullScreen={globalFullScreen}
+              onCloseOverlay={onCloseOverlay}
+              timelineId={timelineId}
+              timelineFullScreen={timelineFullScreen}
+              toggleFullScreen={toggleFullScreen}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiHorizontalRule margin="none" />
+        {graphEventId !== undefined ? (
+          <StyledResolver
+            databaseDocumentID={graphEventId}
+            resolverComponentInstanceID={timelineId}
+            indices={existingIndexNames}
+            shouldUpdate={shouldUpdate}
+            filters={{ from, to }}
           />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-      <EuiHorizontalRule margin="none" />
-      {graphEventId !== undefined ? (
-        <StyledResolver
-          databaseDocumentID={graphEventId}
-          resolverComponentInstanceID={timelineId}
-          indices={existingIndexNames}
-          shouldUpdate={shouldUpdate}
-          filters={{ from, to }}
-        />
-      ) : (
-        <EuiFlexGroup alignItems="center" justifyContent="center" style={{ height: '100%' }}>
-          <EuiLoadingSpinner size="xl" />
+        ) : (
+          <EuiFlexGroup alignItems="center" justifyContent="center" style={{ height: '100%' }}>
+            <EuiLoadingSpinner size="xl" />
+          </EuiFlexGroup>
+        )}
+      </FullScreenOverlayContainer>
+    );
+  } else {
+    return (
+      <OverlayContainer data-test-subj="overlayContainer">
+        <EuiHorizontalRule margin="none" />
+        <EuiFlexGroup gutterSize="none" justifyContent="spaceBetween">
+          <EuiFlexItem grow={false}>
+            <Navigation
+              fullScreen={fullScreen}
+              globalFullScreen={globalFullScreen}
+              onCloseOverlay={onCloseOverlay}
+              timelineId={timelineId}
+              timelineFullScreen={timelineFullScreen}
+              toggleFullScreen={toggleFullScreen}
+            />
+          </EuiFlexItem>
         </EuiFlexGroup>
-      )}
-    </OverlayContainer>
-  );
+        <EuiHorizontalRule margin="none" />
+        {graphEventId !== undefined ? (
+          <StyledResolver
+            databaseDocumentID={graphEventId}
+            resolverComponentInstanceID={timelineId}
+            indices={existingIndexNames}
+            shouldUpdate={shouldUpdate}
+            filters={{ from, to }}
+          />
+        ) : (
+          <EuiFlexGroup alignItems="center" justifyContent="center" style={{ height: '100%' }}>
+            <EuiLoadingSpinner size="xl" />
+          </EuiFlexGroup>
+        )}
+      </OverlayContainer>
+    );
+  }
 };
 
 export const GraphOverlay = React.memo(GraphOverlayComponent);
diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts
index ae15768d26e70..37bdfd38bf8bc 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/helpers.test.ts
@@ -296,6 +296,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -328,7 +329,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -366,6 +369,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -398,7 +402,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -436,6 +442,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -468,7 +475,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -504,6 +513,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -536,7 +546,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -577,6 +589,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -612,6 +625,8 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -680,6 +695,7 @@ describe('helpers', () => {
         dateRange: { start: '2020-07-07T08:20:18.966Z', end: '2020-07-08T08:20:18.966Z' },
         dataProviders: [],
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -758,6 +774,8 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -791,6 +809,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { end: '2020-10-28T11:37:31.655Z', start: '2020-10-27T11:37:31.655Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -823,7 +842,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
@@ -861,6 +882,7 @@ describe('helpers', () => {
         dataProviders: [],
         dateRange: { end: '2020-07-08T08:20:18.966Z', start: '2020-07-07T08:20:18.966Z' },
         description: '',
+        documentType: '',
         deletedEventIds: [],
         eqlOptions: {
           eventCategoryField: 'event.category',
@@ -893,7 +915,9 @@ describe('helpers', () => {
         noteIds: [],
         pinnedEventIds: {},
         pinnedEventsSaveObject: {},
+        queryFields: [],
         savedObjectId: 'savedObject-1',
+        selectAll: false,
         selectedEventIds: {},
         show: false,
         showCheckboxes: false,
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/graph_tab_content/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/graph_tab_content/index.tsx
index 1678a92c4cdaa..64d3f01cff265 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/graph_tab_content/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/graph_tab_content/index.tsx
@@ -26,7 +26,7 @@ const GraphTabContentComponent: React.FC<GraphTabContentProps> = ({ timelineId }
     return null;
   }
 
-  return <GraphOverlay isEventViewer={false} timelineId={timelineId} />;
+  return <GraphOverlay timelineId={timelineId} />;
 };
 
 GraphTabContentComponent.displayName = 'GraphTabContentComponent';
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.test.ts b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.test.ts
index f1b5f6a944678..8fbb330d51231 100644
--- a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.test.ts
@@ -28,6 +28,17 @@ const useKibanaMock = useKibana as jest.Mocked<typeof useKibana>;
 const getExpectedColumns = (model: TimelineModel) =>
   model.columns.map(migrateColumnWidthToInitialWidth).map(migrateColumnLabelToDisplayAsText);
 
+const {
+  documentType,
+  filterManager,
+  isLoading,
+  loadingText,
+  queryFields,
+  selectAll,
+  unit,
+  ...timelineToStore
+} = mockTimelineModel;
+
 describe('SiemLocalStorage', () => {
   const { localStorage, storage } = createSecuritySolutionStorageMock();
 
@@ -41,7 +52,7 @@ describe('SiemLocalStorage', () => {
       const timelineStorage = useTimelinesStorage();
       timelineStorage.addTimeline(TimelineId.hostsPageEvents, mockTimelineModel);
       expect(JSON.parse(localStorage.getItem(LOCAL_STORAGE_TIMELINE_KEY))).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
       });
     });
 
@@ -50,8 +61,8 @@ describe('SiemLocalStorage', () => {
       timelineStorage.addTimeline(TimelineId.hostsPageEvents, mockTimelineModel);
       timelineStorage.addTimeline(TimelineId.hostsPageExternalAlerts, mockTimelineModel);
       expect(JSON.parse(localStorage.getItem(LOCAL_STORAGE_TIMELINE_KEY))).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
-        [TimelineId.hostsPageExternalAlerts]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
+        [TimelineId.hostsPageExternalAlerts]: timelineToStore,
       });
     });
   });
@@ -63,8 +74,8 @@ describe('SiemLocalStorage', () => {
       timelineStorage.addTimeline(TimelineId.hostsPageExternalAlerts, mockTimelineModel);
       const timelines = timelineStorage.getAllTimelines();
       expect(timelines).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
-        [TimelineId.hostsPageExternalAlerts]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
+        [TimelineId.hostsPageExternalAlerts]: timelineToStore,
       });
     });
 
@@ -80,7 +91,7 @@ describe('SiemLocalStorage', () => {
       const timelineStorage = useTimelinesStorage();
       timelineStorage.addTimeline(TimelineId.hostsPageEvents, mockTimelineModel);
       const timeline = timelineStorage.getTimelineById(TimelineId.hostsPageEvents);
-      expect(timeline).toEqual(mockTimelineModel);
+      expect(timeline).toEqual(timelineToStore);
     });
   });
 
@@ -94,8 +105,8 @@ describe('SiemLocalStorage', () => {
         TimelineId.hostsPageExternalAlerts,
       ]);
       expect(timelines).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
-        [TimelineId.hostsPageExternalAlerts]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
+        [TimelineId.hostsPageExternalAlerts]: timelineToStore,
       });
     });
 
@@ -126,7 +137,7 @@ describe('SiemLocalStorage', () => {
         TimelineId.hostsPageExternalAlerts,
       ]);
       expect(timelines).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
       });
     });
 
@@ -152,8 +163,8 @@ describe('SiemLocalStorage', () => {
       // all legacy `width` values are migrated to `initialWidth`:
       expect(timelines).toStrictEqual({
         [TimelineId.hostsPageEvents]: {
-          ...mockTimelineModel,
-          columns: mockTimelineModel.columns.map((c) => ({
+          ...timelineToStore,
+          columns: timelineToStore.columns.map((c) => ({
             ...c,
             displayAsText: undefined,
             initialWidth: 98765,
@@ -161,7 +172,7 @@ describe('SiemLocalStorage', () => {
           })),
         },
         [TimelineId.hostsPageExternalAlerts]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: getExpectedColumns(mockTimelineModel),
         },
       });
@@ -187,8 +198,8 @@ describe('SiemLocalStorage', () => {
 
       expect(timelines).toStrictEqual({
         [TimelineId.hostsPageEvents]: {
-          ...mockTimelineModel,
-          columns: mockTimelineModel.columns.map((c) => ({
+          ...timelineToStore,
+          columns: timelineToStore.columns.map((c) => ({
             ...c,
             displayAsText: undefined,
             initialWidth: c.initialWidth, // initialWidth is unchanged
@@ -196,7 +207,7 @@ describe('SiemLocalStorage', () => {
           })),
         },
         [TimelineId.hostsPageExternalAlerts]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: getExpectedColumns(mockTimelineModel),
         },
       });
@@ -223,15 +234,15 @@ describe('SiemLocalStorage', () => {
       // all legacy `label` values are migrated to `displayAsText`:
       expect(timelines).toStrictEqual({
         [TimelineId.hostsPageEvents]: {
-          ...mockTimelineModel,
-          columns: mockTimelineModel.columns.map((c, i) => ({
+          ...timelineToStore,
+          columns: timelineToStore.columns.map((c, i) => ({
             ...c,
             displayAsText: `A legacy label ${i}`,
             label: `A legacy label ${i}`,
           })),
         },
         [TimelineId.hostsPageExternalAlerts]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: getExpectedColumns(mockTimelineModel),
         },
       });
@@ -259,8 +270,8 @@ describe('SiemLocalStorage', () => {
 
       expect(timelines).toStrictEqual({
         [TimelineId.hostsPageEvents]: {
-          ...mockTimelineModel,
-          columns: mockTimelineModel.columns.map((c, i) => ({
+          ...timelineToStore,
+          columns: timelineToStore.columns.map((c, i) => ({
             ...c,
             displayAsText:
               'Label will NOT be migrated to displayAsText, because displayAsText already has a value',
@@ -268,7 +279,7 @@ describe('SiemLocalStorage', () => {
           })),
         },
         [TimelineId.hostsPageExternalAlerts]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: getExpectedColumns(mockTimelineModel),
         },
       });
@@ -293,11 +304,11 @@ describe('SiemLocalStorage', () => {
 
       expect(timelines).toStrictEqual({
         [TimelineId.hostsPageEvents]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: 'this is NOT an array',
         },
         [TimelineId.hostsPageExternalAlerts]: {
-          ...mockTimelineModel,
+          ...timelineToStore,
           columns: getExpectedColumns(mockTimelineModel),
         },
       });
@@ -311,8 +322,8 @@ describe('SiemLocalStorage', () => {
       timelineStorage.addTimeline(TimelineId.hostsPageExternalAlerts, mockTimelineModel);
       const timelines = getAllTimelinesInStorage(storage);
       expect(timelines).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
-        [TimelineId.hostsPageExternalAlerts]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
+        [TimelineId.hostsPageExternalAlerts]: timelineToStore,
       });
     });
 
@@ -326,7 +337,7 @@ describe('SiemLocalStorage', () => {
     it('adds a timeline when storage is empty', () => {
       addTimelineInStorage(storage, TimelineId.hostsPageEvents, mockTimelineModel);
       expect(JSON.parse(localStorage.getItem(LOCAL_STORAGE_TIMELINE_KEY))).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
       });
     });
 
@@ -334,8 +345,8 @@ describe('SiemLocalStorage', () => {
       addTimelineInStorage(storage, TimelineId.hostsPageEvents, mockTimelineModel);
       addTimelineInStorage(storage, TimelineId.hostsPageExternalAlerts, mockTimelineModel);
       expect(JSON.parse(localStorage.getItem(LOCAL_STORAGE_TIMELINE_KEY))).toEqual({
-        [TimelineId.hostsPageEvents]: mockTimelineModel,
-        [TimelineId.hostsPageExternalAlerts]: mockTimelineModel,
+        [TimelineId.hostsPageEvents]: timelineToStore,
+        [TimelineId.hostsPageExternalAlerts]: timelineToStore,
       });
     });
   });
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.tsx
index 99f45c7d9a4b4..dd60656933ba8 100644
--- a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.tsx
@@ -85,13 +85,29 @@ export const addTimelineInStorage = (
   id: TimelineIdLiteral,
   timeline: TimelineModel
 ) => {
+  const timelineToStore = cleanStorageTimeline(timeline);
   const timelines = getAllTimelinesInStorage(storage);
   storage.set(LOCAL_STORAGE_TIMELINE_KEY, {
     ...timelines,
-    [id]: timeline,
+    [id]: timelineToStore,
   });
 };
 
+const cleanStorageTimeline = (timeline: TimelineModel) => {
+  // discard unneeded fields to make sure the object serialization works
+  const {
+    documentType,
+    filterManager,
+    isLoading,
+    loadingText,
+    queryFields,
+    selectAll,
+    unit,
+    ...timelineToStore
+  } = timeline;
+  return timelineToStore;
+};
+
 export const useTimelinesStorage = (): TimelinesStorage => {
   const { storage } = useKibana().services;
 
diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts
index f411c6ffac9b7..0ba3f91173d0a 100644
--- a/x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts
+++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/defaults.ts
@@ -19,6 +19,7 @@ export const timelineDefaults: SubsetTimelineModel &
   activeTab: TimelineTabs.query,
   prevActiveTab: TimelineTabs.query,
   columns: defaultHeaders,
+  documentType: '',
   defaultColumns: defaultHeaders,
   dataProviders: [],
   dateRange: { start, end },
@@ -51,6 +52,7 @@ export const timelineDefaults: SubsetTimelineModel &
     filterQuery: null,
   },
   loadingEventIds: [],
+  queryFields: [],
   title: '',
   timelineType: TimelineType.default,
   templateTimelineId: null,
@@ -59,6 +61,7 @@ export const timelineDefaults: SubsetTimelineModel &
   pinnedEventIds: {},
   pinnedEventsSaveObject: {},
   savedObjectId: null,
+  selectAll: false,
   selectedEventIds: {},
   show: false,
   showCheckboxes: false,
diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/epic.test.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/epic.test.ts
index 8b40febbfe993..686c8220f677b 100644
--- a/x-pack/plugins/security_solution/public/timelines/store/timeline/epic.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/epic.test.ts
@@ -92,6 +92,7 @@ describe('Epic Timeline', () => {
         ],
         deletedEventIds: [],
         description: '',
+        documentType: '',
         eqlOptions: {
           eventCategoryField: 'event.category',
           tiebreakerField: '',
@@ -146,6 +147,8 @@ describe('Epic Timeline', () => {
           },
         },
         loadingEventIds: [],
+        queryFields: [],
+        selectAll: false,
         title: 'saved',
         timelineType: TimelineType.default,
         templateTimelineId: null,
diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts
index a2d7e2300d171..b53da997c08cb 100644
--- a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts
+++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts
@@ -85,10 +85,12 @@ export type SubsetTimelineModel = Readonly<
     | 'dataProviders'
     | 'deletedEventIds'
     | 'description'
+    | 'documentType'
     | 'eventType'
     | 'eventIdToNoteIds'
     | 'excludedRowRendererIds'
     | 'expandedDetail'
+    | 'footerText'
     | 'graphEventId'
     | 'highlightedDropAndProviderId'
     | 'historyIds'
@@ -100,15 +102,18 @@ export type SubsetTimelineModel = Readonly<
     | 'itemsPerPageOptions'
     | 'kqlMode'
     | 'kqlQuery'
+    | 'queryFields'
     | 'title'
     | 'timelineType'
     | 'templateTimelineId'
     | 'templateTimelineVersion'
     | 'loadingEventIds'
+    | 'loadingText'
     | 'noteIds'
     | 'pinnedEventIds'
     | 'pinnedEventsSaveObject'
     | 'dateRange'
+    | 'selectAll'
     | 'selectedEventIds'
     | 'show'
     | 'showCheckboxes'
@@ -116,6 +121,7 @@ export type SubsetTimelineModel = Readonly<
     | 'isSaving'
     | 'isLoading'
     | 'savedObjectId'
+    | 'unit'
     | 'version'
     | 'status'
   >
diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/reducer.test.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/reducer.test.ts
index 96ae11cb8afdc..c0dcba6920b60 100644
--- a/x-pack/plugins/security_solution/public/timelines/store/timeline/reducer.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/reducer.test.ts
@@ -88,6 +88,7 @@ const basicTimeline: TimelineModel = {
   },
   deletedEventIds: [],
   description: '',
+  documentType: '',
   eqlOptions: {
     eventCategoryField: 'event.category',
     tiebreakerField: '',
@@ -113,7 +114,9 @@ const basicTimeline: TimelineModel = {
   noteIds: [],
   pinnedEventIds: {},
   pinnedEventsSaveObject: {},
+  queryFields: [],
   savedObjectId: null,
+  selectAll: false,
   selectedEventIds: {},
   show: true,
   showCheckboxes: false,
diff --git a/x-pack/plugins/security_solution/server/config.test.ts b/x-pack/plugins/security_solution/server/config.test.ts
new file mode 100644
index 0000000000000..67956acd6656f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/config.test.ts
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { configSchema } from './config';
+
+describe('config', () => {
+  describe('alertIgnoreFields', () => {
+    test('should default to an empty array', () => {
+      expect(configSchema.validate({}).alertIgnoreFields).toEqual([]);
+    });
+
+    test('should accept an array of strings', () => {
+      expect(
+        configSchema.validate({ alertIgnoreFields: ['foo.bar', 'mars.bar'] }).alertIgnoreFields
+      ).toEqual(['foo.bar', 'mars.bar']);
+    });
+
+    test('should throw if a non string is being sent in', () => {
+      expect(
+        () =>
+          configSchema.validate({
+            alertIgnoreFields: 5,
+          }).alertIgnoreFields
+      ).toThrow('[alertIgnoreFields]: expected value of type [array] but got [number]');
+    });
+
+    test('should throw if we send in an invalid regular expression as a string', () => {
+      expect(
+        () =>
+          configSchema.validate({
+            alertIgnoreFields: ['/(/'],
+          }).alertIgnoreFields
+      ).toThrow(
+        '[alertIgnoreFields]: "Invalid regular expression: /(/: Unterminated group" at array position 0'
+      );
+    });
+
+    test('should throw with two errors if we send two invalid regular expressions', () => {
+      expect(
+        () =>
+          configSchema.validate({
+            alertIgnoreFields: ['/(/', '/(invalid/'],
+          }).alertIgnoreFields
+      ).toThrow(
+        '[alertIgnoreFields]: "Invalid regular expression: /(/: Unterminated group" at array position 0. "Invalid regular expression: /(invalid/: Unterminated group" at array position 1'
+      );
+    });
+
+    test('should throw with two errors with a valid string mixed in if we send two invalid regular expressions', () => {
+      expect(
+        () =>
+          configSchema.validate({
+            alertIgnoreFields: ['/(/', 'valid.string', '/(invalid/'],
+          }).alertIgnoreFields
+      ).toThrow(
+        '[alertIgnoreFields]: "Invalid regular expression: /(/: Unterminated group" at array position 0. "Invalid regular expression: /(invalid/: Unterminated group" at array position 2'
+      );
+    });
+
+    test('should accept a valid regular expression within the string', () => {
+      expect(
+        configSchema.validate({
+          alertIgnoreFields: ['/(.*)/'],
+        }).alertIgnoreFields
+      ).toEqual(['/(.*)/']);
+    });
+
+    test('should accept two valid regular expressions', () => {
+      expect(
+        configSchema.validate({
+          alertIgnoreFields: ['/(.*)/', '/(.valid*)/'],
+        }).alertIgnoreFields
+      ).toEqual(['/(.*)/', '/(.valid*)/']);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/config.ts b/x-pack/plugins/security_solution/server/config.ts
index a1c6601520a54..0850e43b21eda 100644
--- a/x-pack/plugins/security_solution/server/config.ts
+++ b/x-pack/plugins/security_solution/server/config.ts
@@ -21,12 +21,61 @@ export const configSchema = schema.object({
   maxRuleImportPayloadBytes: schema.number({ defaultValue: 10485760 }),
   maxTimelineImportExportSize: schema.number({ defaultValue: 10000 }),
   maxTimelineImportPayloadBytes: schema.number({ defaultValue: 10485760 }),
+
+  /**
+   * This is used within the merge strategies:
+   * server/lib/detection_engine/signals/source_fields_merging
+   *
+   * For determining which strategy for merging "fields" and "_source" together to get
+   * runtime fields, constant keywords, etc...
+   *
+   * "missingFields" (default) This will only merge fields that are missing from the _source and exist in the fields.
+   * "noFields" This will turn off all merging of runtime fields, constant keywords from fields.
+   * "allFields" This will merge and overwrite anything found within "fields" into "_source" before indexing the data.
+   */
   alertMergeStrategy: schema.oneOf(
     [schema.literal('allFields'), schema.literal('missingFields'), schema.literal('noFields')],
     {
       defaultValue: 'missingFields',
     }
   ),
+
+  /**
+   * This is used within the merge strategies:
+   * server/lib/detection_engine/signals/source_fields_merging
+   *
+   * For determining if we need to ignore particular "fields" and not merge them with "_source" such as
+   * runtime fields, constant keywords, etc...
+   *
+   * This feature and functionality is mostly as "safety feature" meaning that we have had bugs in the past
+   * where something down the stack unexpectedly ends up in the fields API which causes documents to not
+   * be indexable. Rather than changing alertMergeStrategy to be "noFields", you can use this array to add
+   * any problematic values.
+   *
+   * You can use plain dotted notation strings such as "host.name" or a regular expression such as "/host\..+/"
+   */
+  alertIgnoreFields: schema.arrayOf(schema.string(), {
+    defaultValue: [],
+    validate(ignoreFields) {
+      const errors = ignoreFields.flatMap((ignoreField, index) => {
+        if (ignoreField.startsWith('/') && ignoreField.endsWith('/')) {
+          try {
+            new RegExp(ignoreField.slice(1, -1));
+            return [];
+          } catch (error) {
+            return [`"${error.message}" at array position ${index}`];
+          }
+        } else {
+          return [];
+        }
+      });
+      if (errors.length !== 0) {
+        return errors.join('. ');
+      } else {
+        return undefined;
+      }
+    },
+  }),
   [SIGNALS_INDEX_KEY]: schema.string({ defaultValue: DEFAULT_SIGNALS_INDEX }),
 
   /**
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts
index a768273c9d147..1ac85f9a27969 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts
@@ -26,6 +26,7 @@ export const createMockConfig = (): ConfigType => ({
   endpointResultListDefaultPageSize: 10,
   packagerTaskInterval: '60s',
   alertMergeStrategy: 'missingFields',
+  alertIgnoreFields: [],
   prebuiltRulesFromFileSystem: true,
   prebuiltRulesFromSavedObjects: false,
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_factory.ts
index 376a4a29ed89a..7feb9e64e4cb1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_factory.ts
@@ -39,6 +39,7 @@ export const createSecurityRuleTypeFactory: CreateSecurityRuleTypeFactory = ({
   lists,
   logger,
   mergeStrategy,
+  ignoreFields,
   ruleDataClient,
   ruleDataService,
 }) => (type) => {
@@ -191,6 +192,7 @@ export const createSecurityRuleTypeFactory: CreateSecurityRuleTypeFactory = ({
 
         const wrapHits = wrapHitsFactory({
           logger,
+          ignoreFields,
           mergeStrategy,
           ruleSO,
           spaceId,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_bulk_body.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_bulk_body.ts
index ae2ebc787451b..c09d707fe484e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_bulk_body.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_bulk_body.ts
@@ -36,10 +36,11 @@ export const buildBulkBody = (
   ruleSO: SavedObject<AlertAttributes>,
   doc: SignalSourceHit,
   mergeStrategy: ConfigType['alertMergeStrategy'],
+  ignoreFields: ConfigType['alertIgnoreFields'],
   applyOverrides: boolean,
   buildReasonMessage: BuildReasonMessage
 ): RACAlert => {
-  const mergedDoc = getMergeStrategy(mergeStrategy)({ doc });
+  const mergedDoc = getMergeStrategy(mergeStrategy)({ doc, ignoreFields });
   const rule = applyOverrides
     ? buildRuleWithOverrides(ruleSO, mergedDoc._source ?? {})
     : buildRuleWithoutOverrides(ruleSO);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
index 62946c52b7f40..95c7b4e90b29c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts
@@ -7,7 +7,7 @@
 
 import { Logger } from 'kibana/server';
 
-import { SearchAfterAndBulkCreateParams, SignalSourceHit, WrapHits } from '../../signals/types';
+import { SearchAfterAndBulkCreateParams, WrapHits } from '../../signals/types';
 import { buildBulkBody } from './utils/build_bulk_body';
 import { generateId } from '../../signals/utils';
 import { filterDuplicateSignals } from '../../signals/filter_duplicate_signals';
@@ -16,6 +16,7 @@ import { WrappedRACAlert } from '../types';
 
 export const wrapHitsFactory = ({
   logger,
+  ignoreFields,
   mergeStrategy,
   ruleSO,
   spaceId,
@@ -23,6 +24,7 @@ export const wrapHitsFactory = ({
   logger: Logger;
   ruleSO: SearchAfterAndBulkCreateParams['ruleSO'];
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
   spaceId: string | null | undefined;
 }): WrapHits => (events, buildReasonMessage) => {
   try {
@@ -38,8 +40,9 @@ export const wrapHitsFactory = ({
         _source: buildBulkBody(
           spaceId,
           ruleSO,
-          doc as SignalSourceHit,
+          doc,
           mergeStrategy,
+          ignoreFields,
           true,
           buildReasonMessage
         ),
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts
index 4a9d1b5658317..9c48f3fbad677 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts
@@ -63,6 +63,7 @@ describe('Indicator Match Alerts', () => {
       experimentalFeatures: allowedExperimentalValues,
       lists: dependencies.lists,
       logger: dependencies.logger,
+      ignoreFields: [],
       mergeStrategy: 'allFields',
       ruleDataClient: dependencies.ruleDataClient,
       ruleDataService: dependencies.ruleDataService,
@@ -104,6 +105,7 @@ describe('Indicator Match Alerts', () => {
       lists: dependencies.lists,
       logger: dependencies.logger,
       mergeStrategy: 'allFields',
+      ignoreFields: [],
       ruleDataClient: dependencies.ruleDataClient,
       ruleDataService: dependencies.ruleDataService,
       version: '1.0.0',
@@ -142,6 +144,7 @@ describe('Indicator Match Alerts', () => {
       lists: dependencies.lists,
       logger: dependencies.logger,
       mergeStrategy: 'allFields',
+      ignoreFields: [],
       ruleDataClient: dependencies.ruleDataClient,
       ruleDataService: dependencies.ruleDataService,
       version: '1.0.0',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts
index 71acc2e1cee85..f2dfe69debed0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts
@@ -19,6 +19,7 @@ export const createIndicatorMatchAlertType = (createOptions: CreateRuleOptions)
     lists,
     logger,
     mergeStrategy,
+    ignoreFields,
     ruleDataClient,
     version,
     ruleDataService,
@@ -27,6 +28,7 @@ export const createIndicatorMatchAlertType = (createOptions: CreateRuleOptions)
     lists,
     logger,
     mergeStrategy,
+    ignoreFields,
     ruleDataClient,
     ruleDataService,
   });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.test.ts
index dfe83e32114d3..a6403c1051331 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.test.ts
@@ -39,6 +39,7 @@ describe('Custom query alerts', () => {
       lists: dependencies.lists,
       logger: dependencies.logger,
       mergeStrategy: 'allFields',
+      ignoreFields: [],
       ruleDataClient: dependencies.ruleDataClient,
       ruleDataService: dependencies.ruleDataService,
       version: '1.0.0',
@@ -86,6 +87,7 @@ describe('Custom query alerts', () => {
       lists: dependencies.lists,
       logger: dependencies.logger,
       mergeStrategy: 'allFields',
+      ignoreFields: [],
       ruleDataClient: dependencies.ruleDataClient,
       ruleDataService: dependencies.ruleDataService,
       version: '1.0.0',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
index e59037f38ce56..2f185853754b3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
@@ -19,6 +19,7 @@ export const createQueryAlertType = (createOptions: CreateRuleOptions) => {
     lists,
     logger,
     mergeStrategy,
+    ignoreFields,
     ruleDataClient,
     version,
     ruleDataService,
@@ -27,6 +28,7 @@ export const createQueryAlertType = (createOptions: CreateRuleOptions) => {
     lists,
     logger,
     mergeStrategy,
+    ignoreFields,
     ruleDataClient,
     ruleDataService,
   });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
index e781bfc50bee4..f01f58456a81b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
@@ -96,6 +96,7 @@ export type CreateSecurityRuleTypeFactory = (options: {
   lists: SetupPlugins['lists'];
   logger: Logger;
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
   ruleDataClient: IRuleDataClient;
   ruleDataService: IRuleDataPluginService;
 }) => <
@@ -124,6 +125,7 @@ export interface CreateRuleOptions {
   lists: SetupPlugins['lists'];
   logger: Logger;
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
   ruleDataClient: IRuleDataClient;
   version: string;
   ruleDataService: IRuleDataPluginService;
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.test.ts
index 206f3ae59d246..5f392bed75f76 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.test.ts
@@ -43,6 +43,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     // Timestamp will potentially always be different so remove it for the test
@@ -114,6 +115,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     // Timestamp will potentially always be different so remove it for the test
@@ -199,6 +201,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     // Timestamp will potentially always be different so remove it for the test
@@ -270,6 +273,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     // Timestamp will potentially always be different so remove it for the test
@@ -338,6 +342,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     // Timestamp will potentially always be different so remove it for the test
@@ -405,6 +410,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     const expected: Omit<SignalHit, '@timestamp'> & { someKey: string } = {
@@ -468,6 +474,7 @@ describe('buildBulkBody', () => {
       ruleSO,
       doc,
       'missingFields',
+      [],
       buildReasonMessage
     );
     const expected: Omit<SignalHit, '@timestamp'> & { someKey: string } = {
@@ -712,6 +719,7 @@ describe('buildSignalFromEvent', () => {
       ruleSO,
       true,
       'missingFields',
+      [],
       buildReasonMessage
     );
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
index a1f63a6d4e0c6..f8e39964523d0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
@@ -37,9 +37,10 @@ export const buildBulkBody = (
   ruleSO: SavedObject<AlertAttributes>,
   doc: SignalSourceHit,
   mergeStrategy: ConfigType['alertMergeStrategy'],
+  ignoreFields: ConfigType['alertIgnoreFields'],
   buildReasonMessage: BuildReasonMessage
 ): SignalHit => {
-  const mergedDoc = getMergeStrategy(mergeStrategy)({ doc });
+  const mergedDoc = getMergeStrategy(mergeStrategy)({ doc, ignoreFields });
   const rule = buildRuleWithOverrides(ruleSO, mergedDoc._source ?? {});
   const timestamp = new Date().toISOString();
   const reason = buildReasonMessage({ mergedDoc, rule });
@@ -76,11 +77,19 @@ export const buildSignalGroupFromSequence = (
   ruleSO: SavedObject<AlertAttributes>,
   outputIndex: string,
   mergeStrategy: ConfigType['alertMergeStrategy'],
+  ignoreFields: ConfigType['alertIgnoreFields'],
   buildReasonMessage: BuildReasonMessage
 ): WrappedSignalHit[] => {
   const wrappedBuildingBlocks = wrapBuildingBlocks(
     sequence.events.map((event) => {
-      const signal = buildSignalFromEvent(event, ruleSO, false, mergeStrategy, buildReasonMessage);
+      const signal = buildSignalFromEvent(
+        event,
+        ruleSO,
+        false,
+        mergeStrategy,
+        ignoreFields,
+        buildReasonMessage
+      );
       signal.signal.rule.building_block_type = 'default';
       return signal;
     }),
@@ -121,10 +130,9 @@ export const buildSignalFromSequence = (
 ): SignalHit => {
   const rule = buildRuleWithoutOverrides(ruleSO);
   const timestamp = new Date().toISOString();
-
-  const reason = buildReasonMessage({ rule });
-  const signal: Signal = buildSignal(events, rule, reason);
   const mergedEvents = objectArrayIntersection(events.map((event) => event._source));
+  const reason = buildReasonMessage({ rule, mergedDoc: mergedEvents as SignalSourceHit });
+  const signal: Signal = buildSignal(events, rule, reason);
   return {
     ...mergedEvents,
     '@timestamp': timestamp,
@@ -147,9 +155,10 @@ export const buildSignalFromEvent = (
   ruleSO: SavedObject<AlertAttributes>,
   applyOverrides: boolean,
   mergeStrategy: ConfigType['alertMergeStrategy'],
+  ignoreFields: ConfigType['alertIgnoreFields'],
   buildReasonMessage: BuildReasonMessage
 ): SignalHit => {
-  const mergedEvent = getMergeStrategy(mergeStrategy)({ doc: event });
+  const mergedEvent = getMergeStrategy(mergeStrategy)({ doc: event, ignoreFields });
   const rule = applyOverrides
     ? buildRuleWithOverrides(ruleSO, mergedEvent._source ?? {})
     : buildRuleWithoutOverrides(ruleSO);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatter.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatter.test.ts
index 1a383b51eb8d4..5b55df2bee936 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatter.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatter.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { buildCommonReasonMessage } from './reason_formatters';
+import { buildReasonMessageUtil } from './reason_formatters';
 import { RulesSchema } from '../../../../common/detection_engine/schemas/response/rules_schema';
 import { SignalSourceHit } from './types';
 
@@ -14,26 +14,48 @@ describe('reason_formatter', () => {
   let mergedDoc: SignalSourceHit;
   beforeAll(() => {
     rule = {
-      name: 'What is in a name',
+      name: 'my-rule',
       risk_score: 9000,
       severity: 'medium',
     } as RulesSchema; // Cast here as all fields aren't required
     mergedDoc = {
-      _index: 'some-index',
-      _id: 'some-id',
+      _index: 'index-1',
+      _id: 'id-1',
       fields: {
-        'host.name': ['party host'],
-        'user.name': ['ferris bueller'],
+        'destination.address': ['9.99.99.9'],
+        'destination.port': ['6789'],
+        'event.category': ['test'],
+        'file.name': ['sample'],
+        'host.name': ['host'],
+        'process.name': ['doingThings.exe'],
+        'process.parent.name': ['didThings.exe'],
+        'source.address': ['1.11.11.1'],
+        'source.port': ['1234'],
+        'user.name': ['test-user'],
         '@timestamp': '2021-08-11T02:28:59.101Z',
       },
     };
   });
 
-  describe('buildCommonReasonMessage', () => {
+  describe('buildReasonMessageUtil', () => {
     describe('when rule and mergedDoc are provided', () => {
       it('should return the full reason message', () => {
-        expect(buildCommonReasonMessage({ rule, mergedDoc })).toEqual(
-          'Alert What is in a name created with a medium severity and risk score of 9000 by ferris bueller on party host.'
+        expect(buildReasonMessageUtil({ rule, mergedDoc })).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, destination 9.99.99.9:6789, by test-user on host created medium alert my-rule."`
+        );
+      });
+    });
+    describe('when event category contains multiple items', () => {
+      it('should return the reason message with all categories showing', () => {
+        const updatedMergedDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'event.category': ['item one', 'item two'],
+          },
+        };
+        expect(buildReasonMessageUtil({ rule, mergedDoc: updatedMergedDoc })).toMatchInlineSnapshot(
+          `"item one, item two event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, destination 9.99.99.9:6789, by test-user on host created medium alert my-rule."`
         );
       });
     });
@@ -46,8 +68,8 @@ describe('reason_formatter', () => {
             'host.name': ['-'],
           },
         };
-        expect(buildCommonReasonMessage({ rule, mergedDoc: updatedMergedDoc })).toEqual(
-          'Alert What is in a name created with a medium severity and risk score of 9000 by ferris bueller.'
+        expect(buildReasonMessageUtil({ rule, mergedDoc: updatedMergedDoc })).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, destination 9.99.99.9:6789, by test-user created medium alert my-rule."`
         );
       });
     });
@@ -60,16 +82,102 @@ describe('reason_formatter', () => {
             'user.name': ['-'],
           },
         };
-        expect(buildCommonReasonMessage({ rule, mergedDoc: updatedMergedDoc })).toEqual(
-          'Alert What is in a name created with a medium severity and risk score of 9000 on party host.'
+        expect(buildReasonMessageUtil({ rule, mergedDoc: updatedMergedDoc })).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, destination 9.99.99.9:6789, on host created medium alert my-rule."`
+        );
+      });
+    });
+    describe('when rule and mergedDoc are provided, but destination details are missing', () => {
+      it('should return the reason message without the destination port', () => {
+        const noDestinationPortDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'destination.port': ['-'],
+          },
+        };
+        expect(
+          buildReasonMessageUtil({ rule, mergedDoc: noDestinationPortDoc })
+        ).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, destination 9.99.99.9 by test-user on host created medium alert my-rule."`
+        );
+      });
+      it('should return the reason message without destination details', () => {
+        const noDestinationPortDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'destination.address': ['-'],
+            'destination.port': ['-'],
+          },
+        };
+        expect(
+          buildReasonMessageUtil({ rule, mergedDoc: noDestinationPortDoc })
+        ).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1:1234, by test-user on host created medium alert my-rule."`
+        );
+      });
+    });
+    describe('when rule and mergedDoc are provided, but source details are missing', () => {
+      it('should return the reason message without the source port', () => {
+        const noSourcePortDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'source.port': ['-'],
+          },
+        };
+        expect(buildReasonMessageUtil({ rule, mergedDoc: noSourcePortDoc })).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, source 1.11.11.1 destination 9.99.99.9:6789, by test-user on host created medium alert my-rule."`
+        );
+      });
+      it('should return the reason message without source details', () => {
+        const noSourcePortDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'source.address': ['-'],
+            'source.port': ['-'],
+          },
+        };
+        expect(buildReasonMessageUtil({ rule, mergedDoc: noSourcePortDoc })).toMatchInlineSnapshot(
+          `"test event with process doingThings.exe, parent process didThings.exe, file sample, destination 9.99.99.9:6789, by test-user on host created medium alert my-rule."`
+        );
+      });
+    });
+    describe('when rule and mergedDoc are provided, but process details missing', () => {
+      it('should return the reason message without process details', () => {
+        const updatedMergedDoc = {
+          ...mergedDoc,
+          fields: {
+            ...mergedDoc.fields,
+            'process.name': ['-'],
+            'process.parent.name': ['-'],
+          },
+        };
+        expect(buildReasonMessageUtil({ rule, mergedDoc: updatedMergedDoc })).toMatchInlineSnapshot(
+          `"test event with file sample, source 1.11.11.1:1234, destination 9.99.99.9:6789, by test-user on host created medium alert my-rule."`
+        );
+      });
+    });
+    describe('when rule and mergedDoc are provided without any fields of interest', () => {
+      it('should return the full reason message', () => {
+        const updatedMergedDoc = {
+          ...mergedDoc,
+          fields: {
+            'event.category': ['test'],
+            'user.name': ['test-user'],
+            '@timestamp': '2021-08-11T02:28:59.101Z',
+          },
+        };
+        expect(buildReasonMessageUtil({ rule, mergedDoc: updatedMergedDoc })).toMatchInlineSnapshot(
+          `"test event by test-user created medium alert my-rule."`
         );
       });
     });
     describe('when only rule is provided', () => {
       it('should return the reason message without host name or user name', () => {
-        expect(buildCommonReasonMessage({ rule })).toEqual(
-          'Alert What is in a name created with a medium severity and risk score of 9000.'
-        );
+        expect(buildReasonMessageUtil({ rule })).toMatchInlineSnapshot(`""`);
       });
     });
   });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatters.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatters.ts
index 4917cdbd29170..e93a45bd13246 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatters.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatters.ts
@@ -6,6 +6,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import { getOr } from 'lodash/fp';
 import { RulesSchema } from '../../../../common/detection_engine/schemas/response/rules_schema';
 import { SignalSourceHit } from './types';
 
@@ -14,54 +15,118 @@ export interface BuildReasonMessageArgs {
   mergedDoc?: SignalSourceHit;
 }
 
+export interface BuildReasonMessageUtilArgs extends BuildReasonMessageArgs {
+  type?: 'eql' | 'ml' | 'query' | 'threatMatch' | 'threshold';
+}
+
 export type BuildReasonMessage = (args: BuildReasonMessageArgs) => string;
 
+interface ReasonFields {
+  destinationAddress?: string | string[] | null;
+  destinationPort?: string | string[] | null;
+  eventCategory?: string | string[] | null;
+  fileName?: string | string[] | null;
+  hostName?: string | string[] | null;
+  processName?: string | string[] | null;
+  processParentName?: string | string[] | null;
+  sourceAddress?: string | string[] | null;
+  sourcePort?: string | string[] | null;
+  userName?: string | string[] | null;
+}
+const getFieldsFromDoc = (mergedDoc: SignalSourceHit) => {
+  const reasonFields: ReasonFields = {};
+  const docToUse = mergedDoc?.fields || mergedDoc;
+
+  reasonFields.destinationAddress = getOr(null, 'destination.address', docToUse);
+  reasonFields.destinationPort = getOr(null, 'destination.port', docToUse);
+  reasonFields.eventCategory = getOr(null, 'event.category', docToUse);
+  reasonFields.fileName = getOr(null, 'file.name', docToUse);
+  reasonFields.hostName = getOr(null, 'host.name', docToUse);
+  reasonFields.processName = getOr(null, 'process.name', docToUse);
+  reasonFields.processParentName = getOr(null, 'process.parent.name', docToUse);
+  reasonFields.sourceAddress = getOr(null, 'source.address', docToUse);
+  reasonFields.sourcePort = getOr(null, 'source.port', docToUse);
+  reasonFields.userName = getOr(null, 'user.name', docToUse);
+
+  return reasonFields;
+};
 /**
  * Currently all security solution rule types share a common reason message string. This function composes that string
  * In the future there may be different configurations based on the different rule types, so the plumbing has been put in place
  * to more easily allow for this in the future.
  * @export buildCommonReasonMessage - is only exported for testing purposes, and only used internally here.
  */
-export const buildCommonReasonMessage = ({ rule, mergedDoc }: BuildReasonMessageArgs) => {
-  if (!rule) {
+export const buildReasonMessageUtil = ({ rule, mergedDoc }: BuildReasonMessageUtilArgs) => {
+  if (!rule || !mergedDoc) {
     // This should never happen, but in case, better to not show a malformed string
     return '';
   }
-  let hostName;
-  let userName;
-  if (mergedDoc?.fields) {
-    hostName = mergedDoc.fields['host.name'] != null ? mergedDoc.fields['host.name'] : hostName;
-    userName = mergedDoc.fields['user.name'] != null ? mergedDoc.fields['user.name'] : userName;
-  }
+  const {
+    destinationAddress,
+    destinationPort,
+    eventCategory,
+    fileName,
+    hostName,
+    processName,
+    processParentName,
+    sourceAddress,
+    sourcePort,
+    userName,
+  } = getFieldsFromDoc(mergedDoc);
+
+  const fieldPresenceTracker = { hasFieldOfInterest: false };
 
