diff --git a/auditbeat/docs/command-line.asciidoc b/auditbeat/docs/command-line.asciidoc
deleted file mode 100644
index 28ace4c1927..00000000000
--- a/auditbeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,7 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-The following command line options are available for {beatname_uc}. To use these
-options, you need to start {beatname_uc} in the foreground.
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
diff --git a/auditbeat/docs/index.asciidoc b/auditbeat/docs/index.asciidoc
index d9a96ec02d4..5b52054e561 100644
--- a/auditbeat/docs/index.asciidoc
+++ b/auditbeat/docs/index.asciidoc
@@ -23,12 +23,10 @@ include::../../libbeat/docs/contributing-to-beats.asciidoc[]
 
 include::./getting-started.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
-
 include::../../libbeat/docs/repositories.asciidoc[]
 
+include::./setting-up-running.asciidoc[]
+
 include::./configuring-howto.asciidoc[]
 
 include::./modules.asciidoc[]
diff --git a/auditbeat/docs/setting-up-running.asciidoc b/auditbeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..0486f98928f
--- /dev/null
+++ b/auditbeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,25 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]
diff --git a/filebeat/docs/command-line.asciidoc b/filebeat/docs/command-line.asciidoc
deleted file mode 100644
index 8582ec8a806..00000000000
--- a/filebeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,22 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-The following command line option is specific to Filebeat.
-
-*`-once`*::
-When the `-once` flag is used, Filebeat starts all configured harvesters and prospectors, and runs
-each prospector until the harvesters are closed. If you set the `-once` flag, you should also set
-`close_eof` so the harvester is closed when the end of the file is reached.
-By default harvesters are closed after `close_inactive` is reached.
-
-The following command line options from libbeat are also available for Filebeat. To
-use these options, you need to start Filebeat in the foreground.
-
-To start Filebeat, you must use the `-c config/path` option to specify the path to the
-configuration file.
-
-TIP: Run `./filebeat -h` to see the full list of options from the command line.
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
-
-
diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc
index 659e843c9de..bac7ea45adb 100644
--- a/filebeat/docs/index.asciidoc
+++ b/filebeat/docs/index.asciidoc
@@ -28,13 +28,9 @@ include::./getting-started.asciidoc[]
 
 include::./modules-getting-started.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
-
 include::../../libbeat/docs/repositories.asciidoc[]
 
-include::./running-on-docker.asciidoc[]
+include::./setting-up-running.asciidoc[]
 
 include::./upgrading.asciidoc[]
 
diff --git a/filebeat/docs/setting-up-running.asciidoc b/filebeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..757d463de66
--- /dev/null
+++ b/filebeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,30 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+* <<running-on-docker>>
+
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]
+
+include::./running-on-docker.asciidoc[]
diff --git a/heartbeat/docs/command-line.asciidoc b/heartbeat/docs/command-line.asciidoc
deleted file mode 100644
index 86ddf90da28..00000000000
--- a/heartbeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,15 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-Heartbeat does not have any Heartbeat-specific command line options.
-Instead, you configure the behaviour of Heartbeat by specifying options in
-the configuration file.
-
-The following command line options from libbeat are also available for
-Heartbeat. To use these options, you need to start Heartbeat in the
-foreground.
-
-TIP: Run `./heartbeat -h` to see the full list of options from the command
-line.
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
diff --git a/heartbeat/docs/index.asciidoc b/heartbeat/docs/index.asciidoc
index 3cffdbe48e6..300986c7fe2 100644
--- a/heartbeat/docs/index.asciidoc
+++ b/heartbeat/docs/index.asciidoc
@@ -26,13 +26,9 @@ include::../../libbeat/docs/contributing-to-beats.asciidoc[]
 
 include::./getting-started.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
-
 include::../../libbeat/docs/repositories.asciidoc[]
 
-include::./running-on-docker.asciidoc[]
+include::./setting-up-running.asciidoc[]
 
