Merge remote-tracking branch 'upstream/main' into 104223

# Conflicts:
#	x-pack/plugins/translations/translations/ja-JP.json
#	x-pack/plugins/translations/translations/zh-CN.json

docs/management/manage-data-views.asciidoc

@@ -1,5 +1,7 @@
 [[managing-data-views]]
 == Manage data views
+:keywords: administrator, data view, data views, management, runtime fields, runtime fields in Kibana, scripted fields, field formatters, data fields, index pattern, index patterns
+:description: Conceptual and step-by-step procedures for using runtime fields, scripted fields, and field formatters.
 
 To customize the data fields in your data view,
 you can add runtime fields to the existing documents,

docs/setup/docker.asciidoc

@@ -26,44 +26,76 @@ endif::[]
 
 ifeval::["{release-state}"!="unreleased"]
 
-To start an {es} container for development or testing, run:
-
+. Start an {es} container for development or testing:
++
 [source,sh,subs="attributes"]
 ----
 docker network create elastic
 docker pull {es-docker-image}
-docker run --name es01-test --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" {es-docker-image}
+docker run --name es-node01 --net elastic -p 9200:9200 -p 9300:9300 -t {es-docker-image}
 ----
++
+When you start {es} for the first time, the following security configuration 
+occurs automatically:
++
+* {ref}/configuring-stack-security.html#stack-security-certificates[Certificates and keys] 
+are generated for the transport and HTTP layers.
+* The Transport Layer Security (TLS) configuration settings are written to
+`elasticsearch.yml`.
+* A password is generated for the `elastic` user.
+* An enrollment token is generated for {kib}.
++
+NOTE: You might need to scroll back a bit in the terminal to view the password 
+and enrollment token.
+
+. Copy the generated password and enrollment token and save them in a secure 
+location. These values are shown only when you start {es} for the first time.
+You'll use these to enroll {kib} with your {es} cluster and log in.
++
+[NOTE]
+====
+If you need to reset the password for the `elastic` user or other
+built-in users, run the {ref}/reset-password.html[`elasticsearch-reset-password`]
+tool. To generate new enrollment tokens for {kib} or {es} nodes, run the
+{ref}/create-enrollment-token.html[`elasticsearch-create-enrollment-token`] tool.
+These tools are available in the {es} `bin` directory of the Docker container.
+
+For example:
 
-To start {kib} and connect it to your {es} container, run the following commands
-in a new terminal session:
+[source,sh]
+----
+docker exec -it es-node01 /usr/share/elasticsearch/bin/reset-elastic-password
+----
+====
 
+. In a new terminal session, start {kib} and connect it to your {es} container:
++
 [source,sh,subs="attributes"]
 ----
 docker pull {docker-image}
-docker run --name kib01-test --net elastic -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://es01-test:9200" {docker-image}
+docker run --name kib-01 --net elastic -p 5601:5601 {docker-image}
 ----
++
+When you start {kib}, a unique link is output to your terminal.
 
-To access {kib}, go to http://localhost:5601[http://localhost:5601].
+. To access {kib}, click the generated link in your terminal.
 
-[float]
-=== Stop Docker containers
+  .. In your browser, paste the enrollment token that you copied when starting
+  {es} and click the button to connect your {kib} instance with {es}.
 
-To stop your containers, run:
+  .. Log in to {kib} as the `elastic` user with the password that was generated
+  when you started {es}.
 
-[source,sh]
-----
-docker stop es01-test
-docker stop kib01-test
-----
+[float]
+=== Remove Docker containers
 
 To remove the containers and their network, run:
 
 [source,sh]
 ----
 docker network rm elastic
-docker rm es01-test
-docker rm kib01-test
+docker rm es-node01
+docker rm kib-01
 ----
 
 endif::[]
@@ -81,7 +113,7 @@ environment variables to define settings.
 ==== Bind-mounted configuration
 
 One way to configure Kibana on Docker is to provide `kibana.yml` via bind-mounting.
-With +docker-compose+, the bind-mount can be specified like this:
+With `docker-compose`, the bind-mount can be specified like this:
 