-  const isFieldEmpty = (field: string | string[] | undefined | null) =>
-    !field || !field.length || (field.length === 1 && field[0] === '-');
+  const getFieldTemplateValue = (
+    field: string | string[] | undefined | null,
+    isFieldOfInterest?: boolean
+  ): string | null => {
+    if (!field || !field.length || (field.length === 1 && field[0] === '-')) return null;
+    if (isFieldOfInterest && !fieldPresenceTracker.hasFieldOfInterest)
+      fieldPresenceTracker.hasFieldOfInterest = true;
+    return Array.isArray(field) ? field.join(', ') : field;
+  };
 
   return i18n.translate('xpack.securitySolution.detectionEngine.signals.alertReasonDescription', {
-    defaultMessage:
-      'Alert {alertName} created with a {alertSeverity} severity and risk score of {alertRiskScore}{userName, select, null {} other {{whitespace}by {userName}} }{hostName, select, null {} other {{whitespace}on {hostName}} }.',
+    defaultMessage: `{eventCategory, select, null {} other {{eventCategory}{whitespace}}}event\
+{hasFieldOfInterest, select, false {} other {{whitespace}with}}\
+{processName, select, null {} other {{whitespace}process {processName},} }\
+{processParentName, select, null {} other {{whitespace}parent process {processParentName},} }\
+{fileName, select, null {} other {{whitespace}file {fileName},} }\
+{sourceAddress, select, null {} other {{whitespace}source {sourceAddress}}}{sourcePort, select, null {} other {:{sourcePort},}}\
+{destinationAddress, select, null {} other {{whitespace}destination {destinationAddress}}}{destinationPort, select, null {} other {:{destinationPort},}}\
+{userName, select, null {} other {{whitespace}by {userName}} }\
+{hostName, select, null {} other {{whitespace}on {hostName}} } \
+created {alertSeverity} alert {alertName}.`,
     values: {
       alertName: rule.name,
       alertSeverity: rule.severity,
-      alertRiskScore: rule.risk_score,
-      hostName: isFieldEmpty(hostName) ? 'null' : hostName,
-      userName: isFieldEmpty(userName) ? 'null' : userName,
+      destinationAddress: getFieldTemplateValue(destinationAddress, true),
+      destinationPort: getFieldTemplateValue(destinationPort, true),
+      eventCategory: getFieldTemplateValue(eventCategory),
+      fileName: getFieldTemplateValue(fileName, true),
+      hostName: getFieldTemplateValue(hostName),
+      processName: getFieldTemplateValue(processName, true),
+      processParentName: getFieldTemplateValue(processParentName, true),
+      sourceAddress: getFieldTemplateValue(sourceAddress, true),
+      sourcePort: getFieldTemplateValue(sourcePort, true),
+      userName: getFieldTemplateValue(userName),
+      hasFieldOfInterest: fieldPresenceTracker.hasFieldOfInterest, // Tracking if we have any fields to show the 'with' word
       whitespace: ' ', // there isn't support for the unicode /u0020 for whitespace, and leading spaces are deleted, so to prevent double-whitespace explicitly passing the space in.
     },
   });
 };
 
 export const buildReasonMessageForEqlAlert = (args: BuildReasonMessageArgs) =>
-  buildCommonReasonMessage({ ...args });
+  buildReasonMessageUtil({ ...args, type: 'eql' });
 
 export const buildReasonMessageForMlAlert = (args: BuildReasonMessageArgs) =>
-  buildCommonReasonMessage({ ...args });
+  buildReasonMessageUtil({ ...args, type: 'ml' });
 
 export const buildReasonMessageForQueryAlert = (args: BuildReasonMessageArgs) =>
-  buildCommonReasonMessage({ ...args });
+  buildReasonMessageUtil({ ...args, type: 'query' });
 
 export const buildReasonMessageForThreatMatchAlert = (args: BuildReasonMessageArgs) =>
-  buildCommonReasonMessage({ ...args });
+  buildReasonMessageUtil({ ...args, type: 'threatMatch' });
 
 export const buildReasonMessageForThresholdAlert = (args: BuildReasonMessageArgs) =>
-  buildCommonReasonMessage({ ...args });
+  buildReasonMessageUtil({ ...args, type: 'threshold' });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
index 8bf0c986b9c25..55a184a1c0bcc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
@@ -74,6 +74,7 @@ describe('searchAfterAndBulkCreate', () => {
       ruleSO,
       signalsIndex: DEFAULT_SIGNALS_INDEX,
       mergeStrategy: 'missingFields',
+      ignoreFields: [],
     });
   });
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
index 6435204d1b7df..de57da62c3539 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
@@ -199,6 +199,7 @@ describe('signal_rule_alert_type', () => {
       ml: mlMock,
       lists: listMock.createSetup(),
       mergeStrategy: 'missingFields',
+      ignoreFields: [],
       ruleDataService,
     });
   });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
index b242691577b89..444a087821a95 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@@ -81,6 +81,7 @@ export const signalRulesAlertType = ({
   ml,
   lists,
   mergeStrategy,
+  ignoreFields,
   ruleDataService,
 }: {
   logger: Logger;
@@ -90,6 +91,7 @@ export const signalRulesAlertType = ({
   ml: SetupPlugins['ml'];
   lists: SetupPlugins['lists'] | undefined;
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
   ruleDataService: IRuleDataPluginService;
 }): SignalRuleAlertTypeDefinition => {
   return {
@@ -258,12 +260,14 @@ export const signalRulesAlertType = ({
           ruleSO: savedObject,
           signalsIndex: params.outputIndex,
           mergeStrategy,
+          ignoreFields,
         });
 
         const wrapSequences = wrapSequencesFactory({
           ruleSO: savedObject,
           signalsIndex: params.outputIndex,
           mergeStrategy,
+          ignoreFields,
         });
 
         if (isMlRule(type)) {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.test.ts
index b900ea268fd6e..6af82d3a71028 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.test.ts
@@ -44,7 +44,7 @@ describe('merge_all_fields_with_source', () => {
       test('when source is "undefined", merged doc is "undefined"', () => {
         const _source: SignalSourceHit['_source'] = {};
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -53,7 +53,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -62,7 +62,7 @@ describe('merge_all_fields_with_source', () => {
           foo: 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -71,7 +71,7 @@ describe('merge_all_fields_with_source', () => {
           foo: ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -80,7 +80,7 @@ describe('merge_all_fields_with_source', () => {
           foo: ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -89,7 +89,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -98,7 +98,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -107,7 +107,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -133,7 +133,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -142,7 +142,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -151,7 +151,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -160,7 +160,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -169,7 +169,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -178,7 +178,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -187,7 +187,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -217,7 +217,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: [] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -226,7 +226,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: 'value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -235,7 +235,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: ['value'] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -244,7 +244,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: ['value_1', 'value_2'] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -253,7 +253,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: { mars: 'some value' } },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -262,7 +262,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: [{ mars: 'some value' }] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -271,7 +271,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: [{ mars: 'some value' }, { mars: 'some other value' }] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -299,7 +299,7 @@ describe('merge_all_fields_with_source', () => {
           'bar.foo': [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -308,7 +308,7 @@ describe('merge_all_fields_with_source', () => {
           'bar.foo': 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -317,7 +317,7 @@ describe('merge_all_fields_with_source', () => {
           'bar.foo': ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -326,7 +326,7 @@ describe('merge_all_fields_with_source', () => {
           'bar.foo': ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -335,7 +335,7 @@ describe('merge_all_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -344,7 +344,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -353,7 +353,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -376,7 +376,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': ['other_value_1'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: {
           bar: 'other_value_1',
@@ -389,7 +389,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': ['other_value_1', 'other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: {
           bar: ['other_value_1', 'other_value_2'],
@@ -402,7 +402,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': [{ zed: 'other_value_1' }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: { bar: { zed: 'other_value_1' } },
       });
@@ -413,7 +413,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
       });
@@ -440,7 +440,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: 'other_value_1',
@@ -453,7 +453,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: ['other_value_1', 'other_value_2'] },
         });
@@ -464,7 +464,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: 'other_value_1',
@@ -477,7 +477,7 @@ describe('merge_all_fields_with_source', () => {
           foo: [{ bar: 'other_value_1' }, { bar: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: [{ bar: 'other_value_1' }, { bar: 'other_value_2' }],
         });
@@ -503,7 +503,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'foo.bar': 'other_value_1',
         });
@@ -514,7 +514,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -523,7 +523,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'foo.bar': { zed: 'other_value_1' },
         });
@@ -534,7 +534,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -560,7 +560,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: ['other_value_1'] },
         });
@@ -571,7 +571,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: ['other_value_1', 'other_value_2'] },
         });
@@ -582,7 +582,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }] },
         });
@@ -593,7 +593,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
         });
@@ -619,7 +619,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -628,7 +628,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -637,7 +637,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -646,7 +646,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -670,7 +670,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: ['other_value_1'] },
         });
@@ -681,7 +681,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: ['other_value_1', 'other_value_2'] },
         });
@@ -692,7 +692,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }] },
         });
@@ -703,7 +703,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
         });
@@ -729,7 +729,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -738,7 +738,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -747,7 +747,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -756,7 +756,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -782,7 +782,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: ['other_value_1'],
@@ -795,7 +795,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: ['other_value_1', 'other_value_2'],
@@ -808,7 +808,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: [{ zed: 'other_value_1' }],
@@ -821,7 +821,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
@@ -849,7 +849,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -858,7 +858,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -867,7 +867,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -876,7 +876,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -902,7 +902,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -911,7 +911,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -920,7 +920,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: { zed: 'other_value_1' } },
         });
@@ -931,7 +931,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
         });
@@ -957,7 +957,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -966,7 +966,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -975,7 +975,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'foo.bar': { mars: 'other_value_1' },
         });
@@ -986,7 +986,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         });
@@ -1014,7 +1014,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1023,7 +1023,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1032,7 +1032,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }] },
         });
@@ -1043,7 +1043,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
         });
@@ -1069,7 +1069,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1078,7 +1078,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1087,7 +1087,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }] },
         });
@@ -1098,7 +1098,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: { bar: [{ zed: 'other_value_1' }, { zed: 'other_value_2' }] },
         });
@@ -1124,7 +1124,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1133,7 +1133,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1142,7 +1142,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -1151,7 +1151,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -1175,7 +1175,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1184,7 +1184,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1193,7 +1193,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
 
@@ -1202,7 +1202,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(fields);
       });
     });
@@ -1228,7 +1228,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': ['other_value_1'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: { bar: 'value_1' },
         'foo.bar': 'other_value_1',
@@ -1243,7 +1243,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.bar': ['value_1', 'value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: { bar: 'value_1' }, // <--- We have duplicated value_1 twice which is a bug
         'foo.bar': ['value_1', 'value_2'], // <-- We have merged the array value because we do not understand if we should or not
@@ -1270,7 +1270,7 @@ describe('merge_all_fields_with_source', () => {
           'bar.keyword': ['bar_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: 'foo_other_value_1',
           bar: 'bar_other_value_1',
@@ -1291,7 +1291,7 @@ describe('merge_all_fields_with_source', () => {
           'host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           host: {
             hostname: 'hostname_other_value_1',
@@ -1316,7 +1316,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: {
             host: {
@@ -1334,7 +1334,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar': ['other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: 'other_value_1',
         });
@@ -1354,7 +1354,7 @@ describe('merge_all_fields_with_source', () => {
           'host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'host.name': 'host_name_other_value_1',
           'host.hostname': 'hostname_other_value_1',
@@ -1373,7 +1373,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           'foo.host.name': 'host_name_other_value_1',
           'foo.host.hostname': 'hostname_other_value_1',
@@ -1388,7 +1388,7 @@ describe('merge_all_fields_with_source', () => {
           'foo.bar.zed': ['zed_other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeAllFieldsWithSource({ doc })._source;
+        const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: 'other_value_1',
         });
@@ -1415,7 +1415,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.mars': ['other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
 
@@ -1435,7 +1435,7 @@ describe('merge_all_fields_with_source', () => {
         'foo.zed.mars': ['other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
   });
@@ -1450,7 +1450,7 @@ describe('merge_all_fields_with_source', () => {
         foo: [{ bar: ['single_value'], zed: ['single_value'] }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: { bar: 'single_value', zed: 'single_value' },
       });
@@ -1469,10 +1469,132 @@ describe('merge_all_fields_with_source', () => {
         foo: [{ bar: ['single_value'], zed: ['single_value'] }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeAllFieldsWithSource({ doc })._source;
+      const merged = mergeAllFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: [{ bar: ['single_value'], zed: ['single_value'] }],
       });
     });
   });
+
+  /**
+   * Small set of tests to ensure that ignore fields are wired up at the strategy level
+   */
+  describe('ignore fields', () => {
+    test('Does not merge an ignored field if it does not exist already in the _source', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.ignore': ['other_value_2'], // string value should ignore this
+        '_odd.value': ['other_value_2'], // Regex should ignore this value of: /[_]+/
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeAllFieldsWithSource({
+        doc,
+        ignoreFields: ['value.should.ignore', '/[_]+/'],
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+      });
+    });
+
+    test('Does merge fields when no matching happens', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.work': ['other_value_2'],
+        '_odd.value': ['other_value_2'],
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeAllFieldsWithSource({
+        doc,
+        ignoreFields: ['other.string', '/[z]+/'], // Neither of these two should match anything
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+        _odd: {
+          value: 'other_value_2',
+        },
+        value: {
+          should: {
+            work: 'other_value_2',
+          },
+        },
+      });
+    });
+
+    test('Does not update an ignored field and keeps the original value if it matches in the ignoreFields', () => {
+      const _source: SignalSourceHit['_source'] = {
+        'value.should.ignore': ['value_1'],
+        '_odd.value': ['value_2'],
+      };
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.ignore': ['other_value_2'], // string value should ignore this
+        '_odd.value': ['other_value_2'], // Regex should ignore this value of: /[_]+/
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeAllFieldsWithSource({
+        doc,
+        ignoreFields: ['value.should.ignore', '/[_]+/'],
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+        'value.should.ignore': ['value_1'],
+        '_odd.value': ['value_2'],
+      });
+    });
+
+    test('Does not ignore anything when no matching happens and overwrites the expected fields', () => {
+      const _source: SignalSourceHit['_source'] = {
+        'value.should.ignore': ['value_1'],
+        '_odd.value': ['value_2'],
+      };
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.ignore': ['other_value_2'],
+        '_odd.value': ['other_value_2'],
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeAllFieldsWithSource({
+        doc,
+        ignoreFields: ['nothing.to.match', '/[z]+/'], // these match nothing
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+        'value.should.ignore': ['other_value_2'],
+        '_odd.value': ['other_value_2'],
+      });
+    });
+  });
+
+  /**
+   * Test that the EQL bug workaround is wired up. Remove this once the bug is fixed.
+   */
+  describe('Works around EQL bug 77152 (https://github.com/elastic/elasticsearch/issues/77152)', () => {
+    test('Does not merge field that contains _ignored', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        _ignored: ['other_value_1'],
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeAllFieldsWithSource({
+        doc,
+        ignoreFields: [],
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+      });
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.ts
index da2eea9d2c61e..ade83b88d526b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_all_fields_with_source.ts
@@ -23,14 +23,16 @@ import { isTypeObject } from '../utils/is_type_object';
  * on this function and the general strategies.
  *
  * @param doc The document with "_source" and "fields"
- * @param throwOnFailSafe Defaults to false, but if set to true it will cause a throw if the fail safe is triggered to indicate we need to add a new explicit test condition
+ * @param ignoreFields Any fields that we should ignore and never merge from "fields". If the value exists
+ * within doc._source it will be untouched and used. If the value does not exist within the doc._source,
+ * it will not be added from fields.
  * @returns The two merged together in one object where we can
  */
-export const mergeAllFieldsWithSource: MergeStrategyFunction = ({ doc }) => {
+export const mergeAllFieldsWithSource: MergeStrategyFunction = ({ doc, ignoreFields }) => {
   const source = doc._source ?? {};
   const fields = doc.fields ?? {};
   const fieldEntries = Object.entries(fields);
-  const filteredEntries = filterFieldEntries(fieldEntries);
+  const filteredEntries = filterFieldEntries(fieldEntries, ignoreFields);
 
   const transformedSource = filteredEntries.reduce(
     (merged, [fieldsKey, fieldsValue]: [string, FieldsType]) => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.test.ts
index 70d1e79580e84..612bff75792da 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.test.ts
@@ -44,7 +44,7 @@ describe('merge_missing_fields_with_source', () => {
       test('when source is "undefined", merged doc is "undefined"', () => {
         const _source: SignalSourceHit['_source'] = {};
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -53,7 +53,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -62,7 +62,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -71,7 +71,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -80,7 +80,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -89,7 +89,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -98,7 +98,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -107,7 +107,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -133,7 +133,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -142,7 +142,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -151,7 +151,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -160,7 +160,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -169,7 +169,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -178,7 +178,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -187,7 +187,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -217,7 +217,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: [] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -226,7 +226,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: 'value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -235,7 +235,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: ['value'] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -244,7 +244,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: ['value_1', 'value_2'] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -253,7 +253,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: { mars: 'some value' } },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -262,7 +262,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: [{ mars: 'some value' }] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -271,7 +271,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: [{ mars: 'some value' }, { mars: 'some other value' }] },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -299,7 +299,7 @@ describe('merge_missing_fields_with_source', () => {
           'bar.foo': [],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -308,7 +308,7 @@ describe('merge_missing_fields_with_source', () => {
           'bar.foo': 'value',
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -317,7 +317,7 @@ describe('merge_missing_fields_with_source', () => {
           'bar.foo': ['value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -326,7 +326,7 @@ describe('merge_missing_fields_with_source', () => {
           'bar.foo': ['value_1', 'value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -335,7 +335,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: { bar: 'some value' },
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -344,7 +344,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -353,7 +353,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'some value' }, { foo: 'some other value' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -376,7 +376,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': ['other_value_1'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: {
           bar: 'other_value_1',
@@ -389,7 +389,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': ['other_value_1', 'other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
         foo: {
           bar: ['other_value_1', 'other_value_2'],
@@ -402,7 +402,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': [{ zed: 'other_value_1' }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({});
     });
 
@@ -411,7 +411,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({});
     });
   });
@@ -436,7 +436,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -445,7 +445,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -454,7 +454,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -463,7 +463,7 @@ describe('merge_missing_fields_with_source', () => {
           foo: [{ bar: 'other_value_1' }, { bar: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -487,7 +487,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -496,7 +496,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -505,7 +505,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -514,7 +514,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -540,7 +540,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -549,7 +549,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -558,7 +558,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -567,7 +567,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -591,7 +591,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -600,7 +600,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -609,7 +609,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -618,7 +618,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -642,7 +642,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -651,7 +651,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -660,7 +660,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -669,7 +669,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -693,7 +693,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -702,7 +702,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -711,7 +711,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -720,7 +720,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -746,7 +746,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -755,7 +755,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -764,7 +764,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -773,7 +773,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -797,7 +797,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -806,7 +806,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -815,7 +815,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -824,7 +824,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -850,7 +850,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -859,7 +859,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -868,7 +868,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -877,7 +877,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -901,7 +901,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -910,7 +910,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -919,7 +919,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -928,7 +928,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -954,7 +954,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -963,7 +963,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -972,7 +972,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -981,7 +981,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -1005,7 +1005,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1014,7 +1014,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1023,7 +1023,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1032,7 +1032,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ zed: 'other_value_1' }, { zed: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -1056,7 +1056,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1065,7 +1065,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1074,7 +1074,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1083,7 +1083,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -1107,7 +1107,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1116,7 +1116,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_1', 'other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1125,7 +1125,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1134,7 +1134,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': [{ mars: 'other_value_1' }, { mars: 'other_value_2' }],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
     });
@@ -1160,7 +1160,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': ['other_value_1'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
 
@@ -1172,7 +1172,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.bar': ['value_1', 'value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
   });
@@ -1196,7 +1196,7 @@ describe('merge_missing_fields_with_source', () => {
           'bar.keyword': ['bar_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1214,7 +1214,7 @@ describe('merge_missing_fields_with_source', () => {
           'host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1234,7 +1234,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1245,7 +1245,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar': ['other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: 'other_value_1',
         });
@@ -1265,7 +1265,7 @@ describe('merge_missing_fields_with_source', () => {
           'host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1281,7 +1281,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.host.hostname.keyword': ['hostname_other_value_keyword_1'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
       });
 
@@ -1293,7 +1293,7 @@ describe('merge_missing_fields_with_source', () => {
           'foo.bar.zed': ['zed_other_value_2'],
         };
         const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-        const merged = mergeMissingFieldsWithSource({ doc })._source;
+        const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
         expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
           foo: 'other_value_1',
         });
@@ -1320,7 +1320,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.mars': ['other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
 
@@ -1340,7 +1340,7 @@ describe('merge_missing_fields_with_source', () => {
         'foo.zed.mars': ['other_value_2'],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
   });
@@ -1355,7 +1355,7 @@ describe('merge_missing_fields_with_source', () => {
         foo: [{ bar: ['single_value'], zed: ['single_value'] }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({});
     });
 
@@ -1372,8 +1372,82 @@ describe('merge_missing_fields_with_source', () => {
         foo: [{ bar: ['single_value'], zed: ['single_value'] }],
       };
       const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
-      const merged = mergeMissingFieldsWithSource({ doc })._source;
+      const merged = mergeMissingFieldsWithSource({ doc, ignoreFields: [] })._source;
       expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>(_source);
     });
   });
+
+  /**
+   * Small set of tests to ensure that ignore fields are wired up at the strategy level
+   */
+  describe('ignore fields', () => {
+    test('Does not merge an ignored field if it does not exist already in the _source', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.ignore': ['other_value_2'], // string value should ignore this
+        '_odd.value': ['other_value_2'], // Regex should ignore this value of: /[_]+/
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeMissingFieldsWithSource({
+        doc,
+        ignoreFields: ['value.should.ignore', '/[_]+/'],
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+      });
+    });
+
+    test('Does merge fields when no matching happens', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        'value.should.work': ['other_value_2'],
+        '_odd.value': ['other_value_2'],
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeMissingFieldsWithSource({
+        doc,
+        ignoreFields: ['other.string', '/[z]+/'], // Neither of these two should match anything
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+        _odd: {
+          value: 'other_value_2',
+        },
+        value: {
+          should: {
+            work: 'other_value_2',
+          },
+        },
+      });
+    });
+  });
+
+  /**
+   * Test that the EQL bug workaround is wired up. Remove this once the bug is fixed.
+   */
+  describe('Works around EQL bug 77152 (https://github.com/elastic/elasticsearch/issues/77152)', () => {
+    test('Does not merge field that contains _ignored', () => {
+      const _source: SignalSourceHit['_source'] = {};
+      const fields: SignalSourceHit['fields'] = {
+        'foo.bar': ['other_value_1'],
+        _ignored: ['other_value_1'],
+      };
+      const doc: SignalSourceHit = { ...emptyEsResult(), _source, fields };
+      const merged = mergeMissingFieldsWithSource({
+        doc,
+        ignoreFields: [],
+      })._source;
+      expect(merged).toEqual<ReturnTypeMergeFieldsWithSource>({
+        foo: {
+          bar: 'other_value_1',
+        },
+      });
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.ts
index b66c46ccbf0ca..611a3ad879705 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_missing_fields_with_source.ts
@@ -19,14 +19,16 @@ import { isNestedObject } from '../utils/is_nested_object';
  * Merges only missing sections of "doc._source" with its "doc.fields" on a "best effort" basis. See ../README.md for more information
  * on this function and the general strategies.
  * @param doc The document with "_source" and "fields"
- * @param throwOnFailSafe Defaults to false, but if set to true it will cause a throw if the fail safe is triggered to indicate we need to add a new explicit test condition
+ * @param ignoreFields Any fields that we should ignore and never merge from "fields". If the value exists
+ * within doc._source it will be untouched and used. If the value does not exist within the doc._source,
+ * it will not be added from fields.
  * @returns The two merged together in one object where we can
  */
-export const mergeMissingFieldsWithSource: MergeStrategyFunction = ({ doc }) => {
+export const mergeMissingFieldsWithSource: MergeStrategyFunction = ({ doc, ignoreFields }) => {
   const source = doc._source ?? {};
   const fields = doc.fields ?? {};
   const fieldEntries = Object.entries(fields);
-  const filteredEntries = filterFieldEntries(fieldEntries);
+  const filteredEntries = filterFieldEntries(fieldEntries, ignoreFields);
 
   const transformedSource = filteredEntries.reduce(
     (merged, [fieldsKey, fieldsValue]: [string, FieldsType]) => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_no_fields.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_no_fields.ts
index 6c2daf2526715..5e26b619fbdfa 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_no_fields.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/strategies/merge_no_fields.ts
@@ -10,6 +10,7 @@ import { MergeStrategyFunction } from '../types';
 /**
  * Does nothing and does not merge source with fields
  * @param doc The doc to return and do nothing
+ * @param ignoreFields We do nothing with this value and ignore it if set
  * @returns The doc as a no operation and do nothing
  */
-export const mergeNoFields: MergeStrategyFunction = ({ doc }) => doc;
+export const mergeNoFields: MergeStrategyFunction = ({ doc, ignoreFields }) => doc;
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/types.ts
index 1438d2844949c..0b847064d5d62 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/types.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/types.ts
@@ -14,5 +14,13 @@ export type FieldsType = string[] | number[] | boolean[] | object[];
 
 /**
  * The type of the merge strategy functions which must implement to be part of the strategy group
+ * @param doc The document to send in to merge
+ * @param ignoreFields Fields you want to ignore and not merge.
  */
-export type MergeStrategyFunction = ({ doc }: { doc: SignalSourceHit }) => SignalSourceHit;
+export type MergeStrategyFunction = ({
+  doc,
+  ignoreFields,
+}: {
+  doc: SignalSourceHit;
+  ignoreFields: string[];
+}) => SignalSourceHit;
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.test.ts
index 9cc2478290885..031a2013b462e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.test.ts
@@ -27,7 +27,9 @@ describe('filter_field_entries', () => {
 
   test('returns a single valid fieldEntries as expected', () => {
     const fieldEntries: Array<[string, FieldsType]> = [['foo.bar', dummyValue]];
-    expect(filterFieldEntries(fieldEntries)).toEqual<ReturnTypeFilterFieldEntries>(fieldEntries);
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>(
+      fieldEntries
+    );
   });
 
   test('removes invalid dotted entries', () => {
@@ -37,7 +39,7 @@ describe('filter_field_entries', () => {
       ['..', dummyValue],
       ['foo..bar', dummyValue],
     ];
-    expect(filterFieldEntries(fieldEntries)).toEqual<ReturnTypeFilterFieldEntries>([
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>([
       ['foo.bar', dummyValue],
     ]);
   });
@@ -49,7 +51,7 @@ describe('filter_field_entries', () => {
       ['bar.keyword', dummyValue], // <-- "bar.keyword" multi-field should be removed
       ['bar', dummyValue],
     ];
-    expect(filterFieldEntries(fieldEntries)).toEqual<ReturnTypeFilterFieldEntries>([
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>([
       ['foo', dummyValue],
       ['bar', dummyValue],
     ]);
@@ -62,7 +64,7 @@ describe('filter_field_entries', () => {
       ['host.hostname', dummyValue],
       ['host.hostname.keyword', dummyValue], // <-- multi-field should be removed
     ];
-    expect(filterFieldEntries(fieldEntries)).toEqual<ReturnTypeFilterFieldEntries>([
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>([
       ['host.name', dummyValue],
       ['host.hostname', dummyValue],
     ]);
@@ -75,9 +77,34 @@ describe('filter_field_entries', () => {
       ['foo.host.hostname', dummyValue],
       ['foo.host.hostname.keyword', dummyValue], // <-- multi-field should be removed
     ];
-    expect(filterFieldEntries(fieldEntries)).toEqual<ReturnTypeFilterFieldEntries>([
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>([
       ['foo.host.name', dummyValue],
       ['foo.host.hostname', dummyValue],
     ]);
   });
+
+  test('ignores fields of "_ignore", for eql bug https://github.com/elastic/elasticsearch/issues/77152', () => {
+    const fieldEntries: Array<[string, FieldsType]> = [
+      ['_ignored', dummyValue],
+      ['foo.host.hostname', dummyValue],
+    ];
+    expect(filterFieldEntries(fieldEntries, [])).toEqual<ReturnTypeFilterFieldEntries>([
+      ['foo.host.hostname', dummyValue],
+    ]);
+  });
+
+  test('ignores fields given strings and regular expressions in the ignoreFields list', () => {
+    const fieldEntries: Array<[string, FieldsType]> = [
+      ['host.name', dummyValue],
+      ['user.name', dummyValue], // <-- string from ignoreFields should ignore this
+      ['host.hostname', dummyValue],
+      ['_odd.value', dummyValue], // <-- regular expression from ignoreFields should ignore this
+    ];
+    expect(
+      filterFieldEntries(fieldEntries, ['user.name', '/[_]+/'])
+    ).toEqual<ReturnTypeFilterFieldEntries>([
+      ['host.name', dummyValue],
+      ['host.hostname', dummyValue],
+    ]);
+  });
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.ts
index 221cdabc62847..4ee5fa1db52f5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/filter_field_entries.ts
@@ -9,6 +9,8 @@ import { isMultiField } from './is_multifield';
 import { isInvalidKey } from './is_invalid_key';
 import { isTypeObject } from './is_type_object';
 import { FieldsType } from '../types';
+import { isIgnored } from './is_ignored';
+import { isEqlBug77152 } from './is_eql_bug_77152';
 
 /**
  * Filters field entries by removing invalid field entries such as any invalid characters
@@ -17,13 +19,18 @@ import { FieldsType } from '../types';
  * those and don't try to merge those.
  *
  * @param fieldEntries The field entries to filter
+ * @param ignoreFields Array of fields to ignore. If a value starts and ends with "/", such as: "/[_]+/" then the field will be treated as a regular expression.
+ * If you have an object structure to ignore such as "{ a: { b: c: {} } } ", then you need to ignore it as the string "a.b.c"
  * @returns The field entries filtered
  */
 export const filterFieldEntries = (
-  fieldEntries: Array<[string, FieldsType]>
+  fieldEntries: Array<[string, FieldsType]>,
+  ignoreFields: string[]
 ): Array<[string, FieldsType]> => {
   return fieldEntries.filter(([fieldsKey, fieldsValue]: [string, FieldsType]) => {
     return (
+      !isEqlBug77152(fieldsKey) &&
+      !isIgnored(fieldsKey, ignoreFields) &&
       !isInvalidKey(fieldsKey) &&
       !isMultiField(fieldsKey, fieldEntries) &&
       !isTypeObject(fieldsValue) // TODO: Look at not filtering this and instead transform it so it can be inserted correctly in the strategies which does an overwrite of everything from fields
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/index.ts
index baf9efca511e2..87b1097dd9bca 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/index.ts
@@ -7,6 +7,7 @@
 export * from './array_in_path_exists';
 export * from './filter_field_entries';
 export * from './is_array_of_primitives';
+export * from './is_ignored';
 export * from './is_invalid_key';
 export * from './is_multifield';
 export * from './is_nested_object';
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.test.ts
new file mode 100644
index 0000000000000..47a56e096649b
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.test.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isEqlBug77152 } from './is_eql_bug_77152';
+
+/**
+ * @deprecated Remove this test once https://github.com/elastic/elasticsearch/issues/77152 is fixed.
+ */
+describe('is_eql_bug_77152', () => {
+  beforeAll(() => {
+    jest.resetAllMocks();
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+  });
+
+  it('returns true if it encounters the bug which is _ignored is returned in the fields', () => {
+    expect(isEqlBug77152('_ignored')).toEqual(true);
+  });
+
+  it('returns false if it encounters a normal field', () => {
+    expect(isEqlBug77152('some.field')).toEqual(false);
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.ts
new file mode 100644
index 0000000000000..e9a642cd5c382
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * Ignores any field that is "_ignored". Customers are not allowed to have this field and more importantly this shows up as a bug
+ * from EQL as seen here: https://github.com/elastic/elasticsearch/issues/77152
+ * Once this ticket is fixed, please remove this function.
+ * @param fieldsKey The fields key to match against "_ignored"
+ * @returns true if it is a "_ignored", otherwise false
+ * @deprecated Remove this once https://github.com/elastic/elasticsearch/issues/77152 is fixed.
+ */
+export const isEqlBug77152 = (fieldsKey: string): boolean => {
+  return fieldsKey === '_ignored';
+};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.test.ts
new file mode 100644
index 0000000000000..e4a7093ef127c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.test.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isIgnored } from './is_ignored';
+
+describe('is_ignored', () => {
+  beforeAll(() => {
+    jest.resetAllMocks();
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+  });
+
+  describe('string matching', () => {
+    test('it returns false if given an empty array', () => {
+      expect(isIgnored('simple.value', [])).toEqual(false);
+    });
+
+    test('it returns true if a simple string value matches', () => {
+      expect(isIgnored('simple.value', ['simple.value'])).toEqual(true);
+    });
+
+    test('it returns false if a simple string value does not match', () => {
+      expect(isIgnored('simple', ['simple.value'])).toEqual(false);
+    });
+
+    test('it returns true if a simple string value matches with two strings', () => {
+      expect(isIgnored('simple.value', ['simple.value', 'simple.second.value'])).toEqual(true);
+    });
+
+    test('it returns true if a simple string value matches the second string', () => {
+      expect(isIgnored('simple.second.value', ['simple.value', 'simple.second.value'])).toEqual(
+        true
+      );
+    });
+
+    test('it returns false if a simple string value does not match two strings', () => {
+      expect(isIgnored('simple', ['simple.value', 'simple.second.value'])).toEqual(false);
+    });
+
+    test('it returns true if mixed with a regular expression in the list', () => {
+      expect(isIgnored('simple', ['simple', '/[_]+/'])).toEqual(true);
+    });
+  });
+
+  describe('regular expression matching', () => {
+    test('it returns true if a simple regular expression matches', () => {
+      expect(isIgnored('_ignored', ['/[_]+/'])).toEqual(true);
+    });
+
+    test('it returns false if a simple regular expression does not match', () => {
+      expect(isIgnored('simple', ['/[_]+/'])).toEqual(false);
+    });
+
+    test('it returns true if a simple regular expression matches a longer string', () => {
+      expect(isIgnored('___ignored', ['/[_]+/'])).toEqual(true);
+    });
+
+    test('it returns true if mixed with regular stings', () => {
+      expect(isIgnored('___ignored', ['simple', '/[_]+/'])).toEqual(true);
+    });
+
+    test('it returns true with start anchor', () => {
+      expect(isIgnored('_ignored', ['simple', '/^[_]+/'])).toEqual(true);
+    });
+
+    test('it returns false with start anchor', () => {
+      expect(isIgnored('simple.something_', ['simple', '/^[_]+/'])).toEqual(false);
+    });
+
+    test('it returns true with end anchor', () => {
+      expect(isIgnored('something_', ['simple', '/[_]+$/'])).toEqual(true);
+    });
+
+    test('it returns false with end anchor', () => {
+      expect(isIgnored('_something', ['simple', '/[_]+$/'])).toEqual(false);
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.ts
new file mode 100644
index 0000000000000..a418ce735626d
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * Matches against anything you want to ignore and if it matches that field is ignored.
+ * @param fieldsKey The fields key to match against
+ * @param ignoreFields Array of fields to ignore. If a value starts and ends with "/", such as: "/[_]+/" then the field will be treated as a regular expression.
+ * If you have an object structure to ignore such as "{ a: { b: c: {} } } ", then you need to ignore it as the string "a.b.c"
+ * @returns true if it is a field to ignore, otherwise false
+ */
+export const isIgnored = (fieldsKey: string, ignoreFields: string[]): boolean => {
+  return ignoreFields.some((ignoreField) => {
+    if (ignoreField.startsWith('/') && ignoreField.endsWith('/')) {
+      return new RegExp(ignoreField.slice(1, -1)).test(fieldsKey);
+    } else {
+      return fieldsKey === ignoreField;
+    }
+  });
+};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
index 72ac4f6d0f550..0ac150d71cd8a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
@@ -12,7 +12,7 @@ import uuidv5 from 'uuid/v5';
 import dateMath from '@elastic/datemath';
 import type { estypes } from '@elastic/elasticsearch';
 import { ApiResponse, Context } from '@elastic/elasticsearch/lib/Transport';
-import { ALERT_ID } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID } from '@kbn/rule-data-utils';
 import type { ListArray, ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types';
 import { MAX_EXCEPTION_LIST_SIZE } from '@kbn/securitysolution-list-constants';
 import { hasLargeValueList } from '@kbn/securitysolution-list-utils';
@@ -944,7 +944,7 @@ export const isWrappedSignalHit = (event: SimpleHit): event is WrappedSignalHit
 };
 
 export const isWrappedRACAlert = (event: SimpleHit): event is WrappedRACAlert => {
-  return (event as WrappedRACAlert)?._source?.[ALERT_ID] != null;
+  return (event as WrappedRACAlert)?._source?.[ALERT_INSTANCE_ID] != null;
 };
 
 export const getField = <T extends SearchTypes>(event: SimpleHit, field: string): T | undefined => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_hits_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_hits_factory.ts
index 19bdd58140a33..27220d80ebd6e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_hits_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_hits_factory.ts
@@ -5,12 +5,7 @@
  * 2.0.
  */
 
