diff --git a/docs/limitations.asciidoc b/docs/limitations.asciidoc index 62dd2c7fc497..0b26a3cdcf71 100644 --- a/docs/limitations.asciidoc +++ b/docs/limitations.asciidoc @@ -11,9 +11,9 @@ These {stack} features also have limitations that affect {kib}: -* {stack-ov}/watcher-limitations.html[Alerting] +* {ref}/watcher-limitations.html[Alerting] * {stack-ov}/ml-limitations.html[Machine learning] -* {stack-ov}/security-limitations.html[Security] +* {ref}/security-limitations.html[Security] -- diff --git a/docs/management/dashboard_only_mode/index.asciidoc b/docs/management/dashboard_only_mode/index.asciidoc index 3040c73b468e..97ac4392827d 100644 --- a/docs/management/dashboard_only_mode/index.asciidoc +++ b/docs/management/dashboard_only_mode/index.asciidoc @@ -58,7 +58,7 @@ does not provide access to data indices. You must also assign the user a role that grants `read` access to each index you are using. Use *Management > Security > Roles* to create or edit a role and assign index privileges. -For information on roles and privileges, see {stack-ov}/authorization.html[User authorization]. +For information on roles and privileges, see {ref}/authorization.html[User authorization]. [role="screenshot"] image:management/dashboard_only_mode/images/custom_dashboard_mode_role.png["Dashboard Only mode has no editing controls"] diff --git a/docs/management/managing-licenses.asciidoc b/docs/management/managing-licenses.asciidoc index 221cf9a0408a..bbe4b3b68e03 100644 --- a/docs/management/managing-licenses.asciidoc +++ b/docs/management/managing-licenses.asciidoc @@ -25,4 +25,4 @@ license, extend the trial, or purchase a subscription. TIP: If {security-features} are enabled, before you revert to a Basic license or install a Gold or Platinum license, you must configure Transport Layer Security (TLS) in {es}. -See {stack-ov}/encrypting-communications.html[Encrypting communications]. \ No newline at end of file +See {ref}/encrypting-communications.html[Encrypting communications]. \ No newline at end of file diff --git a/docs/management/managing-remote-clusters.asciidoc b/docs/management/managing-remote-clusters.asciidoc index 8717476ac5d2..a776cdf0334c 100644 --- a/docs/management/managing-remote-clusters.asciidoc +++ b/docs/management/managing-remote-clusters.asciidoc @@ -10,7 +10,7 @@ Before using these features, you should be familiar with the following concepts: * {ref}/xpack-ccr.html[{ccr-cap}] * {ref}/modules-cross-cluster-search.html[{ccs-cap}] -* {stack-ov}/cross-cluster-configuring.html[Cross-cluster security requirements] +* {ref}/cross-cluster-configuring.html[Cross-cluster security requirements] [float] [[managing-remote-clusters]] diff --git a/docs/management/watcher-ui/index.asciidoc b/docs/management/watcher-ui/index.asciidoc index 767f9029907f..79db96d759aa 100644 --- a/docs/management/watcher-ui/index.asciidoc +++ b/docs/management/watcher-ui/index.asciidoc @@ -31,7 +31,7 @@ watch—input, schedule, condition, and actions. === Watcher security If the {es} {security-features} are enabled, you must have the -{stack-ov}/security-privileges.html[`manage_watcher` or `monitor_watcher`] +{ref}/security-privileges.html[`manage_watcher` or `monitor_watcher`] cluster privileges to use Watcher in {kib}. Alternately, you can have the built-in `kibana_user` role diff --git a/docs/settings/monitoring-settings.asciidoc b/docs/settings/monitoring-settings.asciidoc index f08ae8e942f4..68dd9a8b3cef 100644 --- a/docs/settings/monitoring-settings.asciidoc +++ b/docs/settings/monitoring-settings.asciidoc @@ -25,7 +25,7 @@ from Logstash, you configure in `logstash.yml`. For more information, see -{stack-ov}/xpack-monitoring.html[Monitoring the Elastic Stack]. +{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. [float] [[monitoring-general-settings]] diff --git a/docs/settings/ssl-settings.asciidoc b/docs/settings/ssl-settings.asciidoc index 434462583394..5341d3543e7c 100644 --- a/docs/settings/ssl-settings.asciidoc +++ b/docs/settings/ssl-settings.asciidoc @@ -2,7 +2,7 @@ === {component} TLS/SSL settings You can configure the following TLS/SSL settings. If the settings are not configured, the default values are used. See -{stack-ov}/security-settings.html[Default TLS/SSL Settings]. +{ref}/security-settings.html[Default TLS/SSL Settings]. ifdef::server[] +{ssl-prefix}.ssl.enabled+:: @@ -45,7 +45,7 @@ Java Cryptography Architecture documentation]. Defaults to the