 ["source","yaml",subs="attributes"]
 --------------------------------------------

docs/setup/install/auto-enroll.asciidoc

@@ -0,0 +1,21 @@
+[role="exclude"]
+
+If this is the first time you're starting {kib}, this command generates a 
+unique link in your terminal to enroll your {kib} instance with {es}.
+
+. In your terminal, click the generated link to open {kib} in your browser.
+
+. In your browser, paste the enrollment token that was generated in the terminal 
+when you started {es}, and then click the button to connect your {kib} instance with {es}.
+
+. Log in to {kib} as the `elastic` user with the password that was 
+generated when you started {es}.
+
+[NOTE]
+====
+If you need to reset the password for the `elastic` user or other
+built-in users, run the {ref}/reset-password.html[`elasticsearch-reset-password`] tool. To generate new enrollment tokens for 
+{kib} or {es} nodes, run the
+{ref}/create-enrollment-token.html[`elasticsearch-create-enrollment-token`] tool.
+These tools are available in the {es} `bin` directory.
+====

docs/setup/install/deb.asciidoc

@@ -122,6 +122,30 @@ sudo dpkg -i kibana-{version}-amd64.deb
 
 endif::[]
 
+[[deb-enroll]]
+==== Start {es} and generate an enrollment token for {kib}
+++++
+<titleabbrev>Generate an enrollment token</titleabbrev>
+++++
+
+When you start {es} for the first time, the following security configuration
+occurs automatically:
+
+* Authentication and authorization are enabled, and a password is generated for the `elastic` built-in superuser.
+* Certificates and keys for TLS are generated for the transport and HTTP layer, and TLS is enabled and configured with these keys and certificates.
+
+The password and certificate and keys are output to your terminal.
+
+You can then generate an enrollment token for {kib} with the
+{ref}/create-enrollment-token.html[`elasticsearch-create-enrollment-token`] tool:
+
+[source,sh]
+----
+bin/elasticsearch-create-enrollment-token -s kibana
+----
+
+Start {kib} and enter the enrollment token to securely connect {kib} with {es}.
+
 [[deb-running-systemd]]
 include::systemd.asciidoc[]
 

docs/setup/install/rpm.asciidoc

@@ -115,6 +115,30 @@ sudo rpm --install kibana-{version}-x86_64.rpm
 
 endif::[]
 
+[[rpm-enroll]]
+==== Start {es} and generate an enrollment token for {kib}
+++++
+<titleabbrev>Generate an enrollment token</titleabbrev>
+++++
+
+When you start {es} for the first time, the following security configuration
+occurs automatically:
+
+* Authentication and authorization are enabled, and a password is generated for the `elastic` built-in superuser.
+* Certificates and keys for TLS are generated for the transport and HTTP layer, and TLS is enabled and configured with these keys and certificates.
+
+The password and certificate and keys are output to your terminal.
+
+You can then generate an enrollment token for {kib} with the
+{ref}/create-enrollment-token.html[`elasticsearch-create-enrollment-token`] tool:
+
+[source,sh]
+----
+bin/elasticsearch-create-enrollment-token -s kibana
+----
+
+Start {kib} and enter the enrollment token to securely connect {kib} with {es}.
+
 [[rpm-running-systemd]]
 include::systemd.asciidoc[]
 

docs/setup/install/start-es-and-enroll.asciidoc

@@ -0,0 +1,16 @@
+==== Start {es} and generate an enrollment token for {kib}
+++++
+<titleabbrev>Generate an enrollment token</titleabbrev>
+++++
+
+When you start {es} for the first time, the following security configuration
+occurs automatically:
+
+* {ref}/configuring-stack-security.html#stack-security-certificates[Certificates and keys] for TLS are
+generated for the transport and HTTP layers.
+* The TLS configuration settings are written to `elasticsearch.yml`.
+* A password is generated for the `elastic` user.
+* An enrollment token is generated for {kib}.
+
+You can then start {kib} and enter the enrollment token to securely connect 
+{kib} with {es}. The enrollment token is valid for 30 minutes.