-import {
-  SearchAfterAndBulkCreateParams,
-  SignalSourceHit,
-  WrapHits,
-  WrappedSignalHit,
-} from './types';
+import { SearchAfterAndBulkCreateParams, WrapHits, WrappedSignalHit } from './types';
 import { generateId } from './utils';
 import { buildBulkBody } from './build_bulk_body';
 import { filterDuplicateSignals } from './filter_duplicate_signals';
@@ -20,10 +15,12 @@ export const wrapHitsFactory = ({
   ruleSO,
   signalsIndex,
   mergeStrategy,
+  ignoreFields,
 }: {
   ruleSO: SearchAfterAndBulkCreateParams['ruleSO'];
   signalsIndex: string;
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
 }): WrapHits => (events, buildReasonMessage) => {
   const wrappedDocs: WrappedSignalHit[] = events.flatMap((doc) => [
     {
@@ -34,7 +31,7 @@ export const wrapHitsFactory = ({
         String(doc._version),
         ruleSO.attributes.params.ruleId ?? ''
       ),
-      _source: buildBulkBody(ruleSO, doc as SignalSourceHit, mergeStrategy, buildReasonMessage),
+      _source: buildBulkBody(ruleSO, doc, mergeStrategy, ignoreFields, buildReasonMessage),
     },
   ]);
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_sequences_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_sequences_factory.ts
index 0ca4b9688f971..d4a4c55db1d23 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_sequences_factory.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/wrap_sequences_factory.ts
@@ -13,10 +13,12 @@ export const wrapSequencesFactory = ({
   ruleSO,
   signalsIndex,
   mergeStrategy,
+  ignoreFields,
 }: {
   ruleSO: SearchAfterAndBulkCreateParams['ruleSO'];
   signalsIndex: string;
   mergeStrategy: ConfigType['alertMergeStrategy'];
+  ignoreFields: ConfigType['alertIgnoreFields'];
 }): WrapSequences => (sequences, buildReasonMessage) =>
   sequences.reduce(
     (acc: WrappedSignalHit[], sequence) => [
@@ -26,6 +28,7 @@ export const wrapSequencesFactory = ({
         ruleSO,
         signalsIndex,
         mergeStrategy,
+        ignoreFields,
         buildReasonMessage
       ),
     ],
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 0b803b9990701..16489a5bb791c 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -248,6 +248,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
         lists: plugins.lists,
         logger: this.logger,
         mergeStrategy: this.config.alertMergeStrategy,
+        ignoreFields: this.config.alertIgnoreFields,
         ruleDataClient,
         ruleDataService,
         version: this.context.env.packageInfo.version,
@@ -292,6 +293,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
         ml: plugins.ml,
         lists: plugins.lists,
         mergeStrategy: this.config.alertMergeStrategy,
+        ignoreFields: this.config.alertIgnoreFields,
         experimentalFeatures,
         ruleDataService: plugins.ruleRegistry.ruleDataService,
       });
diff --git a/x-pack/plugins/timelines/public/assets/illustration_product_no_results_magnifying_glass.svg b/x-pack/plugins/timelines/public/assets/illustration_product_no_results_magnifying_glass.svg
new file mode 100644
index 0000000000000..b9a0df1630b20
--- /dev/null
+++ b/x-pack/plugins/timelines/public/assets/illustration_product_no_results_magnifying_glass.svg
@@ -0,0 +1 @@
+<svg fill="none" height="148" viewBox="0 0 200 148" width="200" xmlns="http://www.w3.org/2000/svg"><g fill="#e6ebf2"><path d="m66.493 121.253c.1447-.064.2618-.178.3302-.321.0685-.143.0837-.305.0431-.459-.1139-.178-.2841-.312-.4834-.382-.1994-.07-.4164-.072-.6166-.004-.1547.096-.2648.25-.3061.428-.0412.177-.0103.364.0861.518.0963.155.2502.265.4278.307.1775.041.3641.01.5189-.087z"/><path d="m46.666 68.1202c.12-.1134.3733-.44.2866-.6-.0866-.16-.5133-.0467-.6666 0-.1534.0466-.22.2666-.0734.4533.1467.1867.3.2933.4534.1467z"/><path d="m45.4062 81.1265c-.057-.0967-.1499-.1671-.2585-.1958s-.2241-.0134-.3215.0425c-.2467.1067-.46.2533-.46.5733 0 .9467.1733 1.16 1.1 1.3334h.0667c-.1215-.0187-.2452-.0187-.3667 0-.0457.0077-.0888.0264-.1256.0544-.0369.0281-.0664.0646-.0861.1065-.0197.042-.0289.0881-.0268.1343.002.0463.0152.0914.0385.1314.0124.0499.0359.0964.0688.1359s.0743.071.1212.0922c.0468.0212.0979.0314.1493.03.0513-.0013.1017-.0144.1474-.0381.12-.095.214-.2188.2733-.36.053.0902.1392.1561.2401.1835s.2086.0142.2999-.0368c.0652-.0378.1204-.0905.1611-.1539.0406-.0634.0656-.1356.0728-.2106.0071-.0749-.0037-.1506-.0316-.2205-.0279-.07-.0721-.1322-.129-.1817-.2266-.22-.1466-.4266-.12-.6666.7067.0466 1-.2667.88-.8667-.0147-.0587-.0325-.1165-.0533-.1733-.1467-.3934-.38-.4867-.7533-.3-.3734.1866-.6.3266-.4867.8733-.2-.1333-.3333-.1867-.4-.2867z"/><path d="m45.4194 80.0002c.091-.047.1596-.1281.1908-.2256.0313-.0975.0226-.2034-.0241-.2944-.0318-.1072-.0995-.2002-.1918-.2633-.0922-.0632-.2034-.0926-.3149-.0834-.0751.011-.1473.0374-.2118.0776-.0645.0401-.1201.0931-.1633.1556-.0431.0626-.0729.1333-.0875.2079s-.0137.1514.0026.2256c.0391.0659.0909.1235.1524.1693s.1315.079.2059.0976.1517.0223.2276.0108c.0758-.0115.1486-.0379.2141-.0777z"/><path d="m104.966 134.133c-.085.15-.112.327-.075.495.037.169.135.318.275.419.147.117.334.172.521.151s.358-.115.476-.262c.117-.146.172-.334.151-.521-.02-.187-.115-.358-.261-.475-.181-.074-.379-.095-.572-.061-.192.034-.371.123-.515.254z"/><path d="m47.0795 69.0398c-.0635.0231-.121.0603-.1681.1087-.0471.0485-.0826.1071-.1037.1713-.0212.0641-.0276.1323-.0186.1993s.0331.1311.0704.1874c.0657.1.165.1732.28.2062s.238.0237.3467-.0262c.1008-.0745.1726-.1818.203-.3034.0305-.1216.0176-.2501-.0364-.3633-.0525-.0995-.1422-.1743-.2496-.208-.1073-.0337-.2237-.0237-.3237.028z"/><path d="m46.9868 64.0001c.12-.0866.3466-.4.28-.5067-.0667-.1066-.4267-.1266-.58-.1-.1534.0267-.2467.26-.14.4867.0126.0441.0363.0842.069.1164.0326.0322.0729.0555.1172.0675.0442.0121.0908.0125.1352.0013.0445-.0111.0853-.0336.1186-.0652z"/><path d="m51.4726 108c-.1429.128-.233.305-.2527.496s.0323.382.146.537c.1749.138.3948.205.6168.189.2219-.016.4299-.114.5832-.276.064-.057.1152-.126.1503-.205.0351-.078.0532-.162.0532-.248s-.0181-.17-.0532-.248c-.0351-.079-.0863-.148-.1503-.205-.0659-.08-.1479-.145-.2406-.19-.0926-.046-.1939-.071-.2971-.075s-.2061.014-.3018.053c-.0958.039-.1823.097-.2538.172z"/><path d="m53.0133 100.154c.0244-.011.0457-.028.0624-.048.0166-.021.028-.046.0332-.072s.0041-.0528-.0032-.0784c-.0074-.0256-.0208-.0491-.039-.0684-.0096-.0255-.0255-.0482-.0462-.0658-.0207-.0177-.0456-.0297-.0723-.0351-.0267-.0053-.0544-.0038-.0803.0045-.0259.0084-.0493.0232-.0679.043-.0251.0112-.047.0284-.0638.0501-.0168.0216-.028.0471-.0327.0741-.0046.0271-.0024.055.0062.081.0087.026.0237.049.0436.068.0118.023.0286.042.0491.058.0206.015.0443.025.0694.029.0252.005.051.004.0755-.003s.0471-.02.066-.037z"/><path d="m49.7333 91.7797c.0712.1903.1605.3733.2667.5466-.0497.0839-.0942.1707-.1334.26-.0723.1653-.0945.3483-.0637.5261.0309.1778.1133.3426.2371.4739.1261.0971.2731.1634.4294.1935s.3174.0232.4706-.0201c-.0345.1648-.0345.3351 0 .5l.3133.1466c-.4067-1.12-.7667-2.2666-1.1067-3.42-.0638.0231-.1243.0545-.18.0934-.1104.0748-.1931.1839-.2353.3104-.0422.1266-.0415.2635.002.3896z"/><path d="m52.5402 102.127c.0525.017.1095.015.1608-.006.0513-.02.0935-.059.1192-.108.0172-.061.0156-.126-.0046-.187s-.0581-.114-.1087-.153c-.0934-.06-.24.06-.2867.154-.0467.093.0067.266.12.3z"/><path d="m52.7327 106.413c.0843-.096.1392-.214.1581-.341.0189-.126.001-.256-.0515-.372-.0264-.041-.0614-.077-.1025-.104-.0412-.026-.0876-.044-.1361-.052-.0485-.007-.0981-.005-.1455.009-.0473.013-.0914.036-.1292.067-.3133.213-.4533.447-.36.613.1.096.2238.163.3587.195s.2758.027.408-.015z"/><path d="m53.0528 104.127c.0915-.145.1338-.315.1206-.486-.0132-.17-.0813-.332-.1939-.461-.1356-.063-.2859-.087-.4342-.069s-.2888.076-.4058.169c-.0758.095-.117.212-.117.333 0 .122.0412.239.117.334.3533.32.7133.393.9133.18z"/><path d="m44.4995 73.3736c-.1873.0998-.331.2653-.4036.4647-.0726.1993-.069.4185.0102.6153.0828.1942.233.3518.423.4437s.4068.1119.6104.0563c.2009-.1305.3546-.3221.4386-.5464.084-.2244.0938-.4698.028-.7002-.1121-.1809-.2865-.3146-.4903-.3759-.2038-.0614-.4229-.0463-.6163.0425z"/><path d="m54.3862 101.46c-.1734-.326-.34-.666-.5067-.986-.2533.16-.3533.393-.2533.593.0915.116.2066.211.3376.278.1311.068.275.107.4224.115z"/><path d="m55.1802 106.173c-.12.26-.22.527.0867.667.3066.14.4733-.034.6-.274-.0117-.075-.0402-.146-.0832-.209-.0431-.062-.0997-.115-.1656-.152-.066-.038-.1396-.061-.2154-.066s-.1518.006-.2225.034z"/><path d="m51.0395 95.3332c-.12.0466-.1667.12-.1133.2466.0533.1267.1266.16.2533.1134.0245-.0065.0472-.0182.0667-.0344.0194-.0161.0351-.0364.0459-.0592.0108-.0229.0164-.0478.0166-.0731.0001-.0253-.0053-.0504-.0159-.0733-.0466-.12-.12-.1734-.2533-.12z"/><path d="m55.1867 108.2c-.0344.037-.0608.08-.0772.128-.0165.048-.0227.098-.0183.149.0044.05.0193.099.0438.143s.058.083.0984.113c.0419.047.0932.085.1507.11.0574.026.1197.039.1826.039.063 0 .1252-.013.1826-.039.0575-.025.1088-.063.1507-.11.038-.04.0672-.088.0859-.14s.0264-.107.0226-.162c-.0037-.055-.0189-.109-.0444-.158-.0256-.049-.061-.092-.1041-.127-.047-.042-.1021-.074-.162-.094-.0598-.02-.1231-.028-.186-.023-.063.005-.1243.023-.1802.052s-.1053.07-.1451.119z"/><path d="m55.6861 110.907c.0895.086.209.135.3333.135.1244 0 .2439-.049.3334-.135.0759-.082.1181-.189.1181-.3s-.0422-.219-.1181-.3c-.0325-.045-.0742-.083-.1225-.111-.0482-.028-.1019-.046-.1573-.051-.0555-.006-.1116 0-.1645.018-.0529.017-.1014.046-.1424.084-.0523.035-.0963.081-.1292.135s-.0539.114-.0614.177c-.0076.062-.0017.126.0174.186s.0509.115.0932.162z"/><path d="m54.3328 104.666c-.0296.04-.0501.086-.0602.134-.01.049-.0093.099.0022.148.0114.048.0333.093.064.132.0308.039.0697.071.114.093.3134.213.5867.253.6667.107.0513-.128.0672-.267.0461-.404-.0211-.136-.0785-.263-.1661-.37-.1152-.036-.2381-.04-.3555-.012s-.225.088-.3112.172z"/><path d="m37.2201 85.493c-.16-.3-.3533-.2934-.5133-.2067s-.3.26-.16.4333c.14.1734.34.22.4466.1667.1067-.0533.1734-.2867.2267-.3933z"/><path d="m38.3067 92.5403c-.133.0676-.2395.178-.3023.3134-.0629.1354-.0785.2879-.0443.4332.0751.1437.1955.2588.3424.3274.147.0687.3124.0872.4709.0526.26-.1067.3333-.5267.16-.9066-.0624-.104-.1592-.183-.2736-.2231-.1145-.0402-.2394-.0391-.3531.0031z"/><path d="m37.9193 89.1732c-.2733-.1066-.5133-.2733-.7467 0-.0713.0745-.1111.1736-.1111.2767s.0398.2022.1111.2767c.0509.0575.1135.1033.1837.1344.0702.031.1463.0466.223.0456.3333-.0867.38-.3667.34-.7334z"/><path d="m44.9994 100.606c-.26 0-.48.56-.3.794.18.233.6.293.74.106.14-.186-.1733-.84-.44-.9z"/><path d="m43.2135 95.5601-.2066.22c-.1273-.1332-.2631-.258-.4067-.3734-.0407-.0489-.0916-.0883-.1492-.1153-.0576-.0271-.1205-.0411-.1841-.0411-.0637 0-.1265.014-.1842.0411-.0576.027-.1085.0664-.1492.1153-.1093.0939-.1852.2206-.2165.3612-.0312.1406-.0161.2875.0432.4188.0516.1288.1462.2357.2678.3026.1215.0668.2625.0895.3989.0641.2014-.0187.4003-.059.5933-.12.0669.0714.1406.1361.22.1933.1426.1112.3151.1775.4955.1906s.3606-.0277.5178-.1172c.1411-.1137.2508-.2616.3185-.4296.0677-.1681.0912-.3507.0682-.5304-.0192-.1372-.0909-.2615-.2-.3467-.0891-.0754-.1931-.1312-.3051-.1638-.112-.0327-.2297-.0414-.3453-.0257-.1157.0157-.2267.0555-.326.1169-.0993.0613-.1845.1429-.2503.2393z"/><path d="m46.1728 105.334c-.0372.033-.0669.075-.0872.121-.0204.045-.0309.095-.0309.145 0 .051.0105.1.0309.146.0203.046.05.087.0872.121.0288.035.0643.063.1043.083.0401.021.0838.033.1286.036.0449.003.0899-.003.1323-.018.0425-.014.0816-.037.1149-.068.0421-.025.0784-.059.1065-.1.0282-.04.0476-.086.057-.134.0094-.049.0086-.098-.0023-.146-.011-.048-.0318-.094-.0613-.133-.0336-.043-.0756-.079-.1235-.105s-.1006-.042-.1549-.047c-.0544-.005-.1091.001-.161.018-.0518.017-.0997.045-.1406.081z"/><path d="m40.3331 86.1863c0-.3533-.2133-.4933-.5667-.5-.1933-.8267-.6666-.9267-1.3333-.3133-.0575-.014-.1134-.0342-.1667-.06-.0867-.0521-.19-.0693-.289-.0483-.0989.021-.1862.0788-.2443.1616-.0652.0637-.1086.1462-.1242.236s-.0024.1821.0375.264c.1534.4667.36.5667.82.38l1.04-.4c.2867.62.3667.64.8267.28z"/><path d="m41.3329 88.8003c-.0319-.115-.0894-.2211-.1683-.3105s-.1771-.1597-.2871-.2056c-.1101-.0459-.2291-.0661-.3481-.0593-.1191.0069-.235.0408-.339.099-.104.0583-.1935.1394-.2615.2373-.0681.0979-.113.21-.1314.3278s-.0098.2383.0252.3522c.035.114.0955.2185.1768.3057.1421.1708.3439.281.5643.3083.2205.0272.443-.0306.6224-.1616.0713-.0465.1322-.1074.1787-.1787.0465-.0714.0777-.1516.0914-.2357.0138-.084.01-.17-.0113-.2525-.0212-.0824-.0594-.1596-.1121-.2264z"/><path d="m41.9465 92.0001c-.0958-.1538-.2409-.2705-.4117-.331-.1707-.0606-.357-.0614-.5283-.0023-.1425.0952-.2468.2378-.2944.4025-.0475.1647-.0354.3409.0344.4975.1467.3067.4267.3667.82.1733.2667-.1333.4734-.5333.38-.74z"/><path d="m42.8393 97.9398c-.0974-.0154-.1971.0034-.2822.0533-.0851.0498-.1503.1276-.1845.22-.0116.0685-.0045.1389.0205.2037s.067.1216.1215.1646c.0546.043.1197.0705.1886.0796.0688.0091.1389-.0005.2027-.0279.0581-.0406.1043-.0958.134-.1602.0297-.0643.0418-.1354.035-.2059s-.0322-.138-.0736-.1955-.0973-.1029-.162-.1317z"/><path d="m44.3393 66.8467c.1-.0467.0933-.3.0533-.3667s-.1866-.1667-.2866-.1133c-.0485.0311-.0853.0774-.1046.1317-.0194.0543-.0201.1135-.0021.1683.0467.0733.2467.2333.34.18z"/><path d="m43.0463 75.7404c.1066.1067.3933.3534.54.26.1466-.0933.04-.4866 0-.6-.04-.1133-.2867-.0866-.4067-.04-.0426.0033-.0833.0189-.1171.0449s-.0594.0613-.0735.1016c-.0142.0403-.0163.0838-.0061.1253s.0322.0791.0634.1082z"/><path d="m42.7535 71.9601c.1419-.1152.2376-.2776.2694-.4576.0319-.18-.0022-.3655-.096-.5223-.1135-.1308-.2706-.2158-.4421-.2392-.1715-.0235-.3456.0162-.49.1116-.1444.0955-.2492.2402-.2948.4071-.0456.167-.0289.3449.0469.5004.1071.1599.2732.2707.462.3082.1887.0375.3845-.0014.5446-.1082z"/><path d="m41.2198 84.8734c-.2267.1133-.3067.3-.1467.48s.3133.46.56.3267c.2467-.1334.1133-.4867.0867-.6667-.0267-.18-.2934-.2467-.5-.14z"/><path d="m40.4998 81.8067c-.1534.1298-.2604.3061-.3049.5021s-.0241.4012.0582.5845c.0623.0916.1427.1694.2363.2286.0936.0591.1984.0984.3079.1152.1094.0169.2212.0111.3283-.0171s.2072-.0781.2942-.1467c.0867-.0389.1641-.0959.227-.1672s.1098-.1553.1376-.2462.0358-.1867.0235-.281c-.0123-.0942-.0446-.1848-.0948-.2656-.1241-.1972-.3193-.3391-.5453-.3962-.2259-.0571-.4651-.025-.668.0896z"/><path d="m45.086 72.0931c.1475-.0869.2614-.2211.3231-.3808.0617-.1598.0677-.3356.0169-.4992-.0591-.118-.1608-.2092-.2846-.255s-.2604-.0428-.3821.0084c-.1378.0846-.2402.2165-.2881.371-.0478.1546-.0378.3212.0281.469.0179.0585.0477.1128.0874.1594.0398.0465.0887.0844.1437.1113s.115.0422.1761.0449c.0612.0028.1223-.0071.1795-.029z"/><path d="m45.5861 69.7262c.0263-.021.0441-.0507.0502-.0838.0061-.033.0001-.0672-.0168-.0962 0-.04-.14-.0466-.1667 0-.0136.0088-.0253.0201-.0345.0334s-.0156.0282-.0191.044c-.0034.0158-.0036.0321-.0007.048s.0089.0311.0176.0446c.0088.0136.0201.0253.0334.0345s.0282.0157.044.0191.0321.0036.048.0007.0311-.0089.0446-.0176z"/><path d="m43.7065 77.4263c.1036.1215.2474.2019.4052.2263.1579.0245.3192-.0085.4548-.093.3866-.22.5-.4667.34-.7667-.0917-.1545-.2343-.2724-.4034-.3332s-.3542-.0609-.5233-.0001c-.1428.1109-.2463.2645-.2955.4384-.0492.174-.0414.3591.0222.5283z"/><path d="m40.7993 74.7869c.12-.1133.3867-.4467.2933-.5867-.0933-.14-.4933-.0866-.6666-.0466-.1734.04-.2134.3466-.0934.52.12.1733.3334.2599.4667.1133z"/><path d="m38.3535 72.9266c0 .04.18.1334.22.1067s.2467-.14.2-.2867c-.0466-.1467-.2667-.12-.3-.0867-.0722.0706-.1151.1659-.12.2667z"/><path d="m38.5999 76.4801c.046.1061.1322.1895.2398.2321.1075.0425.2275.0405.3336-.0055.1061-.0459.1895-.1322.2321-.2397.0425-.1075.0405-.2275-.0055-.3336-.0669-.0996-.1633-.1756-.2757-.2175-.1125-.0418-.2352-.0474-.3509-.0158-.0953.0583-.1657.1498-.1977.2568s-.0233.2221.0243.3232z"/><path d="m40.9266 65.8929c.0734-.04.0734-.2067.0534-.3s-.1734-.1933-.2867-.1333-.0533.2733 0 .36c.0288.032.0656.0557.1066.0686.0411.0129.0849.0145.1267.0047z"/><path d="m37.9998 71.1003c.1113.0157.2246-.0095.3189-.0707.0943-.0613.1634-.1545.1944-.2626.0428-.0806.052-.1747.0258-.2621-.0262-.0873-.0858-.1608-.1658-.2046-.2933-.1933-.52-.0466-.7667.16.06.3.0467.6067.3934.64z"/><path d="m40.7593 79.3996c.1105-.1034.1845-.2398.211-.3889.0264-.149.0038-.3026-.0644-.4378-.1309-.0746-.2832-.1027-.4321-.0797s-.2856.0957-.3879.2064c-.0445.0933-.0591.1981-.0416.3001.0175.1019.0661.1958.1393.269.0731.0731.1671.1217.269.1392s.2067.0029.3-.0416z"/><path d="m38.3734 80.6665c.2867-.16.3667-.38.2333-.6666-.0815-.1728-.2236-.3097-.3993-.3846-.1758-.075-.3729-.0828-.554-.0221-.1239.1051-.2052.2519-.2285.4127-.0234.1608.0129.3246.1018.4606.0878.1365.2251.2336.383.2709s.3241.0119.4637-.0709z"/><path d="m45.6061 107.934c-.1334 0-.2867.266-.4134.433-.0197.017-.0355.038-.0463.061-.0109.024-.0165.05-.0165.076s.0056.051.0165.075c.0108.023.0266.044.0463.061.107.058.2298.08.3501.062s.2314-.075.3166-.162c.0333-.055.0531-.116.0579-.18s-.0055-.128-.0302-.188c-.0247-.059-.0631-.111-.1119-.153-.0488-.041-.1068-.071-.1691-.085z"/><path d="m79.2334 128.127c-.1266-.254-.4666-.32-.8466-.154-.28.134-.4867.507-.3934.72.0874.159.2232.285.3876.361.1644.075.3486.096.5258.059.0426-.017.083-.039.12-.066-.0331.126-.0331.26 0 .386.1.329.3093.614.5933.807.1003.077.1766.181.22.3.0114.098.0472.191.104.271s.1328.145.2211.188c.0882.043.1859.063.284.059.0981-.005.1935-.034.2776-.085-.0065.058.0052.116.0333.167.0794.095.1901.159.3124.18.1222.021.2479-.003.3543-.067.1279-.049.2319-.146.2902-.27.0584-.124.0666-.266.0231-.396-.0291-.053-.0686-.1-.1162-.138-.0475-.038-.1021-.065-.1605-.081-.0584-.017-.1195-.021-.1796-.013s-.1181.028-.1704.058c-.0191-.153-.0789-.298-.1733-.42-.1493-.158-.2306-.369-.2267-.586 0-.36-.2533-.58-.5-.78-.1357-.077-.2902-.113-.4457-.106s-.306.057-.4343.146l-.0666.06c.0687-.197.0567-.413-.0334-.6z"/><path d="m89.2063 134.106c.1.2.4133.14.5533.114.0453-.004.0891-.018.1281-.041.0391-.023.0724-.055.0974-.093s.0412-.081.0471-.126c.006-.045.0017-.09-.0126-.134-.06-.213-.34-.4-.5-.28s-.4133.36-.3133.56z"/><path d="m93.4526 132.774c-.0796.033-.1511.084-.2098.147-.0586.064-.1029.139-.1301.221-.0271.082-.0364.169-.0272.255.0091.086.0366.169.0804.243.1734.354.5134.52.7734.374.1715-.108.3012-.271.3679-.463.0666-.191.0662-.4-.0013-.591-.0959-.128-.235-.218-.3918-.252-.1567-.035-.3206-.011-.4615.066z"/><path d="m93.6128 135.74c-.12.193.0933.427.1933.533.0274.036.0627.065.1032.085.0404.02.085.031.1301.031.0452 0 .0898-.011.1302-.031.0405-.02.0758-.049.1032-.085.1467-.166.16-.5 0-.573s-.54-.147-.66.04z"/><path d="m90.1928 131.573c-.0227-.064-.0594-.122-.1074-.169-.048-.048-.1061-.085-.1701-.107-.0639-.022-.1321-.03-.1995-.023-.0673.008-.1322.03-.1897.066-.0752.04-.138.101-.1818.174s-.067.157-.067.243c0 .085.0232.169.067.242.0438.074.1066.134.1818.174-.0062.06.0083.121.041.172s.0817.089.139.108c.1415.02.2851.02.4267 0 .0392-.063.0626-.135.0684-.209s-.0062-.149-.0351-.217c.041-.068.0648-.145.0695-.224.0046-.079-.0101-.158-.0428-.23z"/><path d="m75.9995 127.926c.34-.167.4867-.467.3533-.72-.1094-.17-.2722-.299-.4629-.366-.1906-.068-.3983-.07-.5904-.007-.115.099-.1929.234-.2208.383-.0278.149-.004.303.0675.437.0306.08.079.153.1414.212.0625.059.1375.104.2195.13s.1688.034.254.022c.0853-.012.1667-.043.2384-.091z"/><path d="m66.7799 124.22c.0945.071.204.119.32.14.28-.146.3734-.406.2334-.546-.0545-.051-.1186-.09-.1885-.115-.0698-.025-.1441-.036-.2182-.032-.1933.033-.26.4-.1467.553z"/><path d="m71.5127 123.413c.3-.106.5533-.446.48-.666-.1467-.46-.6667-.454-.92-.44-.2534.013-.38.613-.14.96.0603.093.1536.16.2612.187.1075.027.2214.013.3188-.041z"/><path d="m114.093 132.72c-.3.113-.22.366-.167.606.26.12.494.14.667-.126.021-.06.028-.124.018-.187-.009-.063-.034-.122-.071-.173-.06-.054-.132-.093-.209-.113-.078-.021-.159-.024-.238-.007z"/><path d="m113.56 134.593c.113.073.206.167.353.147s.2-.234.087-.4c-.115-.152-.285-.253-.474-.28-.032-.004-.066 0-.096.012-.031.011-.059.029-.082.053-.022.024-.039.053-.049.084-.009.032-.011.065-.006.097.021.065.056.124.102.173.046.05.102.089.165.114z"/><path d="m116.073 130.46c.353.047.493-.187.626-.487-.093-.113-.173-.233-.26-.32l-.666.147c-.043.094-.061.197-.054.3 0 .047.008.094.025.137.018.044.044.084.077.117.032.034.072.06.115.078.043.019.09.028.137.028z"/><path d="m121.213 128.873c.033 0 .14 0 .16-.053.02-.054 0-.127 0-.16-.026-.025-.061-.039-.097-.039s-.07.014-.097.039c-.023.033-.033.073-.027.113s.028.076.061.1z"/><path d="m114.58 132.12c.201-.015.389-.103.528-.248.139-.146.219-.337.226-.538-.044-.2-.16-.377-.325-.498s-.369-.177-.573-.159c-.204.019-.394.112-.534.261-.141.149-.222.344-.228.549-.034.347.44.6.906.633z"/><path d="m117.56 135.086c-.046.048-.072.111-.072.177s.026.129.072.177c.133.126.28-.06.347-.127.066-.067 0-.227-.034-.24-.049-.023-.103-.034-.158-.032-.054.003-.108.018-.155.045z"/><path d="m118.033 130.46c0-.147 0-.433-.114-.473-.074-.01-.15-.002-.221.023-.071.026-.135.068-.186.123-.06.087-.053.44.054.507.106.067.433-.113.467-.18z"/><path d="m107.713 134.32c-.029.052-.047.11-.052.17-.005.059.002.119.021.176.02.056.051.108.092.152s.09.078.145.102c.194.093.407.2.534 0 .206-.334.186-.62 0-.76-.057-.045-.123-.076-.194-.092-.07-.016-.143-.016-.214-.001-.07.015-.137.046-.194.089-.057.044-.105.1-.138.164z"/><path d="m107.333 132.207c-.051.139-.053.292-.007.433.045.142.137.264.26.347.048.028.101.046.155.052.055.006.11 0 .163-.017.052-.017.1-.045.141-.082s.073-.083.095-.133c.233-.354.253-.627.073-.767-.145-.069-.309-.09-.467-.06s-.303.109-.413.227z"/><path d="m103.893 136.267c-.031.044-.053.095-.063.149s-.009.11.005.163c.013.053.038.103.072.145.034.043.077.078.126.103.109.062.236.084.359.059.123-.024.232-.093.308-.193.053-.108.065-.231.035-.347-.031-.117-.102-.218-.202-.286-.055-.031-.116-.05-.178-.056-.063-.006-.126.001-.186.02-.06.02-.116.051-.163.093-.048.042-.086.092-.113.15z"/><path d="m112 131.2c.155.096.341.13.52.095.179-.034.338-.135.447-.282.096-.209.112-.446.046-.666l-1.4.213c.015.128.057.252.123.362.067.111.157.206.264.278z"/><path d="m110.253 133.193c.051.033.108.055.169.064.06.009.121.005.179-.012.059-.018.113-.047.158-.087.046-.04.083-.089.107-.145.267-.413.254-.7-.046-.893-.147-.059-.308-.069-.461-.031s-.291.124-.393.244c-.037.156-.031.319.02.471s.143.287.267.389z"/><path d="m50.8796 97.4535c.0122.0368.0122.0765 0 .1133-.0559.0213-.1095.0481-.16.08-.0734-.1-.2267-.12-.4867.04-.0623.0246-.1186.0623-.1651.1107-.0465.0483-.082.106-.1041.1693-.0221.0632-.0304.1305-.0242.1972.0062.0668.0267.1314.0601.1895.0604.1218.1567.2222.2759.2878.1191.0655.2555.093.3907.0789.0506.0557.115.0971.1867.1199.2467.0734.4867.2534.6667.1534.0626-.0296.1174-.0732.1602-.1276s.0724-.118.0864-.1857c.0759-.1286.1064-.2788.0867-.4267-.0328-.1366-.0917-.2657-.1733-.38.0067-.071.0067-.1424 0-.2133-.0334-.2667-.0934-.6667-.46-.6134-.3667.0534-.3667.2867-.34.4067z"/><path d="m46.8258 73.2064c-.3 0-.6133 0-.6133.4334-.0089.1105.0208.2208.084.3119.0632.0912.156.1576.2626.1881.0451.0204.0939.031.1434.031.0494 0 .0983-.0106.1433-.031.1467-.1667.2667-.36.4133-.56.2344-.0052.4637-.0694.6667-.1867 0-.2933 0-.5933 0-.8867-.1614-.1572-.3749-.2497-.6-.26-.4-.02-.5.18-.5.96z"/><path d="m47.9061 84.4203c.0759.099.1827.1699.3035.2013s.2486.0215.3631-.028c0 0 0 0 .04-.0467-.0533-.28-.1066-.56-.1533-.84-.1384-.0467-.2883-.0467-.4267 0-.058.0361-.1079.084-.1462.1405-.0383.0566-.0643.1206-.0763.1879-.0119.0673-.0096.1364.007.2027.0165.0663.0468.1284.0889.1823z"/><path d="m47.0396 76.4866c.0635-.006.1246-.0273.1781-.0622.0534-.0348.0975-.0821.1286-.1378.0933-.28-.0667-.4534-.3467-.56-.2.1266-.4466.2466-.3333.5466.0428.0608.0984.1114.1629.1483.0645.0368.1364.0591.2104.0651z"/><path d="m49.2461 93.8936c.0866.1533.2066.3.4266.2133.1124-.0643.195-.1703.2299-.2951.035-.1247.0194-.2582-.0432-.3716-.1611-.0271-.3256-.0271-.4867 0-.2.0734-.2266.2734-.1266.4534z"/><path d="m49.0668 86.833c-.0481.1125-.0599.2373-.0336.3569.0263.1195.0894.2278.1803.3098-.0467-.24-.1067-.4534-.1467-.6667z"/><path d="m48.666 90.2132c.1732.0912.3731.1185.5645.077.1914-.0414.3621-.149.4821-.3037.0428-.0986.0611-.2061.0534-.3133-.04-.14-.0867-.2734-.12-.4134-.0832-.1646-.2264-.2911-.4-.3533-.1719-.0707-.3623-.083-.5418-.0348-.1796.0482-.3382.1541-.4516.3015-.22.2666.0267.7466.4134 1.04z"/><path d="m47.5263 77.6201c-.4067.0933-.8733.2466-.9733.74-.0179.16-.0017.3219.0475.4752s.1303.2944.238.4141c.1077.1196.2396.2151.3868.2802.1473.065.3067.0981.4677.0971.0683-.0061.1371.0062.1992.0355s.1153.0746.1541.1312c-.0867-1.0667-.14-2.1333-.1667-3.2133-.1489.3353-.2672.6833-.3533 1.04z"/><path d="m50.9331 102.426c.0214-.01.0403-.024.0553-.043.015-.018.0257-.039.0315-.062.0057-.023.0063-.047.0016-.07-.0046-.024-.0143-.046-.0284-.065-.06-.073-.1867-.213-.3333-.153-.1467.06-.06.287 0 .32s.1533.147.2733.073z"/><path d="m50.6663 95.3331c-.009-.0977-.0519-.1893-.1213-.2587s-.161-.1123-.2587-.1213c-.2334 0-.3.14-.28.62.0546.0454.1202.0757.1902.0879.0699.0122.1419.0058.2087-.0185.0667-.0242.1259-.0656.1718-.1199.0458-.0542.0766-.1196.0893-.1895z"/><path d="m49.5996 101.153c.0087.034.0246.066.0467.093.0424.055.097.099.1595.129s.1311.046.2005.045c.1266 0 .2533.066.4333 0 .1324-.064.2483-.157.3386-.273.0902-.115.1523-.25.1814-.394.0155-.127-.0028-.255-.0532-.372s-.1309-.219-.2335-.295c-.091-.06-.1964-.0949-.3054-.1007-.109-.0059-.2176.0177-.3146.0677-.1093.047-.2055.12-.2799.213s-.1248.203-.1467.32c-.0623-.023-.1311-.023-.1934 0-.3066.074-.6666.067-.9066.38l.04.454c-.3134.28-.4667.666-.3267.86.0528.079.131.138.2219.167s.189.027.2781-.007c.3667-.12.4467-.26.4133-.72.18-.24.3134-.387.4467-.567z"/><path d="m48.8398 104.667c.2467-.24.22-.527-.08-.82-.0357-.052-.0817-.097-.1354-.13-.0536-.034-.1135-.056-.1761-.065-.0626-.01-.1264-.006-.1875.01-.0611.017-.1182.045-.1676.085-.1068.138-.1743.303-.1955.477-.0211.173.005.35.0755.51.2733.28.5666.253.8666-.067z"/><path d="m62.7397 119.267c0-.134-.2466-.174-.32-.154-.0518.019-.0976.051-.1328.093s-.0584.093-.0672.147c0 .107.18.174.2667.174s.2667-.134.2533-.26z"/><path d="m48.2866 95.6997c-.0182.015-.0328.0339-.0428.0552-.0101.0213-.0153.0446-.0153.0681 0 .0236.0052.0469.0153.0682.01.0213.0246.0402.0428.0552.06.0666.2333.22.3333.1333s0-.28 0-.3133c0-.0334-.2133-.16-.3333-.0667z"/><path d="m48.1469 96.8662c.1133 0 .28.1667.16.2067s-.1867.1867-.0934.4933c.0101.0655.0337.1281.0694.1839.0357.0557.0828.1034.1381.1398.0553.0365.1176.0609.1829.0718.0653.0108.1322.0078.1963-.0088.1787-.0428.3334-.1542.4307-.3101.0973-.156.1294-.3439.0893-.5232-.08-.38-.3066-.4-.3333-.6667s-.18-.3133-.4467-.3533-.6667-.0734-.7067.3c-.04.3733.2.4666.3134.4666z"/><path d="m48.3197 86.1664c.2667-.1533.2734-.5533 0-.9666-.0873-.0958-.2031-.1611-.3303-.1863s-.2591-.009-.3763.0463c-.1107.0999-.1939.2265-.2417.3677-.0479.1412-.0588.2923-.0317.4389.1081.1503.2625.261.4395.3152.177.0541.3668.0488.5405-.0152z"/><path d="m46.9933 88.3529c-.1616-.1865-.3718-.3246-.6072-.3987-.2354-.0742-.4867-.0815-.7261-.0213-.1762.1197-.3013.301-.3507.5083-.0493.2072-.0193.4255.084.6117.1248.1837.3075.3203.519.3879.2115.0677.4395.0626.6477-.0145.1972-.0879.3526-.249.4334-.4492.0809-.2002.0808-.424-.0001-.6242z"/><path d="m42.96 78.9199c.0312-.1742.0312-.3525 0-.5267-.0734-.2467-.4334-.2933-.6667-.14-.0454.0318-.0839.0724-.1133.1194-.0293.047-.049.0994-.0577.1542-.0087.0547-.0063.1106.007.1644.0134.0538.0374.1044.0707.1487.0921.1085.2224.1774.364.1923.1415.0149.2833-.0254.396-.1123z"/><path d="m45.5793 96.8004c-.06.2266.0667.3266.5333.42.0519-.0417.0925-.0957.1182-.1571.0257-.0613.0356-.1281.029-.1943s-.0296-.1297-.067-.1847c-.0373-.0551-.0878-.1-.1468-.1306-.0943-.0184-.192-.004-.2769.0409-.085.0449-.1519.1175-.1898.2058z"/><path d="m42.0666 80.4133c.0728.1032.1821.1751.3058.2011.1236.0259.2526.0041.3608-.0611.0955-.0697.1619-.1722.1865-.2879.0246-.1156.0057-.2363-.0531-.3388-.0749-.1009-.1845-.1704-.3077-.1951-.1232-.0246-.2511-.0026-.359.0618-.0975.0665-.1658.1679-.1906.2833s-.0043.236.0573.3367z"/><path d="m46.0329 92.9536c-.0538-.0171-.1106-.0227-.1668-.0167-.0561.0061-.1104.0239-.1593.0521s-.0914.0663-.1248.1119c-.0334.0455-.0569.0975-.0691.1527-.0189.0812-.0185.1657.0012.2468.0197.081.0581.1563.1122.2199.26.2066.52.0733.7466-.1467-.0066-.24-.04-.54-.34-.62z"/><path d="m45.3334 91.0667c.24-.2067.12-.4667 0-.7467-.2934 0-.6-.1-.7267.2467-.0065.033-.0065.067 0 .1-.1339-.0477-.2761-.0682-.418-.0602-.142.0081-.2809.0444-.4087.1069-.0489.0333-.0908.0761-.123.1259-.0323.0497-.0544.1053-.0649.1636-.0106.0584-.0094.1182.0034.1761s.037.1126.0712.161c.0727.1525.2005.2717.3576.3336.1572.0619.332.0618.4891-.0002.0939-.054.1748-.128.237-.2167s.1042-.19.123-.2967c.0774.0311.1622.0389.244.0223.0817-.0166.1568-.0568.216-.1156z"/><path d="m47.4735 93.3731c.6667.72 1.2533.3467 1.6533-.16.1355-.1683.2106-.3773.2134-.5933-.0065-.1434-.0439-.2837-.1094-.4114-.0656-.1277-.1579-.2398-.2706-.3286-.2467-.2267-.2534-.5667-.5667-.6667-.2801-.1068-.5875-.119-.8752-.0347s-.5399.2604-.7181.5014c-.1199.1416-.2023.311-.2395.4927-.0373.1818-.0283.3699.0261.5473.1267.36.62.3467.8867.6533z"/><path d="m43.5266 82.7732c.28-.16.32-.4667.1066-.8467-.2133-.38-.46-.4333-.6666-.2933-.1269.1208-.2251.2686-.2874.4325-.0623.1638-.0871.3395-.0726.5141.0967.1473.2477.2502.4201.2865.1724.0362.3521.0027.4999-.0931z"/><path d="m45.4528 86.9932c.0927-.0811.161-.1864.1975-.3041s.0397-.2432.0091-.3625c-.027-.0603-.0666-.114-.1163-.1576-.0496-.0436-.108-.0759-.1713-.0949-.0632-.019-.1298-.0241-.1952-.0151-.0654.0091-.1281.0321-.1838.0676-.1047.0601-.1848.1553-.2262.2687-.0415.1134-.0417.2378-.0005.3513.0825.098.1895.1724.3101.2157s.2505.054.3766.0309z"/><path d="m43.8333 92.6666c-.17.091-.3018.2399-.3715.4197-.0697.1797-.0727.3785-.0085.5604.1122.1698.2835.2918.4806.3423.1972.0505.4061.0259.5861-.069.064-.0384.1199-.089.1643-.1491.0444-.06.0766-.1282.0945-.2007.018-.0725.0214-.1478.0102-.2217-.0112-.0738-.037-.1447-.0757-.2085-.1533-.32-.6333-.5734-.88-.4734z"/><path d="m43.1398 86.0331c.1133.2133.78.2866 1.0467.1133.0919-.0898.1559-.2043.1843-.3297s.02-.2563-.0243-.3769c-.0739-.1513-.2022-.2691-.3592-.3297-.1571-.0606-.3312-.0595-.4875.003-.1598.0853-.2839.2248-.3499.3935s-.0696.3554-.0101.5265z"/><path d="m44.1659 89.0466c.1152-.0436.2189-.113.3031-.2029.0843-.0899.1468-.1978.1828-.3156.0361-.1178.0447-.2422.0252-.3638-.0196-.1216-.0667-.2372-.1377-.3377-.124-.1975-.3198-.3391-.5461-.395-.2264-.056-.4656-.0219-.6673.0949-.1678.1612-.2787.3726-.3159.6022-.0373.2297.001.4652.1093.6712.0498.0878.1172.1643.198.2248.0808.0606.1732.1037.2715.1269.0982.0232.2002.0258.2995.0077s.1938-.0565.2776-.1127z"/><path d="m93.2926 134.153c.0333-.234-.38-.667-.6667-.707-.2866-.04-.5266-.08-.6666.253-.14.334-.2267.474-.3467.714-.0483.036-.0875.083-.1145.136-.027.054-.0411.114-.0411.174s.0141.119.0411.173.0662.101.1145.137c.0973.076.2192.113.3423.104.123-.008.2386-.062.3244-.151.1195-.118.2596-.213.4133-.28.1472-.013.286-.074.3946-.174s.1808-.234.2054-.379z"/><path d="m98.306 134.3v.033c-.0667.267.18.353.3733.433.2667-.113.4134-.293.2934-.56-.04-.093-.2267-.206-.3067-.18l-.1533.08c.0215-.041.0351-.086.04-.133-.0124-.058-.0372-.112-.0726-.159-.0355-.047-.0808-.086-.1328-.114s-.1095-.044-.1684-.048c-.059-.003-.118.006-.1729.028-.0536.032-.0986.077-.1311.13s-.0516.114-.0556.176c.0064.073.0295.144.0677.206.0382.063.0903.115.1523.154.0451.013.0925.015.1387.007.0461-.008.0899-.026.128-.053z"/><path d="m96.28 137.18c.0411-.048.0717-.104.0897-.165s.0231-.124.0149-.187-.0294-.123-.0623-.177c-.033-.055-.0769-.101-.1289-.137-.1039-.063-.2253-.089-.3457-.076-.1205.013-.2332.066-.321.149-.0398.05-.0686.108-.0846.17-.0159.061-.0187.126-.008.189s.0346.123.0701.176.0818.098.1358.132c.0451.041.0984.072.1565.091s.1196.025.1802.018c.0607-.007.1192-.027.1715-.058.0523-.032.0973-.074.1318-.125z"/><path d="m97.6728 131.866c-.0431-.035-.0932-.061-.1471-.076-.0538-.015-.1102-.018-.1654-.01-.0553.008-.1082.028-.1555.057-.0472.03-.0876.07-.1186.116-.0456.044-.0811.098-.1041.157s-.033.122-.0292.186c.0038.063.0213.125.0512.181s.0715.104.1221.143c.0489.039.105.067.1651.084s.1229.022.1848.014c.062-.007.1219-.027.1762-.057.0544-.031.1021-.072.1405-.121.0677-.107.093-.236.0708-.36-.0222-.125-.0903-.237-.1908-.314z"/><path d="m96.9602 138.667c-.1415-.108-.32-.155-.4963-.132-.1762.024-.3359.117-.4437.258-.1079.142-.1551.32-.1314.497.0238.176.1166.335.258.443.1836.09.3921.115.5918.072.1997-.044.3788-.154.5082-.312.16-.206.0067-.64-.2866-.826z"/><path d="m95.6728 135.447c.0512.03.1082.05.1673.058.0591.007.1191.003.1765-.013.0573-.017.1108-.044.1571-.082.0464-.037.0846-.084.1124-.136.0392-.051.0672-.11.0822-.172.0149-.062.0164-.127.0045-.19-.012-.063-.0372-.123-.074-.176-.0368-.052-.0843-.096-.1394-.129-.1187-.047-.2498-.051-.3713-.012s-.2258.118-.2953.225c-.0514.109-.0614.232-.0283.347.0331.116.1072.215.2083.28z"/><path d="m93.8669 139.907c-.06.173-.14.606 0 .713s.4933-.187.5-.253c0-.2.08-.46-.1-.607s-.3667.06-.4.147z"/><path d="m95.7195 132.54c.0953-.012.187-.044.2695-.093.0826-.05.1542-.115.2105-.193.0769-.106.1303-.226.1568-.354.0264-.127.0252-.259-.0035-.386 1.3778.16 2.76.278 4.1462.353-.033.113-.053.227-.08.347-.284.05-.5487.177-.7662.366l-.1867-.1c-.1913-.039-.3905-.011-.5633.08-.1727.091-.3083.24-.3833.42-.0171.22.051.437.1901.607s.3384.28.5565.307c.1194.012.2399 0 .3544-.036.1145-.035.2208-.093.3123-.171l.0932.08c.38.3.713.14 1.033-.127.194.18.32.474.667.287.091-.046.164-.122.204-.216s.046-.199.016-.297c-.1-.367-.407-.3-.667-.267-.06-.16-.113-.307-.173-.453l.58-.254c.031-.162.047-.327.047-.493l1.62.04h.066c.067.01.134.01.2 0h1.467c-.01.124.014.248.071.359.056.111.143.204.249.268.095.067.204.114.319.136.114.022.233.02.346-.007.114-.028.22-.079.313-.15.092-.072.168-.163.222-.266.07-.116.102-.251.093-.387l1.147-.053c.135 0 .263-.053.358-.148s.149-.224.149-.359c0-.134-.054-.263-.149-.358s-.223-.148-.358-.148c-12.2998.12-24.5398-2.667-34.9132-9.414-6.2448-4.129-11.6176-9.446-15.8133-15.646-.8222-1.153-1.5618-2.363-2.2133-3.62-.0004-.03-.0073-.059-.0202-.085-.0129-.027-.0314-.05-.0544-.068-.0229-.019-.0496-.032-.0782-.039s-.0584-.007-.0872-.002l-.18-.313c-.2037-.049-.4187-.018-.6.087-.0582.055-.1044.121-.1361.194-.0316.073-.048.153-.048.232 0 .08.0164.159.048.233.0317.073.0779.139.1361.194.0329.055.0776.103.1309.139s.1139.06.1775.07c.0635.01.1286.006.1905-.011.0619-.018.1191-.049.1677-.091l.06.14c-.0543.059-.0887.134-.0983.215-.0095.08.0062.161.045.231.0314.06.0799.109.1393.141.0593.032.1269.046.194.039.4711 1.018.9986 2.008 1.58 2.967-.0116.074-.0063.15.0157.221.0219.072.0599.138.111.192.0571.061.1316.103.2133.12.1334.22.2734.447.4134.667-.1667.267-.1334.507.1533.787.1442.143.337.226.54.233.12.167.2333.347.36.513-.1959.007-.3838.08-.5333.207-.4134.327-.3534 1.013 0 1.127.3533.113.5333-.074.6.053.0666.127.08.447.3333.5s.46-.28.6133-.513c.3334.444.6734.889 1.02 1.333-.0249.084-.0312.172-.0185.258.0127.087.044.169.0919.242.0675.072.1492.129.2398.168s.1882.059.2868.059c.0667.073.1267.153.1934.233.42.5.86 1 1.3333 1.487-.1271.012-.2466.066-.34.153-.0772.131-.1074.284-.0855.435.0218.15.0943.288.2055.392.0544.067.123.121.2008.158.0779.037.163.056.2492.056s.1713-.019.2492-.056c.0778-.037.1464-.091.2008-.158.037-.04.0684-.085.0933-.134.8.84 1.6334 1.647 2.4867 2.434-.0308.064-.0468.135-.0468.206 0 .072.016.143.0468.207.0591.073.1331.133.2169.175.0839.043.1758.067.2698.072.0508-.009.0988-.029.14-.06.5133.453 1.04.893 1.5666 1.333-.0705.148-.107.31-.107.473 0 .164.0365.326.107.474.0717.188.2152.34.399.423.1837.082.3927.088.581.017.1592-.067.2975-.175.4-.314.36.28.7334.554 1.1.82.0557.07.1295.123.2134.154 1.2133.889 2.46 1.704 3.74 2.446-.0267.092-.0267.189 0 .28.0851.173.2298.31.4074.384.1775.075.3761.083.5592.023.0326-.017.0601-.042.08-.073.4934.28.9867.553 1.4867.813-.0086.092.0075.184.0467.267.2133.473.7533.78 1.1133.626.0889-.041.1684-.1.2333-.173.6667.333 1.3734.667 2.0734.96.0522.1.1368.178.2399.223.103.045.2183.053.3267.024.7267.313 1.46.613 2.2.893 0 .253.2734.3.52.26v-.053l.98.353c-.0123.071-.0123.143 0 .213.0213.056.0535.107.0948.15.0412.043.0906.077.1452.101.0547.023.1135.036.173.036.0596.001.1186-.011.1737-.033l.08-.04c.0606.146.1607.272.2891.363.1284.092.28.146.4375.157h.0601c-.0954.123-.1521.272-.1627.427-.0107.156.025.311.1026.446.053.12.125.23.2134.327-.0555.009-.1082.031-.1543.063-.0462.032-.0845.074-.1124.123-.033.073-.051.152-.0531.232-.002.08.0119.16.0411.234.0292.075.0731.143.1289.2.0559.058.1227.103.1965.134.1365.055.286.069.4303.041.1444-.028.2775-.098.383-.201.0784-.104.1208-.232.1208-.363s-.0424-.258-.1208-.363c.1698-.1.3002-.255.3694-.44.0691-.184.0729-.387.0106-.574-.0809-.184-.2187-.339-.3933-.44 1.2733.374 2.56.667 3.8533.974-.016.035-.0243.074-.0245.113-.0001.039.0079.078.0236.114.0157.035.0387.068.0676.094.0288.026.0629.046.1.059.1415.02.2851.02.4266 0 .0399-.077.0626-.161.0667-.247.56.116 1.12.222 1.68.32.0257.038.0572.072.0933.1.0734.071.1714.111.2734.111.1019 0 .1999-.04.2733-.111.3133.053.6266.107.94.147-.0691.105-.123.219-.16.34-.0358-.043-.0808-.077-.1316-.1-.0507-.023-.106-.035-.1617-.034-.0782.009-.1538.034-.2224.073-.0686.038-.1288.09-.1772.152s-.084.133-.1046.209c-.0207.076-.0261.155-.0158.233.0232.145.0878.28.186.388.0982.109.2257.187.3673.225.1309.015.2633-.012.3773-.078.1141-.066.2039-.167.256-.288.1357.062.2841.092.4333.086.013.023.0315.041.0537.054.0222.012.0474.019.073.019s.0508-.007.073-.019c.0223-.013.0408-.031.0537-.054z"/><path d="m102.887 138.153c-.07-.011-.142-.006-.209.016-.068.022-.129.06-.178.111-.073.093-.153.407-.04.507s.413-.047.513-.127c.035-.036.06-.08.075-.128.015-.047.018-.098.009-.147-.008-.049-.028-.096-.058-.136-.029-.04-.068-.073-.112-.096z"/><path d="m100.667 142.246c-.066.11-.086.24-.058.364.029.125.104.233.211.303.052.038.112.065.175.079.063.013.129.013.192-.001s.122-.041.174-.08.095-.088.126-.145c.058-.104.077-.226.051-.343s-.094-.22-.191-.29c-.051-.04-.11-.069-.173-.085s-.128-.019-.192-.008c-.064.01-.125.034-.179.07-.055.035-.101.082-.136.136z"/><path d="m101.747 135.18c-.071-.048-.151-.081-.236-.096-.084-.015-.171-.012-.254.008-.083.021-.161.059-.228.112s-.123.12-.162.196c-.1.138-.147.307-.133.477.013.169.086.329.206.45.166.067.348.083.523.045s.334-.128.457-.259c.059-.069.101-.151.124-.238.023-.088.027-.18.01-.269-.016-.09-.052-.174-.106-.248-.053-.073-.122-.134-.201-.178z"/><path d="m98.2799 140.314c-.0123.031-.0137.066-.0041.099.0097.032.0299.061.0575.081.0333 0 .14 0 .16-.054.02-.053 0-.126 0-.16-.0154-.013-.0337-.023-.0535-.029s-.0407-.007-.061-.004c-.0204.003-.0398.011-.0569.022-.0171.012-.0314.027-.042.045z"/><path d="m46.4134 101.506c.0533-.073.16-.226.06-.353s-.2933 0-.3133.053c-.0336.045-.0517.098-.0517.154 0 .055.0181.109.0517.153.0161.018.0359.032.058.042.0222.009.0461.014.0702.013.024 0 .0477-.006.0693-.017s.0406-.026.0558-.045z"/><path d="m100.667 137.6c-.024-.08-.063-.155-.114-.22-.061-.092-.147-.165-.248-.21-.102-.044-.213-.059-.3228-.042-.1093.017-.2115.064-.2946.137s-.1435.169-.1743.275c-.1095.303-.179.619-.2067.94.0128.188.0839.367.2034.513s.2814.251.4633.3c.2067.04.6667-.033.6667-.46-.347-.62.153-.707.027-1.233z"/><path d="m98.1798 143.026c-.057.046-.1033.104-.1355.17-.0323.065-.0497.137-.0511.21.0666.294.44.314.58.24.0429-.04.0764-.088.0984-.143.0219-.054.0316-.113.0284-.171-.0032-.059-.0192-.116-.0468-.167-.0277-.052-.0664-.097-.1134-.132-.0543-.032-.116-.049-.1791-.051-.0631-.001-.1254.014-.1809.044z"/><path d="m99.4929 135.713c-.1134-.16-.6667-.126-.72.12-.0171.099.0009.2.0509.286.0499.087.1286.153.2224.187.24.047.5666-.433.4467-.593z"/><path d="m83.9999 135.147c-.1867.106-.1467.26-.08.406.0666.147.3133.3.4733.16.0947-.108.1733-.229.2333-.36-.0261-.056-.0635-.106-.1097-.147s-.1003-.072-.159-.091c-.0587-.02-.1207-.027-.1823-.021-.0615.005-.1213.023-.1756.053z"/><path d="m85.3333 138.873c-.038.026-.0676.063-.0853.105-.0178.043-.0229.09-.0147.135.04.08.2066.1.3.087.0933-.013.2-.153.1533-.273s-.2533-.08-.3533-.054z"/><path d="m87.6796 133.554c-.1575-.06-.3284-.073-.4934-.04s-.3174.111-.44.226c-.1666.2-.3466.407-.1266.667s.2866.44.4333.667c.0035.059.0209.117.0508.168.03.052.0716.096.1216.128.0499.033.1068.053.1661.059.0592.007.1191-.001.1748-.022.1234-.04.2264-.126.2873-.241.061-.114.0751-.248.0394-.372-.0364-.165-.0364-.336 0-.5.0453-.131.0492-.272.011-.404-.0382-.133-.1166-.25-.2243-.336z"/><path d="m91.9199 138.246c-.0534.047-.1134.287 0 .36.1133.074.28-.066.3466-.126.0667-.06.0534-.194 0-.24-.053-.031-.1132-.046-.1742-.045-.061.002-.1206.019-.1724.051z"/><path d="m85.4664 131.287c-.0438.021-.0938.024-.1401.01-.0464-.015-.0856-.046-.1099-.088-.0244-.042-.032-.091-.0215-.139.0105-.047.0384-.089.0782-.117.1122-.193.1451-.423.0916-.641-.0534-.217-.189-.405-.3782-.525-.1177-.063-.2472-.101-.3804-.112-.1331-.01-.267.007-.393.052 0 0 0 0 0-.04-.0307-.068-.0754-.129-.1313-.178s-.1216-.086-.1928-.108c-.0712-.023-.1463-.029-.2203-.02s-.1452.034-.2089.072c-.0869.026-.1666.071-.2325.133s-.1162.139-.1467.224c-.0306.085-.0406.177-.0291.266.0114.09.044.176.095.251.0484.112.1226.21.2165.288.0938.077.2046.132.3234.158.0297.169.1228.319.26.42.2085.096.4424.122.6667.074-.0391.114-.0391.239 0 .353.043.103.1237.185.2254.229.1018.045.2168.049.3213.011.0623-.01.1215-.033.173-.07.0515-.036.0937-.084.1235-.14.0297-.056.0461-.117.0479-.18s-.0112-.126-.0378-.183z"/><path d="m103.767 134c.093-.118.14-.267.13-.417s-.075-.291-.184-.396c-.098-.075-.22-.111-.343-.101-.123.009-.238.064-.323.154-.075.144-.098.308-.067.467.032.159.116.302.24.406.088.057.194.076.296.055.103-.021.192-.081.251-.168z"/><path d="m82.6662 136.334c-.08 0-.26.2-.22.3s.2933.12.3666.086c.0499-.025.0903-.067.1154-.117.0252-.05.0338-.107.0246-.163-.0304-.045-.0745-.08-.126-.099-.0515-.02-.1077-.022-.1606-.007z"/><path d="m84.0925 133.333c-.0255-.055-.0621-.105-.1077-.146s-.0992-.072-.1573-.092c-.0582-.019-.1197-.026-.1808-.021s-.1203.023-.1742.053c-.1866.106-.1466.26-.08.406.0128.048.0371.092.0709.128.0339.036.0761.063.1229.079.0469.016.0969.02.1457.012.0487-.008.0947-.028.1339-.059.0951-.106.1717-.228.2266-.36z"/><path d="m90.1063 135.267c-.2531-.086-.5289-.076-.7749.029-.246.104-.4448.296-.5585.538-.1133.36.3334.566.5934.493s.1866 0 .3866.187c.0496.066.1157.118.1918.151.076.033.1594.045.2418.036.0823-.009.1608-.04.2274-.09.0667-.049.1192-.115.1524-.191.0781-.215.0744-.451-.0104-.664s-.2448-.387-.4496-.489z"/><path d="m90.6127 136.593c-.0434.028-.0789.067-.1034.112-.0245.046-.0371.096-.0366.148 0 .067.18.247.2933.2s.0867-.267.0667-.36c-.0189-.04-.0514-.072-.0917-.09-.0403-.019-.0858-.022-.1283-.01z"/><path d="m91.8195 132.574c-.0214-.056-.0535-.107-.0946-.15s-.0903-.078-.1448-.102-.1132-.037-.1728-.039c-.0595-.001-.1188.009-.1744.031-.1059.055-.1906.144-.2412.253-.0506.108-.0642.23-.0388.347.0224.055.0559.105.0982.147.0424.042.0929.075.1484.097.0555.021.1149.032.1745.03.0595-.002.1182-.016.1722-.041.0575-.017.1108-.046.1563-.085.0456-.038.0825-.087.1083-.141s.0399-.113.0414-.172c.0015-.06-.0096-.12-.0327-.175z"/><path d="m87.9461 131.294c-.0667.093.0466.313.1133.353.0215.017.0461.03.0724.037.0264.008.0539.01.0812.007.0272-.003.0536-.011.0776-.025.0239-.013.0451-.031.0621-.052.0171-.022.0298-.046.0374-.073.0075-.026.0098-.054.0067-.081s-.0115-.053-.0248-.077-.0311-.046-.0526-.063c-.06-.053-.32-.113-.3733-.026z"/><path d="m86.9726 136.853c-.2084.173-.3454.418-.3848.686-.0393.268.0217.541.1715.767.2467.28.6667 0 .7267-.253s.0866-.167.36-.233c.0832-.006.1635-.034.2324-.081s.1239-.111.1593-.187.0499-.159.042-.242-.038-.163-.0871-.23c-.1419-.179-.3435-.3-.5676-.341-.2242-.042-.4558-.001-.6524.114z"/><path d="m113.593 141.18c-.015.031-.018.065-.009.098.008.033.028.062.055.082.04 0 .147 0 .16-.054.014-.053.034-.126 0-.16-.015-.013-.032-.023-.052-.029-.019-.006-.039-.007-.059-.004s-.039.011-.055.022c-.017.012-.031.027-.04.045z"/><path d="m117.366 139.433c-.038.051-.066.108-.082.17-.015.062-.018.126-.007.188.011.063.034.123.069.176s.08.098.134.133c.038.04.085.071.138.09.052.019.108.025.164.017.055-.007.108-.027.154-.058.046-.032.084-.074.11-.122.039-.046.068-.1.085-.157.017-.058.022-.118.015-.178-.008-.059-.028-.117-.059-.168-.03-.051-.072-.096-.121-.131-.089-.064-.197-.095-.307-.087-.109.007-.213.052-.293.127z"/><path d="m115.266 133.626c-.065.082-.112.175-.139.276-.027.1-.032.205-.017.308.016.102.053.201.108.288.055.088.128.164.214.222.196.124.43.172.658.135.229-.037.436-.156.582-.335.102-.196.136-.421.096-.638-.039-.217-.151-.415-.316-.562-.096-.064-.205-.106-.319-.125-.113-.019-.23-.014-.342.015s-.216.081-.307.153c-.09.071-.165.161-.218.263z"/><path d="m114.813 141.113c-.053.04-.08.307 0 .353.08.047.28-.06.347-.126.067-.067 0-.227 0-.24-.054-.028-.115-.042-.175-.039-.061.002-.12.02-.172.052z"/><path d="m115.793 136.92c-.093.133 0 .4.247.54.029.028.064.049.102.06.039.012.08.014.119.006.04-.008.077-.025.108-.051.031-.025.055-.058.071-.095.107-.18.153-.373-.047-.533-.093-.059-.203-.083-.313-.07-.109.013-.21.064-.287.143z"/><path d="m113.913 135.567c-.061.079-.089.179-.078.278.012.1.061.191.138.255.133.14.62 0 .667-.153.01-.08.003-.161-.023-.237-.025-.077-.068-.146-.124-.203-.038-.043-.085-.076-.138-.096-.053-.021-.111-.028-.167-.022-.057.005-.111.025-.159.056s-.088.072-.116.122z"/><path d="m113.673 139.08c-.015.054-.014.112.002.167.017.054.048.102.091.139.087.047.267.134.32 0 .023-.051.031-.107.024-.162s-.029-.107-.064-.151c-.046-.02-.32-.093-.373.007z"/><path d="m123.547 130.726c-.067.094.046.314.113.354.021.017.046.029.072.037.027.008.054.01.082.007.027-.003.053-.012.077-.025s.045-.031.062-.053c.017-.021.03-.046.038-.072.007-.026.009-.054.006-.081s-.011-.054-.024-.078c-.014-.024-.032-.045-.053-.062-.06-.053-.307-.087-.373-.027z"/><path d="m113.426 139.887c-.124-.053-.262-.071-.396-.051s-.26.077-.364.164c-.055.107-.068.231-.034.346.033.116.11.214.214.274.052.033.11.054.17.062.061.008.122.004.181-.013.058-.017.112-.046.159-.086.046-.039.084-.088.11-.143.147-.22.14-.44-.04-.553z"/><path d="m104.366 137.473c-.266-.186-.573-.086-.813.267-.044.049-.077.106-.099.168s-.031.128-.027.194c.003.065.02.129.048.189.029.059.069.112.118.156.16.077.338.109.514.091.177-.018.345-.084.486-.191.05-.07.085-.151.1-.235.016-.085.013-.172-.008-.255-.022-.084-.062-.161-.117-.227-.055-.067-.124-.12-.202-.157z"/><path d="m127.293 130.04c-.042-.021-.09-.029-.136-.022-.047.007-.09.029-.124.062-.047.067 0 .22.087.293.086.074.233.094.313 0 .08-.093-.1-.28-.14-.333z"/><path d="m122.426 134.44c-.066.134-.14.514 0 .58.14.067.447-.073.567-.166.12-.094.107-.34-.087-.5-.028-.043-.069-.077-.117-.097-.047-.02-.1-.026-.151-.016-.051.009-.098.033-.135.068-.038.035-.064.081-.077.131z"/><path d="m120.033 129.287c-.107-.065-.233-.088-.356-.066-.122.022-.233.088-.31.186-.056.112-.071.24-.042.362.03.122.101.23.202.304.092.061.206.082.314.06.109-.023.204-.087.266-.18.04-.048.071-.103.09-.163.018-.06.024-.123.017-.186-.007-.062-.026-.123-.057-.177-.032-.055-.074-.103-.124-.14z"/><path d="m121.333 130.533c-.18-.087-.38-.113-.46.087s-.133.56 0 .666c.134.107.474-.18.58-.306.107-.127.114-.314-.12-.447z"/><path d="m120.24 139.14c-.054.107-.094.34 0 .413.066.03.139.042.212.035.072-.007.141-.033.201-.075.073-.066.147-.413.047-.486-.1-.074-.42.04-.46.113z"/><path d="m119.006 130.827c-.173-.053-.359-.045-.527.021-.168.067-.309.188-.399.345-.194.307-.08.607.306.84.125.062.267.081.403.053.137-.028.26-.1.351-.206.07-.172.095-.36.071-.544-.023-.185-.093-.36-.205-.509z"/><path d="m107.406 136.56c-.4-.287-.84-.307-1.02-.047-.066.166-.079.348-.037.521s.137.329.271.446c.148.056.309.066.463.027.154-.038.292-.122.397-.24.07-.109.101-.238.088-.366-.014-.129-.071-.249-.162-.341z"/><path d="m108.353 139.886c.04-.049.069-.105.086-.166s.021-.125.012-.187c-.008-.063-.03-.123-.063-.177s-.077-.1-.128-.136c-.106-.067-.232-.092-.355-.071s-.234.086-.312.184c-.057.111-.072.239-.044.361s.098.23.197.306c.047.033.1.057.157.07.056.012.114.013.171.003.057-.011.111-.033.159-.065s.089-.073.12-.122z"/><path d="m107.846 144.134c-.093.093-.173.626 0 .766.174.14.627-.213.74-.373.047-.098.062-.207.043-.314s-.071-.204-.149-.279c-.167-.134-.48.066-.634.2z"/><path d="m104.946 140.38c-.047-.042-.103-.073-.162-.092-.06-.019-.123-.025-.186-.019-.062.006-.123.025-.178.056-.054.03-.102.071-.141.121-.041.037-.073.083-.093.135-.021.051-.029.107-.023.162.005.055.023.108.052.155.03.047.07.086.118.115.043.048.096.085.155.11.059.024.124.035.188.031s.126-.022.182-.054c.056-.031.104-.075.141-.127.067-.088.099-.197.089-.307s-.06-.212-.142-.286z"/><path d="m108.593 141.14c-.18-.1-.373-.167-.533 0-.049.115-.058.245-.024.366s.108.227.211.3c.146 0 .3-.106.413-.226.031-.031.055-.068.069-.109.014-.042.017-.086.011-.129-.007-.043-.023-.083-.049-.119-.025-.035-.059-.064-.098-.083z"/><path d="m105.48 138.906c-.057.13-.064.276-.019.41.044.134.136.247.259.317.067.054.144.093.227.115.084.022.17.026.255.012s.166-.045.238-.092.133-.109.18-.182c.092-.119.138-.269.128-.42s-.074-.293-.182-.4c-.182-.087-.388-.111-.585-.068-.197.044-.373.152-.501.308z"/><path d="m104.86 142.906c-.07.103-.099.227-.083.35s.076.236.17.317c.107.067.237.09.361.063.124-.026.233-.098.305-.203.058-.111.074-.238.047-.36-.026-.122-.095-.23-.193-.307-.048-.035-.103-.06-.161-.073-.058-.012-.118-.011-.175.002-.058.013-.112.039-.159.076-.047.036-.085.082-.112.135z"/><path d="m110.84 137.546c-.115-.052-.245-.063-.366-.03-.122.033-.229.107-.301.21-.077.129-.109.28-.089.429.019.149.088.287.196.391.15.083.322.115.492.094.17-.022.329-.097.454-.214.107-.193-.086-.673-.386-.88z"/><path d="m111.373 143c-.021.061-.023.127-.005.189s.054.117.105.158c.047.02.098.027.149.019.05-.007.098-.027.137-.059.025-.044.038-.094.038-.144s-.013-.099-.038-.143c-.086-.053-.32-.14-.386-.02z"/><path d="m112.666 132.667c.098-.128.146-.286.137-.447-.01-.16-.078-.312-.19-.426-.227-.26-.507-.24-.787.18-.082.315-.144.636-.187.96-.007.056-.003.113.013.167s.043.105.079.148.082.078.132.103c.051.025.106.039.163.042.111.017.225-.011.316-.077s.153-.166.171-.277c.034-.13.085-.256.153-.373z"/><path d="m113.027 136.873c.113-.093.053-.527-.147-.667s-.293 0-.393.147c-.034.036-.059.08-.071.128-.013.047-.014.097-.003.146.011.048.034.092.067.13.033.037.074.065.12.083.147.073.314.126.427.033z"/><path d="m110.239 134.44c-.046-.533-.153-.72-.446-.747-.099-.014-.201.004-.288.054s-.155.127-.192.22c-.063.108-.084.236-.06.358.025.123.093.233.193.308.313.16.553-.033.793-.193z"/><path d="m109.559 131.587c.117.094.26.15.409.158.15.008.298-.031.424-.111.088-.137.141-.293.154-.454.013-.162-.015-.325-.08-.473-.667.073-1.334.147-2 .2.046.167.16.313.313.3.153-.022.309.003.448.07.14.068.255.176.332.31z"/><path d="m110.3 135.6c-.049-.055-.11-.097-.178-.123-.069-.025-.143-.034-.215-.024-.086.04-.162.096-.225.166s-.111.152-.142.241c-.067.353.26.38.527.5.246-.24.426-.474.233-.76z"/><path d="m92.9794 135.633c-.2133.073-.14.347-.08.42s.4467.433.6067.373.1-.526.04-.566-.3467-.3-.5667-.227z"/><path d="m56.6658 111.58c-.24.1-.1533.667.18.947.0833.074.1913.116.3033.116.1121 0 .2201-.042.3034-.116.2466-.2.38-.614.2333-.807-.28-.387-.76-.247-1.02-.14z"/><path d="m56.5793 115.62c-.1379.119-.2276.285-.2522.465-.0245.181.0177.364.1189.515.1371.12.3104.189.4919.198.1815.008.3605-.045.5081-.151.2-.167.1533-.667-.0733-.933-.045-.06-.1016-.11-.1664-.147-.0647-.037-.1363-.06-.2104-.069s-.1492-.002-.2208.019-.1382.056-.1958.103z"/><path d="m55.8463 114.487c-.1666-.12-.5266 0-.6666.1-.0356.037-.0629.081-.08.129-.0171.049-.0237.1-.0193.151.0045.051.0198.101.0449.146.0252.045.0596.083.101.114.0311.034.0699.06.1133.076.0433.016.0899.022.1357.016.0459-.006.0896-.023.1275-.05.0379-.026.0689-.061.0902-.102.1133-.12.3067-.454.1533-.58z"/><path d="m58.4726 119.6c-.12-.167-.38 0-.4533.053s-.1733.24-.0533.367c.0515.042.1163.066.1833.066s.1318-.024.1833-.066c.08-.02.26-.247.14-.42z"/><path d="m55.9058 122c-.0246.042-.0376.089-.0376.137s.013.095.0376.137c.0457.026.0974.04.1501.04.0526 0 .1043-.014.15-.04.0533-.054.1666-.234 0-.36-.1667-.127-.2067.046-.3001.086z"/><path d="m55.6868 117.253c-.016.057-.016.117 0 .174.0408.015.0858.015.1266 0 0-.054.0867-.127.0467-.18-.04-.054-.1133.006-.1733.006z"/><path d="m60.5529 116.82c-.0457.064-.0776.137-.0937.214-.016.077-.0159.156.0003.233.0534.12.4667.26.6134.12.0785-.079.1227-.185.1227-.297 0-.111-.0442-.218-.1227-.296-.0317-.04-.0725-.072-.1189-.093s-.0972-.03-.148-.028c-.0509.003-.1004.018-.1444.043-.044.026-.0813.061-.1087.104z"/><path d="m61.8929 115.874c.0501-.043.0889-.098.1131-.16.0242-.061.033-.127.0258-.193s-.0303-.129-.0673-.183c-.037-.055-.0867-.1-.1449-.131-.1267-.047-.36.16-.5333.273-.0238.011-.045.027-.0622.047s-.03.044-.0375.069c-.0076.025-.0097.051-.0063.077s.0122.052.026.074c.0824.097.1957.162.3208.185s.2542.003.3658-.058z"/><path d="m58.7595 120.666c-.2.047-.4467.507-.3.667.1466.16.4333.36.6667 0 .2333-.36-.1667-.74-.3667-.667z"/><path d="m61.6331 123.42c-.0866.093-.2666.38-.0666.573.2.194.4266-.033.4933-.113.0327-.063.0498-.132.0498-.203s-.0171-.141-.0498-.204c-.0222-.034-.0517-.063-.0864-.085s-.0738-.036-.1145-.041-.082-.001-.121.011c-.039.013-.0748.034-.1048.062z"/><path d="m61.7993 121.613c.0734 0 .18-.173.1334-.28-.0467-.107-.2067-.133-.2867-.107-.08.027-.2533.2-.2133.3s.2933.12.3666.087z"/><path d="m62.5402 120.5c-.0241.011-.0432.03-.0533.054-.2067 0-.6667.366-.5334.6.0502.097.1338.173.2355.213.1017.041.2146.043.3179.007.1466-.074.1866-.34.1533-.547h.0733c.0534 0 .2067-.16.16-.28-.0466-.12-.2666-.073-.3533-.047z"/><path d="m54.6666 117.267c-.2.146-.0533.513-.08.726l.1267.074c.0899.022.1848.015.2702-.021s.1567-.099.2031-.179c.0942-.1.1508-.23.16-.367-.22-.067-.4933-.373-.68-.233z"/><path d="m60.1401 118c-.1667.06-.16.44 0 .56.1191.054.2493.079.38.073.2533-.22.3-.486.1333-.573-.0772-.044-.1624-.072-.2506-.082-.0881-.01-.1775-.003-.2627.022z"/><path d="m60.0934 115.333c-.16-.667-.7866-.367-.7333-.8s.4267-.2.46-.82-.48-1.013-.86-.8-.3533.607-.4533.627-.5667 0-.58.353c0 .733.6666.587.6666.807s-.1.666-.04.98c.0867.466.42.84.9.666.1114-.019.2175-.061.3115-.124.0939-.063.1737-.144.234-.24.0603-.095.0999-.203.1162-.314.0163-.112.0089-.226-.0217-.335z"/><path d="m48.8661 107.333c-.039.032-.0705.072-.0921.118-.0216.045-.0328.095-.0328.146 0 .05.0112.1.0328.145.0216.046.0531.086.0921.118.0905.12.2215.203.3687.234.1472.03.3004.006.4313-.067.0999-.11.1637-.247.1828-.394.0191-.146-.0075-.295-.0761-.426-.1933-.2-.6133-.134-.9067.126z"/><path d="m55.3861 113.16c.0864-.134.1271-.293.1163-.453s-.0726-.312-.1763-.433c-.0938-.074-.2079-.117-.327-.125-.1192-.007-.2376.023-.3396.085-.3334.306-.4334.733-.22.946.1401.096.3067.146.4765.142.1698-.003.3342-.06.4701-.162z"/><path d="m47.7398 105.647c-.0804.113-.1236.248-.1236.387 0 .138.0432.273.1236.386.0425.046.094.083.1514.108.0573.025.1193.038.1819.038.0627 0 .1246-.013.182-.038s.1089-.062.1514-.108c.0879-.085.1428-.199.155-.321s-.0191-.244-.0884-.345c-.0979-.089-.2199-.146-.3504-.165-.1306-.019-.2638.001-.3829.058z"/><path d="m51.2534 103.26c-.1743-.121-.3812-.186-.5933-.186-.2467-.087-.8.046-.8867.26-.0867.213.1467.373.3733.46.0416.133.1148.254.2134.353.26.253.5733.213.8866-.113.0814-.113.1258-.247.127-.386s-.0409-.274-.1203-.388z"/><path d="m48.0333 112.7c-.0261.037-.0401.082-.0401.127s.014.09.0401.127c.06.066.22 0 .3067 0 .0866 0 .14-.214.06-.314s-.2934.027-.3667.06z"/><path d="m47.6396 99.5865c-.1533-.28-.2333-.6333-.5933-.78l-.4267.1467c-.108-.0743-.2273-.1306-.3533-.1667.0032-.0154.0032-.0313 0-.0467-.0534-.1266-.2667-.0933-.3067-.06l-.0867.0734c-.0613.0146-.117.0471-.16.0933-.06.0746-.0928.1675-.0928.2633s.0328.1888.0928.2634c.2067.3266.36.3666.7934.2266.2524.1436.5128.2727.78.3867.0534.0135.1096.0122.1623-.0041.0527-.0162.0999-.0467.1364-.088.0366-.0414.061-.092.0706-.1463s.0041-.1102-.016-.1616z"/><path d="m80.9267 132.833c-.0787.033-.1498.082-.2088.143-.059.062-.1046.135-.134.215s-.042.166-.0369.251.0277.168.0664.244c.1.274.4467.36.8267.207.0634-.014.1228-.042.1742-.082s.0935-.091.1234-.148c.0298-.058.0467-.122.0494-.187s-.0088-.13-.0337-.19c-.0872-.14-.209-.255-.3539-.335-.1448-.079-.3076-.12-.4728-.118z"/><path d="m49.9599 105.247c-.1334-.147-.28-.12-.4334.04 0 .06-.0333.166 0 .213.1212.178.1798.392.1667.607 0 .1.22.246.3467.26.0773-.003.1532-.022.2231-.055.0699-.034.1323-.081.1835-.139.021-.062.0283-.128.0214-.194s-.0279-.129-.0614-.186c-.1339-.194-.2833-.376-.4466-.546z"/><path d="m53.0733 113.213c-.1267-.166-.32-.073-.46.06-.14.134-.1667.434 0 .514.1666.08.4266.253.5733.04.1467-.214-.0133-.494-.1133-.614z"/><path d="m53.6466 114.246c-.1366-.056-.29-.056-.4266 0-.1667.094-.14.467.0466.567.1119.036.2301.047.3467.033.2133-.233.2133-.513.0333-.6z"/><path d="m54.3264 109.667c-.1737-.153-.3939-.243-.6251-.255-.2311-.013-.4596.054-.6483.188-.3533.28-.32.833.0667 1.287.0631.077.1411.141.2293.188.0882.046.1849.075.2843.084.0995.008.1997-.003.2947-.034.0949-.03.1828-.08.2584-.145.1802-.164.2941-.388.3199-.63s-.0382-.485-.1799-.683z"/><path d="m51.0131 117.487c-.0511.039-.0926.089-.1211.147s-.0434.122-.0434.186c0 .065.0149.128.0434.186s.07.108.1211.147c.034.043.0766.079.125.104.0484.026.1016.041.1562.045.0546.003.1093-.004.1608-.023.0514-.019.0985-.048.138-.086.2067-.206.28-.62.1333-.766-.1123-.059-.239-.085-.3654-.074-.1263.011-.247.057-.3479.134z"/><path d="m51.1599 114c-.0927.092-.1502.214-.1624.344-.0121.131.0217.261.0957.369.1533.167.54.127.8534-.153 0-.087 0-.274-.04-.387-.0781-.12-.1993-.204-.3385-.237-.1392-.032-.2855-.009-.4082.064z"/><path d="m50.9467 111.246c-.0565.071-.0986.151-.124.237-.0253.087-.0335.177-.0239.267.0194.18.1098.346.2512.46.1415.114.3224.167.5031.148.1806-.02.3462-.11.4602-.252.1213-.103.1984-.249.2158-.408.0173-.158-.0265-.317-.1224-.445-.1632-.134-.3676-.208-.5788-.209-.2113-.001-.4165.07-.5812.202z"/><path d="m47.4332 113.673c-.0666.047-.18.28-.1067.36.0734.08.3201 0 .3734-.04.021-.017.0383-.039.0511-.063.0127-.024.0205-.051.023-.078.0024-.027-.0005-.055-.0086-.081s-.0213-.05-.0389-.071c-.0175-.021-.0389-.038-.0632-.051-.0242-.013-.0507-.021-.0779-.023-.0272-.003-.0547 0-.0808.008-.0261.009-.0504.022-.0714.039z"/><path d="m74 131.293c-.0547 0-.1082.016-.1551.044s-.0854.068-.1116.116c-.04.1.1067.227.1934.253.0866.027.2933-.04.3266-.166.0334-.127-.1666-.247-.2533-.247z"/><path d="m76.1132 132.42c-.0666-.194-.5133-.16-.7533.1s.0667.62.2333.666c.1667.047.5867-.58.52-.766z"/><path d="m76.1534 129.62c-.1-.18-.2467-.293-.44-.227-.4988.141-.9459.423-1.2867.814-.0398.071-.069.147-.0867.226-.0275.105-.0247.216.0082.319.0329.104.0945.196.1776.266s.1843.114.2918.129c.1076.014.2171-.002.3158-.047.3071-.105.5986-.25.8666-.433.131-.137.2162-.312.2437-.499.0274-.188-.0041-.379-.0903-.548z"/><path d="m72.8993 133.067c.017.107.071.205.1525.277.0816.072.1856.113.2942.116.2733-.04.4333-.667.2733-.773-.16-.107-.7466.113-.72.38z"/><path d="m71.8465 135.1c-.1067.06-.3733.273-.2467.52.1267.247.4134.107.5067.053.0551-.044.0986-.102.1264-.167.0279-.065.0395-.136.0336-.206-.0081-.045-.0268-.087-.0544-.123s-.0634-.065-.1044-.085c-.041-.019-.0861-.029-.1315-.027-.0454.001-.0899.013-.1297.035z"/><path d="m73.333 129.22c.0985-.051.1737-.137.2097-.241.0361-.105.0302-.219-.0163-.319-.0172-.048-.0453-.091-.082-.126-.0368-.035-.0812-.061-.1297-.076s-.0998-.019-.1499-.01c-.0501.008-.0975.028-.1385.058-.0628.047-.1154.105-.1544.173s-.0636.143-.0722.221c-.02.133.32.433.5333.32z"/><path d="m72.2268 129.486c-.18 0-.3.367-.1733.54.1267.174.26.154.3333.194.3134-.127.4467-.36.32-.5-.125-.136-.2963-.219-.48-.234z"/><path d="m75.7396 138.373c-.0183.058-.0219.12-.0102.179.0116.059.0381.115.0769.161.0636.038.1361.058.21.058s.1464-.02.21-.058c.0867-.106-.0733-.386-.1533-.426-.0584-.015-.1196-.015-.178 0-.0583.015-.1118.045-.1554.086z"/><path d="m79.5059 134.627c.1092-.026.204-.093.2639-.188s.0801-.209.0561-.319c-.0405-.144-.1364-.266-.2667-.34-.24-.113-.4133 0-.6666.447.1466.213.2466.513.6133.4z"/><path d="m72.1465 127.72c.1129.016.2278.008.3373-.023.1095-.032.211-.087.2979-.16.087-.074.1573-.165.2064-.268s.0758-.215.0784-.329c.06-.667-.6266-.607-.4333-1s.4733-.047.7067-.62c.2333-.573-.12-1.113-.5534-1.04-.4333.073-.5266.453-.6266.447-.1-.007-.54-.187-.6667.14-.2667.666.4067.76.3933.986-.0133.227-.3133.587-.3666.92-.0734.467.1266.927.6266.947z"/><path d="m79.6394 138.38c-.1885.111-.3338.283-.4124.488-.0787.204-.086.429-.0209.638.0835.206.2421.373.4437.467s.4313.108.6429.04c.1894-.148.3353-.345.4221-.569s.1115-.467.0713-.704c-.1099-.195-.2894-.34-.5023-.407-.2129-.066-.4432-.05-.6444.047z"/><path d="m79.3329 132.474c.1031-.059.1814-.153.2201-.265.0388-.112.0353-.234-.0097-.344-.045-.109-.1284-.199-.2347-.251-.1062-.053-.228-.065-.3424-.034-.1105.046-.1998.132-.2504.241-.0506.108-.0587.232-.0229.346.0493.122.1422.221.2606.277.1184.057.2537.068.3794.03z"/><path d="m78.0794 130.793c-.0758-.014-.1538-.009-.2272.015-.0733.023-.1397.064-.1931.12-.0535.055-.0924.123-.1133.197s-.0231.153-.0064.228c.0303.089.0802.169.146.236s.1457.119.234.151c.0845.008.1698-.003.2488-.035.0789-.031.1491-.081.2045-.145.0385-.069.0614-.145.0672-.223.0057-.078-.0058-.156-.0338-.23-.028-.073-.0718-.139-.1283-.193-.0564-.055-.1242-.096-.1984-.121z"/><path d="m76.0395 134.98c-.0861.029-.1653.076-.2329.136-.0676.061-.1221.134-.1601.217-.0381.082-.059.172-.0613.262-.0024.091.0138.181.0476.265.1067.216.2837.389.5018.491s.4643.126.6982.069c.1708-.091.3012-.243.3654-.425.0642-.183.0575-.383-.0187-.561-.042-.107-.1055-.205-.1867-.286-.0811-.082-.1781-.146-.285-.188-.1069-.043-.2213-.063-.3363-.059-.115.003-.228.03-.332.079z"/><path d="m63.7734 126c-.0552.024-.1049.058-.1457.102-.0407.044-.0716.096-.0905.153-.019.057-.0255.117-.0193.177.0063.059.0252.117.0555.168.0173.052.0455.1.0827.14.0371.041.0824.073.1329.094.0504.021.1048.032.1596.031.0548-.002.1087-.014.1581-.038.2667-.12.4734-.493.38-.667-.0926-.089-.2082-.152-.3341-.18s-.2571-.021-.3792.02z"/><path d="m66.8995 131.9c-.0321.036-.0549.079-.0665.125-.0116.047-.0117.095-.0002.142.0347.041.0793.072.1294.091.0502.018.1044.024.1573.016.0666 0 .2333-.167.14-.334-.0934-.166-.28-.08-.36-.04z"/><path d="m67.2792 126.993c-.2334.073-.22.46-.3134.667.0331.036.0643.074.0934.113.0744.055.1643.084.2566.084.0924 0 .1823-.029.2567-.084.1218-.065.2163-.171.2667-.3-.16-.14-.32-.553-.56-.48z"/><path d="m66.9465 125.366c.0467-.126-.1933-.333-.2866-.346-.0608.006-.1187.029-.1678.065-.0492.036-.0879.085-.1122.141.0026.061.0205.121.0519.173s.0755.096.1281.127c.0729.011.1474.002.2155-.026s.1272-.075.1711-.134z"/><path d="m64.7734 119.48c-.1267-.153-.54 0-.6667.347s.2667.567.4467.573c.18.007.3466-.76.22-.92z"/><path d="m66.5994 123.134c.12.113.28.246.44.133s.14-.467.0867-.62c-.0096-.035-.0291-.067-.0563-.092-.0271-.025-.0608-.042-.097-.048.0019-.194-.0695-.382-.2-.527-.0749-.087-.1669-.158-.2704-.209-.1036-.05-.2163-.079-.3314-.084-.115-.005-.2298.014-.3373.055-.1075.042-.2054.104-.2876.185-.1295.104-.2157.252-.2416.416s.0104.332.1016.471c-.0514-.032-.1087-.052-.1684-.06s-.1204-.004-.1783.013c-.1215.057-.2187.155-.2737.278-.0551.122-.0644.26-.0263.389.0934.2.4667.293.86.133 0-.087.12-.253.0867-.38-.014-.05-.0366-.097-.0667-.14.1443.083.3049.134.4706.149.1657.014.3326-.007.4894-.062z"/><path d="m64.0797 117.88c.0836-.173.1106-.367.077-.557-.0335-.189-.1257-.362-.2636-.496-.0579-.073-.1414-.12-.2333-.132-.0919-.013-.1851.011-.2601.065-.429.293-.7591.709-.9466 1.194-.013.079-.013.16 0 .24.0062.11.044.217.1089.307s.1542.159.2573.2c.1031.04.2157.051.3245.029.1088-.021.2092-.073.2893-.15.2437-.205.461-.44.6466-.7z"/><path d="m69.6459 126.067c-.1675.07-.3044.198-.3862.361-.0818.162-.1032.349-.0604.525.0892.158.2295.282.3979.349.1684.068.3548.077.5287.025.24-.094.3667-.58.24-.907-.0232-.071-.0605-.137-.1095-.193-.049-.057-.1088-.103-.1759-.136-.0671-.032-.1402-.052-.2148-.056s-.1493.007-.2198.032z"/><path d="m70.0529 131.526c-.2067 0-.5867.334-.5134.56.0734.227.2934.487.6667.254.3733-.234.0533-.787-.1533-.814z"/><path d="m68.1934 127.474s.1066.08.12.066c.0133-.013.1199-.093.1-.153-.02-.06-.0934-.047-.1467-.067-.034.046-.0589.098-.0733.154z"/><path d="m69.8466 130.82c.0933 0 .3333-.167.28-.367-.0534-.2-.36-.14-.4467-.1s-.24.167-.1733.327c.0302.06.0813.108.1438.133.0625.026.1321.028.1962.007z"/><path d="m71.2662 123.913c-.1679-.146-.3852-.224-.6079-.216-.2227.007-.4343.099-.5921.256-.1415.167-.2225.378-.2297.597-.0073.219.0596.434.1897.61.1468.167.3516.272.573.295.2215.022.4431-.041.6203-.175.1362-.2.2129-.435.2211-.677.0083-.242-.0522-.481-.1744-.69z"/><path d="m69.3329 123.333c.127-.098.2185-.236.2606-.391s.0325-.319-.0273-.469c-.0628-.103-.1566-.183-.2679-.23s-.2345-.057-.3521-.03c-.4133.18-.6667.547-.5133.827.1006.137.2415.238.4029.291s.3352.053.4971.002z"/><path d="m69.3327 124.76c-.1133-.173-.4933-.167-.6333-.113-.0458.022-.0862.054-.1183.094-.0322.039-.0554.085-.0681.135-.0126.049-.0145.101-.0053.151.0091.05.029.098.0583.14.0178.042.0456.08.0811.11.0355.029.0776.05.1228.06s.0921.008.1367-.004.0856-.035.1194-.066c.1134-.087.4134-.334.3067-.507z"/><path d="m174.579 74.8867h-8.253v8.2534h8.253z"/><path d="m193.666 93.9736h-8.253v8.2534h8.253z"/><path d="m174.579 93.9736h-8.253v8.2534h8.253z"/><path d="m155.499 74.8867h-8.253v8.2534h8.253z"/><path d="m155.499 93.9736h-8.253v8.2534h8.253z"/><path d="m134.393 74.8867h-8.253v8.2534h8.253z"/></g><path d="m105.439 32.8135c-8.4385 0-16.6877 2.5023-23.7042 7.1906s-12.4852 11.3519-15.7145 19.1482c-3.2294 7.7963-4.0743 16.3752-2.428 24.6517s5.7099 15.879 11.677 21.846c5.967 5.967 13.5695 10.031 21.846 11.677 8.2767 1.646 16.8557.801 24.6517-2.428s14.46-8.698 19.148-15.7145 7.191-15.2657 7.191-23.7044c0-11.3159-4.495-22.1683-12.497-30.1698-8.002-8.0016-18.854-12.4968-30.17-12.4968zm0 69.3935c-5.291 0-10.4642-1.569-14.8639-4.5094-4.3997-2.94-7.8287-7.1187-9.8534-12.0076-2.0248-4.8889-2.5542-10.2685-1.5213-15.4583 1.0328-5.1898 3.5815-9.9568 7.3236-13.698 3.7422-3.7413 8.5098-6.2888 13.7-7.3203 5.19-1.0315 10.569-.5008 15.458 1.5251 4.888 2.0259 9.066 5.456 12.005 9.8565 2.939 4.4004 4.507 9.5735 4.505 14.8651 0 3.513-.692 6.9916-2.036 10.2371-1.345 3.2455-3.315 6.1943-5.8 8.678-2.484 2.4838-5.433 4.4538-8.679 5.7978s-6.725 2.035-10.238 2.034z" fill="#1ba9f5"/><path d="m133.935 93.1051-10.465 10.4649 27.143 27.144 10.465-10.465z" fill="#0a89db"/><path d="m73.0864 74.8332c.0636.0134.1293.0139.193.0012.0638-.0127.1243-.0382.178-.075.0536-.0368.0992-.0841.1339-.139.0348-.0549.0581-.1164.0684-.1806.0109-.1304-.0228-.2607-.0954-.3697-.0726-.1089-.18-.1901-.3046-.2303-.1378.0177-.268.0732-.3762.1602-.1082.0871-.1903.2024-.2371.3332-.0267.16.24.46.44.5z" fill="#0d90e0"/><path d="m83.3734 59.4865c.1466.0533.2333-.18.2266-.2267-.0066-.0466-.0333-.22-.1733-.2466-.0225-.0072-.0464-.0092-.0697-.0056-.0234.0035-.0456.0124-.065.026-.0194.0135-.0353.0314-.0467.0521-.0113.0208-.0177.0439-.0186.0675-.0067.0933-.0067.28.1467.3333z" fill="#0d90e0"/><path d="m84.3733 58.993c.1533-.2.3067-.4066.4733-.6-.0408-.0455-.0908-.0818-.1466-.1066-.28-.0867-.6667.0866-.6667.32-.0333.12.1467.2733.34.3866z" fill="#0d90e0"/><path d="m69.1263 76.9668c.0618.0065.1243.0005.1838-.0176s.1148-.0479.1626-.0876c.0479-.0398.0873-.0887.1159-.1439.0287-.0552.046-.1155.051-.1775.0533-.28-.14-.6667-.38-.6667-.1454-.0263-.2954.0039-.4193.0845-.1239.0805-.2124.2053-.2474.3488-.0168.0796-.0157.1618.0032.2409.019.079.0553.1528.1064.2161.0511.0632.1157.1142.189.1494.0733.0351.1535.0534.2348.0536z" fill="#0d90e0"/><path d="m69.4525 68.9864.22-.2266h-.7067c.1434.1107.3096.1882.4867.2266z" fill="#0d90e0"/><path d="m65.3335 