 //
 //include::./upgrading.asciidoc[]
diff --git a/heartbeat/docs/setting-up-running.asciidoc b/heartbeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..388cd8c5d88
--- /dev/null
+++ b/heartbeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,29 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+* <<running-on-docker>>
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]
+
+include::./running-on-docker.asciidoc[]
diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc
new file mode 100644
index 00000000000..3fe3759c1e6
--- /dev/null
+++ b/libbeat/docs/command-reference.asciidoc
@@ -0,0 +1,565 @@
+//////////////////////////////////////////////////////////////////////////
+//// This content is shared by all Elastic Beats. Make sure you keep the
+//// descriptions here generic enough to work for all Beats that include
+//// this file. When using cross references, make sure that the cross
+//// references resolve correctly for any files that include this one.
+//// Use the appropriate variables defined in the index.asciidoc file to
+//// resolve Beat names: beatname_uc and beatname_lc
+//// Use the following include to pull this content into a doc file:
+//// include::../../libbeat/docs/command-reference.asciidoc[]
+//////////////////////////////////////////////////////////////////////////
+
+
+// These attributes are used to resolve short descriptions
+
+:global-flags: Also see <<global-flags,Global flags>>.
+
+:export-command-short-desc: Exports the configuration or index template to stdout
+:help-command-short-desc: Shows help for any command
+:modules-command-short-desc: Manages configured modules
+:run-command-short-desc: Runs {beatname_uc}. This command is used by default if you start {beatname_uc} without specifying a command
+:setup-command-short-desc: Sets up the initial environment, including the index template, Kibana dashboards (when available), and machine learning jobs (when available)
+:test-command-short-desc: Tests the configuration
+:version-command-short-desc: Shows information about the current version
+
+
+[[command-line-options]]
+=== {beatname_uc} commands
+
+{beatname_uc} provides a command-line interface for running the Beat and
+performing common tasks, like testing configuration files and loading
+dashboards. The command-line also supports <<global-flags,global flags>>
+for controlling global behaviors.
+
+ifeval::["{beatname_lc}"!="winlogbeat"]
+
+[NOTE]
+=========================
+You may need to use `sudo` to run the following commands if you've:
+
+* changed ownership of the config file to `root`
+* enabled the Beat to capture data that requires `root` access
+
+=========================
+
+endif::[]
+
+[horizontal]
+<<export-command,`export`>>::
+{export-command-short-desc}.
+
+<<help-command,`help`>>::
+{help-command-short-desc}.
+
+ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")]
+
+<<modules-command,`modules`>>::
+{modules-command-short-desc}.
+
+endif::[]
+
+<<run-command,`run`>>::
+{run-command-short-desc}.
+
+<<setup-command,`setup`>>::
+{setup-command-short-desc}.
+
+<<test-command,`test`>>::
+{test-command-short-desc}.
+
+<<version-command,`version`>>::
+{version-command-short-desc}.
+
+Also see <<global-flags,Global flags>>.
+
+[[export-command]]
+==== `export` command
+
+{export-command-short-desc}. You can use this
+command to quickly view your configuration or the contents of the index
+template.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} export SUBCOMMAND [FLAGS]
+----
+
+
+*SUBCOMMANDS*
+
+*`config`*::
+Exports the current configuration to stdout. If you use the `-c` flag, this
+command exports the configuration that's defined in the specified file.
+
+[[template-subcommand]]
+*`template`*::
+Exports the index template to stdout. You can specify the `--es.version` and
+`--index` flags to futher define what gets exported.
+
+*FLAGS*
+
+*`--es.version VERSION`*::
+When specified along with <<template-subcommand,`template`>>, exports an index
+template that is compatible with the specified version.
+
+*`-h, --help`*::
+Shows help for the `export` command.
+
+*`--index BASE_NAME`*::
+When specified along with <<template-subcommand,`template`>>, sets the base name
+to use for the index template. If this flag is not specified, the default base
+name is +{beatname_lc}+.
+
+{global-flags}
+
+*EXAMPLES*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} export config
+{beatname_lc} export template --es.version {stack-version} --index myindexname
+-----
+
+
+[[help-command]]
+==== `help` command
+
+{help-command-short-desc}. If no command is specified, shows help for the