docs/setup/install/systemd.asciidoc

@@ -1,6 +1,6 @@
 ==== Run {kib} with `systemd`
 
-To configure Kibana to start automatically when the system boots up,
+To configure {kib} to start automatically when the system starts,
 run the following commands:
 
 [source,sh]
@@ -9,14 +9,14 @@ sudo /bin/systemctl daemon-reload
 sudo /bin/systemctl enable kibana.service
 --------------------------------------------------
 
-Kibana can be started and stopped as follows:
+{kib} can be started and stopped as follows:
 
 [source,sh]
 --------------------------------------------
 sudo systemctl start kibana.service
 sudo systemctl stop kibana.service
 --------------------------------------------
 
-These commands provide no feedback as to whether Kibana was started
+These commands provide no feedback as to whether {kib} was started
 successfully or not. Log information can be accessed via
-`journalctl -u kibana.service`.
+`journalctl -u kibana.service`.

docs/setup/install/targz-running.asciidoc

@@ -9,3 +9,5 @@ Kibana can be started from the command line as follows:
 
 By default, Kibana runs in the foreground, prints its logs to the
 standard output (`stdout`), and can be stopped by pressing *Ctrl-C*.
+
+include::auto-enroll.asciidoc[]

docs/setup/install/targz.asciidoc

@@ -90,6 +90,8 @@ cd kibana-{version}/ <2>
 
 endif::[]
 
+[[targz-enroll]]
+include::start-es-and-enroll.asciidoc[]
 
 [[targz-running]]
 include::targz-running.asciidoc[]

docs/setup/install/windows-running.asciidoc

@@ -9,3 +9,5 @@ Kibana can be started from the command line as follows:
 
 By default, Kibana runs in the foreground, prints its logs to `STDOUT`,
 and can be stopped by pressing *Ctrl-C*.
+
+include::auto-enroll.asciidoc[]

docs/setup/install/windows.asciidoc

@@ -40,6 +40,9 @@ CD c:\kibana-{version}-windows-x86_64
 
 endif::[]
 
+[[windows-enroll]]
+include::start-es-and-enroll.asciidoc[]
+
 [[windows-running]]
 include::windows-running.asciidoc[]
 

docs/user/alerting/alerting-getting-started.asciidoc

@@ -24,7 +24,7 @@ This section describes all of these elements and how they operate together.
 [float]
 === Rules
 
-A rule specifies a background task that runs on the {kib} server to check for specific conditions. {kib} provides two types of rules: stack rules that are built into {kib} and domain rules that are registered by Kibana apps. Refer to <<rule-types,Rule types>> for more information.
+A rule specifies a background task that runs on the {kib} server to check for specific conditions. {kib} provides two types of rules: stack rules that are built into {kib} and the rules that are registered by Kibana apps. Refer to <<rule-types,Rule types>> for more information.
 
 A rule consists of three main parts: 
 
@@ -53,7 +53,7 @@ to control the details of the conditions to detect.
 
 For example, an <<rule-type-index-threshold, index threshold rule type>> lets you specify the index to query, an aggregation field, and a time window, but the details of the underlying {es} query are hidden.
 
-See <<stack-rules>> and <<domain-specific-rules>> for the types of rules provided by {kib} and how they express their conditions.
+See <<rule-types>> for the rules provided by {kib} and how they express their conditions.
 
 [float]
 [[alerting-concepts-scheduling]]

docs/user/alerting/rule-types.asciidoc

@@ -2,7 +2,8 @@
 [[rule-types]]
 == Rule types
 
-A rule is a set of <<alerting-concepts-conditions, conditions>>, <<alerting-concepts-scheduling, schedules>>, and <<alerting-concepts-actions, actions>> that enable notifications. {kib} provides two types of rules:  rules specific to the Elastic Stack and rules specific to a domain.
+A rule is a set of <<alerting-concepts-conditions, conditions>>, <<alerting-concepts-scheduling, schedules>>, and <<alerting-concepts-actions, actions>> that enable notifications. {kib} provides rules built into the Elastic Stack and rules registered by one of the {kib} apps.
+You can create most rules types in <<create-and-manage-rules,Stack Management > Rules and Connectors>>. For information on creating security rules, refer to {security-guide}/rules-ui-create.html[Create a detection rule].
 