70.3871c.0622.0203.1282.0261.1929.0168.0647-.0092.1265-.0332.1805-.0701.1466-.1157.2535-.2741.3061-.4532.0526-.1792.0481-.3703-.0128-.5468-.0255-.1082-.0917-.2024-.1847-.2632-.0931-.0608-.206-.0835-.3153-.0635-.1643.0143-.3192.083-.44.1954-.1207.1123-.2005.2618-.2267.4246-.0033.06-.0033.1201 0 .18v.04c.15.1948.3174.3755.5.54z" fill="#0d90e0"/><path d="m67.186 68.7598h-.4067.0533c.115.0363.2384.0363.3534 0z" fill="#0d90e0"/><path d="m63.5527 77.1999c.0099.1677.0577.331.1396.4776.082.1466.1961.2728.3338.3691.28.08.6133-.2.7066-.6.0934-.4-.06-.5734-.5-.6667-.0722-.0178-.1473-.021-.2208-.0094-.0735.0115-.144.0376-.2073.0767s-.1182.0905-.1614.151c-.0433.0606-.074.1291-.0905.2017z" fill="#0d90e0"/><path d="m68.8467 73.7733c.1219-.1799.1763-.3972.1533-.6133-.08-.2067-.3333-.34-.5333-.5334.1066-.1866.2333-.42 0-.6666-.62 0-.6667.1266-.3867.6666-.1206.224-.1996.4679-.2333.72.0432.2332.1573.4474.3267.6134.1733.2133.4933.12.6733-.1867z" fill="#0d90e0"/><path d="m64.3734 72.4263c.1515.1886.3536.3302.5827.4081.229.078.4756.089.7107.0319.3266-.1467.2533-.5867.34-.6667.0866-.08.5933.2334.9866 0 .179-.1336.3117-.3198.3798-.5325.0682-.2127.0682-.4414.0002-.6541-.0824-.2574-.2617-.4726-.5-.6-.1574-.0702-.3323-.0919-.5021-.0622s-.3269.1094-.4512.2288c-.2067.26-.2133.7667-.3333.82-.12.0534-.6-.2866-.98-.0533-.0885.0536-.1652.1246-.2253.2088-.06.0842-.1023.1798-.1241.2809-.0219.1011-.0228.2056-.0029.3071.02.1015.0604.1979.1189.2832z" fill="#0d90e0"/><path d="m70.046 75.5604c.0843-.0022.1672-.0224.243-.0592.0759-.0368.1431-.0893.197-.1541.1934-.34-.0466-.5533-.32-.7533-.26.1066-.5533.2066-.5466.5466-.0019.0563.0078.1123.0287.1646.0208.0522.0523.0996.0924.1391.0401.0394.088.0702.1406.0902s.1087.0289.1649.0261z" fill="#0d90e0"/><path d="m77.246 56.2935c.2733.0734.5933-.22.6666-.6133.0139-.0479.0173-.0982.01-.1475-.0074-.0493-.0253-.0964-.0525-.1382-.0272-.0417-.0631-.0772-.1052-.1038s-.0895-.0438-.1389-.0505c-.32-.0933-.7067.0733-.76.3133-.02.1474.0057.2974.0736.4298.068.1323.1749.2406.3064.3102z" fill="#0d90e0"/><path d="m75.2391 58.6202c-.08.16.1.5467.3067.6667.0451.0212.0942.0322.144.0324.0498.0001.099-.0107.1441-.0317.0452-.021.0852-.0516.1172-.0898.032-.0381.0552-.0828.068-.1309.14-.3467.1267-.62-.04-.7067-.1353-.0266-.2753-.0165-.4054.0292s-.2456.1254-.3346.2308z" fill="#0d90e0"/><path d="m76.6063 61.3331h.52c.1724-.0978.3011-.2575.36-.4467.0049-.1202-.0305-.2386-.1005-.3365-.0701-.0978-.1708-.1694-.2862-.2035-.46-.0733-.8.0667-.8467.3533.0021.1266.0354.2506.0971.3611.0616.1105.1497.2041.2563.2723z" fill="#0d90e0"/><path d="m80.7929 56.1531c.0521.0163.1069.0219.1612.0166.0543-.0054.107-.0216.1548-.0477.0479-.0261.0901-.0616.124-.1044.0339-.0427.0588-.0919.0733-.1445.0106-.0487.0112-.099.0017-.1479-.0095-.049-.0289-.0954-.057-.1366s-.0642-.0762-.1063-.103c-.0421-.0267-.0892-.0446-.1384-.0525-.0433-.013-.0888-.0171-.1338-.012s-.0884.0193-.1277.0418c-.0393.0224-.0737.0526-.1009.0888-.0272.0361-.0468.0775-.0576.1214-.0203.0448-.031.0934-.0315.1426s.0093.0979.0288.1431c.0194.0452.0481.0858.0842.1193.036.0334.0787.059.1252.075z" fill="#0d90e0"/><path d="m80.0793 57.3334c-.3333-.0734-.5667.1066-.6667.52-.1.4133.12.5666.5267.6666.1142.0375.2384.0301.3474-.0207.1089-.0508.1945-.1411.2393-.2526.0169-.1786-.0158-.3584-.0946-.5196-.0789-.1612-.2007-.2975-.3521-.3937z" fill="#0d90e0"/><path d="m80.2996 53.3797c.1133-.0733.0866-.3866.1-.5933.0047-.0255.0041-.0518-.0019-.0771-.006-.0252-.0172-.049-.0329-.0697s-.0355-.0379-.0582-.0505-.0478-.0203-.0737-.0227c-.1275.0049-.2493.0542-.3443.1394-.095.0853-.1571.201-.1757.3273.003.0676.0227.1334.0576.1914.0348.058.0835.1065.1418.1409.0582.0344.1242.0538.1918.0563s.1348-.0119.1955-.042z" fill="#0d90e0"/><path d="m79.1662 56.8003c.1324.0166.2667-.007.3855-.0676.1189-.0606.2168-.1555.2811-.2724.0081-.1445-.0312-.2878-.1118-.408-.0805-.1203-.1981-.2111-.3348-.2586-.1201-.0152-.2414.0176-.3375.0912s-.1593.1822-.1759.3021c-.0328.1204-.0213.2486.0326.3613.0538.1126.1464.202.2608.252z" fill="#0d90e0"/><path d="m77.4933 57.1604c-.0614.0449-.113.1017-.152.167-.0389.0653-.0643.1377-.0747.213 0 .0934.14.2467.2467.2934.2158.0863.4389.1532.6666.2.2.0466.3067-.0534.34-.2734-.0333-.0466-.06-.1533-.12-.1733-.2016-.0804-.3705-.2259-.48-.4133-.0649-.036-.1375-.056-.2117-.0583-.0742-.0024-.1479.0131-.2149.0449z" fill="#0d90e0"/><path d="m73.3328 60.1803c-.0467-.28-.1134-.5533-.4534-.5133s-.3733.3-.34.5667c.0514.0567.1149.101.1858.1297.071.0287.1475.0409.2238.0357.0764-.0051.1505-.0274.217-.0653s.1235-.0904.1668-.1535z" fill="#0d90e0"/><path d="m76.9463 75.1269c.1173.0247.2395.0075.3454-.0485.1059-.0561.1889-.1474.2346-.2581.0128-.1305-.011-.262-.0687-.3797-.0577-.1178-.147-.2171-.258-.287-.1281-.0081-.2557.0233-.3654.0901s-.1962.1657-.2479.2832c-.02.0631-.0264.1297-.0187.1954.0077.0658.0293.1291.0634.1858.034.0568.0797.1056.1341.1434.0544.0377.1161.0634.1812.0754z" fill="#0d90e0"/><path d="m77.3991 76.8667c.1758.041.3605.0187.5215-.063.1609-.0817.2879-.2176.3585-.3837.06-.2334-.3866-.7334-.6666-.7867-.1547-.0061-.3062.0452-.4253.1441s-.1973.2384-.2197.3916c-.0223.1532.0128.3092.0986.438.0859.1288.2164.2213.3664.2597z" fill="#0d90e0"/><path d="m74.5999 69.1536v.12c-.0733.1866-.1867.26-.36.12-.06-.0534-.1-.1334-.1667-.18-.1337-.0909-.2916-.1395-.4533-.1395s-.3196.0486-.4533.1395c-.143.0768-.2531.2032-.3095.3554-.0565.1522-.0555.3197.0028.4712.0482.1932.1452.3707.2818.5154.1366.1448.3082.252.4982.3113-.0549.1805-.0929.3658-.1133.5533 0 .5467.36.76.84.4867.0942-.0398.177-.1025.2408-.1825.0638-.0799.1066-.1746.1245-.2753s.0103-.2043-.0221-.3013-.0885-.1844-.1632-.2542c-.132-.1312-.2723-.2536-.42-.3667.1866-.1133.3066-.2533.4266-.2533.0812.0065.1628-.004.2395-.0311.0768-.027.1471-.0699.2062-.1259.0591-.0559.1057-.1237.1369-.1989s.0462-.1561.0441-.2375c.0274-.0961.0678-.1881.12-.2733.14-.3067.1067-.54-.0933-.6667h-.32c-.0746.0444-.1388.1043-.1882.1756-.0495.0713-.0831.1524-.0985.2378z" fill="#0d90e0"/><path d="m72.2794 72.4402c-.34 0-.7133-.1067-.9866.26-.0651.1-.1527.1834-.2557.2435-.103.0602-.2186.0955-.3377.1032-.1614.0266-.3091.1069-.4192.2279-.11.121-.1761.2756-.1874.4387.0895.2225.223.4245.3926.5941.1695.1695.3716.3031.594.3926.34-.1533.7934-.34 1.24-.5467.0534 0 .08-.1866.0667-.2733-.0186-.1171-.0128-.2367.017-.3514.0298-.1148.0831-.2221.1563-.3153.2-.2933.0267-.76-.28-.7733z" fill="#0d90e0"/><path d="m74.5134 72.86c-.2934-.0666-.5734.2267-.6667.6667-.0009.1289.0403.2547.1173.3581.077.1035.1856.179.3094.2152.1486.0016.2951-.0358.4249-.1083s.2384-.1776.3151-.305c.0128-.1727-.0284-.3451-.118-.4932s-.2232-.2647-.382-.3335z" fill="#0d90e0"/><path d="m77.9997 71.593c-.206-.0599-.4272-.0388-.6181.0592-.1909.0979-.3371.2652-.4086.4675-.0057.2394.0532.476.1705.6848.1174.2088.2887.3822.4962.5018.2127.0283.4283-.0246.6037-.1482.1754-.1235.2979-.3086.343-.5184.0308-.2147-.0099-.4336-.116-.6228-.106-.1892-.2715-.3382-.4707-.4239z" fill="#0d90e0"/><path d="m75.8197 78.5868c-.32-.0667-.5466.1333-.6666.56s.0533.6267.3133.6667c.1756-.0046.3478-.049.5037-.1298.1559-.0809.2914-.1961.3963-.3369.027-.1731-.0152-.3499-.1175-.4921s-.2565-.2385-.4292-.2679z" fill="#0d90e0"/><path d="m78.7058 74.9466c0-.4444.02-.8889.06-1.3333-.1687.1362-.2843.3273-.3267.54-.0287.144-.0193.293.0275.4322s.1293.2637.2392.3611z" fill="#0d90e0"/><path d="m78.8729 78.5339c0-.2134-.0467-.4334-.0667-.6667-.06.0867-.1067.1867-.1467.2466-.04.06.0067.3401.2134.4201z" fill="#0d90e0"/><path d="m68.1792 75.9999c-.0194-.0917-.058-.1783-.1131-.2541-.0551-.0759-.1256-.1392-.2069-.1859-.3734-.1467-.4867.2067-.7.4533.1933.32.3666.5667.7333.4467.0497-.0101.0968-.0303.1385-.0592.0416-.029.0769-.0661.1038-.1092.0268-.043.0446-.0911.0522-.1412.0076-.0502.005-.1013-.0078-.1504z" fill="#0d90e0"/><path d="m76.9727 69.6337c-.0639-.1859-.193-.3423-.3634-.4403-.1703-.0981-.3704-.1311-.5633-.093-.1773.0951-.315.2503-.3883.4378s-.0774.3949-.0116.5851c.0659.1902.1973.3508.3707.4528.1735.1021.3777.1391.5759.1043.3267-.0667.4533-.5867.38-1.0467z" fill="#0d90e0"/><path d="m65.0327 76.26c-.06.22.0933.58.2933.5933.3141.071.6432.0261.9267-.1267.4-.2866.4267-.3266.1933-.84-.24 0-.4333-.06-.6266-.1-.1656-.0237-.3343.0105-.4776.0967s-.2525.2193-.3091.3767z" fill="#0d90e0"/><path d="m79.1602 59.8931c.04-.3-.2934-.6667-.6667-.7267s-.5933.1467-.6667.5933c-.0099.1414.0255.2822.101.4021.0755.1198.1873.2125.319.2646.2667.0333.88-.3.9134-.5333z" fill="#0d90e0"/><path d="m74.4527 57.1998c.1017.032.2092.0416.315.0282s.2074-.0495.298-.1059c.0905-.0563.1678-.1316.2265-.2206.0588-.089.0976-.1896.1138-.2951.0445-.1871.0189-.3841-.0721-.5536-.0909-.1695-.2407-.2998-.4212-.3664-.3533-.1133-.8267.26-.9467.7467-.0237.0825-.0297.1691-.0174.254.0122.085.0423.1664.0883.2388.046.0725.1068.1344.1785.1816s.1526.0787.2373.0923z" fill="#0d90e0"/><path d="m74.9 60.967c.0013-.0497-.0081-.099-.0275-.1447-.0195-.0457-.0485-.0867-.0852-.1202-.0366-.0335-.0801-.0588-.1274-.074-.0472-.0153-.0972-.0202-.1466-.0144-.3733 0-.6266.12-.6666.3066.0123.0807.0404.1582.0828.228.0423.0697.098.1305.1638.1787h.5934c.1079-.094.1827-.2202.2133-.36z" fill="#0d90e0"/><path d="m72.466 69.2198c.0552-.0625.0972-.1354.1235-.2144.0264-.0791.0365-.1626.0299-.2456h-2.58c.0933.3733 0 .52-.42.3933-.1745-.0606-.365-.0562-.5364.0124-.1715.0685-.3125.1967-.397.3609-.1054.1366-.1626.3042-.1626.4767s.0572.3401.1626.4767c.0424.076.1.1424.1694.1949s.149.0899.2336.11c.0847.0201.1726.0223.2582.0065.0855-.0157.1669-.0492.2388-.0981.2292-.1347.4251-.3193.5734-.54.1266-.1733.2333-.3.4533-.2867.32 0 .4267-.1733.4267-.4666.1006.0929.2204.1626.3508.2044.1305.0418.2685.0546.4044.0374.1359-.0171.2664-.0638.3824-.1366.116-.0729.2146-.1702.289-.2852z" fill="#0d90e0"/><path d="m70.5463 71.8337c.0526.1091.1404.1974.2492.2506s.2324.0682.3508.0428c.1117-.0023.219-.0446.3021-.1192.0832-.0747.1369-.1767.1512-.2875.04-.34-.4533-.8733-.6666-.84-.1459.108-.2592.2541-.3275.4223-.0682.1682-.0887.3519-.0592.531z" fill="#0d90e0"/><path d="m69.5935 71.7863c-.1275-.0234-.2592-.0007-.3716.064-.1123.0647-.198.1673-.2417.2894-.0339.1459-.0204.2988.0383.4366s.1597.2534.2883.33c.1755.0442.3608.0265.5247-.05s.2965-.2072.3753-.37c.06-.2666-.2066-.56-.6133-.7z" fill="#0d90e0"/><path d="m72.2127 58.5135c0-.2534-.12-.3734-.34-.42-.0587-.0158-.1201-.0195-.1802-.0108-.0602.0088-.118.0297-.1698.0615-.0518.0319-.0965.0739-.1315.1237-.035.0497-.0594.1061-.0719.1656-.0094.0542-.0074.1098.006.1632.0134.0535.0378.1035.0718.1468.0339.0434.0766.0791.1252.105.0486.0258.1021.0411.157.045.1208.0176.2436-.0121.343-.0829s.1676-.1773.1904-.2971z" fill="#0d90e0"/><path d="m67.7533 76.9133c-.32-.0867-.54.2267-.6.4067s.2866.5333.6666.4333c.0689-.0283.1304-.0717.18-.1272.0497-.0554.0862-.1213.1067-.1928.0125-.0575.0133-.1169.0021-.1746-.0112-.0578-.034-.1127-.067-.1613-.0331-.0487-.0757-.0901-.1253-.1217-.0496-.0317-.1051-.0529-.1631-.0624z" fill="#0d90e0"/><path d="m67.3334 74.3735c-.4467-1.1467-1.12-1.2467-1.88-.3333-.0796-.0184-.1576-.0429-.2333-.0734-.115-.0615-.2497-.0751-.3746-.0376-.125.0375-.23.1229-.2921.2376-.0729.1034-.112.2269-.112.3534s.0391.2499.112.3533c.3133.6667.6133.7667 1.1867.4667.4333-.22.88-.4267 1.3333-.6667.5333.84.6667.8667 1.1867.32-.0135-.1048-.0493-.2054-.1049-.2952s-.1298-.1666-.2176-.2254c-.0878-.0587-.1871-.098-.2913-.1151-.1042-.0172-.2109-.0118-.3129.0157z" fill="#0d90e0"/><path d="m71.2198 60.7134c-.0194.0515-.0275.1066-.0235.1615.0039.055.0198.1084.0464.1565.0266.0482.0634.0901.1078.1226.0444.0326.0954.0551.1493.0661.115.0382.2403.0295.3489-.0242.1086-.0536.1917-.148.2311-.2625.0116-.0583.0114-.1183-.0005-.1765s-.0354-.1134-.0689-.1624c-.0335-.0491-.0765-.0909-.1264-.1232-.0499-.0322-.1057-.0542-.1642-.0646-.053-.0138-.1082-.0168-.1624-.0087-.0542.008-.1062.0269-.1529.0556-.0467.0286-.0871.0664-.1189.111-.0317.0447-.0541.0953-.0658.1488z" fill="#0d90e0"/><path d="m80.1133 61.3335h.76c-.0404-.0731-.1072-.128-.1867-.1534-.0662-.0206-.1363-.0253-.2046-.0138-.0684.0116-.133.0392-.1887.0805-.0533.0267-.12.0467-.18.0867z" fill="#0d90e0"/><path d="m67.526 85.4937c-.1686-.0366-.3447-.0142-.4989.0635-.1541.0776-.2768.2058-.3477.3632-.0339.1281-.0175.2643.0457.3808.0631.1164.1684.2044.2943.2459.1573.0273.3192-.0028.4562-.0848.137-.0819.2401-.2104.2904-.3619.0252-.0555.039-.1154.0405-.1763.0015-.0608-.0093-.1214-.0317-.178s-.0559-.1082-.0987-.1515c-.0427-.0434-.0938-.0777-.1501-.1009z" fill="#0d90e0"/><path d="m71.2595 82.9801c.18.0159.3603-.0277.5132-.124s.2701-.2401.3335-.4093c.0667-.26-.2133-.6067-.5467-.6667-.4333-.0933-.6666 0-.7666.3467-.0304.1741-.0008.3533.084.5083s.2197.2767.3826.345z" fill="#0d90e0"/><path d="m71.4735 84.1397c0-.1467-.0533-.5267-.2267-.5533-.1733-.0267-.3533.3333-.38.4666-.0266.1334.16.26.28.3067s.3467-.0133.3267-.22z" fill="#0d90e0"/><path d="m72.5133 86.3537c-.1667 0-.5867.0733-.6134.24-.0266.1667.3134.3933.46.4733.1467.08.3934-.1133.42-.3266.0267-.2134-.0533-.3934-.2666-.3867z" fill="#0d90e0"/><path d="m71.5331 90.8738c-.0842.033-.1525.097-.191.1789-.0384.0818-.044.1753-.0156.2611.0866.3401.3533.3801.6666.3934.1467-.2667.3601-.48.1334-.74-.0728-.0818-.1718-.1358-.28-.1529-.1082-.017-.2189.0041-.3134.0595z" fill="#0d90e0"/><path d="m69.3929 83.3332c-.2373-.0378-.4804.0022-.693.1139-.2127.1117-.3835.2893-.487.5061-.0343.209.0073.4234.1174.6044.11.181.2812.3166.4826.3823.2051.0478.4207.0187.6058-.0819s.3268-.2655.3983-.4637c.0715-.1981.0679-.4156-.0103-.6112-.0782-.1955-.2254-.3556-.4138-.4499z" fill="#0d90e0"/><path d="m70.6125 78.1469c-.0704-.0614-.1207-.1425-.1445-.2328-.0237-.0904-.0198-.1858.0112-.2739.002-.1405-.0503-.2764-.1459-.3794-.0956-.1031-.2272-.1653-.3675-.1739-.2933 0-.3733.1534-.3933.3934.0056.1742-.0286.3475-.1.5066-.2.32-.4533.6067-.6667.9267-.9066-.2533-1.18-.0933-1.1933.74-.0134.1043-.0001.2103.0387.3081.0388.0977.1018.184.1832.2507.0813.0666.1783.1115.2818.1304.1034.0189.21.0111.3096-.0225.351-.148.686-.3312 1-.5467.1706.1356.3776.2176.5949.2354.2172.0178.4348-.0294.6252-.1354.121-.11.2172-.2446.2819-.3948.0648-.1502.0967-.3126.0935-.4761-.0031-.1636-.0413-.3245-.1118-.4721s-.1717-.2785-.297-.3837z" fill="#0d90e0"/><path d="m67.5597 82.8198c-.2248.0333-.4475.0801-.6667.14-.4467-.3467-.8867-.4067-1.0933-.1467-.0962.1764-.1319.3794-.1018.578.0301.1987.1244.382.2684.522.3.2467.5067.1733 1.02-.4133.2467.18.48.3933.7534.0933.0808-.0769.1323-.1795.1457-.2902.0133-.1107-.0122-.2226-.0724-.3165-.0667-.08-.18-.1733-.2533-.1666z" fill="#0d90e0"/><path d="m69.1664 87.1465c-.1832-.0094-.3636.0485-.5072.1626-.1436.1142-.2406.2768-.2728.4574-.0734.3867.16.6667.6066.74.0876.0248.1794.0302.2693.0158.0898-.0143.1754-.048.2509-.0987.0755-.0508.139-.1174.1862-.1951.0472-.0778.0768-.1649.087-.2553.0266-.1918-.0236-.3863-.1397-.5411-.1162-.1549-.2888-.2575-.4803-.2856z" fill="#0d90e0"/><path d="m72.9999 89.1399c-.0866 0-.28-.0534-.34.0866s.1134.26.16.26c.0503-.0006.1-.0116.1459-.0323.0458-.0206.087-.0505.1208-.0877 0 0-.04-.2133-.0867-.2266z" fill="#0d90e0"/><path d="m69.1395 81.3335c.0075-.0749-.001-.1505-.0252-.2218-.0241-.0713-.0633-.1366-.1148-.1915-.0505-.0362-.1089-.0598-.1703-.0691s-.1241-.0039-.183.0158c-.26.1466-.2534.38-.12.6666.2333.0134.5.0867.6133-.2z" fill="#0d90e0"/><path d="m73.0065 80.0737c.0242-.1471-.0086-.2978-.0915-.4217-.083-.1238-.21-.2114-.3552-.245-.098-.0245-.2018-.0096-.289.0415-.0873.0511-.151.1343-.1776.2319-.0475.1017-.0589.2167-.0322.3257.0267.1091.0897.2059.1788.2743.0634.0388.134.0643.2076.0749.0735.0105.1485.006.2202-.0133.0718-.0193.1389-.0531.1971-.0992.0583-.0462.1065-.1037.1418-.1691z" fill="#0d90e0"/><path d="m78.7664 84.2871c.0038-.1542-.0459-.3048-.1408-.4264-.0948-.1215-.2288-.2064-.3792-.2403-.32-.0733-.5333.04-.6.32-.0532.1834-.0379.3799.043.5528.081.173.2221.3106.397.3872.1648-.0041.3229-.0656.4471-.174.1242-.1083.2066-.2567.2329-.4193z" fill="#0d90e0"/><path d="m78.3332 80.6668c.1-.4134-.2133-.7934-.7467-.9134-.0907-.029-.1865-.0383-.2811-.0272s-.1856.0424-.2671.0917c-.0815.0492-.1515.1154-.2053.194-.0537.0785-.0901.1677-.1065.2615-.0425.2257.0028.4591.1268.6525.1239.1933.3171.332.5399.3875.2066.0137.4118-.0426.5823-.16.1706-.1173.2966-.2888.3577-.4866z" fill="#0d90e0"/><path d="m73.6661 81.833c-.0933.0933-.2933.2067-.3733.3733-.08.1667.1266.5134.4066.5534.055.0074.111.0035.1644-.0115s.1032-.0408.1463-.0758.0786-.0784.1043-.1276c.0256-.0492.041-.1031.045-.1585.0023-.1373-.0471-.2705-.1385-.373-.0914-.1026-.2181-.1669-.3548-.1803z" fill="#0d90e0"/><path d="m73.0535 54.2596c.2131.0163.4254-.0409.6013-.1623.176-.1213.305-.2994.3654-.5044.015-.1768-.0408-.3523-.1552-.488-.1144-.1356-.278-.2203-.4548-.2353s-.3524.0408-.488.1552c-.1357.1144-.2203.278-.2353.4548-.0503.1522-.0403.3179.0279.463s.1894.2586.3387.317z" fill="#0d90e0"/><path d="m76.8199 88.7002c-.068-.0724-.1501-.1302-.2412-.1697-.0912-.0394-.1895-.0598-.2888-.0598-.0994 0-.1977.0204-.2888.0598-.0912.0395-.1733.0973-.2412.1697-.0759.1198-.1117.2606-.1021.4021s.064.2762.1554.3846c.075.112.19.1911.3215.2208.1314.0298.2693.008.3852-.0608.2066-.1.6666-.1867.7066-.5267s-.2866-.3066-.4066-.42z" fill="#0d90e0"/><path d="m77.7792 68.7598c-.0173.1024-.001.2076.0466.3.1375.2623.3554.4737.6217.6033.2663.1295.5671.1704.8583.1167.0756-.3423.1556-.6823.24-1.02z" fill="#0d90e0"/><path d="m74.7861 81.6662c.1165.0263.2388.0063.3408-.056.1021-.0622.1759-.1617.2058-.2774.0239-.1237-.0024-.2519-.073-.3563s-.1799-.1765-.3036-.2003c-.0613-.0118-.1243-.0115-.1855.0011-.0611.0125-.1192.0369-.1709.0719-.1044.0707-.1764.1799-.2003.3036-.0001.116.0376.2289.1073.3215.0698.0926.1679.16.2794.1919z" fill="#0d90e0"/><path d="m75.9998 83.4203c.0096-.1126-.0246-.2246-.0953-.3127-.0708-.0881-.1727-.1456-.2847-.1606-.3667-.0467-.6667.3733-.6667.52.0464.1379.1367.257.2571.3388.1203.0819.2642.1221.4096.1145.1164-.0166.2216-.0783.2927-.172.0711-.0936.1025-.2114.0873-.328z" fill="#0d90e0"/><path d="m74.4267 77.2334-.04-.06c.0836.0923.1829.169.2933.2267.0393.0246.084.0393.1303.0429.0463.0035.0927-.0042.1353-.0226.0427-.0183.0802-.0467.1094-.0828s.0492-.0787.0583-.1242c.0224-.0458.0345-.096.0352-.147.0008-.051-.0097-.1016-.0307-.1481s-.052-.0877-.0908-.1208c-.0388-.0332-.0845-.0573-.1337-.0708-.1518-.0122-.3041.0178-.44.0867.0184-.1031-.0031-.2092-.06-.2971s-.1451-.1508-.2466-.1762c-.0736-.0154-.1498-.013-.2223.0069-.0724.0199-.1391.0568-.1945.1077-.0554.0508-.0979.1141-.1239.1846-.0261.0705-.035.1461-.026.2208 0 .32-.18.4133-.3733.5933-.4934-.5067-.92-.4733-1.2267.06-.032.0505-.0588.1041-.08.16-.1533.3933-.0467.62.3533.7333.4.1134.6667.1534.9534-.3266.0557.1571.0915.3206.1066.4866-.0219.1104-.0001.2249.0608.3195.061.0945.1563.1617.2659.1872.1195.0536.2522.0708.3814.0495.1292-.0214.2493-.0803.3453-.1695.64-.7133.6533-.9933.06-1.72z" fill="#0d90e0"/><path d="m74.9791 85.9998c-.1094-.0152-.2208.0067-.3163.0623s-.1696.1417-.2103.2444c-.0178.1194.003.2413.0594.348.0563.1068.1453.1927.2539.2453.1094.0227.2232.0029.3186-.0552.0953-.0582.1649-.1505.1947-.2581.0282-.1175.0134-.2412-.0416-.3488-.055-.1075-.1466-.1919-.2584-.2379z" fill="#0d90e0"/><path d="m78.8194 87.0601c-.0521-.0174-.1071-.0241-.1619-.0197-.0547.0044-.1079.0198-.1565.0454-.0486.0255-.0915.0606-.1262.1032-.0346.0425-.0603.0917-.0755.1444-.0223.1093-.0041.2229.051.3198.0552.0969.1437.1704.249.2069.0515.0207.1067.0301.1621.0276.0553-.0025.1095-.0169.1588-.0422s.0926-.0609.127-.1044.059-.0938.0722-.1476c.0198-.11.0007-.2234-.054-.3207-.0548-.0974-.1418-.1726-.246-.2127z" fill="#0d90e0"/><path d="m69.8128 55.2067c.1204.0138.2421-.012.3467-.0733s.1864-.1549.2333-.2667c.1066-.44-.0467-.8467-.3467-.9067-.171-.0024-.3384.0491-.4784.1473-.14.0981-.2455.2379-.3016.3994-.06.24.26.6533.5467.7z" fill="#0d90e0"/><path d="m66.6134 93.0799c-.0057-.0601-.0315-.1165-.0734-.16z" fill="#0d90e0"/><path d="m65.9993 60.3004c.1466 0 .4133 0 .4666-.1734.0534-.1733-.1266-.38-.2533-.4933s-.2867 0-.3867.12l-.0666.18c-.0133.04-.0173.0824-.0118.1242s.0203.0818.0433.117c.0231.0352.0538.0648.0899.0865.0361.0218.0766.0351.1186.039z" fill="#0d90e0"/><path d="m67.1664 61.333h.4133c.0931-.0709.1966-.1271.3067-.1667.1399-.0288.2645-.1077.3505-.2218.0859-.1142.1272-.2557.1161-.3982 0-.3333-.2266-.6667-.18-.7933.0467-.1267.1534-.3334.3934-.24.24.0933.6266-.0467.7933-.5467s-.2733-1.04-.6667-.9267c-.3933.1134-.4.3534-.5333.2934s-.3133-.3267-.5533-.2267-.2534.8733-.1934.9867c.06.1133.3467.3466.1534.5333-.1934.1867-.5267.2333-.5867.5067-.06.2733-.2266.9133.1267 1.1867z" fill="#0d90e0"/><path d="m68.1727 57.0195c.46.16.76-.2533.9066-.4733.1467-.22-.2666-.6667-.6666-.6667-.1115-.012-.2235.0183-.3137.085-.0901.0667-.1519.1649-.173.275-.1067.2867.0133.7.2467.78z" fill="#0d90e0"/><path d="m71.4802 55.6471c-.0562.2366-.0242.4856.0899.7003.1141.2148.3026.3806.5301.4664.2317.0296.4666-.0202.6663-.1413.1998-.1211.3527-.3063.4337-.5254.1266-.4266-.2-.8666-.78-1.0266-.0963-.0284-.1973-.0372-.2971-.0259-.0997.0112-.1962.0423-.2838.0914-.0875.049-.1644.1151-.2261.1943s-.1069.1699-.133.2668z" fill="#0d90e0"/><path d="m70.2797 56.5466c-.119-.0227-.2421.0004-.3447.0647s-.1772.165-.2087.2819c-.0143.1107.0134.2227.0776.314.0641.0913.1601.1553.2691.1794.0529.0194.1092.0272.1654.0229.0561-.0043.1106-.0206.1599-.0477.0493-.0272.0922-.0647.1258-.1098.0336-.0452.0571-.0971.0689-.1521.0192-.0569.0262-.1171.0205-.1769-.0057-.0597-.0239-.1176-.0535-.1698-.0295-.0522-.0698-.0976-.1181-.1332s-.1036-.0606-.1622-.0734z" fill="#0d90e0"/><path d="m71.153 53.167c.2067.0734.3133-.12.3467-.3066.0333-.1867-.1-.4467-.2934-.42-.1933.0266-.4866 0-.4933.2866-.0067.2867.2933.3934.44.44z" fill="#0d90e0"/><path d="m69.4132 59.913c-.0026.2195.0672.4338.1986.6097.1313.1759.3168.3037.528.3637.2667.0466.5533-.2267.6133-.5934.06-.3666-.0933-.6666-.5533-.7533-.36-.0667-.7333.1067-.7866.3733z" fill="#0d90e0"/><path d="m70.0995 52.6663c.0727-.0122.1422-.0392.2041-.0794.0619-.0401.115-.0925.1559-.1539.0866-.1733-.1467-.4667-.3534-.4467-.114.0303-.2192.0875-.3066.1667-.0467.28.1066.5133.3.5133z" fill="#0d90e0"/><path d="m66.413 80.3798c.133-.0482.2622-.1061.3867-.1734.4133-.2.5533-.46.44-.8066-.0288-.0903-.0751-.174-.1363-.2463-.0611-.0723-.136-.1319-.2202-.1752-.0842-.0434-.1762-.0697-.2706-.0774-.0944-.0078-.1894.0032-.2796.0322-.4359.126-.8821.213-1.3333.26-.3667 0-.78.3067-.7534.56.0383.1099.1107.2048.2066.2707.0959.066.2104.0996.3268.096.32-.1067.4133.12.6066.2333.1941.0891.4067.1302.62.12.1408-.0014.2795-.0332.4067-.0933z" fill="#0d90e0"/><path d="m64.2527 85.5404c-.0784-.0226-.1616-.0226-.24 0l.22.8733c.0897-.0122.1732-.0523.239-.1144.0658-.0622.1104-.1434.1277-.2322.009-.1139-.0202-.2275-.083-.3229s-.1556-.1671-.2637-.2038z" fill="#0d90e0"/><path d="m64.5927 82.4329c-.0253-.1546-.0868-.301-.1795-.4273s-.2139-.2289-.3538-.2994c-.2533-.0666-.44.0934-.5133.4467-.0734.3533 0 .6133.2866.6667.3867.0933.7067-.0734.76-.3867z" fill="#0d90e0"/><path d="m67.0595 80.4529c-.1286-.0341-.2651-.0228-.3865.0318s-.2203.1493-.2801.2682c-.1334.4467 0 .86.28.94.1706.0227.3439-.0122.4924-.0992.1485-.0869.2638-.2209.3276-.3808.0315-.1576.005-.3213-.0746-.461-.0796-.1396-.207-.2458-.3588-.299z" fill="#0d90e0"/><path d="m65.5734 86.9202c-.034-.0022-.0677.0081-.0947.0289-.0271.0209-.0455.0509-.0519.0845 0 .04.0733.1266.1066.1266.0289.0038.0582-.002.0835-.0164.0253-.0145.0451-.0368.0565-.0636.004-.0171.0045-.0347.0016-.052s-.0091-.0339-.0184-.0487c-.0093-.0149-.0214-.0278-.0357-.0379-.0143-.0102-.0304-.0174-.0475-.0214z" fill="#0d90e0"/><path d="m63.4666 75.82c.0578-.1456.0683-.3058.03-.4577-.0383-.152-.1234-.288-.2433-.3889-.0728-.0301-.1521-.041-.2303-.0317-.0782.0094-.1527.0386-.2164.085v.4333.86h.0467c.1891.0311.3831-.0067.5467-.1066.0586-.0451.0981-.1107.1105-.1836.0123-.0729-.0033-.1479-.0439-.2098z" fill="#0d90e0"/><path d="m63.3327 72.2663c.0993-.1541.1366-.3401.1044-.5206-.0321-.1806-.1313-.3422-.2777-.4527.0858-.0603.1583-.1374.2133-.2267.0494-.0826.0754-.177.0754-.2733 0-.0962-.026-.1907-.0754-.2733.0688.0059.138.0059.2067 0 .2453-.0561.4604-.2025.6025-.41.142-.2076.2007-.4611.1642-.71.0651.0204.1349.0204.2 0 .0474-.0272.0886-.0639.121-.1079s.0553-.0942.0672-.1475c.0119-.0534.0126-.1086.002-.1621-.0106-.0536-.0322-.1044-.0636-.1492h-.54c-.0696.0818-.1075.1859-.1066.2933-.0974-.0869-.2182-.1434-.3473-.1624-.1292-.0189-.2611.0004-.3794.0558-.1933 1.2466-.32 2.52-.4 3.8066.14-.1.2933-.2333.4333-.56z" fill="#0d90e0"/><path d="m33.5663 123.433c-.2927 0-.58-.079-.832-.228-.2521-.149-.4597-.362-.6013-.618-.629-1.159-1.1877-2.355-1.6733-3.58-.0784-.2-.1167-.412-.1129-.626s.0498-.425.1352-.622c.0854-.196.2087-.373.3627-.522s.3358-.265.535-.344c.1991-.078.4118-.117.6258-.113s.4251.05.6214.135c.1962.086.3737.209.5223.363s.2655.336.3438.535c.4318 1.102.9328 2.175 1.5 3.214.1374.247.2077.526.2037.809s-.082.56-.2263.803c-.1443.244-.3499.445-.5962.584-.2463.14-.5249.212-.8079.21zm-3.44-10.826c-.4007-.001-.7869-.15-1.0846-.419-.2977-.268-.486-.636-.5287-1.035-.1201-1.073-.1802-2.153-.18-3.233 0-.24 0-.487 0-.733.0122-.431.1943-.84.5065-1.137s.7292-.459 1.1602-.45c.2136.006.424.054.619.141.1951.088.371.213.5177.368.1468.155.2614.338.3375.538.076.2.112.413.1058.626v.667c0 .962.0534 1.924.16 2.88.0467.429-.0787.858-.3487 1.195-.2701.336-.6626.551-1.0913.598zm1.1267-11.274c-.172 0-.3429-.027-.5067-.08-.2031-.066-.3912-.172-.5535-.311-.1622-.139-.2955-.309-.392-.5-.0966-.191-.1547-.399-.1709-.6117-.0162-.2131.0098-.4274.0764-.6305.4094-1.2638.9107-2.496 1.5-3.6866.1919-.3872.5297-.6824.9391-.8205.4095-.1382.8571-.108 1.2443.0838s.6823.5297.8205.9391c.1381.4095.108.857-.0839 1.2442-.5253 1.0472-.971 2.1325-1.3333 3.2462-.1062.326-.312.61-.5884.812-.2763.202-.6092.312-.9516.315zm5.8-9.7332c-.3189 0-.6308-.0937-.8969-.2695-.266-.1759-.4745-.426-.5996-.7194-.125-.2934-.161-.6171-.1036-.9308.0575-.3137.2059-.6036.4268-.8336.9152-.9554 1.8953-1.8464 2.9333-2.6667.1641-.1567.3591-.2773.5725-.3541.2135-.0769.4406-.1082.6669-.0921.2263.0162.4467.0795.6471.1859.2003.1064.3762.2535.5163.432.1402.1784.2414.3841.2973.604s.0651.449.0272.6727c-.0379.2236-.1222.4369-.2475.626-.1252.1892-.2887.3501-.4798.4723-.9195.7312-1.7882 1.5242-2.6 2.3733-.1512.1538-.3319.2756-.5312.358-.1993.0825-.4131.124-.6288.122zm9.3333-6.4333c-.3761.0051-.7424-.1203-1.0364-.3549-.2941-.2346-.4977-.5639-.5763-.9317-.0786-.3679-.0273-.7516.1452-1.0859s.4555-.5984.8009-.7475c1.203-.513 2.4338-.9581 3.6866-1.3333.2045-.0631.4193-.0852.6323-.0652s.4199.0817.6091.1817c.1891.1.3567.2362.4931.401.1365.1647.2392.3547.3022.5591.063.2045.0852.4193.0652.6323s-.0817.4199-.1817.6091c-.1.1891-.2362.3567-.401.4931-.1647.1365-.3547.2392-.5592.3022-1.1339.3465-2.2469.7582-3.3333 1.2333-.2015.0685-.4142.0979-.6267.0867zm33.88-2.6667c-.4314.0045-.8469-.1627-1.1551-.4646-.3082-.302-.4838-.7139-.4882-1.1454-.0044-.4314.1627-.8469.4647-1.1551.3019-.3082.7139-.4838 1.1453-.4882 1.2333 0 2.48-.0667 3.7067-.12.4314-.0203.8532.1315 1.1727.4222.3194.2907.5103.6964.5306 1.1278s-.1315.8532-.4222 1.1727c-.2907.3194-.6964.5103-1.1278.5306-1.26.0534-2.5333.1-3.7933.12zm-7.68 0h-.0466c-1.24-.0311-2.5-.0777-3.78-.14-.2136-.01-.4232-.0621-.6167-.1531-.1935-.0911-.3672-.2193-.5111-.3775s-.2553-.3432-.3277-.5444c-.0725-.2012-.1046-.4147-.0945-.6283.01-.2136.0621-.4232.1531-.6167.0911-.1935.2194-.3671.3775-.5111.1582-.1439.3432-.2553.5444-.3277.2012-.0725.4147-.1046.6283-.0945 1.2533.06 2.4933.1067 3.7133.1333.4143.0312.8012.219 1.0819.5253s.4341.7081.429 1.1235c-.0051.4155-.1683.8133-.4564 1.1127-.2882.2993-.6795.4776-1.0945.4985zm-15.1733-.1066c-.4214.0075-.8292-.1488-1.1376-.436-.3085-.2872-.4934-.6829-.5159-1.1037-.0224-.4209.1193-.834.3954-1.1524s.665-.5172 1.0848-.5546c1.2533-.14 2.5533-.2267 3.8666-.2667.2151-.0107.4302.022.6323.0963s.3871.1887.544.3362.2823.3252.3689.5224.1324.4098.1348.6251c.0063.2137-.0297.4264-.1057.6262-.0761.1997-.1908.3825-.3375.5379s-.3226.2804-.5177.3678c-.1951.0873-.4054.1354-.6191.1415-1.2266.04-2.4466.12-3.6133.2466zm34.26-.5534c-.4199.0035-.8248-.1555-1.1302-.4437-.3053-.2883-.4873-.6834-.508-1.1028s.1217-.8305.3972-1.1474.6628-.5149 1.081-.5527c1.2333-.1267 2.4733-.2734 3.6733-.4334.2119-.028.4272-.014.6337.0412.2064.0552.4.1505.5696.2805s.312.2922.419.4772c.1069.185.1764.3893.2044.6011.028.2119.014.4272-.0412.6337-.0552.2064-.1505.4-.2805.5696s-.2921.312-.4771.419c-.1851.1069-.3893.1764-.6012.2044-1.2333.1667-2.5.3133-3.7733.4467zm11.333-1.7066c-.402-.0003-.791-.15-1.09-.4201-.298-.2702-.486-.6416-.527-1.0424s.069-.8024.307-1.1271c.239-.3247.589-.5493.984-.6304 1.213-.2534 2.426-.52 3.6-.8134.42-.1025.863-.034 1.233.1904.369.2244.634.5864.737 1.0063.102.4199.034.8634-.191 1.2328-.224.3695-.586.6346-1.006.7372-1.213.2933-2.467.5733-3.72.8333-.114.0018-.228-.0071-.34-.0266zm10.994-3.0267c-.386.0007-.759-.1357-1.054-.3848-.294-.249-.49-.5946-.554-.975-.063-.3804.011-.7709.209-1.1019.198-.3309.507-.5808.872-.705 1.167-.4 2.327-.8266 3.44-1.2733.401-.16.85-.154 1.247.0166.397.1707.71.492.87.8934s.154.8498-.017 1.2468-.492.7099-.893.8699c-1.167.46-2.38.9066-3.594 1.3333-.17.0557-.348.0827-.526.08zm10.473-4.5467c-.36-.0033-.709-.1257-.993-.3482-.284-.2224-.486-.5324-.575-.8816s-.06-.7181.083-1.0491c.142-.331.39-.6056.705-.7811 1.087-.5866 2.14-1.2066 3.14-1.84.18-.1147.382-.1927.592-.2296.211-.037.426-.0321.635.0143.209.0465.406.1335.581.2563.175.1227.324.2787.439.459.114.1804.192.3816.229.5921s.032.4262-.014.6348-.134.4061-.256.5811c-.123.1749-.279.324-.459.4387-1.06.6667-2.18 1.3333-3.334 1.9533-.228.128-.485.1968-.746.2zm9.333-6.52c-.328-.0008-.648-.101-.919-.2874-.27-.1863-.478-.4502-.595-.7567-.118-.3066-.14-.6416-.063-.9609.076-.3194.247-.6081.491-.8283.9-.82 1.76-1.6667 2.553-2.5267.292-.3182.698-.5076 1.129-.5263.432-.0188.853.1346 1.171.4263.318.2918.508.698.526 1.1293.019.4314-.134.8525-.426 1.1707-.86.9334-1.793 1.86-2.78 2.7467-.285.2555-.651.4019-1.033.4133zm7.167-8.8333c-.283.0005-.562-.0729-.808-.213-.246-.1402-.451-.3421-.595-.5859-.144-.2437-.222-.5209-.226-.8041-.004-.2831.065-.5625.202-.8103.347-.6667.667-1.28.967-1.92.193-.44.393-.88.593-1.3334.088-.1956.213-.3721.369-.5194s.339-.2624.539-.3389c.2-.0764.414-.1127.628-.1067s.425.0542.621.1417.372.2128.519.3685c.148.1558.263.3391.339.5393.077.2003.113.4136.107.6279s-.054.4253-.142.621l-.606 1.3333c-.334.7267-.667 1.4467-1.087 2.1533-.134.2483-.331.4572-.57.6057-.24.1486-.515.2317-.797.241zm-9.133-8.0867c-.208-.0011-.414-.0419-.607-.12-1.199-.4887-2.37-1.0452-3.507-1.6666-.195-.0972-.369-.2328-.511-.3986-.142-.1659-.249-.3586-.315-.5667s-.089-.4274-.069-.6447c.021-.2173.085-.4283.189-.6203s.245-.3612.416-.4974c.17-.1362.367-.2367.577-.2954.21-.0588.43-.0746.647-.0466.216.028.425.0993.613.2097 1.048.57 2.127 1.0797 3.233 1.5266.354.1394.648.3983.831.7318.182.3334.242.7203.17 1.0935-.073.3732-.275.709-.569.9492-.295.2402-.665.3695-1.045.3655zm13.586-2.4533c-.172-.0005-.343-.0275-.506-.08-.204-.0671-.392-.1736-.554-.3136-.162-.1399-.295-.3104-.391-.5018s-.153-.3999-.168-.6135c-.016-.2135.012-.428.079-.6311.394-1.2067.747-2.38 1.027-3.4933.107-.4182.376-.7767.747-.9968.371-.22.815-.2835 1.233-.1766.418.107.777.3757.997.747.22.3714.283.8149.176 1.233-.3 1.1867-.666 2.4334-1.093 3.7134-.108.3246-.316.607-.593.8068-.278.1999-.612.3072-.954.3065zm-23.086-3.6933c-.218.0007-.434-.0426-.634-.1274-.201-.0848-.382-.2093-.533-.366-.954-.975-1.803-2.0475-2.533-3.2-.231-.3651-.307-.8069-.212-1.2282.095-.4214.353-.7877.718-1.0184.365-.2308.807-.307 1.229-.212.421.095.787.3535 1.018.7186.608.9614 1.316 1.8553 2.113 2.6667.223.2293.373.5192.432.8334s.024.6388-.1.9333c-.125.2944-.333.5457-.6.7224-.266.1766-.579.2709-.898.2709zm25.333-7.4867h-.04c-.214-.0052-.424-.0524-.62-.139-.195-.0866-.371-.2108-.519-.3656-.147-.1548-.262-.3371-.339-.5365-.077-.1993-.114-.4119-.109-.6256 0-.2133 0-.42 0-.6266.004-.9481-.063-1.8952-.2-2.8334-.031-.2114-.021-.427.031-.6344.052-.2073.144-.4025.271-.5743s.287-.3168.47-.4269c.184-.11.387-.1828.598-.2144.212-.0315.427-.021.635.0307.207.0518.402.144.574.2712s.317.287.427.4703.183.3864.214.5978c.165 1.1035.245 2.2178.24 3.3334v.7133c-.017.4256-.201.8274-.511 1.1191s-.723.45-1.149.4409zm-30-2.6667c-.416.0119-.82-.1353-1.131-.4116s-.505-.6608-.542-1.075c0-.42-.04-.8534-.04-1.28v-.1067c.006-.9106.077-1.8196.213-2.72.033-.2114.108-.4142.22-.5968.111-.1826.258-.3415.431-.4674.173-.126.369-.2167.577-.2669.208-.0501.424-.0588.635-.0256.212.0333.415.1079.597.2195.183.1117.342.2582.468.4312.126.1731.216.3692.266.5773.051.208.059.4239.026.6354-.115.739-.175 1.4855-.18 2.2333v.0333c0 .36 0 .7067.04 1.0534.029.4312-.113.8565-.397 1.1827-.284.3261-.685.5265-1.116.5573zm26.893-8.0933c-.248.0011-.493-.0549-.716-.1635-.223-.1087-.418-.2671-.57-.4632-.688-.8757-1.483-1.6619-2.367-2.34-.169-.1313-.311-.2947-.418-.4808-.106-.1862-.174-.3915-.201-.6041-.055-.4295.064-.8629.329-1.2051.265-.3421.655-.5649 1.085-.6192.429-.0544.863.064 1.205.3292 1.103.8456 2.095 1.8266 2.953 2.92.187.2401.303.5279.335.8307.032.3027-.022.6083-.155.8819-.134.2737-.341.5044-.599.666s-.556.2475-.861.2481zm-23.533-2.5c-.316.0003-.625-.0914-.89-.2639s-.473-.4183-.6-.7075c-.128-.2892-.168-.6092-.116-.9209.051-.3117.192-.6016.406-.8344.965-1.058 2.089-1.9578 3.333-2.6666.375-.214.82-.2702 1.236-.1565.416.1138.77.3883.984.7631.214.3749.271.8193.157 1.2357-.114.4163-.388.7704-.763.9843-.941.5319-1.793 1.2066-2.527 2-.152.1796-.343.3235-.557.4214s-.447.1475-.683.1453zm14-3.4667c-.142-.0002-.283-.0204-.42-.06-1.089-.2946-2.207-.4668-3.333-.5133-.214-.0086-.424-.0592-.618-.149s-.369-.2169-.513-.3742c-.145-.1573-.258-.3416-.331-.5424-.074-.2007-.107-.4141-.098-.6277.024-.4292.214-.832.53-1.1232s.733-.4479 1.163-.4368c1.37.0567 2.73.2669 4.053.6266.383.1006.716.3374.937.666s.315.7265.263 1.1191c-.051.3925-.244.7529-.543 1.0133-.298.2605-.681.4033-1.077.4016z" fill="#294492"/><path d="m139.447 49.7266c-.62.4333-8.36 5.0333-15.687 6.2466 3.363 3.1587 5.851 7.1336 7.223 11.5384s1.581 