+`run` command.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} help COMMAND_NAME [FLAGS]
+----
+
+
+*`COMMAND_NAME`*::
+Specifies the name of the command to show help for.
+
+*FLAGS*
+
+*`-h, --help`*:: Shows help for the `help` command.
+
+{global-flags}
+
+*EXAMPLE*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} help export
+-----
+
+ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")]
+
+[[modules-command]]
+==== `modules` command
+
+{modules-command-short-desc}. You can use this command to enable and disable
+specific modules. The changes you make with this command are persisted and
+used for subsequent runs of {beatname_uc}. To see which modules are enabled
+and disabled, run the `list` subcommand.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} modules SUBCOMMAND [FLAGS]
+----
+
+
+*SUBCOMMANDS*
+
+*`disable MODULE_LIST`*::
+Disables the modules specified in the space-separated list.
+
+*`enable MODULE_LIST`*::
+Enables the modules specified in the space-separated list.
+
+*`list`*::
+Lists the modules that are currently enabled and disabled.
+
+
+*FLAGS*
+
+*`-h, --help`*::
+Shows help for the `export` command.
+
+
+{global-flags}
+
+*EXAMPLES*
+
+ifeval::["{beatname_lc}"=="filebeat"]
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} modules list
+{beatname_lc} modules enable apache2 auditd mysql
+-----
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="metricbeat"]
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} modules list
+{beatname_lc} modules enable apache nginx system
+-----
+
+
+endif::[]
+
+endif::[]
+
+
+[[run-command]]
+==== `run` command
+
+{run-command-short-desc}.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} run [FLAGS]
+-----
+
+
+*FLAGS*
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-I, --I FILE`*::
+Reads packet data from the specified file instead of reading packets from the
+network. This option is useful only for testing {beatname_uc}.
++
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} run -I ~/pcaps/network_traffic.pcap
+-----
+
+endif::[]
+
+*`-N, --N`*::
+Disables the publishing of events to the defined output. This option is useful
+only for testing {beatname_uc}.
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-O, --O`*::
+Read packets one by one by pressing _Enter_ after each. This option is useful
+only for testing {beatname_uc}.
+
+endif::[]
+
+*`--cpuprofile FILE`*::
+Writes CPU profile data to the specified file. This option is useful for
+troubleshooting {beatname_uc}.
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-devices`*::
+Prints the list of devices that are available for sniffing and then exits.
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-dump FILE`*::
+Writes all captured packets to the specified file. This option is useful for
+troubleshooting {beatname_uc}.
+
+endif::[]
+
+*`-h, --help`*::
+Shows help for the `run` command.
+
+*`--httpprof [HOST]:PORT`*::
+Starts an http server for profiling. This option is useful for troubleshooting
+and profiling {beatname_uc}.
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-l N`*::
+Reads the pcap file `N` number of times. The default is 1. Use this option in
+combination with the `-I` option. For an infinite loop, use _0_. The `-l`
+option is useful only for testing {beatname_uc}.
+
+endif::[]
+
+*`--memprofile FILE`*::
+Writes memory profile data to the specified output file. This option is useful
+for troubleshooting {beatname_uc}.
+
+ifeval::["{beatname_lc}"=="filebeat"]
+
+*`--modules MODULE_LIST`*::
+Specifies a comma-separated list of modules to run. For example:
++
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} run --modules nginx,mysql,system
+-----
++
+Rather than specifying the list of modules every time you run {beatname_uc},
+you can use the <<modules-command,`modules`>> command to enable and disable
+specific modules. Then when you run {beatname_uc}, it will run any modules
+that are enabled.
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="filebeat"]
+
+*`--once`*::
+When the `--once` flag is used, {beatname_uc} starts all configured harvesters
+and prospectors, and runs each prospector until the harvesters are closed. If
+you set the `--once` flag, you should also set `close_eof` so the harvester is
+closed when the end of the file is reached. By default harvesters are closed
+after `close_inactive` is reached.
+
+endif::[]
+
+*`--setup`*::
+Loads the sample Kibana dashboards. If you want to load the dashboards without
+running {beatname_uc}, use the <<setup-command,`setup`>> command instead.
+
+ifeval::["{beatname_lc}"=="metricbeat"]