 [NOTE]
 ==============================================
@@ -15,45 +16,64 @@ see {subscriptions}[the subscription page].
 [[stack-rules]]
 === Stack rules
 
-<<create-and-manage-rules, Stack rules>> are built into {kib}.  To access the *Stack Rules* feature and create and edit rules, users require the `all` privilege. See <<kibana-feature-privileges, feature privileges>> for more information.
+<<create-and-manage-rules, Stack rules>> are built into {kib}. To access the *Stack Rules* feature and create and edit rules, users require the `all` privilege. See <<kibana-feature-privileges, feature privileges>> for more information.
 
 [cols="2*<"]
 |===
 
-| <<rule-type-index-threshold>>
-| Aggregate field values from documents using {es} queries, compare them to threshold values, and schedule actions to run when the thresholds are met.
-
 | <<rule-type-es-query>>
 | Run a user-configured {es} query, compare the number of matches to a configured threshold, and schedule actions to run when the threshold condition is met.
 
-| {ref}/transform-alerts.html[{transform-cap} rules] beta:[]
+| <<rule-type-index-threshold>>
+| Aggregate field values from documents using {es} queries, compare them to threshold values, and schedule actions to run when the thresholds are met.
+
+| {ref}/transform-alerts.html[{transform-cap} rules]
 | beta:[] Run scheduled checks on a {ctransform} to check its health. If a {ctransform} meets the conditions, an alert is created and the associated action is triggered.
 
+| <<geo-alerting, Tracking containment>>
+| Run an {es} query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule's conditions are met.
+
 |===
 
 [float]
-[[domain-specific-rules]]
-=== Domain rules
+[[observability-rules]]
+=== Observability rules
 
-Domain rules are registered by *Observability*, *Security*, <<maps, Maps>> and <<xpack-ml, Machine Learning>>.
+Observability rules are categorized into APM and User Experience, Logs, Metrics, Stack Monitoring, and Uptime.
 
 [cols="2*<"]
 |===
 
-| {observability-guide}/create-alerts.html[Observability rules]
-| Detect complex conditions in the *Logs*, *Metrics*, and *Uptime* apps.
 
-| {security-guide}/prebuilt-rules.html[Security rules]
-| Detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met.
+| <<apm-alerts, APM and User Experience>>
+| Detect complex conditions in *APM* data and trigger built-in actions when the conditions are met.
 
-| <<geo-alerting, Maps rules>>
-| Run an {es} query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule's conditions are met.
+| {observability-guide}/create-alerts.html[Logs rules]
+| Detect complex conditions in the *Logs* app.
 
-| {ml-docs}/ml-configuring-alerts.html[{ml-cap} rules] beta:[]
-| beta:[] Run scheduled checks on an {anomaly-job} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
+| {observability-guide}/create-alerts.html[Metrics rules]
+| Detect complex conditions in the *Metrics* app.
+
+| <<kibana-alerts,Stack Monitoring>>
+| Provide {kib} Alerting rules out-of-the box to notify you of potential issues in the Elastic Stack.
+
+| {observability-guide}/create-alerts.html[Uptime rules]
+| Detect complex conditions in the *Uptime* app.
 
 |===
 
+[float]
+[[ml-rules]]
+=== Machine learning rules
+
+beta:[] {ml-docs}/ml-configuring-alerts.html[{ml-cap} rules] run scheduled checks on an {anomaly-job} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
+
+[float]
+[[security-rules]]
+=== Security rules
+
+Security rules detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met. For more information, refer to {security-guide}/prebuilt-rules.html[Security rules].
+
 include::rule-types/index-threshold.asciidoc[]
 include::rule-types/es-query.asciidoc[]
 include::rule-types/geo-rule-types.asciidoc[]