9.0897.606 13.5991c-.974 4.5095-3.098 8.6901-6.167 12.1355-3.068 3.4455-6.975 6.0385-11.342 7.5268.42 5.374.98 10.74 1.58 16.1 6.853-1.696 13.179-5.066 18.409-9.808s9.202-10.7073 11.56-17.362c2.357-6.6547 3.026-13.7904 1.947-20.7674s-3.872-13.5772-8.129-19.209z" fill="#1ba9f5"/><path d="m133.333 107.814c.021-.047.037-.097.047-.147-.207.18-.4.36-.607.527.121-.001.239-.037.338-.105.1-.068.177-.164.222-.275z" fill="#0066b1"/><path d="m137.907 105.913c.183.031.371.015.545-.047.175-.062.332-.167.455-.306.021-.128.004-.259-.048-.377s-.137-.219-.246-.29c0-.226-.18-.366-.52-.44-.143-.028-.293 0-.416.078-.124.078-.214.2-.25.342.004.186.062.367.166.52.008.106.04.208.094.298.055.09.13.167.22.222z" fill="#0066b1"/><path d="m139.187 104.52c.313.073.642.03.926-.12l.047-.04c.077.006.155-.012.222-.05.068-.037.123-.095.158-.164.039-.17.032-.349-.022-.515-.054-.167-.153-.316-.285-.431-.06-.03-.126-.046-.193-.049s-.134.008-.197.033c-.063.024-.12.061-.167.109-.048.047-.085.104-.109.167-.146.003-.288.049-.407.134-.118.084-.209.202-.26.339-.073.213.087.573.287.587z" fill="#0066b1"/><path d="m138.666 103.333c0-.053-.04-.167-.093-.187-.157-.089-.281-.227-.353-.393-.154.18-.3.367-.46.547.17.092.346.175.526.246.154.1.274.014.38-.213z" fill="#0066b1"/><path d="m137.373 103.713c-.067.08-.134.153-.207.227.037-.01.073-.023.107-.04.029-.023.052-.051.07-.083.017-.032.027-.068.03-.104z" fill="#0066b1"/><path d="m137 107.7c.011.062.041.12.084.167.044.046.101.078.163.093.106 0 .193-.154.186-.26-.006-.107-.113-.234-.226-.214-.055.005-.106.029-.143.069-.038.039-.061.09-.064.145z" fill="#0066b1"/><path d="m137.653 112.04c.066-.167.106-.354-.1-.467-.117-.045-.247-.043-.362.006-.116.048-.208.139-.258.254.08.107.153.293.293.38s.353.02.427-.173z" fill="#0066b1"/><path d="m135.693 110.733c.16.105.35.154.54.14.111.032.225.05.34.053.06-.1.12-.193.167-.286.057-.039.11-.081.16-.127-.031-.192-.083-.379-.153-.56-.061-.138-.166-.251-.299-.321-.134-.071-.287-.094-.435-.066-.168.038-.317.133-.422.269-.105.137-.158.306-.151.478.012.083.04.164.083.236.044.072.102.135.17.184z" fill="#0066b1"/><path d="m140.786 99.9467-.26-.2533-.193.28c.151.0316.307.022.453-.0267z" fill="#0066b1"/><path d="m130.133 110.227.106.113c.032-.035.057-.076.074-.12.003-.044.003-.089 0-.133z" fill="#0066b1"/><path d="m141.639 105.426c.071-.028.135-.072.185-.129.051-.056.088-.124.109-.197.013-.055.015-.112.005-.167-.009-.056-.029-.109-.059-.157-.029-.047-.068-.089-.114-.121-.046-.033-.097-.056-.152-.069-.32-.093-.54.22-.6.4s.28.534.626.44z" fill="#0066b1"/><path d="m130.354 110.42.32.32c-.014-.08-.053-.153-.11-.211-.057-.057-.131-.095-.21-.109z" fill="#0066b1"/><path d="m138.453 110.1c-.028-.154-.092-.3-.185-.426-.094-.126-.215-.229-.355-.3-.064-.017-.13-.017-.194 0h-.04c-.076.044-.14.106-.188.18-.047.074-.077.159-.085.246-.087.394 0 .607.287.667.386.113.706-.053.76-.367z" fill="#0066b1"/><path d="m136.626 112.347c.147-.033.407-.16.393-.287-.018-.071-.052-.138-.101-.194-.049-.055-.11-.098-.179-.126-.106 0-.433.114-.453.24-.02.127.273.38.34.367z" fill="#0066b1"/><path d="m143.66 111.333h-.08c-.067-.137-.184-.242-.327-.293-.236-.039-.479 0-.692.111-.212.11-.383.286-.488.502-.037.209.003.425.114.607.11.181.283.316.486.38.206.05.423.023.61-.076.187-.1.331-.265.403-.464.034-.147.034-.3 0-.447.023-.012.041-.031.054-.053.017-.021.03-.047.035-.074.006-.027.004-.055-.003-.081-.008-.027-.023-.051-.042-.07-.02-.02-.044-.034-.07-.042z" fill="#0066b1"/><path d="m142.993 108.993c.011-.074.005-.149-.018-.219-.024-.071-.063-.135-.116-.188-.05-.039-.109-.064-.172-.075-.063-.01-.127-.005-.188.015-.253.147-.253.38-.113.667.233.02.493.093.607-.2z" fill="#0066b1"/><path d="m141.713 112.893c.047.088.124.156.217.192.093.035.196.036.289.002.207-.1.214-.254 0-.667-.067-.021-.138-.023-.207-.007-.068.015-.132.049-.183.097s-.089.109-.11.176c-.02.067-.022.139-.006.207z" fill="#0066b1"/><path d="m144.666 104.886c-.078-.036-.163-.055-.25-.055-.086 0-.171.019-.25.055-.088-.075-.197-.121-.313-.133-.287 0-.367.153-.387.393-.009.126-.029.251-.06.374-.005-.031-.018-.059-.038-.082-.02-.024-.046-.042-.075-.052-.021-.008-.044-.012-.067-.011s-.046.007-.066.017c-.021.01-.039.024-.054.041-.015.018-.026.038-.033.06 0 .093-.053.28.087.353h.06c-.167.24-.36.48-.554.727-.9-.253-1.173-.093-1.186.747-.014.104 0 .21.038.308.039.097.102.184.184.25.081.067.178.112.281.131.104.019.21.011.31-.023.161-.053.315-.124.46-.213.247.187.473.48.86.467l.327-.314c.42.067.806-.046.873-.28.023-.064.029-.134.017-.202-.011-.068-.04-.131-.084-.184.12-.232.161-.496.118-.754-.043-.257-.169-.493-.358-.673-.053-.051-.096-.112-.126-.18.098.077.222.113.346.1.22-.1.174-.733-.06-.867z" fill="#0066b1"/><path d="m147.507 106.726h.08l-.4-.4c-.002.094.029.185.087.258.059.073.141.123.233.142z" fill="#0066b1"/><path d="m146.846 106-.94-.934-.066.094c-.029.053-.053.109-.074.166-.153.387-.046.614.354.727.116.051.243.073.369.063.127-.009.25-.049.357-.116z" fill="#0066b1"/><path d="m146.866 107.747c.017-.076.018-.153.005-.229-.014-.076-.042-.149-.083-.214-.042-.065-.096-.121-.159-.165s-.134-.076-.21-.092c-.048-.014-.099-.018-.149-.012-.051.006-.099.023-.143.048-.043.026-.081.06-.111.101s-.052.087-.063.136c-.049.101-.06.215-.034.323.027.108.091.204.18.27.061.041.13.069.202.082.071.014.145.013.217-.003.071-.015.139-.045.199-.087s.11-.096.149-.158z" fill="#0066b1"/><path d="m140.547 109.333c.17.022.342-.013.489-.1.148-.087.262-.221.324-.38.031-.159.003-.324-.08-.464-.082-.14-.212-.245-.366-.296-.083-.02-.17-.021-.253-.002-.083.018-.161.056-.227.109.048-.092.081-.191.1-.294l.12-.053c.42-.207.56-.467.446-.813-.059-.182-.188-.332-.358-.419-.169-.088-.366-.105-.548-.048-.437.125-.883.214-1.334.267-.36 0-.773.3-.746.553.026.253.42.407.533.367.287-.1.393.08.56.2-.003.031-.003.062 0 .093.035.128.106.243.204.333.098.089.219.15.349.174.089.015.181.01.267-.015.087-.026.167-.071.233-.132-.126.467 0 .867.287.92z" fill="#0066b1"/><path d="m141.72 103.253c-.374-.147-.494.213-.7.453.193.32.366.567.733.447.05-.01.097-.03.138-.059.042-.029.077-.066.104-.11.027-.043.045-.091.052-.141.008-.05.005-.101-.007-.15-.045-.183-.16-.341-.32-.44z" fill="#0066b1"/><path d="m141.693 101.02c.043.233.157.447.327.613.065.061.151.094.24.094s.174-.033.24-.094l-.794-.793c-.017.058-.022.12-.013.18z" fill="#0066b1"/><path d="m143.113 103.567c-.139-.017-.28.017-.395.097-.116.08-.198.2-.231.336-.017.077-.016.157.001.234s.05.15.097.213c.048.063.108.115.177.153s.146.061.225.067c.125.009.249-.031.345-.112s.156-.197.168-.322c.053-.306-.167-.66-.387-.666z" fill="#0066b1"/><path d="m143.899 103.227c.047.006.094.006.14 0l-.533-.534c-.007.047-.007.094 0 .14.003.104.046.202.119.275s.171.115.274.119z" fill="#0066b1"/><path d="m134.973 107.933c-.16.367-.086.667.18.78.173.032.351.014.514-.053.052.244.195.458.4.6.4.207.92.153.973-.247.023-.361-.081-.72-.293-1.013-.14-.26-.507-.167-.374-.487.114-.255.144-.54.087-.813.133-.017.26-.066.37-.143s.2-.178.263-.297c.024-.117.008-.239-.045-.347-.053-.107-.14-.194-.248-.246-.44-.154-.8-.074-.893.206-.032.16-.003.326.08.467-.157-.007-.312.032-.446.113-.134.08-.241.199-.308.34-.094-.188-.252-.337-.446-.42-.347.334-.7.66-1.06.98.028.123.091.235.181.324.089.088.202.149.325.176.193.001.382-.047.551-.139s.312-.226.416-.387c.019.072.053.14.1.2-.079.042-.149.1-.205.17s-.097.15-.122.236z" fill="#0066b1"/><path d="m138.393 102.54c.313.666.613.766 1.186.466.434-.22.874-.426 1.334-.633.533.84.666.867 1.18.327-.007-.142-.058-.277-.147-.388-.089-.11-.21-.189-.347-.226.048-.035.085-.084.107-.14.02-.046.03-.096.029-.146s-.012-.1-.034-.145c-.021-.045-.052-.086-.09-.118-.039-.033-.083-.057-.132-.071-.04-.02-.083-.031-.128-.033-.045-.003-.089.004-.131.02s-.08.04-.112.071c-.033.031-.058.068-.075.109-.44-.747-1.034-.72-1.687.067-.075-.016-.149-.039-.22-.067-.233.3-.473.593-.713.887z" fill="#0066b1"/><path d="m144.16 116.447c.064-.116.088-.25.069-.382-.019-.131-.081-.252-.176-.345-.128-.131-.268-.25-.42-.353-.01-.033-.024-.064-.04-.094 0-.073 0-.153 0-.233-.003-.181-.06-.356-.163-.505-.103-.148-.248-.262-.417-.328-.177-.039-.36-.033-.534.019-.174.051-.332.145-.459.274-.092.105-.142.24-.14.38.001.131.033.261.095.377.061.116.15.215.258.29 0 .326.2.573.607.633.047.003.093.003.14 0v.107c0 .346.127.473.46.513.142.027.289.007.419-.056.13-.064.236-.168.301-.297z" fill="#0066b1"/><path d="m146.373 114c-.167 0-.587.073-.614.24-.026.167.314.393.46.473.147.08.394-.113.414-.326.02-.214-.047-.387-.26-.387z" fill="#0066b1"/><path d="m147.52 109.5c-.094.093-.294.207-.367.373-.073.167.127.514.407.554.054.006.11.002.163-.014.053-.015.103-.041.145-.076.043-.035.079-.078.105-.126.026-.049.042-.103.047-.158 0-.138-.051-.271-.143-.373-.093-.103-.22-.167-.357-.18z" fill="#0066b1"/><path d="m145.393 118.54c-.085.032-.154.096-.193.178s-.044.176-.013.262c.086.34.353.38.666.394.147-.26.36-.48.127-.74-.073-.081-.17-.134-.277-.151s-.216.003-.31.057z" fill="#0066b1"/><path d="m146.86 116.807c-.087 0-.28-.053-.347.087-.066.14.12.26.167.26.05 0 .1-.01.147-.031.046-.021.087-.051.12-.089 0 0-.04-.214-.087-.227z" fill="#0066b1"/><path d="m145.006 112c.153.06.347 0 .327-.22s-.06-.52-.227-.553c-.167-.034-.36.333-.38.466-.02.134.16.307.28.307z" fill="#0066b1"/><path d="m145.333 114.707c.058-.034.107-.083.14-.141.034-.059.051-.125.051-.192 0-.068-.017-.134-.051-.192-.033-.059-.082-.108-.14-.142-.353-.12-.573.287-.5.487.05.083.127.146.218.179s.191.033.282.001z" fill="#0066b1"/><path d="m148.833 113.646c-.108-.015-.218.006-.312.061-.094.054-.167.139-.208.239-.019.119 0 .241.055.348s.144.193.252.246c.109.024.224.005.32-.053.095-.059.165-.152.193-.261.031-.116.017-.24-.038-.347-.056-.107-.149-.19-.262-.233z" fill="#0066b1"/><path d="m152.626 111.953c.01-.058.01-.116 0-.174l-.513-.52c-.32-.066-.527.04-.593.32-.1.4.119.88.433.94.16-.004.313-.062.435-.165.123-.103.207-.245.238-.401z" fill="#0066b1"/><path d="m152.666 114.726c-.052-.017-.107-.024-.161-.02-.055.005-.108.02-.157.046-.048.025-.091.06-.126.103s-.06.092-.076.144c-.022.109-.005.222.049.319.054.096.141.17.245.208.051.021.106.03.162.028.055-.003.109-.017.159-.042.049-.026.092-.061.127-.105.034-.043.059-.094.072-.148.021-.109.004-.222-.05-.32-.053-.097-.14-.173-.244-.213z" fill="#0066b1"/><path d="m150.667 116.367c-.069-.071-.151-.128-.242-.167s-.189-.059-.288-.059c-.1 0-.198.02-.289.059s-.173.096-.241.167c-.076.12-.112.261-.103.402.01.142.065.276.156.385.074.111.187.19.318.22.13.03.267.008.382-.06.213-.1.667-.187.707-.527s-.274-.307-.4-.42z" fill="#0066b1"/><path d="m149.866 111.087c.008-.113-.028-.225-.1-.313s-.174-.146-.287-.161c-.154-.003-.305.046-.426.141-.122.095-.207.229-.241.379.048.144.144.268.271.35.127.083.279.119.429.104.111-.024.209-.089.274-.182.066-.092.094-.206.08-.318z" fill="#0066b1"/><path d="m145.12 110.667c.18.016.36-.028.513-.124.153-.097.27-.24.334-.41.066-.26-.214-.606-.547-.666-.433-.094-.667 0-.767.346-.03.174-.001.354.084.509s.22.276.383.345z" fill="#0066b1"/><path d="m148.666 109.333c.118.024.24.001.341-.064.101-.064.172-.166.199-.283.018-.128-.016-.259-.093-.363-.077-.105-.192-.175-.32-.197-.118-.012-.237.02-.333.09s-.163.174-.187.29c-.005.12.031.238.103.334.071.096.174.164.29.193z" fill="#0066b1"/><path d="m138.886 117.133c-.101-.039-.21-.056-.318-.049s-.214.037-.309.089c-.024-.079-.07-.149-.132-.202-.063-.053-.14-.087-.221-.098-.314-.06-.447.2-.594.453.06.087.121.187.181.267l.093.087c.05.044.112.073.178.084.066.01.134.002.195-.024l.087-.054c.025.081.064.158.113.227.006.031.018.06.037.086.018.025.042.046.07.061.083.111.196.197.326.246.057.019.117.025.177.019.059-.005.117-.023.169-.052.053-.028.099-.067.136-.114.036-.048.063-.102.078-.159.074-.152.087-.325.037-.486-.049-.161-.158-.297-.303-.381z" fill="#0066b1"/><path d="m137.793 115.454c.007-.056.007-.112 0-.167.25-.061.468-.216.606-.433.174-.267 0-.567-.04-.88.05-.061.086-.131.107-.207.019-.125-.013-.251-.087-.353-.033-.667-.613-.86-1.173-.86-.215.002-.424.074-.593.206-.059.051-.112.107-.16.167-.132-.135-.302-.226-.487-.26-.353-.067-.593.147-.667.593-.009.142.027.284.104.404s.19.212.323.263c.164.007.328-.029.473-.107-.055.088-.093.185-.11.287s-.014.206.01.307c.071.203.186.388.337.542.151.153.334.271.537.344v.04c-.04.174.346.374.506.427s.3-.08.314-.313z" fill="#0066b1"/><path d="m135.86 112.5c.097-.212.121-.452.067-.679-.053-.228-.18-.432-.361-.581-.169-.104-.371-.141-.567-.106-.195.036-.371.143-.493.3-.08.08-.141.176-.179.283-.038.106-.051.22-.04.332.012.112.048.221.107.317.058.097.138.179.232.241.18.145.409.215.638.195.23-.02.444-.128.596-.302z" fill="#0066b1"/><path d="m134.793 110.153c.175-.116.3-.294.351-.498s.025-.419-.074-.604c-.099-.186-.263-.328-.461-.399s-.415-.066-.609.015c-.313.113-.367.666-.227 1.093.093.178.248.317.436.389.188.073.396.074.584.004z" fill="#0066b1"/><path d="m134.326 114.133c-.072.017-.14.049-.2.093l.973.974c.035-.129.053-.261.054-.394-.035-.192-.138-.366-.289-.489-.152-.123-.343-.189-.538-.184z" fill="#0066b1"/><path d="m133.02 109.14c-.094-.035-.193-.052-.293-.048s-.199.029-.289.072-.171.103-.237.179c-.066.075-.117.162-.148.257-.14.36.187.88.667 1.06.085.029.174.041.264.034.089-.007.176-.031.256-.072s.15-.098.207-.167c.058-.069.1-.149.126-.235.173-.64.013-.78-.553-1.08z" fill="#0066b1"/><path d="m144 120.36c-.247-.14-.627.067-.813.44-.042.114-.044.239-.003.353.04.115.119.212.223.274.136.061.289.075.434.039.145-.037.274-.121.366-.239.063-.147.077-.311.04-.467-.037-.157-.124-.297-.247-.4z" fill="#0066b1"/><path d="m132.666 110.96c-.099-.031-.205-.041-.309-.029-.103.011-.204.045-.294.097-.09.053-.169.124-.23.209-.061.084-.105.181-.127.283-.013.088-.013.178 0 .266l1.054 1.047c.226-.033.32-.207.413-.387.066-.106.118-.22.153-.34.034-.052.061-.108.08-.166.1-.427-.2-.84-.74-.98z" fill="#0066b1"/><path d="m141.093 116.706c.059-.193.045-.401-.038-.585-.084-.184-.231-.331-.415-.415-.07-.026-.145-.038-.221-.036-.075.003-.149.021-.217.052-.068.032-.13.077-.18.133-.051.055-.09.12-.115.191-.078.162-.102.343-.07.52.033.176.12.337.25.46.178.075.377.085.562.026.184-.059.342-.181.444-.346z" fill="#0066b1"/><path d="m131.286 109.38c-.05.045-.091.099-.12.16-.028.06-.044.126-.046.194 0 .133-.074.253 0 .386.073.134.293.094.406-.073.097-.162.128-.356.087-.54-.008-.034-.024-.065-.047-.09-.023-.026-.051-.046-.083-.059-.032-.012-.067-.017-.101-.013-.035.004-.067.016-.096.035z" fill="#0066b1"/><path d="m141.553 118.753c-.136-.062-.289-.078-.435-.047-.147.031-.279.108-.378.22-.061.171-.062.357-.003.528.06.171.176.316.329.412.163.051.339.042.496-.024.157-.065.286-.184.364-.336.154-.306.027-.56-.373-.753z" fill="#0066b1"/><path d="m141.38 113.16c-.168-.035-.344-.01-.496.068-.153.079-.274.208-.344.365-.034.127-.018.261.044.376.062.116.165.203.289.244.159.029.322 0 .461-.082.138-.082.242-.212.293-.365.025-.055.038-.116.039-.177s-.01-.122-.033-.179c-.023-.056-.057-.108-.101-.151-.043-.043-.095-.077-.152-.099z" fill="#0066b1"/><path d="m140.36 111.62c.054-.008.106-.026.153-.054.054-.029.101-.07.137-.12.037-.049.063-.106.076-.166l.1-.114c.247.18.48.394.747.094.083-.075.136-.178.151-.289s-.011-.224-.071-.318c-.053-.073-.16-.173-.233-.167l-.24.04c.039-.048.069-.103.087-.163s.024-.123.017-.185c-.007-.063-.026-.123-.057-.177-.03-.055-.071-.103-.121-.141-.07-.061-.152-.107-.24-.135-.089-.027-.183-.036-.275-.025-.092.01-.181.04-.261.087s-.15.111-.204.186c-.088.108-.147.236-.173.373-.06 0-.12.013-.175.037s-.104.059-.145.103c-.093.178-.127.38-.097.578s.122.381.264.522c.07.078.168.126.273.132.104.006.207-.029.287-.098z" fill="#0066b1"/><path d="m139.193 114.48c-.193.174-.393.367-.26.667.019.053.05.101.089.141s.086.072.138.093c.053.02.109.03.165.028.056-.003.111-.017.161-.042.075-.037.139-.091.19-.156.051-.066.086-.143.104-.224 0-.32-.267-.467-.587-.507z" fill="#0066b1"/><path d="m175.172 25.7409c1.935-2.0964 2.189-5.0108.566-6.5095s-4.508-1.0142-6.444 1.0821c-1.936 2.0964-2.189 5.0108-.566 6.5095 1.623 1.4988 4.508 1.0143 6.444-1.0821z" fill="#294492"/><path d="m155.779 18.3999c.8 2.2066 6.88 2.6333 9.067 2.72.237.0093.472-.0414.685-.1475.212-.106.394-.264.528-.4592l.267-.3867c.132-.1934.213-.4167.236-.6497.024-.2329-.012-.4679-.103-.6836-.853-2-3.426-7.54-5.766-7.5-2.134.04-3.827 2.62-3.827 2.62s-1.813 2.4867-1.087 4.4867z" fill="#7de2d1"/><path d="m159.213 12.0533c-.246 2.3267 5.034 5.38 6.96 6.4067.206.1086.435.1653.667.1653s.461-.0567.667-.1653l.406-.2334c.216-.1126.399-.2793.531-.4838s.209-.4398.223-.6828c.106-2.1867.22-8.28002-1.907-9.27335-1.933-.9-4.587.66666-4.587.66666s-2.74 1.48-2.96 3.59999z" fill="#7de2d1"/><path d="m160.666 11.2737c-.491.0173-.973.1473-1.406.38-.035.1312-.059.265-.074.4-.26 2.4133 5.42 5.5933 7.154 6.5133-.907-2.1667-3.38-7.3333-5.674-7.2933z" fill="#42d4c6"/><path d="m188.206 27.78c-.8-2.2-6.88-2.6667-9.066-2.7133-.237-.01-.473.0404-.685.1465-.212.1062-.394.2645-.528.4601l-.261.3867c-.133.1925-.216.4157-.24.6487-.025.2331.01.4686.1.6846.86 2 3.427 7.5467 5.774 7.5067 2.133-.04 3.826-2.62 3.826-2.62s1.807-2.4933 1.08-4.5z" fill="#7de2d1"/><path d="m184.78 34.1331c.247-2.3333-5.04-5.38-6.967-6.4133-.205-.1103-.434-.168-.666-.168-.233 0-.462.0577-.667.168l-.407.2266c-.215.1139-.396.2822-.526.4881-.13.2058-.204.4421-.214.6853-.113 2.1866-.22 8.2866 1.907 9.2733 1.933.9 4.587-.6667 4.587-.6667s2.726-1.4733 2.953-3.5933z" fill="#7de2d1"/><path d="m177.619 27.6201c.933 2.16 3.413 7.3333 5.68 7.2933.492-.0195.974-.1518 1.407-.3866.031-.1297.056-.261.073-.3934.253-2.4133-5.447-5.5999-7.16-6.5133z" fill="#42d4c6"/><path d="m57.1063 44.1738h-56.773292v7.4334h56.773292z" fill="#00bfb3"/><path d="m85.1598 61.3262h-60.0133v7.4333h60.0133z" fill="#ff957d"/><path d="m63.333 68.7597h21.8333v-7.4267h-19.96c-.8493 2.4133-1.4763 4.8992-1.8733 7.4267z" fill="#fa744e"/><path d="m153.753 43.6996c-.332.0022-.656-.0968-.929-.2838-.274-.187-.484-.4531-.602-.7627-.118-.3095-.139-.6478-.059-.9695.079-.3217.254-.6115.503-.8306.9-.7867 1.833-1.6267 2.767-2.4867.323-.2616.733-.3902 1.147-.3598.415.0304.802.2176 1.083.5234.281.3059.435.7075.431 1.1229-.004.4155-.167.8137-.455 1.1135-.96.88-1.906 1.7333-2.826 2.5333-.293.2577-.67.3998-1.06.4zm8.353-7.82c-.322-.0001-.637-.0957-.904-.2749-.268-.1792-.477-.4337-.599-.7315-.123-.2977-.155-.6252-.091-.9409.063-.3158.219-.6055.447-.8327 1.6-1.5933 2.594-2.6666 2.6-2.6666.302-.2883.703-.4496 1.12-.4506s.819.1584 1.122.4452.484.6791.506 1.0957c.022.4167-.116.8259-.388 1.143-.04.04-1.033 1.0867-2.666 2.7133-.301.3117-.714.4914-1.147.5z" fill="#294492"/><path d="m54.22 21.241-12.7138 12.7138c-1.4866 1.4866-1.4866 3.8968 0 5.3834l12.7138 12.7138c1.4865 1.4866 3.8968 1.4866 5.3834 0l12.7138-12.7138c1.4866-1.4866 1.4866-3.8968 0-5.3834l-12.7138-12.7138c-1.4866-1.4866-3.8968-1.4866-5.3834 0z" fill="#f04e98"/><path d="m31.2467 47.473c.0298-.077.0439-.1591.0416-.2416-.0024-.0825-.0212-.1637-.0553-.2388-.0342-.0751-.083-.1427-.1436-.1987s-.1318-.0994-.2094-.1276c-.26-.1266-.5733.0534-.74.42-.0367.055-.0611.1174-.0712.1827-.0101.0654-.0058.1322.0126.1957s.0505.1223.0941.1721c.0435.0498.0974.0894.1579.1162.1634.0358.3334.0288.4934-.0202.1599-.0491.3046-.1385.4199-.2598z" fill="#01ada1"/><path d="m21.22 51.2334c-.0534.1066.12.2533.2.3066.041.017.0868.0182.1286.0034.0418-.0147.0768-.0444.098-.0834.0143-.05.0151-.1029.0022-.1532-.0129-.0504-.039-.0964-.0755-.1334-.0533-.04-.3-.0467-.3533.06z" fill="#01ada1"/><path d="m23.58 46.3801c.12.0533.2467-.1333.2934-.2133.0097-.0448.006-.0914-.0106-.1341s-.0454-.0795-.0828-.1059c-.08 0-.2133.0733-.2733.1466-.06.0734-.04.2534.0733.3067z" fill="#01ada1"/><path d="m26.0334 50.26c-.26-.04-.52-.12-.7734-.18-.0436-.0417-.0964-.0724-.1542-.0896s-.1189-.0204-.1782-.0093c-.0592.011-.115.0361-.1627.073s-.0859.0846-.1115.1392c-.0604.1145-.074.248-.0379.3723.036.1244.1189.2299.2312.2944.1431.0888.2658.2069.36.3466.0428.0932.1047.1763.1816.244.077.0678.1672.1187.2651.1494h.2866c.1352-.0798.249-.1913.3315-.3249.0824-.1335.1311-.2852.1419-.4418-.02-.2467-.0267-.52-.38-.5733z" fill="#01ada1"/><path d="m27.2131 47.5664c-.0424-.0258-.0905-.0408-.1401-.0435s-.0991.007-.144.0281c-.045.0212-.0839.0531-.1135.0931-.0295.0399-.0487.0865-.0557.1357.006.1437.0353.2856.0866.42.0573.0211.1183.0306.1793.0279s.1209-.0175.1761-.0435c.0552-.0261.1047-.0629.1456-.1083.0408-.0454.0722-.0985.0924-.1561.06-.2067-.0734-.2934-.2267-.3534z" fill="#01ada1"/><path d="m32.9259 47.2002c.1079.0564.2337.0677.35.0315.1162-.0363.2133-.1171.27-.2248.0031-.0399.0031-.0801 0-.12.0629-.0213.1199-.0571.1662-.1046.0464-.0475.0808-.1054.1005-.1687.005-.0637-.0051-.1277-.0294-.1868-.0243-.059-.0622-.1115-.1106-.1532-.065-.0291-.1355-.0441-.2067-.0441s-.1416.015-.2066.0441c-.0385.0311-.0702.0696-.0934.1133-.1037-.0148-.2096.0021-.3035.0485-.094.0464-.1718.1201-.2232.2115-.0303.1114-.0177.2301.0354.3326s.1428.1813.2513.2207z" fill="#01ada1"/><path d="m29.386 50.9335c-.1003-.0441-.2137-.0479-.3167-.0106-.103.0372-.1877.1126-.2367.2106-.0428.0734-.0619.1583-.0548.243.0072.0847.0403.1651.0948.2303h.7467c.0304-.0311.0552-.0671.0733-.1066.0174-.0574.0233-.1176.0172-.1772-.006-.0596-.0238-.1174-.0523-.1701s-.0672-.0992-.1138-.1369-.1002-.0657-.1577-.0825z" fill="#01ada1"/><path d="m29.1995 49.0197c.06-.2066-.0733-.2866-.2266-.3533-.1534-.0667-.4334 0-.4534.2133.0048.1439.0341.286.0867.42.0571.0231.1184.0341.18.0324.0616-.0018.1222-.0163.1779-.0426s.1054-.0638.1459-.1103c.0406-.0464.071-.1007.0895-.1595z" fill="#01ada1"/><path d="m27.1864 45.9996c-.0193.0534-.0206.1116-.0038.1657.0169.0542.051.1013.0971.1343.1.0467.24-.0533.28-.12.04-.0666.0467-.3266-.0533-.3666s-.2933.0933-.32.1866z" fill="#01ada1"/><path d="m23.2465 47.5599c-.3733-.04-.48.4467-.3533.6667s.0534.1733-.0933.4133-.22.6667.26.7734c.2238.0329.4519-.0165.642-.1391.19-.1226.3291-.3101.3913-.5276.0311-.2675-.0384-.5371-.1948-.7563-.1565-.2193-.3888-.3727-.6519-.4304z" fill="#01ada1"/><path d="m43.5731 46.7c-.2866-.6666-.8266-.2733-.9733-.4466-.1467-.1734-.18-.6334-.3733-.9134-.0483-.0973-.1176-.1827-.2029-.2499-.0853-.0673-.1845-.1148-.2904-.139s-.2159-.0246-.322-.0012c-.106.0235-.2056.0702-.2914.1368-.0901.0659-.1656.1497-.2216.2462-.0561.0965-.0915.2036-.104.3145-.0126.111-.0019.2233.0312.3299.0331.1065.0879.2051.1611.2894-.0159.023-.0293.0476-.04.0733.0004.178.0548.3516.156.498s.2443.2587.4106.322c.1311.0345.2689.0345.4 0-.0432.0775-.0658.1647-.0658.2534s.0226.1759.0658.2533c.2267.5734.86.7267 1.1134.3667.2533-.36.0733-.6667.1533-.7534.08-.0866.52-.2599.3933-.58z" fill="#01ada1"/><path d="m45.0998 47.4797c-.0596-.0098-.1204-.0098-.18 0-.0141-.0845-.0506-.1637-.1057-.2293-.0551-.0657-.1268-.1154-.2076-.144-.161-.0145-.3222.0256-.4577.1139-.1354.0883-.2372.2196-.289.3728-.0147.0535-.018.1096-.0095.1645s.0285.1074.0587.154c.0303.0466.07.0863.1167.1164.0467.0302.0992.0501.1541.0584.1001.03.2067.03.3067 0-.0153.0946-.0048.1916.0304.2808s.0938.1672.1696.2259c.4267.2333.7867-.1267.9667-.32s-.1467-.7067-.5534-.7934z" fill="#01ada1"/><path d="m45.7068 44.6205c-.0669-.1356-.1779-.2444-.3148-.3086s-.2915-.08-.4386-.0447c-.12 0-.2333.04-.36.06l-.12-.1534h-1.7c0 .04.06.08.0934.1134.0322.0896.0796.173.14.2466-.1334.46.1333.7067.5.9067-.0934.24-.32.4667 0 .7067.0765.067.1749.104.2766.104.1018 0 .2001-.037.2767-.104.3-.2267.1267-.4867 0-.74l.3533-.3267.4467.44c.1645-.0297.3253-.0767.48-.14.0923-.0574.1681-.1378.22-.2333.0864-.0604.1572-.1404.2067-.2334.0165-.0498.0197-.1032.0092-.1547-.0106-.0514-.0344-.0992-.0692-.1386z" fill="#01ada1"/><path d="m34.7133 46.9728c.0647-.0417.1178-.0989.1547-.1665.0368-.0675.0561-.1432.0561-.2202 0-.0769-.0193-.1526-.0561-.2202-.0369-.0675-.09-.1247-.1547-.1664-.0852-.0413-.1787-.0628-.2734-.0628-.0946 0-.1881.0215-.2733.0628-.0662.053-.1184.1214-.1521.1993-.0337.0778-.0479.1628-.0412.2473.0223.0735.0602.1414.1111.1989s.1136.1033.1839.1343c.0703.0311.1464.0465.2232.0454s.1525-.0188.2218-.0519z" fill="#01ada1"/><path d="m40.98 44.7672c.0867-.14-.0533-.4867-.24-.5934h-.22c-.0765.0331-.1414.0881-.1865.1582-.0451.07-.0684.1519-.0668.2352.04.2466.6066.3666.7133.2z" fill="#01ada1"/><path d="m38.2197 47.5797c-.1266.36 0 .6666.2467.7666.1953.0463.4003.0269.5835-.055.1831-.0819.3342-.2219.4298-.3983.0076-.1454-.0326-.2892-.1144-.4096-.0819-.1204-.2009-.2107-.3389-.2571-.0752-.0375-.1577-.058-.2417-.0601s-.1674.0143-.2443.048c-.077.0337-.1456.0839-.201.1471-.0554.0631-.0963.1377-.1197.2184z" fill="#01ada1"/><path d="m35.4 44.1738h-.5533c.0466.1334.1.24.16.2667s.3266-.0667.3933-.2667z" fill="#01ada1"/><path d="m38.5202 47.0069c.44-.5667.7067-.1333 1.1533-.4333.0621-.0542.116-.1171.16-.1867.0628-.091.0982-.198.1022-.3084.004-.1105-.0236-.2198-.0797-.315-.056-.0953-.1381-.1726-.2366-.2227-.0984-.0502-.2092-.0712-.3192-.0606-.3233.0076-.644.0592-.9533.1534-.1713.0841-.3114.2205-.4001.3895-.0886.169-.1213.3617-.0933.5505.0334.2066.2734.6066.6667.4333z" fill="#01ada1"/><path d="m39.4998 45.3331c.0448.0226.0943.0344.1445.0344.0502-.0001.0997-.0119.1445-.0347.0448-.0227.0836-.0556.1133-.0961s.0494-.0874.0577-.137c.0124-.0778.0093-.1573-.009-.2339s-.0515-.1489-.0977-.2127c-.0933-.0867-.5333-.0467-.6067.14-.0367.1052-.0307.2207.0167.3216.0473.1009.1323.1793.2367.2184z" fill="#01ada1"/><path d="m31.5731 45.8396c.26-.08.2933-.2933.18-.7866-.2534-.0467-.54-.1934-.7267.14-.0594.0944-.08.2081-.0576.3174.0223.1092.0859.2057.1776.2692.0623.0408.1329.0673.2066.0777.0738.0103.1489.0043.2201-.0177z" fill="#01ada1"/><path d="m48.153 50.2532c-.0553-.0249-.1152-.0383-.1759-.0393s-.121.0104-.1771.0335c-.0562.0231-.107.0574-.1495.1008s-.0756.095-.0975.1517c-.0171.0524-.0233.1079-.0179.1629.0053.055.0219.1083.0489.1565.0269.0482.0635.0903.1075.1237.0441.0334.0945.0573.1482.0702.1158.0379.2419.0283.3507-.0267.1087-.055.1912-.1509.2293-.2666.0161-.0482.0219-.0992.017-.1497-.005-.0505-.0206-.0994-.0457-.1434-.0252-.0441-.0594-.0824-.1004-.1123s-.0879-.0508-.1376-.0613z" fill="#01ada1"/><path d="m45.0527 49.6804c-.033-.0068-.067-.0068-.1 0-.0908-.206-.2582-.3686-.4667-.4534-.1719-.0213-.3456.0213-.4881.1196-.1426.0983-.2441.2456-.2852.4138-.01.0529-.01.1071 0 .16-.068.1786-.0997.369-.0934.56.0467.1267.2867.4.0667.5533-.22.1534-.56.14-.6667.4067l-.04.0933c-.0478-.0482-.1076-.0827-.1733-.1-.1752-.0173-.3502.0355-.4867.1467h1.9134c-.0299-.1069-.0299-.2198 0-.3267.0733-.1533.2133-.3.4333-.1666.22.1333.62.0533.8667-.42.2466-.4734-.0934-1.0401-.48-.9867z" fill="#01ada1"/><path d="m47.1528 50.7266c-.2266-.06-.58.2334-.6266.52-.0151.0693-.0077.1415.0211.2062s.0774.1186.1389.1538h.8733c.0358-.0345.0612-.0784.0733-.1266.013-.1607-.0268-.3213-.1135-.4573-.0866-.136-.2153-.2399-.3665-.2961z" fill="#01ada1"/><path d="m45.46 51.6064h1.1333c-.0941-.0882-.2053-.1563-.3267-.2-.1372-.063-.2917-.0774-.4383-.0411-.1465.0363-.2764.1213-.3683.2411z" fill="#01ada1"/><path d="m47.7127 49.3931c.12-.4533-.1133-.7866-.6666-.9133-.1193-.0186-.2407-.0186-.36 0-.0881-.007-.1765.0104-.2553.0504s-.145.101-.1914.1763c-.0799.1005-.1389.2162-.1733.34-.0189.1118-.0143.2263.0134.3363s.0779.2131.1474.3027c.0696.0896.157.1638.2566.2179.0997.0541.2096.0869.3226.0964.1988.0247.3999-.023.5664-.1344s.2873-.2791.3402-.4723z" fill="#01ada1"/><path d="m51.6133 49.7136c.0393.0088.0802.0086.1194-.0006.0393-.0093.076-.0273.1072-.0527l-1.0733-1.0734c-.117.1033-.2103.2306-.2733.3734-.0376.0771-.0582.1613-.0605.2471-.0022.0857.0139.171.0474.25.0335.0789.0835.1498.1467.2078s.1382.1018.2197.1284c.122.0615.2592.0866.3951.0725.1359-.0142.2649-.0671.3716-.1525z" fill="#01ada1"/><path d="m49.0793 51.1938c-.1123.0039-.2196.0476-.3027.1233-.083.0757-.1364.1786-.1506.2901h.8933c.0089-.0588.0034-.1188-.016-.1749s-.0522-.1067-.0955-.1473c-.0433-.0407-.0958-.0702-.153-.0861s-.1174-.0176-.1755-.0051z" fill="#01ada1"/><path d="m52.573 50.4c-.4-.0534-.8933.0333-1.04.2666-.025.0326-.039.0723-.04.1134.1134.38-.1866.52-.3933.7266-.0287.03-.0533.0637-.0733.1h1.2466c.0303-.0509.0708-.095.119-.1295.0482-.0344.103-.0584.161-.0705.0667.06.1334.1467.2.2h.58c.0388-.0103.0767-.0237.1134-.04.0336-.0254.0604-.0589.0779-.0973.0174-.0384.025-.0806.0221-.1227z" fill="#01ada1"/><path d="m49.1794 47.4132c-.0775-.0394-.1607-.0664-.2466-.08.0728.0122.1471.0122.22 0 .0832-.02.1607-.0587.2266-.1133l-1.5333-1.5334c-.0867.1867-.16.3467-.2333.36-.0734.0134-.6667-.4866-1.1867-.28-.2215.0959-.3976.2732-.492.4954-.0943.2221-.0996.472-.0147.698.1427.2641.3577.4822.6198.6286s.5605.2151.8602.198c.4267-.1133.44-.6666.56-.7133s.4734.2533.8867.2867c-.1399.0015-.2766.0422-.3945.1177-.1179.0754-.2122.1825-.2722.3089-.0806.1702-.1062.3613-.0733.5467-.0522.0724-.0906.1537-.1133.24-.0258.1295-.025.2628.0023.392.0274.1291.0807.2513.1568.3592s.1733.1992.2858.2683c.1124.0691.2378.1147.3684.1338.1222.0306.2493.0362.3738.0167.1244-.0196.2437-.0639.3506-.1305.107-.0665.1995-.1539.272-.2569.0726-.103.1237-.2195.1503-.3426.0358-.1117.0448-.2303.0263-.3461s-.0641-.2256-.133-.3206c0-.2056-.0642-.4061-.1838-.5735-.1195-.1673-.2883-.2931-.4829-.3598z" fill="#01ada1"/><path d="m42.1392 50c-.0031-.0131-.0031-.0268 0-.04.093-.0206.1781-.0673.2454-.1346s.114-.1525.1346-.2454c.0093-.121-.0297-.2407-.1084-.3331-.0786-.0925-.1906-.15-.3116-.1602-.0804-.0239-.1661-.0239-.2466 0-.1706-.0495-.3524-.0431-.5191.018-.1667.0612-.3095.174-.4076.322-.096-.0666-.2051-.112-.32-.1334-.0627-.0276-.1304-.042-.199-.042-.0685-.0001-.1363.0142-.199.0418s-.119.0679-.1652.1185c-.0463.0505-.0815.1102-.1035.1751-.0134.1776.0232.3555.1057.5134.0825.1578.2075.2895.361.3799.0736.0145.1493.0142.2228-.0008s.1432-.0444.2052-.0866.1151-.0962.156-.1591c.041-.0628.0691-.1331.0827-.2068.0663.0586.1403.108.22.1466.0661.0467.1412.0793.2204.0958.0793.0166.161.0167.2404.0005.0793-.0162.1544-.0485.2208-.0949.0663-.0464.1225-.1058.165-.1747z" fill="#01ada1"/><path d="m36.0801 51.6061h.7c-.0587-.0589-.1262-.1084-.2-.1467-.086-.0455-.1864-.0557-.2798-.0283s-.1724.0902-.2202.175z" fill="#01ada1"/><path d="m36.4398 49.227c.1134-.2934 0-.7067-.2133-.7934-.1983-.0593-.4113-.0451-.6.04-.0633-.0856-.1558-.1449-.26-.1666-.1022-.0191-.2079-.004-.3007.043s-.1675.1232-.2126.217c-.2677-.119-.5633-.1606-.8534-.12-.126.013-.2532-.0101-.3666-.0667-.0747-.069-.1661-.1174-.2651-.1404-.099-.0231-.2023-.02-.2998.0089-.0974.0289-.1857.0827-.2562.156-.0704.0733-.1206.1636-.1456.2622-.0373-.0448-.0855-.0793-.14-.1-.122-.011-.2441.021-.3451.0904-.101.0693-.1746.1717-.2082.2896-.0623.1282-.0713.2759-.0251.4108s.1439.246.2717.3092c.0578.0184.1187.025.179.0195.0604-.0056.119-.0231.1725-.0517.0534-.0286.1006-.0676.1387-.1148.0381-.0471.0664-.1014.0832-.1597.1199.096.262.1602.4133.1867.219.0113.4258.1041.58.26.1172.1107.2611.1891.4177.2277.1565.0385.3204.0359.4756-.0077.1581-.0367.3016-.1197.412-.2385.1105-.1188.183-.2679.208-.4282 0 0 0-.0533 0-.0867.0771.1836.2231.3296.4067.4067.2933.1133.5733-.0733.7333-.4533z" fill="#01ada1"/><path d="m37.6666 44.6667c-.0513-.0986-.1298-.1803-.2262-.2355s-.2066-.0816-.3176-.076c-.1109.0057-.2179.043-.3082.1077-.0904.0646-.1602.1539-.2013.2571-.1173.2395-.2046.4925-.26.7533-.0039-.0233-.015-.0449-.0317-.0616-.0167-.0168-.0383-.0278-.0617-.0317-.034-.0022-.0677.008-.0947.0289s-.0455.0509-.0519.0844c0 .04.0733.12.1067.1267.0364.0023.0722-.0096.0999-.0333.0022.0154.0022.0311 0 .0466-.0031.1916.0537.3794.1625.5372.1087.1577.264.2776.4442.3428.0827.0408.1779.0484.2659.0211.0881-.0273.1623-.0873.2074-.1677.2692-.4424.3971-.9564.3667-1.4734-.0239-.0794-.0574-.1555-.1-.2266z" fill="#01ada1"/><path d="m35.6132 51.2064c-.0625-.0258-.1295-.0389-.1971-.0384-.0677.0005-.1345.0145-.1966.0412-.0622.0267-.1183.0656-.1652.1143-.0469.0488-.0835.1065-.1077.1696-.0069.0375-.0069.0759 0 .1133h.94c-.0031-.0857-.0304-.1687-.0788-.2395s-.1158-.1265-.1946-.1605z" fill="#01ada1"/><path d="m39.0461 49.8604c-.1643-.0983-.358-.1354-.547-.1049s-.3611.1267-.4862.2717c-.125.145-.1949.3294-.1974.5208s.0627.3776.184.5257c-.0454.0515-.0774.1133-.0934.18-.0407.1143-.0407.2391 0 .3533h.76v-.04c.0133-.0637.0133-.1295 0-.1933.1451-.0305.2811-.0946.3969-.1872.1158-.0927.2082-.2112.2698-.3461.0824-.1698.0987-.3642.0457-.5453-.0529-.1812-.1714-.3361-.3324-.4347z" fill="#01ada1"/><path d="m42.4527 51.3731c.08-.1867-.06-.4-.1667-.5334-.1066-.1333-.3866 0-.4733.16s0 .42.1533.4667c.1534.0467.4067.0867.4867-.0933z" fill="#01ada1"/><path d="m31.3863 50.8071c-.3533-.1333-.7466.0001-.84.2201-.041.1998-.0027.4078.1067.58h1.1267c.0359-.0776.054-.1622.053-.2476-.001-.0855-.0211-.1696-.0588-.2463s-.0921-.144-.1591-.197c-.0671-.0529-.1451-.0902-.2285-.1092z" fill="#01ada1"/><path d="m39.9131 51.6068h.5333c-.0597-.0442-.1277-.076-.2-.0934-.059-.0099-.1195-.0067-.1771.0095-.0576.0161-.1109.0448-.1562.0839z" fill="#01ada1"/><path d="m39.9999 48.827c-.0166-.0695-.0494-.1342-.0958-.1887-.0463-.0544-.1049-.0971-.1709-.1246-.1133 0-.4333 0-.4867.1466-.0533.1467.2.3667.3134.4334.1133.0666.44-.08.44-.2667z" fill="#01ada1"/><path d="m58.5392 39.7h-3.66l-1.22-11.3934h6.1z" fill="#fff"/><path d="m58.946 44.7835c0-1.2352-1.0014-2.2366-2.2367-2.2366s-2.2366 1.0014-2.2366 2.2366c0 1.2353 1.0013 2.2367 2.2366 2.2367s2.2367-1.0014 2.2367-2.2367z" fill="#fff"/></svg>
\ No newline at end of file
diff --git a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx
index e98d9fff04a0c..cdfca4e09eb10 100644
--- a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx
@@ -8,13 +8,12 @@
 import type { AlertConsumers as AlertConsumersTyped } from '@kbn/rule-data-utils';
 // @ts-expect-error
 import { AlertConsumers as AlertConsumersNonTyped } from '@kbn/rule-data-utils/target_node/alerts_as_data_rbac';
-import { EuiEmptyPrompt, EuiLoadingContent, EuiPanel } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import { isEmpty } from 'lodash/fp';
 import React, { useEffect, useMemo, useRef, useState } from 'react';
 import styled from 'styled-components';
 import { useDispatch } from 'react-redux';
 