+
+*`--system.hostfs MOUNT_POINT`*::
+
+Specifies the mount point of the host's filesystem for use in monitoring a host
+from within a container.
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="packetbeat"]
+
+*`-t`*::
+Reads packets from the pcap file as fast as possible without sleeping. Use this
+option in combination with the `-I` option. The `-t` option is useful only for
+testing Packetbeat.
+
+endif::[]
+
+{global-flags}
+
+*EXAMPLE*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} run -e
+-----
+
+
+[[setup-command]]
+==== `setup` command
+
+{setup-command-short-desc}.
+
+* The index template ensures that fields are mapped correctly in Elasticsearch.
+* The Kibana dashboards make it easier for you to visualize {beatname_uc} data
+in Kibana.
+* The machine learning jobs contain the configuration information and metadata
+necessary to analyze data for anomalies.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} setup [FLAGS]
+----
+
+
+*FLAGS*
+
+*`--dashboards`*::
+Sets up the Kibana dashboards only.
+
+*`-h, --help`*::
+Shows help for the `setup` command.
+
+*`--machine-learning`*::
+Sets up machine learning job configurations only.
+
+ifeval::["{beatname_lc}"=="filebeat"]
+
+*`--modules MODULE_LIST`*::
+Specifies a comma-separated list of modules. Use this flag to avoid errors when
+there are no modules defined in the +{beatname_lc}.yml+ file.
+
+endif::[]
+
+*`--template`*::
+Sets up the index template only.
+
+{global-flags}
+
+*EXAMPLE*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} setup --dashboards
+-----
+
+
+[[test-command]]
+==== `test` command
+
+{test-command-short-desc}.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} test SUBCOMMAND [FLAGS]
+----
+
+*SUBCOMMANDS*
+
+*`config`*::
+Tests the configuration settings.
+
+ifeval::["{beatname_lc}"=="metricbeat"]
+
+*`modules [MODULE_NAME] [METRICSET_NAME]`*::
+Tests module settings for all configured modules. When you run this command,
+{beatname_uc} does a test run that applies the current settings, retrieves the
+metrics, and shows them as output. To test the settings for a specific module,
+specify `MODULE_NAME`. To test the settings for a specific metricset in the
+module, also specify `METRICSET_NAME`.
+
+endif::[]
+
+*`output`*::
+Tests that {beatname_uc} can connect to the output by using the
+current settings.
+
+*FLAGS*
+
+*`-h, --help`*:: Shows help for the `test` command.
+
+{global-flags}
+
+ifeval::["{beatname_lc}"!="metricbeat"]
+
+*EXAMPLE*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} test config
+-----
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="metricbeat"]
+
+*EXAMPLES*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} test config
+{beatname_lc} test modules system cpu
+-----
+
+endif::[]
+
+[[version-command]]
+==== `version` command
+
+{version-command-short-desc}.
+
+*SYNOPSIS*
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc} version [FLAGS]
+----
+
+
+*FLAGS*
+
+*`-h, --help`*:: Shows help for the `version` command.
+
+{global-flags}
+
+*EXAMPLE*
+
+["source","sh",subs="attributes"]
+-----
+{beatname_lc} version
+----
+
+
+[float]
+[[global-flags]]
+=== Global flags
+
+These global flags are available whenever you run {beatname_uc}.
+
+*`-E, --E "SETTING_NAME=VALUE"`*::
+Overrides a specific configuration setting. You can specify multiple overrides.
+For example:
++
+["source","sh",subs="attributes"]
+----------------------------------------------------------------------
+{beatname_lc} -E "name=mybeat" -E "output.elasticsearch.hosts=["http://myhost:9200"]"
+----------------------------------------------------------------------
++
+This setting is applied to the currently running {beatname_uc} process.
+The {beatname_uc} configuration file is not changed.
+
+ifeval::["{beatname_lc}"=="filebeat"]
+
+*`-M, --M "VAR_NAME=VALUE"`*:: Overrides the default configuration for a
+{beatname_uc} module. You can specify multiple variable overrides. For example:
++
+["source","sh",subs="attributes"]
+----------------------------------------------------------------------
+{beatname_lc} -modules=nginx -M "nginx.access.var.paths=[/var/log/nginx/access.log*]" -M "nginx.access.var.pipeline=no_plugins"
+----------------------------------------------------------------------
+
+endif::[]
+
+*`-c, --c FILE`*::
+Specifies the configuration file to use for {beatname_uc}. The file you specify
+here is relative to `path.config`. If the `-c` flag is not specified, the
+default config file, +{beatname_lc}.yml+, is used.
+
+*`-d, --d SELECTORS`*::
+Enables debugging for the specified selectors. For the selectors, you can
