[DOCS] Fixes hierarchy in alerting and actions section (#64133)

docs/user/alerting/action-types/email.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[email-action-type]]
-== Email action type
+=== Email action
 
 The email action type uses the SMTP protocol to send mail message, using an integration of https://nodemailer.com/[Nodemailer]. Email message text is sent as both plain text and html text.
 
@@ -10,11 +10,11 @@ The email action type uses the SMTP protocol to send mail message, using an inte
 
 Email connectors have the following configuration properties:
 
-Name::      The name of the connector. The name is used to identify a  connector in the management UI connector listing, or in the connector list when configuring an action. 
+Name::      The name of the connector. The name is used to identify a  connector in the management UI connector listing, or in the connector list when configuring an action.
 Sender::    The from address for all emails sent with this connector, specified in `user@host-name` format.
-Host::      Host name of the service provider. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure this hostname is whitelisted. 
+Host::      Host name of the service provider. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure this hostname is whitelisted.
 Port::      The port to connect to on the service provider.
-Secure::    If true the connection will use TLS when connecting to the service provider. See https://nodemailer.com/smtp/#tls-options[nodemailer TLS documentation] for more information.  
+Secure::    If true the connection will use TLS when connecting to the service provider. See https://nodemailer.com/smtp/#tls-options[nodemailer TLS documentation] for more information.
 Username::  username for 'login' type authentication.
 Password::  password for 'login' type authentication.
 
@@ -26,4 +26,4 @@ Email actions have the following configuration properties:
 
 To, CC, BCC::    Each is a list of addresses. Addresses can be specified in `user@host-name` format, or in `name <user@host-name>` format. One of To, CC, or BCC must contain an entry.
 Subject::       The subject line of the email.
-Message::       The message text of the email. Markdown format is supported.
+Message::       The message text of the email. Markdown format is supported.

docs/user/alerting/action-types/index.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[index-action-type]]
-== Index action type
+=== Index action
 
 The index action type will index a document into {es}.
 
@@ -21,4 +21,4 @@ Execution time field::  This field will be automatically set to the time the ale
 
 Index actions have the following properties:
 
-Document::  The document to index in json format.
+Document::  The document to index in json format.

docs/user/alerting/action-types/pagerduty.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[pagerduty-action-type]]
-== PagerDuty action type
+=== PagerDuty action
 
 The PagerDuty action type uses the https://v2.developer.pagerduty.com/docs/events-api-v2[v2 Events API] to trigger, acknowledge, and resolve PagerDuty alerts.
 
@@ -10,7 +10,7 @@ The PagerDuty action type uses the https://v2.developer.pagerduty.com/docs/event
 
 [float]
 [[pagerduty-benefits]]
-=== PagerDuty + Elastic integration benefits
+==== PagerDuty + Elastic integration benefits
 
 By integrating PagerDuty with alerts, you can:
 
@@ -20,7 +20,7 @@ By integrating PagerDuty with alerts, you can:
 
 [float]
 [[pagerduty-how-it-works]]
-==== How it works
+===== How it works
 
 {kib} allows you to create alerts to notify you of a significant move
 in your dataset.
@@ -28,7 +28,7 @@ You can create alerts for all your Observability, Security, and Elastic Stack us
 Alerts will trigger a new incident on the corresponding PagerDuty service.
 
 [float]
-==== Requirements
+===== Requirements
 
 In the `kibana.yml` configuration file, you must add the <<general-alert-action-settings, saved objects encryption setting>>.
 This is required to encrypt parameters that must be secured, for example PagerDuty’s integration key.
@@ -47,18 +47,17 @@ review the <<action-settings, Actions settings>> that are available to you.
 
 [float]
 [[pagerduty-support]]
-==== Support
+===== Support
 If you need help with this integration, get in touch with the {kib} team by visiting
 https://support.elastic.co[support.elastic.co] or by using the *Ask Elastic* option in the {kib} Help menu.
 You can also select the {kib} category at https://discuss.elastic.co/[discuss.elastic.co].
 
 [float]
 [[pagerduty-integration-walkthrough]]
-==== Integration with PagerDuty walkthrough
+===== Integration with PagerDuty walkthrough
 
-[float]
 [[pagerduty-in-pagerduty]]
-===== In PagerDuty
+*In PagerDuty*
 
 . From the *Configuration* menu, select *Services*.
 . Add an integration to a service:
@@ -83,9 +82,8 @@ image::user/alerting/images/pagerduty-integration.png[PagerDuty Integrations tab
 
 . Save this key, as you will use it when you configure the integration with Elastic in the next section.
 