-import { FormattedMessage } from '@kbn/i18n/react';
 import { useKibana } from '../../../../../../../src/plugins/kibana_react/public';
 import { Direction, EntityType } from '../../../../common/search_strategy';
 import type { DocValueFields } from '../../../../common/search_strategy';
@@ -47,6 +46,7 @@ import { SELECTOR_TIMELINE_GLOBAL_CONTAINER, UpdatedFlexGroup, UpdatedFlexItem }
 import { Sort } from '../body/sort';
 import { InspectButton, InspectButtonContainer } from '../../inspect';
 import { SummaryViewSelector, ViewSelection } from '../event_rendered_view/selector';
+import { TGridLoading, TGridEmpty } from '../shared';
 
 const AlertConsumers: typeof AlertConsumersTyped = AlertConsumersNonTyped;
 
@@ -80,6 +80,16 @@ const EventsContainerLoading = styled.div.attrs(({ className = '' }) => ({
   flex-direction: column;
 `;
 
+const FullWidthFlexGroup = styled(EuiFlexGroup)<{ $visible: boolean }>`
+  overflow: hidden;
+  margin: 0;
+  display: ${({ $visible }) => ($visible ? 'flex' : 'none')};
+`;
+
+const ScrollableFlexItem = styled(EuiFlexItem)`
+  overflow: auto;
+`;
+
 const SECURITY_ALERTS_CONSUMERS = [AlertConsumers.SIEM];
 
 export interface TGridIntegratedProps {
@@ -253,6 +263,8 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
     [deletedEventIds.length, totalCount]
   );
 
+  const hasAlerts = totalCountMinusDeleted > 0;
+
   const nonDeletedEvents = useMemo(() => events.filter((e) => !deletedEventIds.includes(e._id)), [
     deletedEventIds,
     events,
@@ -284,7 +296,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
         data-test-subj="events-viewer-panel"
         $isFullScreen={globalFullScreen}
       >
-        {isFirstUpdate.current && <EuiLoadingContent data-test-subj="loading-alerts-panel" />}
+        {isFirstUpdate.current && <TGridLoading height="short" />}
 
         {graphOverlay}
 
@@ -310,53 +322,40 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
 
             {!graphEventId && graphOverlay == null && (
               <>
-                {totalCountMinusDeleted === 0 && loading === false && (
-                  <EuiEmptyPrompt
-                    title={
-                      <h2>
-                        <FormattedMessage
-                          id="xpack.timelines.tGrid.noResultsMatchSearchCriteriaTitle"
-                          defaultMessage="No results match your search criteria"
-                        />
-                      </h2>
-                    }
-                    titleSize="s"
-                    body={
-                      <p>
-                        <FormattedMessage
-                          id="xpack.timelines.tGrid.noResultsMatchSearchCriteriaDescription"
-                          defaultMessage="Try searching over a longer period of time or modifying your search."
-                        />
-                      </p>
-                    }
-                  />
-                )}
-                {totalCountMinusDeleted > 0 && (
-                  <StatefulBody
-                    hasAlertsCrud={hasAlertsCrud}
-                    activePage={pageInfo.activePage}
-                    browserFields={browserFields}
-                    filterQuery={filterQuery}
-                    data={nonDeletedEvents}
-                    defaultCellActions={defaultCellActions}
-                    id={id}
-                    isEventViewer={true}
-                    itemsPerPageOptions={itemsPerPageOptions}
-                    loadPage={loadPage}
-                    onRuleChange={onRuleChange}
-                    pageSize={itemsPerPage}
-                    renderCellValue={renderCellValue}
-                    rowRenderers={rowRenderers}
-                    tabType={TimelineTabs.query}
-                    tableView={tableView}
-                    totalItems={totalCountMinusDeleted}
-                    unit={unit}
-                    filterStatus={filterStatus}
-                    leadingControlColumns={leadingControlColumns}
-                    trailingControlColumns={trailingControlColumns}
-                    refetch={refetch}
-                    indexNames={indexNames}
-                  />
+                {!hasAlerts && !loading && <TGridEmpty height="short" />}
+                {hasAlerts && (
+                  <FullWidthFlexGroup
+                    $visible={!graphEventId && graphOverlay == null}
+                    gutterSize="none"
+                  >
+                    <ScrollableFlexItem grow={1}>
+                      <StatefulBody
+                        hasAlertsCrud={hasAlertsCrud}
+                        activePage={pageInfo.activePage}
+                        browserFields={browserFields}
+                        filterQuery={filterQuery}
+                        data={nonDeletedEvents}
+                        defaultCellActions={defaultCellActions}
+                        id={id}
+                        isEventViewer={true}
+                        itemsPerPageOptions={itemsPerPageOptions}
+                        loadPage={loadPage}
+                        onRuleChange={onRuleChange}
+                        pageSize={itemsPerPage}
+                        renderCellValue={renderCellValue}
+                        rowRenderers={rowRenderers}
+                        tabType={TimelineTabs.query}
+                        tableView={tableView}
+                        totalItems={totalCountMinusDeleted}
+                        unit={unit}
+                        filterStatus={filterStatus}
+                        leadingControlColumns={leadingControlColumns}
+                        trailingControlColumns={trailingControlColumns}
+                        refetch={refetch}
+                        indexNames={indexNames}
+                      />
+                    </ScrollableFlexItem>
+                  </FullWidthFlexGroup>
                 )}
               </>
             )}
diff --git a/x-pack/plugins/timelines/public/components/t_grid/shared/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/shared/index.tsx
new file mode 100644
index 0000000000000..563e8224058c0
--- /dev/null
+++ b/x-pack/plugins/timelines/public/components/t_grid/shared/index.tsx
@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiPanel,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiLoadingSpinner,
+  EuiImage,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n/react';
+import { useKibana } from '../../../../../../../src/plugins/kibana_react/public';
+import type { CoreStart } from '../../../../../../../src/core/public';
+
+const heights = {
+  tall: 490,
+  short: 250,
+};
+
+export const TGridLoading: React.FC<{ height?: keyof typeof heights }> = ({ height = 'tall' }) => {
+  return (
+    <EuiPanel color="subdued">
+      <EuiFlexGroup
+        style={{ height: heights[height] }}
+        alignItems="center"
+        justifyContent="center"
+        data-test-subj="loading-alerts-panel"
+      >
+        <EuiFlexItem grow={false}>
+          <EuiLoadingSpinner size="xl" />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+};
+
+const panelStyle = {
+  maxWidth: 500,
+};
+
+export const TGridEmpty: React.FC<{ height?: keyof typeof heights }> = ({ height = 'tall' }) => {
+  const { http } = useKibana<CoreStart>().services;
+
+  return (
+    <EuiPanel color="subdued">
+      <EuiFlexGroup style={{ height: heights[height] }} alignItems="center" justifyContent="center">
+        <EuiFlexItem grow={false}>
+          <EuiPanel hasBorder={true} style={panelStyle}>
+            <EuiFlexGroup>
+              <EuiFlexItem>
+                <EuiText size="s">
+                  <EuiTitle>
+                    <h3>
+                      <FormattedMessage
+                        id="xpack.timelines.tgrid.empty.title"
+                        defaultMessage="No results match your search criteria"
+                      />
+                    </h3>
+                  </EuiTitle>
+                  <p>
+                    <FormattedMessage
+                      id="xpack.timelines.tgrid.empty.description"
+                      defaultMessage="Try searching over a longer period of time or modifying your search"
+                    />
+                  </p>
+                </EuiText>
+              </EuiFlexItem>
+              <EuiFlexItem grow={false}>
+                <EuiImage
+                  size="200"
+                  alt=""
+                  url={http.basePath.prepend(
+                    '/plugins/timelines/assets/illustration_product_no_results_magnifying_glass.svg'
+                  )}
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiPanel>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+};
diff --git a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx
index ee9b7be48df63..74dd8c01295be 100644
--- a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx
@@ -4,8 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiLoadingContent } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n/react';
+import { EuiFlexItem } from '@elastic/eui';
 import { isEmpty } from 'lodash/fp';
 import React, { useEffect, useMemo, useState, useRef } from 'react';
 import styled from 'styled-components';
@@ -39,10 +38,16 @@ import type { State } from '../../../store/t_grid';
 import { useTimelineEvents } from '../../../container';
 import { StatefulBody } from '../body';
 import { LastUpdatedAt } from '../..';
-import { SELECTOR_TIMELINE_GLOBAL_CONTAINER, UpdatedFlexItem, UpdatedFlexGroup } from '../styles';
+import {
+  SELECTOR_TIMELINE_GLOBAL_CONTAINER,
+  UpdatedFlexItem,
+  UpdatedFlexGroup,
+  FullWidthFlexGroup,
+} from '../styles';
 import { InspectButton, InspectButtonContainer } from '../../inspect';
 import { useFetchIndex } from '../../../container/source';
 import { AddToCaseAction } from '../../actions/timeline/cases/add_to_case_action';
+import { TGridLoading, TGridEmpty } from '../shared';
 
 export const EVENTS_VIEWER_HEADER_HEIGHT = 90; // px
 const STANDALONE_ID = 'standalone-t-grid';
@@ -68,12 +73,6 @@ const EventsContainerLoading = styled.div.attrs(({ className = '' }) => ({
   flex-direction: column;
 `;
 
-const FullWidthFlexGroup = styled(EuiFlexGroup)<{ $visible: boolean }>`
-  overflow: hidden;
-  margin: 0;
-  display: ${({ $visible }) => ($visible ? 'flex' : 'none')};
-`;
-
 const ScrollableFlexItem = styled(EuiFlexItem)`
   overflow: auto;
 `;
@@ -255,6 +254,8 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
     () => (totalCount > 0 ? totalCount - deletedEventIds.length : 0),
     [deletedEventIds.length, totalCount]
   );
+  const hasAlerts = totalCountMinusDeleted > 0;
+
   const activeCaseFlowId = useSelector((state: State) => tGridSelectors.activeCaseFlowId(state));
   const selectedEvent = useMemo(() => {
     const matchedEvent = events.find((event) => event.ecs._id === activeCaseFlowId);
@@ -338,14 +339,14 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
   return (
     <InspectButtonContainer data-test-subj="events-viewer-panel">
       <AlertsTableWrapper>
-        {isFirstUpdate.current && <EuiLoadingContent data-test-subj="loading-alerts-panel" />}
+        {isFirstUpdate.current && <TGridLoading />}
         {canQueryTimeline ? (
           <>
             <EventsContainerLoading
               data-timeline-id={STANDALONE_ID}
               data-test-subj={`events-container-loading-${loading}`}
             >
-              <UpdatedFlexGroup gutterSize="s" justifyContent="flexEnd" alignItems="baseline">
+              <UpdatedFlexGroup gutterSize="s" justifyContent="flexEnd" alignItems="center">
                 <UpdatedFlexItem grow={false} $show={!loading}>
                   <InspectButton title={justTitle} inspect={inspect} loading={loading} />
                 </UpdatedFlexItem>
@@ -354,28 +355,9 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
                 </UpdatedFlexItem>
               </UpdatedFlexGroup>
 
-              {totalCountMinusDeleted === 0 && loading === false && (
-                <EuiEmptyPrompt
-                  title={
-                    <h2>
-                      <FormattedMessage
-                        id="xpack.timelines.tGrid.noResultsMatchSearchCriteriaTitle"
-                        defaultMessage="No results match your search criteria"
-                      />
-                    </h2>
-                  }
-                  titleSize="s"
-                  body={
-                    <p>
-                      <FormattedMessage
-                        id="xpack.timelines.tGrid.noResultsMatchSearchCriteriaDescription"
-                        defaultMessage="Try searching over a longer period of time or modifying your search."
-                      />
-                    </p>
-                  }
-                />
-              )}
-              {totalCountMinusDeleted > 0 && (
+              {!hasAlerts && !loading && <TGridEmpty />}
+
+              {hasAlerts && (
                 <FullWidthFlexGroup direction="row" $visible={!graphEventId} gutterSize="none">
                   <ScrollableFlexItem grow={1}>
                     <StatefulBody
diff --git a/x-pack/plugins/timelines/public/components/t_grid/styles.tsx b/x-pack/plugins/timelines/public/components/t_grid/styles.tsx
index e15e76c787a3f..28e425f53824b 100644
--- a/x-pack/plugins/timelines/public/components/t_grid/styles.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/styles.tsx
@@ -459,6 +459,13 @@ export const HideShowContainer = styled.div.attrs<{ $isVisible: boolean }>(
   })
 )<{ $isVisible: boolean }>``;
 
+export const FullWidthFlexGroup = styled(EuiFlexGroup)<{ $visible?: boolean }>`
+  overflow: hidden;
+  margin: 0;
+  min-height: 490px;
+  display: ${({ $visible = true }) => ($visible ? 'flex' : 'none')};
+`;
+
 export const UpdatedFlexGroup = styled(EuiFlexGroup)`
   position: absolute;
   z-index: ${({ theme }) => theme.eui.euiZLevel1};
diff --git a/x-pack/plugins/timelines/public/methods/index.tsx b/x-pack/plugins/timelines/public/methods/index.tsx
index 91802c4eb10e1..06bb1ae443216 100644
--- a/x-pack/plugins/timelines/public/methods/index.tsx
+++ b/x-pack/plugins/timelines/public/methods/index.tsx
@@ -6,7 +6,7 @@
  */
 
 import React, { lazy, Suspense } from 'react';
-import { EuiLoadingContent, EuiLoadingSpinner, EuiPanel } from '@elastic/eui';
+import { EuiLoadingSpinner } from '@elastic/eui';
 import { I18nProvider } from '@kbn/i18n/react';
 import type { Store } from 'redux';
 import { Provider } from 'react-redux';
@@ -17,6 +17,7 @@ import type { LastUpdatedAtProps, LoadingPanelProps, FieldBrowserProps } from '.
 import type { AddToCaseActionProps } from '../components/actions/timeline/cases/add_to_case_action';
 import { initialTGridState } from '../store/t_grid/reducer';
 import { createStore } from '../store/t_grid';
+import { TGridLoading } from '../components/t_grid/shared';
 
 const initializeStore = ({
   store,
@@ -51,13 +52,7 @@ export const getTGridLazy = (
 ) => {
   initializeStore({ store, storage, setStore });
   return (
-    <Suspense
-      fallback={
-        <EuiPanel hasBorder={false} hasShadow={false} paddingSize="none">
-          <EuiLoadingContent />
-        </EuiPanel>
-      }
-    >
+    <Suspense fallback={<TGridLoading height={props.type === 'standalone' ? 'tall' : 'short'} />}>
       <TimelineLazy {...props} store={store} storage={storage} data={data} setStore={setStore} />
     </Suspense>
   );
diff --git a/x-pack/plugins/timelines/public/store/t_grid/model.ts b/x-pack/plugins/timelines/public/store/t_grid/model.ts
index 0972189b38b30..dc6945d3fe3ad 100644
--- a/x-pack/plugins/timelines/public/store/t_grid/model.ts
+++ b/x-pack/plugins/timelines/public/store/t_grid/model.ts
@@ -92,11 +92,15 @@ export type TGridModelForTimeline = Pick<
   | 'dataProviders'
   | 'dateRange'
   | 'deletedEventIds'
+  | 'documentType'
   | 'excludedRowRendererIds'
   | 'expandedDetail'
   | 'filters'
+  | 'filterManager'
+  | 'footerText'
   | 'graphEventId'
   | 'kqlQuery'
+  | 'queryFields'
   | 'id'
   | 'indexNames'
   | 'isLoading'
@@ -104,11 +108,14 @@ export type TGridModelForTimeline = Pick<
   | 'itemsPerPage'
   | 'itemsPerPageOptions'
   | 'loadingEventIds'
+  | 'loadingText'
+  | 'selectAll'
   | 'showCheckboxes'
   | 'sort'
   | 'selectedEventIds'
   | 'savedObjectId'
   | 'title'
+  | 'unit'
   | 'version'
 >;
 
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 3e9b2f626305b..3cd6eeb7e0737 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -21204,7 +21204,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "停止",
     "xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAggregatedByDescription": "結果集約条件",
     "xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAllDescription": "すべての結果",
-    "xpack.securitySolution.detectionEngine.ruleDetails.activatedRuleLabel": "有効化",
     "xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "削除されたルール",
     "xpack.securitySolution.detectionEngine.ruleDetails.errorCalloutTitle": "ルール失敗",
     "xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 4694f642f638d..ca3ead510302e 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -21488,7 +21488,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "已停止",
     "xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAggregatedByDescription": "结果聚合依据",
     "xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAllDescription": "所有结果",
-    "xpack.securitySolution.detectionEngine.ruleDetails.activatedRuleLabel": "已激活",
     "xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "已删除规则",
     "xpack.securitySolution.detectionEngine.ruleDetails.errorCalloutTitle": "规则错误位置",
     "xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外",
diff --git a/x-pack/plugins/uptime/public/components/fleet_package/browser/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/browser/simple_fields.tsx
index 34f56a65df3e8..0e2f10b96fe6d 100644
--- a/x-pack/plugins/uptime/public/components/fleet_package/browser/simple_fields.tsx
+++ b/x-pack/plugins/uptime/public/components/fleet_package/browser/simple_fields.tsx
@@ -168,7 +168,7 @@ export const BrowserSimpleFields = memo<Props>(({ validate }) => {
         helpText={
           <FormattedMessage
             id="xpack.uptime.createPackagePolicy.stepConfigure.monitorIntegrationSettingsSection.tags.helpText"
-            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tab. Displayed in Uptime and enables searching by tag."
+            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tag. Displayed in Uptime and enables searching by tag."
           />
         }
       >
diff --git a/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx
index 8eb81eb92f7b4..c4de1d53fe998 100644
--- a/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx
+++ b/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx
@@ -186,7 +186,7 @@ export const HTTPSimpleFields = memo<Props>(({ validate }) => {
         helpText={
           <FormattedMessage
             id="xpack.uptime.createPackagePolicy.stepConfigure.monitorIntegrationSettingsSection.tags.helpText"
-            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tab. Displayed in Uptime and enables searching by tag."
+            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tag. Displayed in Uptime and enables searching by tag."
           />
         }
       >
diff --git a/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx
index 420f218429e40..92afe4c5072e1 100644
--- a/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx
+++ b/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx
@@ -190,7 +190,7 @@ export const ICMPSimpleFields = memo<Props>(({ validate }) => {
         helpText={
           <FormattedMessage
             id="xpack.uptime.createPackagePolicy.stepConfigure.monitorIntegrationSettingsSection.tags.helpText"
-            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tab. Displayed in Uptime and enables searching by tag."
+            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tag. Displayed in Uptime and enables searching by tag."
           />
         }
       >
diff --git a/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx
index 8bc017a51cfa9..37f0c82595e02 100644
--- a/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx
+++ b/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx
@@ -157,7 +157,7 @@ export const TCPSimpleFields = memo<Props>(({ validate }) => {
         helpText={
           <FormattedMessage
             id="xpack.uptime.createPackagePolicy.stepConfigure.monitorIntegrationSettingsSection.tags.helpText"
-            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tab. Displayed in Uptime and enables searching by tag."
+            defaultMessage="A list of tags that will be sent with the monitor event. Press enter to add a new tag. Displayed in Uptime and enables searching by tag."
           />
         }
       >
diff --git a/x-pack/test/api_integration/apis/metrics_ui/constants.ts b/x-pack/test/api_integration/apis/metrics_ui/constants.ts
index a4c5705ab1a10..f0ba9b4c368d5 100644
--- a/x-pack/test/api_integration/apis/metrics_ui/constants.ts
+++ b/x-pack/test/api_integration/apis/metrics_ui/constants.ts
@@ -28,4 +28,14 @@ export const DATES = {
       max: 1564083493080,
     },
   },
+  'alert-test-data': {
+    gauge: {
+      min: 1609459200000, // '2022-01-01T00:00:00Z'
+      max: 1609462800000, // '2021-01-01T01:00:00Z'
+    },
+    rate: {
+      min: 1609545600000, // '2021-01-02T00:00:00Z'
+      max: 1609545900000, // '2021-01-02T00:05:00Z'
+    },
+  },
 };
diff --git a/x-pack/test/api_integration/apis/metrics_ui/index.js b/x-pack/test/api_integration/apis/metrics_ui/index.js
index 861d82733a0fa..dfba4ee0985ba 100644
--- a/x-pack/test/api_integration/apis/metrics_ui/index.js
+++ b/x-pack/test/api_integration/apis/metrics_ui/index.js
@@ -18,5 +18,6 @@ export default function ({ loadTestFile }) {
     loadTestFile(require.resolve('./metrics_explorer'));
     loadTestFile(require.resolve('./ip_to_hostname'));
     loadTestFile(require.resolve('./http_source'));
+    loadTestFile(require.resolve('./metric_threshold_alert'));
   });
 }
diff --git a/x-pack/test/api_integration/apis/metrics_ui/metric_threshold_alert.ts b/x-pack/test/api_integration/apis/metrics_ui/metric_threshold_alert.ts
new file mode 100644
index 0000000000000..28910bbc6b0c8
--- /dev/null
+++ b/x-pack/test/api_integration/apis/metrics_ui/metric_threshold_alert.ts
@@ -0,0 +1,322 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { InfraSource } from '../../../../plugins/infra/common/source_configuration/source_configuration';
+import { FtrProviderContext } from '../../ftr_provider_context';
+import {
+  evaluateAlert,
+  EvaluatedAlertParams,
+} from '../../../../plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert';
+import {
+  Aggregators,
+  CountMetricExpressionParams,
+  NonCountMetricExpressionParams,
+} from '../../../../plugins/infra/server/lib/alerting/metric_threshold/types';
+import { Comparator } from '../../../../plugins/infra/server/lib/alerting/common/types';
+import { DATES } from './constants';
+
+const { gauge, rate } = DATES['alert-test-data'];
+
+export default function ({ getService }: FtrProviderContext) {
+  const esArchiver = getService('esArchiver');
+  const esClient = getService('es');
+
+  const baseParams: EvaluatedAlertParams = {
+    groupBy: void 0,
+    filterQuery: void 0,
+    criteria: [
+      {
+        timeSize: 5,
+        timeUnit: 'm',
+        threshold: [1],
+        comparator: Comparator.GT_OR_EQ,
+        aggType: Aggregators.SUM,
+        metric: 'value',
+      },
+    ],
+  };
+
+  const configuration: InfraSource['configuration'] = {
+    name: 'Default',
+    description: '',
+    logIndices: {
+      type: 'index_pattern',
+      indexPatternId: 'some-test-id',
+    },
+    metricAlias: 'alerts-test-data',
+    inventoryDefaultView: 'default',
+    metricsExplorerDefaultView: 'default',
+    anomalyThreshold: 70,
+    fields: {
+      container: 'container.id',
+      host: 'host.name',
+      pod: 'kubernetes.od.uid',
+      tiebreaker: '_doc',
+      timestamp: '@timestamp',
+      message: ['message'],
+    },
+    logColumns: [
+      {
+        timestampColumn: {
+          id: '5e7f964a-be8a-40d8-88d2-fbcfbdca0e2f',
+        },
+      },
+      {
+        fieldColumn: {
+          id: ' eb9777a8-fcd3-420e-ba7d-172fff6da7a2',
+          field: 'event.dataset',
+        },
+      },
+      {
+        messageColumn: {
+          id: 'b645d6da-824b-4723-9a2a-e8cece1645c0',
+        },
+      },
+    ],
+  };
+
+  describe('Metric Threshold Alerts Executor', () => {
+    before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/alerts_test_data'));
+    after(() => esArchiver.unload('x-pack/test/functional/es_archives/infra/alerts_test_data'));
+
+    describe('with gauge data', () => {
+      describe('without groupBy', () => {
+        it('should alert on document count', async () => {
+          const params = {
+            ...baseParams,
+            criteria: [
+              {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: Comparator.GT_OR_EQ,
+                aggType: Aggregators.COUNT,
+              } as CountMetricExpressionParams,
+            ],
+          };
+          const timeFrame = { end: gauge.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              '*': {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'count',
+                metric: 'Document count',
+                currentValue: 4,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [true],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+        it('should alert on the last value when the end date is the same as the last event', async () => {
+          const params = { ...baseParams };
+          const timeFrame = { end: gauge.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              '*': {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'sum',
+                metric: 'value',
+                currentValue: 1,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [true],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+      });
+      describe('with groupBy', () => {
+        it('should alert on document count', async () => {
+          const params = {
+            ...baseParams,
+            groupBy: ['env'],
+            criteria: [
+              {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: Comparator.GT_OR_EQ,
+                aggType: Aggregators.COUNT,
+              } as CountMetricExpressionParams,
+            ],
+          };
+          const timeFrame = { end: gauge.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              dev: {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'count',
+                metric: 'Document count',
+                currentValue: 2,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [true],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+              prod: {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'count',
+                metric: 'Document count',
+                currentValue: 2,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [true],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+        it('should alert on the last value when the end date is the same as the last event', async () => {
+          const params = {
+            ...baseParams,
+            groupBy: ['env'],
+          };
+          const timeFrame = { end: gauge.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              dev: {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'sum',
+                metric: 'value',
+                currentValue: 0,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [false],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+              prod: {
+                timeSize: 5,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                aggType: 'sum',
+                metric: 'value',
+                currentValue: 1,
+                timestamp: '2021-01-01T00:55:00.000Z',
+                shouldFire: [true],
+                shouldWarn: [false],
+                isNoData: [false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+      });
+    });
+
+    describe('with rate data', () => {
+      describe('without groupBy', () => {
+        it('should alert on rate', async () => {
+          const params = {
+            ...baseParams,
+            criteria: [
+              {
+                timeSize: 1,
+                timeUnit: 'm',
+                threshold: [0.5],
+                comparator: Comparator.GT_OR_EQ,
+                aggType: Aggregators.RATE,
+                metric: 'value',
+              } as NonCountMetricExpressionParams,
+            ],
+          };
+          const timeFrame = { end: rate.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              '*': {
+                timeSize: 1,
+                timeUnit: 'm',
+                threshold: [0.5],
+                comparator: '>=',
+                aggType: 'rate',
+                metric: 'value',
+                currentValue: 0.6666666666666666,
+                timestamp: '2021-01-02T00:04:00.000Z',
+                shouldFire: [false, false, false, false, true],
+                shouldWarn: [false],
+                isNoData: [true, false, false, false, false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+      });
+      describe('with groupBy', () => {
+        it('should warn but not fire on rate', async () => {
+          const params = {
+            ...baseParams,
+            groupBy: 'env',
+            criteria: [
+              {
+                timeSize: 1,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: Comparator.GT_OR_EQ,
+                warningThreshold: [0.5],
+                warningComparator: Comparator.GT_OR_EQ,
+                aggType: Aggregators.RATE,
+                metric: 'value',
+              } as NonCountMetricExpressionParams,
+            ],
+          };
+          const timeFrame = { end: rate.max };
+          const results = await evaluateAlert(esClient, params, configuration, timeFrame);
+          expect(results).to.eql([
+            {
+              dev: {
+                timeSize: 1,
+                timeUnit: 'm',
+                threshold: [1],
+                comparator: '>=',
+                warningThreshold: [0.5],
+                warningComparator: '>=',
+                aggType: 'rate',
+                metric: 'value',
+                currentValue: 0.6666666666666666,
+                timestamp: '2021-01-02T00:04:00.000Z',
+                shouldFire: [false, false, false, false, false],
+                shouldWarn: [false, false, false, false, true],
+                isNoData: [true, false, false, false, false],
+                isError: false,
+              },
+            },
+          ]);
+        });
+      });
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/apis/metrics_ui/metrics_alerting.ts b/x-pack/test/api_integration/apis/metrics_ui/metrics_alerting.ts
index 31d4bd147f526..90b815d4d0530 100644
--- a/x-pack/test/api_integration/apis/metrics_ui/metrics_alerting.ts
+++ b/x-pack/test/api_integration/apis/metrics_ui/metrics_alerting.ts
@@ -48,7 +48,9 @@ export default function ({ getService }: FtrProviderContext) {
           });
 