+specify a comma-separated
+list of components, or you can use `-d "*"` to enable debugging for all
+components. For example, `-d "publish"` displays all the "publish" related
+messages.
+
+*`-e, --e`*::
+Logs to stderr and disables syslog/file output.
+
+*`--path.config`*::
+Sets the path for configuration files. See the <<directory-layout>> section for
+details.
+
+*`--path.data`*::
+Sets the path for data files. See the <<directory-layout>> section for details.
+
+*`--path.home`*::
+Sets the path for miscellaneous files. See the <<directory-layout>> section for
+details.
+
+*`--path.logs`*::
+Sets the path for log files. See the <<directory-layout>> section for details.
+
+*`--strict.perms`*::
+Sets strict permission checking on configuration files. The default is
+`-strict.perms=true`. See
+{libbeat}/config-file-permissions.html[Config file ownership and permissions] in
+the _Beats Platform Reference_ for more information.
+
+*`-v, --v`*::
+Logs INFO-level messages.
+
diff --git a/libbeat/docs/shared-command-line.asciidoc b/libbeat/docs/shared-command-line.asciidoc
deleted file mode 100644
index 04ad1cec016..00000000000
--- a/libbeat/docs/shared-command-line.asciidoc
+++ /dev/null
@@ -1,74 +0,0 @@
-//////////////////////////////////////////////////////////////////////////
-//// This content is shared by all Elastic Beats. Make sure you keep the
-//// descriptions here generic enough to work for all Beats that include
-//// this file. When using cross references, make sure that the cross
-//// references resolve correctly for any files that include this one.
-//// Use the appropriate variables defined in the index.asciidoc file to
-//// resolve Beat names: beatname_uc and beatname_lc
-//// Use the following include to pull this content into a doc file:
-//// include::../../libbeat/docs/shared-command-line.asciidoc[]
-//////////////////////////////////////////////////////////////////////////
-
-*`-E <setting>=<value>`*::
-Override a specific configuration setting. For example:
-+
-["source","sh",subs="attributes"]
-----------------------------------------------------------------------
-sudo ./{beatname_lc} -c {beatname_lc}.yml -E name=mybeat
-----------------------------------------------------------------------
-+
-This setting is applied to the currently running {beatname_uc} process.
-The {beatname_uc} configuration file is not changed. 
-
-*`-N`*::
-Disable the publishing of events to the defined output. This option is useful only
-for testing the Beat.
-
-*`-c <file>`*::
-Pass the location of a configuration file for the Beat.
-
-*`-configtest`*::
-Test the configuration file and then exit. This option is useful for
-troubleshooting the configuration of a Beat.
-
-*`-cpuprofile <output file>`*::
-Write CPU profile data to the specified file. This option is useful for
-troubleshooting the Beat.
-
-*`-d <selectors>`*::
-Enable debugging for the specified selectors. For the selectors, you can specify a comma-separated
-list of components, or you can use `-d "*"` to enable debugging for all components. For example,
-`-d "publish"` displays all the "publish" related messages.
-
-*`-e`*::
-Log to stderr and disable syslog/file output.
-
-*`-httpprof [<host>]:<port>`*::
-Start http server for profiling. This option is useful for troubleshooting and profiling the Beat.
-
-*`-memprofile <output file>`*::
-Write memory profile data to the specified output file. This option is useful for
-troubleshooting the Beat.
-
-*`-path.config`*::
-Set the default location for configuration (e.g. the Elasticsearch template). See the <<directory-layout>> section for
-details.
-
-*`-path.data`*::
-Set the default location for data files. See the <<directory-layout>> section for details.
-
-*`-path.home`*::
-Set the default location for miscellaneous files. See the <<directory-layout>> section for details.
-
-*`-path.logs`*::
-Set the default location for log files. See the <<directory-layout>> section for details.
-
-*`-setup`*::
-Load the sample Kibana dashboards. By default, this downloads an archive file containing the Beats dashboards
-from the elastic.co website. See the <<configuration-dashboards>> section for more details and more options.
-
-*`-v`*::
-Enable verbose output to show INFO-level messages.
-
-*`-version`*::
-Display the Beat version and exit.
diff --git a/libbeat/docs/shared-directory-layout.asciidoc b/libbeat/docs/shared-directory-layout.asciidoc
index 73dffd3e287..0199a9ca9e3 100644
--- a/libbeat/docs/shared-directory-layout.asciidoc
+++ b/libbeat/docs/shared-directory-layout.asciidoc
@@ -31,6 +31,8 @@ file.
 