-[float]
 [[pagerduty-in-elastic]]
-===== In Elastic
+*In Elastic*
 
 . Create a PagerDuty Connector in Kibana.  You can:
 +
@@ -117,7 +115,7 @@ https://v2.developer.pagerduty.com/v2/docs/send-an-event-events-api-v2[API v2 do
 
 [float]
 [[pagerduty-uninstall]]
-==== How to uninstall
+===== How to uninstall
 To remove a PagerDuty connector from an alert, simply remove it
 from the *Actions* section of that alert, using the remove (x) icon.
 This will disable the integration for the particular alert.
@@ -129,7 +127,7 @@ This is an irreversible action and impacts all alerts that use this connector.
 
 [float]
 [[pagerduty-connector-configuration]]
-=== Connector configuration
+==== Connector configuration
 
 PagerDuty connectors have the following configuration properties:
 
@@ -139,7 +137,7 @@ Routing Key::   A 32 character PagerDuty Integration Key for an integration on a
 
 [float]
 [[pagerduty-action-configuration]]
-=== Action configuration
+==== Action configuration
 
 PagerDuty actions have the following properties:
 

docs/user/alerting/action-types/server-log.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[server-log-action-type]]
-== Server log action type
+=== Server log action
 
 This action type writes and entry to the {kib} server log.
 
@@ -18,4 +18,4 @@ Name::      The name of the connector. The name is used to identify a  connector
 
 Server log actions have the following properties:
 
-Message::   The message to log. 
+Message::   The message to log.

docs/user/alerting/action-types/slack.asciidoc

@@ -1,8 +1,8 @@
 [role="xpack"]
 [[slack-action-type]]
-== Slack action type
+=== Slack action
 
-The Slack action type uses https://api.slack.com/incoming-webhooks[Slack Incoming Webhooks]. 
+The Slack action type uses https://api.slack.com/incoming-webhooks[Slack Incoming Webhooks].
 
 [float]
 [[slack-connector-configuration]]
@@ -11,7 +11,7 @@ The Slack action type uses https://api.slack.com/incoming-webhooks[Slack Incomin
 Slack connectors have the following configuration properties:
 
 Name::      The name of the connector. The name is used to identify a  connector in the management UI connector listing, or in the connector list when configuring an action.
-Webhook URL::   The URL of the incoming webhook. See https://api.slack.com/messaging/webhooks#getting_started[Slack Incoming Webhooks] for instructions on generating this URL. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted. 
+Webhook URL::   The URL of the incoming webhook. See https://api.slack.com/messaging/webhooks#getting_started[Slack Incoming Webhooks] for instructions on generating this URL. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted.
 
 [float]
 [[slack-action-configuration]]
@@ -19,4 +19,4 @@ Webhook URL::   The URL of the incoming webhook. See https://api.slack.com/messa
 
 Slack actions have the following properties:
 
-Message::   The message	text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported.
+Message::   The message	text, converted to the `text` field in the Webhook JSON payload. Currently only the text field is supported. Markdown, images, and other advanced formatting are not yet supported.

docs/user/alerting/action-types/webhook.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[webhook-action-type]]
-== Webhook action type
+=== Webhook action
 
 The Webhook action type uses https://github.com/axios/axios[axios] to send a POST or PUT request to a web service.
 
@@ -11,7 +11,7 @@ The Webhook action type uses https://github.com/axios/axios[axios] to send a POS
 Webhook connectors have the following configuration properties:
 
 Name::      The name of the connector. The name is used to identify a  connector in the management UI connector listing, or in the connector list when configuring an action.
-URL::       The request URL. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted. 
+URL::       The request URL. If you are using the <<action-settings, `xpack.actions.whitelistedHosts`>> setting, make sure the hostname is whitelisted.
 Method::    HTTP request method, either `post`(default) or `put`.
 Headers::   A set of key-value pairs sent as headers with the request
 User::      An optional username. If set, HTTP basic authentication is used. Currently only basic authentication is supported.
@@ -23,4 +23,4 @@ Password::  An optional password. If set, HTTP basic authentication is used. Cur
 
 Webhook actions have the following properties:
 
-Body::      A json payload sent to the request URL.
+Body::      A json payload sent to the request URL.