           expect(result.hits).to.be.ok();
-          expect(result.aggregations).to.be.ok();
+          if (aggType !== 'count') {
+            expect(result.aggregations).to.be.ok();
+          }
         });
       }
       it('should work with a filterQuery', async () => {
diff --git a/x-pack/test/api_integration/apis/ml/index.ts b/x-pack/test/api_integration/apis/ml/index.ts
index 394672ac07fc5..e44d0cd10e9f2 100644
--- a/x-pack/test/api_integration/apis/ml/index.ts
+++ b/x-pack/test/api_integration/apis/ml/index.ts
@@ -77,6 +77,7 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./filters'));
     loadTestFile(require.resolve('./indices'));
     loadTestFile(require.resolve('./job_validation'));
+    loadTestFile(require.resolve('./job_audit_messages'));
     loadTestFile(require.resolve('./jobs'));
     loadTestFile(require.resolve('./modules'));
     loadTestFile(require.resolve('./results'));
diff --git a/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts b/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts
new file mode 100644
index 0000000000000..d085f360859ec
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts
@@ -0,0 +1,122 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { omit } from 'lodash';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { getJobConfig } from './index';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const supertest = getService('supertestWithoutAuth');
+  const ml = getService('ml');
+
+  let notificationIndices: string[] = [];
+
+  describe('clear_messages', function () {
+    before(async () => {
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+
+      for (const jobConfig of getJobConfig(2)) {
+        await ml.api.createAnomalyDetectionJob(jobConfig);
+      }
+
+      const { body } = await supertest
+        .get(`/api/ml/job_audit_messages/messages`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      notificationIndices = body.notificationIndices;
+    });
+
+    after(async () => {
+      await ml.api.cleanMlIndices();
+    });
+
+    it('should mark audit messages as cleared for provided job', async () => {
+      const timestamp = Date.now();
+
+      const { body } = await supertest
+        .put(`/api/ml/job_audit_messages/clear_messages`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .send({
+          jobId: 'test_get_job_audit_messages_1',
+          notificationIndices,
+        })
+        .expect(200);
+
+      expect(body.success).to.eql(true);
+      expect(body.last_cleared).to.be.above(timestamp);
+
+      const { body: getBody } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_1`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(getBody.messages.length).to.eql(1);
+
+      expect(omit(getBody.messages[0], 'timestamp')).to.eql({
+        job_id: 'test_get_job_audit_messages_1',
+        message: 'Job created',
+        level: 'info',
+        node_name: 'node-01',
+        job_type: 'anomaly_detector',
+        cleared: true,
+      });
+    });
+
+    it('should not mark audit messages as cleared for the user with ML read permissions', async () => {
+      const { body } = await supertest
+        .put(`/api/ml/job_audit_messages/clear_messages`)
+        .auth(USER.ML_VIEWER, ml.securityCommon.getPasswordForUser(USER.ML_VIEWER))
+        .set(COMMON_REQUEST_HEADERS)
+        .send({
+          jobId: 'test_get_job_audit_messages_2',
+          notificationIndices,
+        })
+        .expect(403);
+      expect(body.error).to.eql('Forbidden');
+      expect(body.message).to.eql('Forbidden');
+
+      const { body: getBody } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_2`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(getBody.messages[0].cleared).to.not.eql(true);
+    });
+
+    it('should not mark audit messages as cleared for unauthorized user', async () => {
+      const { body } = await supertest
+        .put(`/api/ml/job_audit_messages/clear_messages`)
+        .auth(USER.ML_UNAUTHORIZED, ml.securityCommon.getPasswordForUser(USER.ML_UNAUTHORIZED))
+        .set(COMMON_REQUEST_HEADERS)
+        .send({
+          jobId: 'test_get_job_audit_messages_2',
+          notificationIndices,
+        })
+        .expect(403);
+      expect(body.error).to.eql('Forbidden');
+      expect(body.message).to.eql('Forbidden');
+
+      const { body: getBody } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_2`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(getBody.messages[0].cleared).to.not.eql(true);
+    });
+  });
+};
diff --git a/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts b/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts
new file mode 100644
index 0000000000000..2211103b2d404
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { omit, keyBy } from 'lodash';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { getJobConfig } from './index';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const supertest = getService('supertestWithoutAuth');
+  const ml = getService('ml');
+
+  describe('get_job_audit_messages', function () {
+    before(async () => {
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+
+      for (const jobConfig of getJobConfig(2)) {
+        await ml.api.createAnomalyDetectionJob(jobConfig);
+      }
+    });
+
+    after(async () => {
+      await ml.api.cleanMlIndices();
+    });
+
+    it('should fetch all audit messages', async () => {
+      const { body } = await supertest
+        .get(`/api/ml/job_audit_messages/messages`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(body.messages.length).to.eql(2);
+
+      const messagesDict = keyBy(body.messages, 'job_id');
+
+      expect(omit(messagesDict.test_get_job_audit_messages_2, 'timestamp')).to.eql({
+        job_id: 'test_get_job_audit_messages_2',
+        message: 'Job created',
+        level: 'info',
+        node_name: 'node-01',
+        job_type: 'anomaly_detector',
+      });
+      expect(omit(messagesDict.test_get_job_audit_messages_1, 'timestamp')).to.eql({
+        job_id: 'test_get_job_audit_messages_1',
+        message: 'Job created',
+        level: 'info',
+        node_name: 'node-01',
+        job_type: 'anomaly_detector',
+      });
+      expect(body.notificationIndices).to.eql(['.ml-notifications-000002']);
+    });
+
+    it('should fetch audit messages for specified job', async () => {
+      const { body } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_1`)
+        .auth(USER.ML_POWERUSER, ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(body.messages.length).to.eql(1);
+      expect(omit(body.messages[0], 'timestamp')).to.eql({
+        job_id: 'test_get_job_audit_messages_1',
+        message: 'Job created',
+        level: 'info',
+        node_name: 'node-01',
+        job_type: 'anomaly_detector',
+      });
+      expect(body.notificationIndices).to.eql(['.ml-notifications-000002']);
+    });
+
+    it('should fetch audit messages for user with ML read permissions', async () => {
+      const { body } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_1`)
+        .auth(USER.ML_VIEWER, ml.securityCommon.getPasswordForUser(USER.ML_VIEWER))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(200);
+
+      expect(body.messages.length).to.eql(1);
+      expect(omit(body.messages[0], 'timestamp')).to.eql({
+        job_id: 'test_get_job_audit_messages_1',
+        message: 'Job created',
+        level: 'info',
+        node_name: 'node-01',
+        job_type: 'anomaly_detector',
+      });
+      expect(body.notificationIndices).to.eql(['.ml-notifications-000002']);
+    });
+
+    it('should not allow to fetch audit messages for unauthorized user', async () => {
+      const { body } = await supertest
+        .get(`/api/ml/job_audit_messages/messages/test_get_job_audit_messages_1`)
+        .auth(USER.ML_UNAUTHORIZED, ml.securityCommon.getPasswordForUser(USER.ML_UNAUTHORIZED))
+        .set(COMMON_REQUEST_HEADERS)
+        .expect(403);
+
+      expect(body.error).to.eql('Forbidden');
+      expect(body.message).to.eql('Forbidden');
+    });
+  });
+};
diff --git a/x-pack/test/api_integration/apis/ml/job_audit_messages/index.ts b/x-pack/test/api_integration/apis/ml/job_audit_messages/index.ts
new file mode 100644
index 0000000000000..4779a3a181e3b
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/job_audit_messages/index.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { MlJob } from '@elastic/elasticsearch/api/types';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('job_audit_messages', function () {
+    loadTestFile(require.resolve('./get_job_audit_messages'));
+    loadTestFile(require.resolve('./clear_messages'));
+  });
+}
+
+export const getJobConfig = (numOfJobs: number) => {
+  return new Array(numOfJobs).fill(null).map(
+    (v, i) =>
+      (({
+        job_id: `test_get_job_audit_messages_${i + 1}`,
+        description: 'job_audit_messages',
+        groups: ['farequote', 'automated', 'single-metric'],
+        analysis_config: {
+          bucket_span: '15m',
+          influencers: [],
+          detectors: [
+            {
+              function: 'mean',
+              field_name: 'responsetime',
+            },
+            {
+              function: 'min',
+              field_name: 'responsetime',
+            },
+          ],
+        },
+        data_description: { time_field: '@timestamp' },
+        analysis_limits: { model_memory_limit: '10mb' },
+      } as unknown) as MlJob)
+  );
+};
diff --git a/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds.ts b/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds.ts
new file mode 100644
index 0000000000000..04ab308a0d7b2
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds.ts
@@ -0,0 +1,249 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { JOB_STATE, DATAFEED_STATE } from '../../../../../plugins/ml/common/constants/states';
+import { MULTI_METRIC_JOB_CONFIG, SINGLE_METRIC_JOB_CONFIG, DATAFEED_CONFIG } from './common_jobs';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const supertest = getService('supertestWithoutAuth');
+  const ml = getService('ml');
+
+  const testSetupJobConfigs = [SINGLE_METRIC_JOB_CONFIG, MULTI_METRIC_JOB_CONFIG];
+
+  async function runStartDatafeedsRequest(
+    user: USER,
+    requestBody: object,
+    expectedResponsecode: number
+  ): Promise<Record<string, { started: boolean; error?: string }>> {
+    const { body } = await supertest
+      .post('/api/ml/jobs/force_start_datafeeds')
+      .auth(user, ml.securityCommon.getPasswordForUser(user))
+      .set(COMMON_REQUEST_HEADERS)
+      .send(requestBody)
+      .expect(expectedResponsecode);
+
+    return body;
+  }
+
+  const testDataList = [
+    {
+      testTitle: 'as ML Poweruser',
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      user: USER.ML_POWERUSER,
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+        start: 1454803200000, // Starts in real-time from Feb 7 2016 00:00
+      },
+      expected: {
+        responseCode: 200,
+        responseBody: {
+          [`datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`]: { started: true },
+          [`datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`]: { started: true },
+        },
+      },
+    },
+  ];
+
+  const invalidTestDataList = [
+    {
+      testTitle: 'as ML Poweruser with datafeed ID that does not exist',
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id],
+      user: USER.ML_POWERUSER,
+      requestBody: {
+        datafeedIds: [`invalid-datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`],
+        start: 1454803200000, // Feb 7 2016 00:00
+      },
+      expected: {
+        responseCode: 200,
+        responseBody: {
+          [`invalid-datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`]: { started: false },
+        },
+      },
+    },
+  ];
+
+  const testDataListUnauthorized = [
+    {
+      testTitle: 'as ML Unauthorized user',
+      user: USER.ML_UNAUTHORIZED,
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+        start: 1454803200000, // Feb 7 2016 00:00
+        end: 1455235200000, // Feb 12 2016 00:00
+      },
+      expected: {
+        responseCode: 403,
+        error: 'Forbidden',
+      },
+    },
+    {
+      testTitle: 'as ML Viewer',
+      user: USER.ML_VIEWER,
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+        start: 1454803200000, // Feb 7 2016 00:00
+        end: 1455235200000, // Feb 12 2016 00:00
+      },
+      expected: {
+        responseCode: 403,
+        error: 'Forbidden',
+      },
+    },
+  ];
+
+  describe('force_start_datafeeds', function () {
+    before(async () => {
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+
+      for (const job of testSetupJobConfigs) {
+        const datafeedId = `datafeed-${job.job_id}`;
+        await ml.api.createAnomalyDetectionJob(job);
+        await ml.api.createDatafeed({
+          ...DATAFEED_CONFIG,
+          datafeed_id: datafeedId,
+          job_id: job.job_id,
+        });
+      }
+    });
+
+    after(async () => {
+      for (const job of testSetupJobConfigs) {
+        await ml.api.deleteAnomalyDetectionJobES(job.job_id);
+      }
+      await ml.api.cleanMlIndices();
+    });
+
+    describe('rejects requests for unauthorized users', function () {
+      for (const testData of testDataListUnauthorized) {
+        describe('fails to force start supplied datafeed IDs', function () {
+          it(`${testData.testTitle}`, async () => {
+            const body = await runStartDatafeedsRequest(
+              testData.user,
+              testData.requestBody,
+              testData.expected.responseCode
+            );
+
+            expect(body).to.have.property('error').eql(testData.expected.error);
+
+            // check jobs are still closed
+            for (const id of testData.jobIds) {
+              await ml.api.waitForJobState(id, JOB_STATE.CLOSED);
+            }
+
+            // check datafeeds are still stopped
+            for (const id of testData.requestBody.datafeedIds) {
+              await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STOPPED);
+            }
+          });
+        });
+      }
+    });
+
+    describe('starts datafeeds with supplied IDs', function () {
+      for (const testData of testDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStartDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          // check jobs are open
+          for (const id of testData.jobIds) {
+            await ml.api.waitForJobState(id, JOB_STATE.OPENED);
+          }
+
+          // check datafeeds have started
+          for (const id of testData.requestBody.datafeedIds) {
+            await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STARTED);
+          }
+        });
+      }
+    });
+
+    describe('succeeds with datafeed already started', function () {
+      for (const testData of testDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStartDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          // check jobs are still open
+          for (const id of testData.jobIds) {
+            await ml.api.waitForJobState(id, JOB_STATE.OPENED);
+          }
+
+          // check datafeeds are still started
+          for (const id of testData.requestBody.datafeedIds) {
+            await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STARTED);
+          }
+        });
+      }
+    });
+
+    describe('returns expected response for invalid request', function () {
+      for (const testData of invalidTestDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStartDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          expectedRspDatafeedIds.forEach((id) => {
+            expect(body[id].started).to.eql(expectedResponse[id].started);
+          });
+        });
+      }
+    });
+  });
+};
diff --git a/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds_spaces.ts b/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds_spaces.ts
new file mode 100644
index 0000000000000..1ebc6c5b78424
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/jobs/force_start_datafeeds_spaces.ts
@@ -0,0 +1,126 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { DATAFEED_STATE } from '../../../../../plugins/ml/common/constants/states';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const ml = getService('ml');
+  const spacesService = getService('spaces');
+  const supertest = getService('supertestWithoutAuth');
+
+  const idSpace1 = 'space1';
+  const idSpace2 = 'space2';
+  const jobIdSpace1 = `fq_single_${idSpace1}`;
+  const jobIdSpace2 = `fq_single_${idSpace2}`;
+  const datafeedIdSpace1 = `datafeed-${jobIdSpace1}`;
+  const datafeedIdSpace2 = `datafeed-${jobIdSpace2}`;
+  const startMs = 1454803200000; // Feb 7 2016 00:00
+  const endMs = 1455235200000; // Feb 12 2016 00:00
+
+  async function runRequest(
+    space: string,
+    expectedStatusCode: number,
+    datafeedIds: string[],
+    start: number,
+    end: number
+  ): Promise<Record<string, { started: boolean; error?: string }>> {
+    const { body } = await supertest
+      .post(`/s/${space}/api/ml/jobs/force_start_datafeeds`)
+      .auth(
+        USER.ML_POWERUSER_ALL_SPACES,
+        ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER_ALL_SPACES)
+      )
+      .set(COMMON_REQUEST_HEADERS)
+      .send({ datafeedIds, start, end })
+      .expect(expectedStatusCode);
+
+    return body;
+  }
+
+  describe('force_start_datafeeds with spaces', function () {
+    before(async () => {
+      await spacesService.create({ id: idSpace1, name: 'space_one', disabledFeatures: [] });
+      await spacesService.create({ id: idSpace2, name: 'space_two', disabledFeatures: [] });
+
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+    });
+
+    beforeEach(async () => {
+      const jobConfigSpace1 = ml.commonConfig.getADFqSingleMetricJobConfig(jobIdSpace1);
+      const datafeedConfigSpace1 = ml.commonConfig.getADFqDatafeedConfig(jobIdSpace1);
+      await ml.api.createAnomalyDetectionJob(jobConfigSpace1, idSpace1);
+      await ml.api.createDatafeed(
+        {
+          ...datafeedConfigSpace1,
+          datafeed_id: datafeedIdSpace1,
+          job_id: jobIdSpace1,
+        },
+        idSpace1
+      );
+      const jobConfigSpace2 = ml.commonConfig.getADFqSingleMetricJobConfig(jobIdSpace2);
+      const datafeedConfigSpace2 = ml.commonConfig.getADFqDatafeedConfig(jobIdSpace2);
+      await ml.api.createAnomalyDetectionJob(jobConfigSpace2, idSpace2);
+      await ml.api.createDatafeed(
+        {
+          ...datafeedConfigSpace2,
+          datafeed_id: datafeedIdSpace2,
+          job_id: jobIdSpace2,
+        },
+        idSpace2
+      );
+    });
+
+    afterEach(async () => {
+      await ml.api.closeAnomalyDetectionJob(jobIdSpace1);
+      await ml.api.closeAnomalyDetectionJob(jobIdSpace2);
+      await ml.api.deleteAnomalyDetectionJobES(jobIdSpace1);
+      await ml.api.deleteAnomalyDetectionJobES(jobIdSpace2);
+      await ml.api.cleanMlIndices();
+      await ml.testResources.cleanMLSavedObjects();
+    });
+
+    after(async () => {
+      await spacesService.delete(idSpace1);
+      await spacesService.delete(idSpace2);
+    });
+
+    it('should start single datafeed from same space', async () => {
+      const body = await runRequest(idSpace1, 200, [datafeedIdSpace1], startMs, endMs);
+      expect(body).to.eql({ [datafeedIdSpace1]: { started: true } });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STARTED);
+    });
+
+    it('should not start single datafeed from different space', async () => {
+      const body = await runRequest(idSpace2, 200, [datafeedIdSpace1], startMs, endMs);
+      expect(body).to.eql({ [datafeedIdSpace1]: { error: 'Job has no datafeed', started: false } });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STOPPED);
+    });
+
+    it('should only start datafeed from same space when called with a list of datafeeds', async () => {
+      const body = await runRequest(
+        idSpace1,
+        200,
+        [datafeedIdSpace1, datafeedIdSpace2],
+        startMs,
+        endMs
+      );
+      expect(body).to.eql({
+        [datafeedIdSpace1]: { started: true },
+        [datafeedIdSpace2]: { error: 'Job has no datafeed', started: false },
+      });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STARTED);
+      await ml.api.waitForDatafeedState(datafeedIdSpace2, DATAFEED_STATE.STOPPED);
+    });
+  });
+};
diff --git a/x-pack/test/api_integration/apis/ml/jobs/index.ts b/x-pack/test/api_integration/apis/ml/jobs/index.ts
index 4c52f2ef862c3..91368251ff2d7 100644
--- a/x-pack/test/api_integration/apis/ml/jobs/index.ts
+++ b/x-pack/test/api_integration/apis/ml/jobs/index.ts
@@ -18,5 +18,9 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./close_jobs_spaces'));
     loadTestFile(require.resolve('./delete_jobs_spaces'));
     loadTestFile(require.resolve('./datafeed_preview'));
+    loadTestFile(require.resolve('./force_start_datafeeds'));
+    loadTestFile(require.resolve('./force_start_datafeeds_spaces'));
+    loadTestFile(require.resolve('./stop_datafeeds'));
+    loadTestFile(require.resolve('./stop_datafeeds_spaces'));
   });
 }
diff --git a/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds.ts b/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds.ts
new file mode 100644
index 0000000000000..593dfdd2fdfe7
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds.ts
@@ -0,0 +1,246 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { JOB_STATE, DATAFEED_STATE } from '../../../../../plugins/ml/common/constants/states';
+import { MULTI_METRIC_JOB_CONFIG, SINGLE_METRIC_JOB_CONFIG, DATAFEED_CONFIG } from './common_jobs';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const supertest = getService('supertestWithoutAuth');
+  const ml = getService('ml');
+
+  const testSetupJobConfigs = [SINGLE_METRIC_JOB_CONFIG, MULTI_METRIC_JOB_CONFIG];
+
+  async function runStopDatafeedsRequest(
+    user: USER,
+    requestBody: object,
+    expectedResponsecode: number
+  ): Promise<Record<string, { stopped: boolean; error?: string }>> {
+    const { body } = await supertest
+      .post('/api/ml/jobs/stop_datafeeds')
+      .auth(user, ml.securityCommon.getPasswordForUser(user))
+      .set(COMMON_REQUEST_HEADERS)
+      .send(requestBody)
+      .expect(expectedResponsecode);
+
+    return body;
+  }
+
+  const testDataList = [
+    {
+      testTitle: 'as ML Poweruser',
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      user: USER.ML_POWERUSER,
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+      },
+      expected: {
+        responseCode: 200,
+        responseBody: {
+          [`datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`]: { stopped: true },
+          [`datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`]: { stopped: true },
+        },
+      },
+    },
+  ];
+
+  const invalidTestDataList = [
+    {
+      testTitle: 'as ML Poweruser with datafeed ID that does not exist',
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id],
+      user: USER.ML_POWERUSER,
+      requestBody: {
+        datafeedIds: [`invalid-datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`],
+      },
+      expected: {
+        responseCode: 200,
+        responseBody: {
+          [`invalid-datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`]: { stopped: false },
+        },
+      },
+    },
+  ];
+
+  const testDataListUnauthorized = [
+    {
+      testTitle: 'as ML Unauthorized user',
+      user: USER.ML_UNAUTHORIZED,
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+      },
+      expected: {
+        responseCode: 403,
+        error: 'Forbidden',
+      },
+    },
+    {
+      testTitle: 'as ML Viewer',
+      user: USER.ML_VIEWER,
+      jobIds: [SINGLE_METRIC_JOB_CONFIG.job_id, MULTI_METRIC_JOB_CONFIG.job_id],
+      requestBody: {
+        datafeedIds: [
+          `datafeed-${SINGLE_METRIC_JOB_CONFIG.job_id}`,
+          `datafeed-${MULTI_METRIC_JOB_CONFIG.job_id}`,
+        ],
+      },
+      expected: {
+        responseCode: 403,
+        error: 'Forbidden',
+      },
+    },
+  ];
+
+  describe('stop_datafeeds', function () {
+    before(async () => {
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+
+      for (const job of testSetupJobConfigs) {
+        const datafeedId = `datafeed-${job.job_id}`;
+        await ml.api.createAnomalyDetectionJob(job);
+        await ml.api.openAnomalyDetectionJob(job.job_id);
+        await ml.api.createDatafeed({
+          ...DATAFEED_CONFIG,
+          datafeed_id: datafeedId,
+          job_id: job.job_id,
+        });
+        await ml.api.startDatafeed(datafeedId, { start: '0' });
+        await ml.api.waitForDatafeedState(datafeedId, DATAFEED_STATE.STARTED);
+      }
+    });
+
+    after(async () => {
+      for (const job of testSetupJobConfigs) {
+        await ml.api.deleteAnomalyDetectionJobES(job.job_id);
+      }
+      await ml.api.cleanMlIndices();
+    });
+
+    describe('rejects requests for unauthorized users', function () {
+      for (const testData of testDataListUnauthorized) {
+        describe('fails to stop supplied datafeed IDs', function () {
+          it(`${testData.testTitle}`, async () => {
+            const body = await runStopDatafeedsRequest(
+              testData.user,
+              testData.requestBody,
+              testData.expected.responseCode
+            );
+
+            expect(body).to.have.property('error').eql(testData.expected.error);
+
+            // check jobs are still opened
+            for (const id of testData.jobIds) {
+              await ml.api.waitForJobState(id, JOB_STATE.OPENED);
+            }
+
+            // check datafeeds are still started
+            for (const id of testData.requestBody.datafeedIds) {
+              await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STARTED);
+            }
+          });
+        });
+      }
+    });
+
+    describe('succeeds for ML Poweruser with datafeed started', function () {
+      for (const testData of testDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStopDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          // check datafeeds have stopped
+          for (const id of testData.requestBody.datafeedIds) {
+            await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STOPPED, 4 * 60 * 1000);
+          }
+
+          // check jobs are still open
+          for (const id of testData.jobIds) {
+            await ml.api.waitForJobState(id, JOB_STATE.OPENED);
+          }
+        });
+      }
+    });
+
+    describe('succeeds for ML Poweruser with datafeed already stopped', function () {
+      for (const testData of testDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStopDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          // check datafeeds have stopped
+          for (const id of testData.requestBody.datafeedIds) {
+            await ml.api.waitForDatafeedState(id, DATAFEED_STATE.STOPPED, 4 * 60 * 1000);
+          }
+
+          // check jobs are still open
+          for (const id of testData.jobIds) {
+            await ml.api.waitForJobState(id, JOB_STATE.OPENED);
+          }
+        });
+      }
+    });
+
+    describe('returns expected response for invalid request', function () {
+      for (const testData of invalidTestDataList) {
+        it(`${testData.testTitle}`, async () => {
+          const body = await runStopDatafeedsRequest(
+            testData.user,
+            testData.requestBody,
+            testData.expected.responseCode
+          );
+          const expectedResponse = testData.expected.responseBody;
+          const expectedRspDatafeedIds = Object.keys(expectedResponse).sort((a, b) =>
+            a.localeCompare(b)
+          );
+          const actualRspDatafeedIds = Object.keys(body).sort((a, b) => a.localeCompare(b));
+
+          expect(actualRspDatafeedIds).to.have.length(expectedRspDatafeedIds.length);
+          expect(actualRspDatafeedIds).to.eql(expectedRspDatafeedIds);
+
+          expectedRspDatafeedIds.forEach((id) => {
+            expect(body[id].stopped).to.eql(expectedResponse[id].stopped);
+          });
+        });
+      }
+    });
+  });
+};
diff --git a/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds_spaces.ts b/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds_spaces.ts
new file mode 100644
index 0000000000000..0e1ac038dc962
--- /dev/null
+++ b/x-pack/test/api_integration/apis/ml/jobs/stop_datafeeds_spaces.ts
@@ -0,0 +1,123 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { COMMON_REQUEST_HEADERS } from '../../../../functional/services/ml/common_api';
+import { USER } from '../../../../functional/services/ml/security_common';
+import { DATAFEED_STATE } from '../../../../../plugins/ml/common/constants/states';
+
+export default ({ getService }: FtrProviderContext) => {
+  const esArchiver = getService('esArchiver');
+  const ml = getService('ml');
+  const spacesService = getService('spaces');
+  const supertest = getService('supertestWithoutAuth');
+
+  const idSpace1 = 'space1';
+  const idSpace2 = 'space2';
+  const jobIdSpace1 = `fq_single_${idSpace1}`;
+  const jobIdSpace2 = `fq_single_${idSpace2}`;
+  const datafeedIdSpace1 = `datafeed-${jobIdSpace1}`;
+  const datafeedIdSpace2 = `datafeed-${jobIdSpace2}`;
+
+  async function runRequest(
+    space: string,
+    expectedStatusCode: number,
+    datafeedIds: string[]
+  ): Promise<Record<string, { stopped: boolean; error?: string }>> {
+    const { body } = await supertest
+      .post(`/s/${space}/api/ml/jobs/stop_datafeeds`)
+      .auth(
+        USER.ML_POWERUSER_ALL_SPACES,
+        ml.securityCommon.getPasswordForUser(USER.ML_POWERUSER_ALL_SPACES)
+      )
+      .set(COMMON_REQUEST_HEADERS)
+      .send({ datafeedIds })
+      .expect(expectedStatusCode);
+
+    return body;
+  }
+
+  describe('stop_datafeeds with spaces', function () {
+    before(async () => {
+      await spacesService.create({ id: idSpace1, name: 'space_one', disabledFeatures: [] });
+      await spacesService.create({ id: idSpace2, name: 'space_two', disabledFeatures: [] });
+
+      await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/farequote');
+      await ml.testResources.setKibanaTimeZoneToUTC();
+    });
+
+    beforeEach(async () => {
+      const jobConfigSpace1 = ml.commonConfig.getADFqSingleMetricJobConfig(jobIdSpace1);
+      const datafeedConfigSpace1 = ml.commonConfig.getADFqDatafeedConfig(jobIdSpace1);
+      await ml.api.createAnomalyDetectionJob(jobConfigSpace1, idSpace1);
+      await ml.api.openAnomalyDetectionJob(jobIdSpace1);
+      await ml.api.createDatafeed(
+        {
+          ...datafeedConfigSpace1,
+          datafeed_id: datafeedIdSpace1,
+          job_id: jobIdSpace1,
+        },
+        idSpace1
+      );
+      await ml.api.startDatafeed(datafeedIdSpace1, { start: '0' });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STARTED);
+
+      const jobConfigSpace2 = ml.commonConfig.getADFqSingleMetricJobConfig(jobIdSpace2);
+      const datafeedConfigSpace2 = ml.commonConfig.getADFqDatafeedConfig(jobIdSpace2);
+      await ml.api.createAnomalyDetectionJob(jobConfigSpace2, idSpace2);
+      await ml.api.openAnomalyDetectionJob(jobIdSpace2);
+      await ml.api.createDatafeed(
+        {
+          ...datafeedConfigSpace2,
+          datafeed_id: datafeedIdSpace2,
+          job_id: jobIdSpace2,
+        },
+        idSpace2
+      );
+      await ml.api.startDatafeed(datafeedIdSpace2, { start: '0' });
+      await ml.api.waitForDatafeedState(datafeedIdSpace2, DATAFEED_STATE.STARTED);
+    });
+
+    afterEach(async () => {
+      await ml.api.closeAnomalyDetectionJob(jobIdSpace1);
+      await ml.api.closeAnomalyDetectionJob(jobIdSpace2);
+      await ml.api.deleteAnomalyDetectionJobES(jobIdSpace1);
+      await ml.api.deleteAnomalyDetectionJobES(jobIdSpace2);
+      await ml.api.cleanMlIndices();
+      await ml.testResources.cleanMLSavedObjects();
+    });
+
+    after(async () => {
+      await spacesService.delete(idSpace1);
+      await spacesService.delete(idSpace2);
+    });
+
+    it('should stop single datafeed from same space', async () => {
+      const body = await runRequest(idSpace1, 200, [datafeedIdSpace1]);
+      expect(body).to.eql({ [datafeedIdSpace1]: { stopped: true } });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STOPPED);
+    });
+
+    it('should not stop single datafeed from different space', async () => {
+      const body = await runRequest(idSpace2, 200, [datafeedIdSpace1]);
+      expect(body).to.eql({ [datafeedIdSpace1]: { stopped: false } });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STARTED);
+    });
+
+    it('should only stop datafeed from same space when called with a list of datafeeds', async () => {
+      const body = await runRequest(idSpace1, 200, [datafeedIdSpace1, datafeedIdSpace2]);
+      expect(body).to.eql({
+        [datafeedIdSpace1]: { stopped: true },
+        [datafeedIdSpace2]: { stopped: false },
+      });
+      await ml.api.waitForDatafeedState(datafeedIdSpace1, DATAFEED_STATE.STOPPED);
+      await ml.api.waitForDatafeedState(datafeedIdSpace2, DATAFEED_STATE.STARTED);
+    });
+  });
+};
diff --git a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts
index 23bd70de770ad..7cf1fe4c969cc 100644
--- a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts
+++ b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts
@@ -398,7 +398,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
             "kibana.alert.evaluation.value": Array [
               50,
             ],
-            "kibana.alert.id": Array [
+            "kibana.alert.instance.id": Array [
               "apm.transaction_error_rate_opbeans-go_request_ENVIRONMENT_NOT_DEFINED",
             ],
             "kibana.alert.reason": Array [
@@ -508,7 +508,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
             "kibana.alert.evaluation.value": Array [
               50,
             ],
-            "kibana.alert.id": Array [
+            "kibana.alert.instance.id": Array [
               "apm.transaction_error_rate_opbeans-go_request_ENVIRONMENT_NOT_DEFINED",
             ],
             "kibana.alert.reason": Array [
diff --git a/x-pack/test/detection_engine_api_integration/common/config.ts b/x-pack/test/detection_engine_api_integration/common/config.ts
index ef822b0af2a29..eee1f0be5ba37 100644
--- a/x-pack/test/detection_engine_api_integration/common/config.ts
+++ b/x-pack/test/detection_engine_api_integration/common/config.ts
@@ -70,6 +70,10 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           `--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
           `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
           '--xpack.eventLog.logEntries=true',
+          `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+            'testing_ignored.constant',
+            '/testing_regex*/',
+          ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
           ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
           ...(ssl
             ? [
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts
index 58df5bc3ff9e1..496781dbb985f 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts
@@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext) => {
             index: '.ml-anomalies-custom-linux_anomalous_network_activity_ecs',
             depth: 0,
           },
-          reason: `Alert Test ML rule created with a critical severity and risk score of 50 by root on mothra.`,
+          reason: `event with process store, by root on mothra created critical alert Test ML rule.`,
           original_time: '2020-11-16T22:58:08.000Z',
         },
         all_field_values: [
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
index 46fce77678abf..4d8d6426d039b 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
@@ -275,7 +275,8 @@ export default ({ getService }: FtrProviderContext) => {
                 depth: 0,
               },
             ],
-            reason: `Alert Query with a rule id created with a high severity and risk score of 55 by root on zeek-sensor-amsterdam.`,
+            reason:
+              'user-login event by root on zeek-sensor-amsterdam created high alert Query with a rule id.',
             rule: fullSignal.signal.rule,
             status: 'open',
           },
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
index a3315da2c142e..16b9bedcaf09a 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
@@ -362,7 +362,8 @@ export default ({ getService }: FtrProviderContext) => {
               },
             },
             signal: {
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1 on suricata-zeek-sensor-toronto.`,
+              reason:
+                'configuration event on suricata-zeek-sensor-toronto created high alert Signal Testing Query.',
               rule: fullSignal.signal.rule,
               original_time: fullSignal.signal.original_time,
               status: 'open',
@@ -497,7 +498,8 @@ export default ({ getService }: FtrProviderContext) => {
               },
             },
             signal: {
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1 on suricata-zeek-sensor-toronto.`,
+              reason:
+                'configuration event on suricata-zeek-sensor-toronto created high alert Signal Testing Query.',
               rule: fullSignal.signal.rule,
               original_time: fullSignal.signal.original_time,
               status: 'open',
@@ -662,7 +664,8 @@ export default ({ getService }: FtrProviderContext) => {
               },
             },
             signal: {
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1 by root on zeek-sensor-amsterdam.`,
+              reason:
+                'anomoly event with process bro, by root on zeek-sensor-amsterdam created high alert Signal Testing Query.',
               rule: fullSignal.signal.rule,
               group: fullSignal.signal.group,
               original_time: fullSignal.signal.original_time,
@@ -753,7 +756,8 @@ export default ({ getService }: FtrProviderContext) => {
               status: 'open',
               depth: 2,
               group: source.signal.group,
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1.`,
+              reason:
+                'event by root on zeek-sensor-amsterdam created high alert Signal Testing Query.',
               rule: source.signal.rule,
               ancestors: [
                 {
@@ -872,7 +876,7 @@ export default ({ getService }: FtrProviderContext) => {
                 },
               ],
               status: 'open',
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1.`,
+              reason: 'event created high alert Signal Testing Query.',
               rule: fullSignal.signal.rule,
               original_time: fullSignal.signal.original_time,
               depth: 1,
@@ -1010,7 +1014,7 @@ export default ({ getService }: FtrProviderContext) => {
                 },
               ],
               status: 'open',
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1.`,
+              reason: `event created high alert Signal Testing Query.`,
               rule: fullSignal.signal.rule,
               original_time: fullSignal.signal.original_time,
               depth: 1,
@@ -1094,7 +1098,7 @@ export default ({ getService }: FtrProviderContext) => {
                 },
               ],
               status: 'open',
-              reason: `Alert Signal Testing Query created with a high severity and risk score of 1.`,
+              reason: `event created high alert Signal Testing Query.`,
               rule: fullSignal.signal.rule,
               original_time: fullSignal.signal.original_time,
               depth: 1,
@@ -1686,7 +1690,7 @@ export default ({ getService }: FtrProviderContext) => {
               },
             ],
             status: 'open',
-            reason: `Alert boot created with a high severity and risk score of 1 on zeek-sensor-amsterdam.`,
+            reason: `event on zeek-sensor-amsterdam created high alert boot.`,
             rule: {
               ...fullSignal.signal.rule,
               name: 'boot',
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/ignore_fields.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/ignore_fields.ts
new file mode 100644
index 0000000000000..409128523ea40
--- /dev/null
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/ignore_fields.ts
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import {
+  createRule,
+  createSignalsIndex,
+  deleteAllAlerts,
+  deleteSignalsIndex,
+  getEqlRuleForSignalTesting,
+  getSignalsById,
+  waitForRuleSuccessOrStatus,
+  waitForSignalsToBePresent,
+} from '../../utils';
+
+interface Ignore {
+  normal_constant?: string;
+  small_field?: string;
+  testing_ignored?: string;
+  testing_regex?: string;
+}
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext): void => {
+  /**
+   * See the config file (detection_engine_api_integration/common/config.ts) for which field values were added to be ignored
+   * for testing. The values should be in the config around the area of:
+   * --xpack.securitySolution.alertIgnoreFields=[testing.ignore_1,/[testingRegex]
+   * meaning that the ignore fields values should be the array: ["testing.ignore_1", "/[testingRegex]/"]
+   *
+   * This test exercises the ability to be able to ignore particular values within the fields API and merge strategies.
+   * These values can be defined in your kibana.yml file as "xpack.securitySolution.alertIgnoreFields". This is useful
+   * for users that find bugs or regressions within query languages or bugs within the merge strategies
+   * where one or more fields are causing problems and they need to turn disable that particular field.
+   *
+   * Ref:
+   * https://github.com/elastic/kibana/issues/110802
+   * https://github.com/elastic/elasticsearch/issues/77152
+   *
+   * Files ref:
+   * server/lib/detection_engine/signals/source_fields_merging/utils/is_ignored.ts
+   * server/lib/detection_engine/signals/source_fields_merging/utils/is_eql_bug_77152.ts
+   */
+  describe('ignore_fields', () => {
+    const supertest = getService('supertest');
+    const esArchiver = getService('esArchiver');
+
+    before(async () => {
+      await esArchiver.load('x-pack/test/functional/es_archives/security_solution/ignore_fields');
+    });
+
+    after(async () => {
+      await esArchiver.unload('x-pack/test/functional/es_archives/security_solution/ignore_fields');
+    });
+
+    beforeEach(async () => {
+      await createSignalsIndex(supertest);
+    });
+
+    afterEach(async () => {
+      await deleteSignalsIndex(supertest);
+      await deleteAllAlerts(supertest);
+    });
+
+    it('should ignore the field of "testing_ignored"', async () => {
+      const rule = getEqlRuleForSignalTesting(['ignore_fields']);
+
+      const { id } = await createRule(supertest, rule);
+      await waitForRuleSuccessOrStatus(supertest, id);
+      await waitForSignalsToBePresent(supertest, 4, [id]);
+      const signalsOpen = await getSignalsById(supertest, id);
+      const hits = signalsOpen.hits.hits
+        .map((hit) => (hit._source as Ignore).testing_ignored)
+        .sort();
+
+      // Value should be "undefined for all records"
+      expect(hits).to.eql([undefined, undefined, undefined, undefined]);
+    });
+
+    it('should ignore the field of "testing_regex"', async () => {
+      const rule = getEqlRuleForSignalTesting(['ignore_fields']);
+
+      const { id } = await createRule(supertest, rule);
+      await waitForRuleSuccessOrStatus(supertest, id);
+      await waitForSignalsToBePresent(supertest, 4, [id]);
+      const signalsOpen = await getSignalsById(supertest, id);
+      const hits = signalsOpen.hits.hits.map((hit) => (hit._source as Ignore).testing_regex).sort();
+
+      // Value should be "undefined for all records"
+      expect(hits).to.eql([undefined, undefined, undefined, undefined]);
+    });
+
+    it('should have the field of "normal_constant"', async () => {
+      const rule = getEqlRuleForSignalTesting(['ignore_fields']);
+
+      const { id } = await createRule(supertest, rule);
+      await waitForRuleSuccessOrStatus(supertest, id);
+      await waitForSignalsToBePresent(supertest, 4, [id]);
+      const signalsOpen = await getSignalsById(supertest, id);
+      const hits = signalsOpen.hits.hits
+        .map((hit) => (hit._source as Ignore).normal_constant)
+        .sort();
+
+      // Value should be "constant_value for all records"
+      expect(hits).to.eql(['constant_value', 'constant_value', 'constant_value', 'constant_value']);
+    });
+
+    // TODO: Remove this test once https://github.com/elastic/elasticsearch/issues/77152 is fixed
+    it('should ignore the field of "_ignored" when using EQL and index the data', async () => {
+      const rule = getEqlRuleForSignalTesting(['ignore_fields']);
+
+      const { id } = await createRule(supertest, rule);
+      await waitForRuleSuccessOrStatus(supertest, id);
+      await waitForSignalsToBePresent(supertest, 4, [id]);
+      const signalsOpen = await getSignalsById(supertest, id);
+      const hits = signalsOpen.hits.hits.map((hit) => (hit._source as Ignore).small_field).sort();
+
+      // We just test a constant value to ensure this did not blow up on us and did index data.
+      expect(hits).to.eql([
+        '1 indexed',
+        '2 large not indexed',
+        '3 large not indexed',
+        '4 large not indexed',
+      ]);
+    });
+  });
+};
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
index 2e3469520989d..67fbf7740777b 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
@@ -47,6 +47,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       loadTestFile(require.resolve('./delete_signals_migrations'));
       loadTestFile(require.resolve('./timestamps'));
       loadTestFile(require.resolve('./runtime'));
+      loadTestFile(require.resolve('./ignore_fields'));
     });
 
     // That split here enable us on using a different ciGroup to run the tests
diff --git a/x-pack/test/functional/apps/lens/table.ts b/x-pack/test/functional/apps/lens/table.ts
index da079c0976db3..892534eec7033 100644
--- a/x-pack/test/functional/apps/lens/table.ts
+++ b/x-pack/test/functional/apps/lens/table.ts
@@ -122,7 +122,28 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       expect(styleObj['background-color']).to.be('rgb(235, 239, 245)');
     });
 
+    it('should keep the coloring consistent when changing mode', async () => {
+      // Change mode from percent to number
+      await testSubjects.click('lnsPalettePanel_dynamicColoring_rangeType_groups_number');
+      await PageObjects.header.waitUntilLoadingHasFinished();
+      // check that all remained the same
+      const styleObj = await PageObjects.lens.getDatatableCellStyle(0, 2);
+      expect(styleObj['background-color']).to.be('rgb(235, 239, 245)');
+    });
+
+    it('should keep the coloring consistent when moving to custom palette from default', async () => {
+      await PageObjects.lens.changePaletteTo('custom');
+      await PageObjects.header.waitUntilLoadingHasFinished();
+      // check that all remained the same
+      const styleObj = await PageObjects.lens.getDatatableCellStyle(0, 2);
+      expect(styleObj['background-color']).to.be('rgb(235, 239, 245)');
+    });
+
     it('tweak the color stops numeric value', async () => {
+      // restore default palette and percent mode
+      await PageObjects.lens.changePaletteTo('temperature');
+      await testSubjects.click('lnsPalettePanel_dynamicColoring_rangeType_groups_percent');
+      // now tweak the value
       await testSubjects.setValue('lnsPalettePanel_dynamicColoring_stop_value_0', '30', {
         clearWithKeyboard: true,
       });
diff --git a/x-pack/test/functional/apps/observability/alerts/index.ts b/x-pack/test/functional/apps/observability/alerts/index.ts
index c93c8b0d633ed..ae60eff1859ba 100644
--- a/x-pack/test/functional/apps/observability/alerts/index.ts
+++ b/x-pack/test/functional/apps/observability/alerts/index.ts
@@ -18,7 +18,8 @@ const DATE_WITH_DATA = {
 export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const esArchiver = getService('esArchiver');
 
-  describe('Observability alerts', function () {
+  // FLAKY: https://github.com/elastic/kibana/issues/110920
+  describe.skip('Observability alerts', function () {
     this.tags('includeFirefox');
 
     const pageObjects = getPageObjects(['common']);
diff --git a/x-pack/test/functional/es_archives/infra/alerts_test_data/data.json.gz b/x-pack/test/functional/es_archives/infra/alerts_test_data/data.json.gz
new file mode 100644
index 0000000000000..1c76205f4caa2
Binary files /dev/null and b/x-pack/test/functional/es_archives/infra/alerts_test_data/data.json.gz differ
diff --git a/x-pack/test/functional/es_archives/infra/alerts_test_data/mappings.json b/x-pack/test/functional/es_archives/infra/alerts_test_data/mappings.json
new file mode 100644
index 0000000000000..10ff43edb7d88
--- /dev/null
+++ b/x-pack/test/functional/es_archives/infra/alerts_test_data/mappings.json
@@ -0,0 +1,28 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "alerts-test-data",
+    "mappings": {
+      "properties": {
+        "@timestamp": {
+          "type": "date"
+        },
+        "env": {
+          "ignore_above": 256,
+          "type": "keyword"
+        },
+        "value": {
+          "type": "long"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "number_of_replicas": "1",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/test/functional/es_archives/security_solution/ignore_fields/data.json b/x-pack/test/functional/es_archives/security_solution/ignore_fields/data.json
new file mode 100644
index 0000000000000..7a33785c0bc41
--- /dev/null
+++ b/x-pack/test/functional/es_archives/security_solution/ignore_fields/data.json
@@ -0,0 +1,51 @@
+{
+  "type": "doc",
+  "value": {
+    "id": "1",
+    "index": "ignore_fields",
+    "source": {
+      "@timestamp": "2020-10-28T05:00:53.000Z",
+      "small_field": "1 indexed"
+    },
+    "type": "_doc"
+  }
+}
+
+{
+  "type": "doc",
+  "value": {
+    "id": "2",
+    "index": "ignore_fields",
+    "source": {
+      "@timestamp": "2020-10-28T05:01:53.000Z",
+      "small_field": "2 large not indexed"
+    },
+    "type": "_doc"
+  }
+}
+
+{
+  "type": "doc",
+  "value": {
+    "id": "3",
+    "index": "ignore_fields",
+    "source": {
+      "@timestamp": "2020-10-28T05:02:53.000Z",
+      "small_field": "3 large not indexed"
+    },
+    "type": "_doc"
+  }
+}
+
+{
+  "type": "doc",
+  "value": {
+    "id": "4",
+    "index": "ignore_fields",
+    "source": {
+      "@timestamp": "2020-10-28T05:03:53.000Z",
+      "small_field": "4 large not indexed"
+    },
+    "type": "_doc"
+  }
+}
diff --git a/x-pack/test/functional/es_archives/security_solution/ignore_fields/mappings.json b/x-pack/test/functional/es_archives/security_solution/ignore_fields/mappings.json
new file mode 100644
index 0000000000000..e2c8ca3c2bc89
--- /dev/null
+++ b/x-pack/test/functional/es_archives/security_solution/ignore_fields/mappings.json
@@ -0,0 +1,41 @@
+{
+  "type": "index",
+  "value": {
+    "index": "ignore_fields",
+    "mappings": {
+      "dynamic": "strict",
+      "properties": {
+        "@timestamp": {
+          "type": "date"
+        },
+        "testing_ignored": {
+          "properties": {
+            "constant": {
+              "type": "constant_keyword",
+              "value": "constant_value"
+            }
+          }
+        },
+        "testing_regex": {
+          "type": "constant_keyword",
+          "value": "constant_value"
+        },
+        "normal_constant": {
+          "type": "constant_keyword",
+          "value": "constant_value"
+        },
+        "small_field": {
+          "type": "keyword",
+          "ignore_above": 10
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "refresh_interval": "1s",
+        "number_of_replicas": "1",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
diff --git a/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx b/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx
index adc10ae0a4161..a37c00144504d 100644
--- a/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx
+++ b/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx
@@ -11,6 +11,7 @@ import ReactDOM from 'react-dom';
 import { AppMountParameters, CoreStart } from 'kibana/public';
 import { I18nProvider } from '@kbn/i18n/react';
 import { KibanaContextProvider } from '../../../../../../../../src/plugins/kibana_react/public';
+import { EuiThemeProvider } from '../../../../../../../../src/plugins/kibana_react/common';
 import { TimelinesUIStart } from '../../../../../../../plugins/timelines/public';
 import { DataPublicPluginStart } from '../../../../../../../../src/plugins/data/public';
 
@@ -60,39 +61,41 @@ const AppRoot = React.memo(
       <I18nProvider>
         <Router history={parameters.history}>
           <KibanaContextProvider services={coreStart}>
-            {(timelinesPluginSetup &&
-              timelinesPluginSetup.getTGrid &&
-              timelinesPluginSetup.getTGrid<'standalone'>({
-                appId: 'securitySolution',
-                type: 'standalone',
-                casePermissions: {
-                  read: true,
-                  crud: true,
-                },
-                columns: [],
-                indexNames: [],
-                deletedEventIds: [],
-                end: '',
-                footerText: 'Events',
-                filters: [],
-                hasAlertsCrudPermissions,
-                itemsPerPageOptions: [1, 2, 3],
-                loadingText: 'Loading events',
-                renderCellValue: () => <div data-test-subj="timeline-wrapper">test</div>,
-                sort: [],
-                leadingControlColumns: [],
-                trailingControlColumns: [],
-                query: {
-                  query: '',
-                  language: 'kuery',
-                },
-                setRefetch,
-                start: '',
-                rowRenderers: [],
-                filterStatus: 'open',
-                unit: (n: number) => `${n}`,
-              })) ??
-              null}
+            <EuiThemeProvider>
+              {(timelinesPluginSetup &&
+                timelinesPluginSetup.getTGrid &&
+                timelinesPluginSetup.getTGrid<'standalone'>({
+                  appId: 'securitySolution',
+                  type: 'standalone',
+                  casePermissions: {
+                    read: true,
+                    crud: true,
+                  },
+                  columns: [],
+                  indexNames: [],
+                  deletedEventIds: [],
+                  end: '',
+                  footerText: 'Events',
+                  filters: [],
+                  hasAlertsCrudPermissions,
+                  itemsPerPageOptions: [1, 2, 3],
+                  loadingText: 'Loading events',
+                  renderCellValue: () => <div data-test-subj="timeline-wrapper">test</div>,
+                  sort: [],
+                  leadingControlColumns: [],
+                  trailingControlColumns: [],
+                  query: {
+                    query: '',
+                    language: 'kuery',
+                  },
+                  setRefetch,
+                  start: '',
+                  rowRenderers: [],
+                  filterStatus: 'open',
+                  unit: (n: number) => `${n}`,
+                })) ??
+                null}
+            </EuiThemeProvider>
           </KibanaContextProvider>
         </Router>
       </I18nProvider>
diff --git a/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts b/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
index 67371338a925f..eec3dd2bb2b6e 100644
--- a/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
+++ b/x-pack/test/timeline/security_and_spaces/tests/basic/events.ts
@@ -7,7 +7,7 @@
 
 import { JsonObject } from '@kbn/utility-types';
 import expect from '@kbn/expect';
-import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
 
 import { User } from '../../../../rule_registry/common/lib/authentication/types';
 import { TimelineEdges, TimelineNonEcsData } from '../../../../../plugins/timelines/common/';
@@ -77,14 +77,14 @@ export default ({ getService }: FtrProviderContext) => {
         field: ALERT_RULE_CONSUMER,
       },
       {
-        field: ALERT_ID,
+        field: ALERT_INSTANCE_ID,
       },
       {
         field: 'event.kind',
       },
     ],
     factoryQueryType: TimelineEventsQueries.all,
-    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
+    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_INSTANCE_ID, 'event.kind'],
     fields: [],
     filterQuery: {
       bool: {
diff --git a/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts b/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
index 79fd9e6a4fb0b..4deea74d97d25 100644
--- a/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
+++ b/x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
@@ -7,7 +7,7 @@
 
 import { JsonObject } from '@kbn/utility-types';
 import expect from '@kbn/expect';
-import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
 
 import { User } from '../../../../rule_registry/common/lib/authentication/types';
 import { TimelineEdges, TimelineNonEcsData } from '../../../../../plugins/timelines/common/';
@@ -60,14 +60,14 @@ export default ({ getService }: FtrProviderContext) => {
         field: ALERT_RULE_CONSUMER,
       },
       {
-        field: ALERT_ID,
+        field: ALERT_INSTANCE_ID,
       },
       {
         field: 'event.kind',
       },
     ],
     factoryQueryType: TimelineEventsQueries.all,
-    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
+    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_INSTANCE_ID, 'event.kind'],
     fields: [],
     filterQuery: {
       bool: {
diff --git a/x-pack/test/timeline/security_only/tests/basic/events.ts b/x-pack/test/timeline/security_only/tests/basic/events.ts
index e1ab3c47e1117..bf6ef53d76603 100644
--- a/x-pack/test/timeline/security_only/tests/basic/events.ts
+++ b/x-pack/test/timeline/security_only/tests/basic/events.ts
@@ -6,7 +6,7 @@
  */
 
 import { JsonObject } from '@kbn/utility-types';
-import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
 
 import { getSpaceUrlPrefix } from '../../../../rule_registry/common/lib/authentication/spaces';
 
@@ -43,14 +43,14 @@ export default ({ getService }: FtrProviderContext) => {
         field: ALERT_RULE_CONSUMER,
       },
       {
-        field: ALERT_ID,
+        field: ALERT_INSTANCE_ID,
       },
       {
         field: 'event.kind',
       },
     ],
     factoryQueryType: TimelineEventsQueries.all,
-    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
+    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_INSTANCE_ID, 'event.kind'],
     fields: [],
     filterQuery: {
       bool: {
diff --git a/x-pack/test/timeline/security_only/tests/trial/events.ts b/x-pack/test/timeline/security_only/tests/trial/events.ts
index e1ab3c47e1117..bf6ef53d76603 100644
--- a/x-pack/test/timeline/security_only/tests/trial/events.ts
+++ b/x-pack/test/timeline/security_only/tests/trial/events.ts
@@ -6,7 +6,7 @@
  */
 
 import { JsonObject } from '@kbn/utility-types';
-import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
 
 import { getSpaceUrlPrefix } from '../../../../rule_registry/common/lib/authentication/spaces';
 
@@ -43,14 +43,14 @@ export default ({ getService }: FtrProviderContext) => {
         field: ALERT_RULE_CONSUMER,
       },
       {
-        field: ALERT_ID,
+        field: ALERT_INSTANCE_ID,
       },
       {
         field: 'event.kind',
       },
     ],
     factoryQueryType: TimelineEventsQueries.all,
-    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
+    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_INSTANCE_ID, 'event.kind'],
     fields: [],
     filterQuery: {
       bool: {
diff --git a/x-pack/test/timeline/spaces_only/tests/events.ts b/x-pack/test/timeline/spaces_only/tests/events.ts
index 3867279fda7f2..a7c2a9abeb211 100644
--- a/x-pack/test/timeline/spaces_only/tests/events.ts
+++ b/x-pack/test/timeline/spaces_only/tests/events.ts
@@ -7,7 +7,7 @@
 
 import { JsonObject } from '@kbn/utility-types';
 import expect from '@kbn/expect';
-import { ALERT_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_CONSUMER } from '@kbn/rule-data-utils';
 
 import { FtrProviderContext } from '../../../rule_registry/common/ftr_provider_context';
 import { getSpaceUrlPrefix } from '../../../rule_registry/common/lib/authentication/spaces';
@@ -38,14 +38,14 @@ export default ({ getService }: FtrProviderContext) => {
         field: ALERT_RULE_CONSUMER,
       },
       {
-        field: ALERT_ID,
+        field: ALERT_INSTANCE_ID,
       },
       {
         field: 'event.kind',
       },
     ],
     factoryQueryType: TimelineEventsQueries.all,
-    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_ID, 'event.kind'],
+    fieldRequested: ['@timestamp', 'message', ALERT_RULE_CONSUMER, ALERT_INSTANCE_ID, 'event.kind'],
     fields: [],
     filterQuery: {
       bool: {
diff --git a/yarn.lock b/yarn.lock
index 5cc54d1f1edac..67c630a4edeba 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -23267,10 +23267,10 @@ react-popper@^2.2.4:
     react-fast-compare "^3.0.1"
     warning "^4.0.2"
 
-react-query@^3.21.0:
-  version "3.21.0"
-  resolved "https://registry.yarnpkg.com/react-query/-/react-query-3.21.0.tgz#2e099a7906c38eeeb750e8b9b12121a21fa8d9ef"
-  integrity sha512-5rY5J8OD9f4EdkytjSsdCO+pqbJWKwSIMETfh/UyxqyjLURHE0IhlB+IPNPrzzu/dzK0rRxi5p0IkcCdSfizDQ==
+react-query@^3.21.1:
+  version "3.21.1"
+  resolved "https://registry.yarnpkg.com/react-query/-/react-query-3.21.1.tgz#8fe4df90bf6c6a93e0552ea9baff211d1b28f6e0"
+  integrity sha512-aKFLfNJc/m21JBXJk7sR9tDUYPjotWA4EHAKvbZ++GgxaY+eI0tqBxXmGBuJo0Pisis1W4pZWlZgoRv9yE8yjA==
   dependencies:
     "@babel/runtime" "^7.5.5"
     broadcast-channel "^3.4.1"