 {beatname_uc} uses the following default paths unless you explicitly change them.
 
+ifeval::["{beatname_lc}"!="winlogbeat"]
+
 [float]
 ===== deb and rpm
 [cols="<h,<,<m",options="header",]
@@ -60,6 +62,8 @@ Otherwise the paths might be set incorrectly.
 | logs   | The location for the logs created by {beatname_uc}. | /usr/share//{beatname_lc}/logs
 |=======================================================================
 
+endif::[]
+
 [float]
 ===== zip, tar.gz, and tgz
 [cols="<h,<,<m",options="header",]
@@ -76,8 +80,20 @@ For the zip, tar.gz and tgz distributions, these paths are based on the location
 extracted binary file. This means that if you start {beatname_uc} with the following simple command,
 all paths are set correctly:
 
+ifeval::["{beatname_lc}"!="winlogbeat"]
 
 ["source","sh",subs="attributes,callouts"]
 ----------------------------------------------------------------------
 ./{beatname_lc}
 ------------------------------------------------------------------------------
+
+endif::[]
+
+ifeval::["{beatname_lc}"=="winlogbeat"]
+
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+Start-Service {beatname_lc}
+----------------------------------------------------------------------
+
+endif::[]
diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc
index 02de5e91f30..79f1de004dd 100644
--- a/libbeat/docs/shared-docker.asciidoc
+++ b/libbeat/docs/shared-docker.asciidoc
@@ -1,5 +1,5 @@
 [[running-on-docker]]
-== Running {beatname_uc} on Docker
+=== Running {beatname_uc} on Docker
 
 Docker images for {beatname_uc} are available from the Elastic Docker
 registry. You can retrieve an image with a `docker pull` command.
@@ -25,7 +25,7 @@ code can be found on
 https://github.com/elastic/beats-docker/tree/{doc-branch}[GitHub].
 
 [float]
-=== Configure {beatname_uc} on Docker
+==== Configure {beatname_uc} on Docker
 
 The Docker image provides several methods for configuring {beatname_uc}. The
 conventional approach is to provide a configuration file via a bind-mounted
@@ -33,7 +33,7 @@ volume, but it's also possible to create a custom image with your
 configuration included.
 
 [float]
-==== Bind-mounted configuration
+===== Bind-mounted configuration
 
 One way to configure {beatname_uc} on Docker is to provide +{beatname_lc}.yml+ via bind-mounting.
 With +docker run+, the bind-mount can be specified like this:
@@ -46,7 +46,7 @@ docker run \
 --------------------------------------------
 
 [float]
-==== Custom image configuration
+===== Custom image configuration
 
 It's possible to embed your {beatname_uc} configuration in a custom image.
 Here is an example Dockerfile to achieve this:
diff --git a/metricbeat/docs/command-line.asciidoc b/metricbeat/docs/command-line.asciidoc
deleted file mode 100644
index b72411a9241..00000000000
--- a/metricbeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,7 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-The following command line options are available for Metricbeat. To use these
-options, you need to start Metricbeat in the foreground.
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
diff --git a/metricbeat/docs/index.asciidoc b/metricbeat/docs/index.asciidoc
index 60f650132d3..3dbd7407f99 100644
--- a/metricbeat/docs/index.asciidoc
+++ b/metricbeat/docs/index.asciidoc
@@ -23,13 +23,9 @@ include::../../libbeat/docs/contributing-to-beats.asciidoc[]
 
 include::./gettingstarted.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
-
 include::../../libbeat/docs/repositories.asciidoc[]
 
-include::./running-on-docker.asciidoc[]
+include::./setting-up-running.asciidoc[]
 
 include::./upgrading.asciidoc[]
 
diff --git a/metricbeat/docs/running-on-docker.asciidoc b/metricbeat/docs/running-on-docker.asciidoc
index 295d9b92d26..8509a560802 100644
--- a/metricbeat/docs/running-on-docker.asciidoc
+++ b/metricbeat/docs/running-on-docker.asciidoc
@@ -2,7 +2,7 @@ include::../../libbeat/docs/shared-docker.asciidoc[]
 
 [float]
 [[monitoring-host]]
-=== Monitor the host machine
+==== Monitor the host machine
 When executing Metricbeat in a container, there are some important
 things to be aware of if you want to monitor the host machine or other
 containers. Let's walk-through some examples using Docker as our container
@@ -48,7 +48,7 @@ fail on Windows and MacOS.
 
 [float]
 [[monitoring-service]]
-=== Monitor a service in another container
+==== Monitor a service in another container
 
 Next, let's look at an example of monitoring a containerized service from a
 Metricbeat container.
diff --git a/metricbeat/docs/setting-up-running.asciidoc b/metricbeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..388cd8c5d88
--- /dev/null
+++ b/metricbeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,29 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+* <<running-on-docker>>
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]
+
+include::./running-on-docker.asciidoc[]
diff --git a/packetbeat/docs/command-line.asciidoc b/packetbeat/docs/command-line.asciidoc
deleted file mode 100644
index 70b289d55d2..00000000000
--- a/packetbeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,39 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-The following command line options are available for Packetbeat. To use these options,
-you need to start Packetbeat in the foreground.
-
-TIP: Run `./packetbeat -h` to see the full list of options from the command line.
-
-==== Packetbeat-specific options
-These command line options are specific to Packetbeat:
-
-*`-I <file>`*::
-Pass a pcap file as input to Packetbeat instead of reading packets from the network.
-This option is useful only for testing Packetbeat. Example: `-I ~/pcaps/network_traffic.pcap`.
-
-*`-O`*::
-Read packets one by one by pressing _Enter_ after each. This option is useful only for testing Packetbeat.
-
-*`-devices`*::
-Print the list of devices that are available for sniffing.
-
-*`-dump <file>`*::
-Write all captured packets to a file. This option is useful for troubleshooting Packetbeat.
-
-*`-l <n>`*::
-Read the pcap file `n` number of times. Use this option in combination with the `-I` option.
-For an infinite loop, use _0_. The `-l` option is useful only for testing Packetbeat.
-
-*`-t`*::
-Read the packets from the pcap file as fast as possible without sleeping. Use this option in combination with the `-I` option. The `-t` option is useful only for testing Packetbeat.
-
-==== Other options
-
-These command line options from libbeat are also available for Packetbeat:
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
-
-
-
diff --git a/packetbeat/docs/index.asciidoc b/packetbeat/docs/index.asciidoc
index 9c6f55d1a79..7ef49bd6243 100644
--- a/packetbeat/docs/index.asciidoc
+++ b/packetbeat/docs/index.asciidoc
@@ -27,13 +27,9 @@ include::../../libbeat/docs/contributing-to-beats.asciidoc[]
 
 include::./gettingstarted.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
-
 include::../../libbeat/docs/repositories.asciidoc[]
 
-include::./running-on-docker.asciidoc[]
+include::./setting-up-running.asciidoc[]
 
 include::./upgrading.asciidoc[]
 
diff --git a/packetbeat/docs/running-on-docker.asciidoc b/packetbeat/docs/running-on-docker.asciidoc
index 090577c58da..743f227ddb9 100644
--- a/packetbeat/docs/running-on-docker.asciidoc
+++ b/packetbeat/docs/running-on-docker.asciidoc
@@ -1,6 +1,7 @@
 include::../../libbeat/docs/shared-docker.asciidoc[]
 
-=== Required network capabilities
+[float]
+==== Required network capabilities
 
 Under Docker, Packetbeat runs as a non-root user, but requires some privileged
 network capabilities to operate correctly. Ensure that the +NET_ADMIN+
@@ -11,7 +12,8 @@ capability is available to the container.
 docker run --cap-add=NET_ADMIN {dockerimage}
 ----
 
-=== Capture traffic from the host system
+[float]
+==== Capture traffic from the host system
 
 By default, Docker networking will connect the Packetbeat container to an
 isolated virtual network, with a limited view of network traffic. You may wish
diff --git a/packetbeat/docs/setting-up-running.asciidoc b/packetbeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..388cd8c5d88
--- /dev/null
+++ b/packetbeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,29 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+* <<running-on-docker>>
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]
+
+include::./running-on-docker.asciidoc[]
diff --git a/winlogbeat/docs/command-line.asciidoc b/winlogbeat/docs/command-line.asciidoc
deleted file mode 100644
index cef2d72f953..00000000000
--- a/winlogbeat/docs/command-line.asciidoc
+++ /dev/null
@@ -1,13 +0,0 @@
-[[command-line-options]]
-=== Command line options
-
-Winlogbeat does not have any Winlogbeat-specific command line options. Instead,
-you configure the behavior of Winlogbeat by specifying options in the
-configuration file.
-
-The following command line options from libbeat are also available for
-Winlogbeat.
-
-TIP: Run `winlogbeat -h` to see the full list of options from the command line.
-
-include::../../libbeat/docs/shared-command-line.asciidoc[]
diff --git a/winlogbeat/docs/index.asciidoc b/winlogbeat/docs/index.asciidoc
index fc24f8382b9..4919f504179 100644
--- a/winlogbeat/docs/index.asciidoc
+++ b/winlogbeat/docs/index.asciidoc
@@ -24,9 +24,7 @@ include::../../libbeat/docs/contributing-to-beats.asciidoc[]
 
 include::./getting-started.asciidoc[]
 
-include::./command-line.asciidoc[]
-
-include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+include::./setting-up-running.asciidoc[]
 
 include::./upgrading.asciidoc[]
 
diff --git a/winlogbeat/docs/setting-up-running.asciidoc b/winlogbeat/docs/setting-up-running.asciidoc
new file mode 100644
index 00000000000..0486f98928f
--- /dev/null
+++ b/winlogbeat/docs/setting-up-running.asciidoc
@@ -0,0 +1,25 @@
+/////
+// NOTE:
+// Each beat has its own setup overview to allow for the addition of content
+// that is unique to each beat.
+/////
+
+[[seting-up-and-running]]
+== Setting up and running {beatname_uc}
+
+Before reading this section, see the
+<<{beatname_lc}-getting-started,getting started documentation>> for basic
+installation instructions to get you started.
+
+This section includes additional information on how to set up and run
+{beatname_uc}, including:
+
+* <<directory-layout>>
+
+* <<command-line-options>>
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+
+include::../../libbeat/docs/shared-directory-layout.asciidoc[]
+
+include::../../libbeat/docs/command-reference.asciidoc[]