value of The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the default values are used. -See {stack-ov}/security-settings.html[Default TLS/SSL settings]. +See {ref}/security-settings.html[Default TLS/SSL settings]. ifdef::server[] A private key and certificate must be configured. @@ -55,7 +55,7 @@ A private key and certificate are optional and would be used if the server requi authentication. endif::server[] If none of the settings below are specified, the defaults values are used. -See {stack-ov}/security-settings.html[Default TLS/SSL settings]. +See {ref}/security-settings.html[Default TLS/SSL settings]. [float] ===== PEM encoded files diff --git a/docs/setup/production.asciidoc b/docs/setup/production.asciidoc index d3d24e8c41da..67afe0896a0d 100644 --- a/docs/setup/production.asciidoc +++ b/docs/setup/production.asciidoc @@ -23,8 +23,8 @@ and an Elasticsearch client node on the same machine. For more information, see [[configuring-kibana-shield]] === Using {stack} {security-features} -You can use {stack-ov}/elasticsearch-security.html[{stack} {security-features}] -to control what {es} data users can access through Kibana. +You can use {stack} {security-features} to control what {es} data users can +access through Kibana. When {security-features} are enabled, Kibana users have to log in. They need to have a role granting <> as well as access diff --git a/docs/user/monitoring/configuring-monitoring.asciidoc b/docs/user/monitoring/configuring-monitoring.asciidoc index b4a7273136f3..de9e99117fc9 100644 --- a/docs/user/monitoring/configuring-monitoring.asciidoc +++ b/docs/user/monitoring/configuring-monitoring.asciidoc @@ -15,7 +15,7 @@ You can also use {kib} to <>. To learn about monitoring in general, see -{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. +{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. include::monitoring-kibana.asciidoc[] include::monitoring-metricbeat.asciidoc[] diff --git a/docs/user/monitoring/elasticsearch-details.asciidoc b/docs/user/monitoring/elasticsearch-details.asciidoc index d24f14694565..2990e965be03 100644 --- a/docs/user/monitoring/elasticsearch-details.asciidoc +++ b/docs/user/monitoring/elasticsearch-details.asciidoc @@ -27,7 +27,7 @@ highlighted in yellow or red. TIP: Conditions that require your attention are listed at the top of the Clusters page. You can also set up watches to alert you when the status of your cluster changes. To learn how, see -{stack-ov}/watch-cluster-status.html[Watch Your Cluster Health]. +{ref}/watch-cluster-status.html[Watching the status of an {es} cluster]. The panel at the top shows the current cluster statistics, the charts show the search and indexing performance over time, and the table at the bottom shows @@ -145,7 +145,7 @@ You can also see advanced information, which contains the results from the [role="screenshot"] image::user/monitoring/images/monitoring-ccr-shard.png["Cross-cluster replication shard details",link="images/monitoring-ccr-shard.png"] -For more information, see {stack-ov}/xpack-ccr.html[Cross-cluster replication]. +For more information, see {ref}/xpack-ccr.html[{ccr-cap}]. [float] [[logs-monitor-page]] diff --git a/docs/user/monitoring/index.asciidoc b/docs/user/monitoring/index.asciidoc index 1e8bd7fd98de..edc572a56434 100644 --- a/docs/user/monitoring/index.asciidoc +++ b/docs/user/monitoring/index.asciidoc @@ -21,7 +21,7 @@ NOTE: Watcher must be enabled to view cluster alerts. If you have a Basic license, Top Cluster Alerts are not displayed. For more information, see <> and -{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. +{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. -- diff --git a/docs/user/monitoring/monitoring-kibana.asciidoc b/docs/user/monitoring/monitoring-kibana.asciidoc index ade964e0e9a4..d7af0d5c420a 100644 --- a/docs/user/monitoring/monitoring-kibana.asciidoc +++ b/docs/user/monitoring/monitoring-kibana.asciidoc @@ -13,7 +13,7 @@ which ultimately routes them to the monitoring cluster. For an alternative method, see <>. To learn about monitoring in general, see -{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. +{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. . Set the `xpack.monitoring.collection.enabled` setting to `true` on each node in the production cluster. By default, it is is disabled (`false`). diff --git a/docs/user/monitoring/monitoring-metricbeat.asciidoc b/docs/user/monitoring/monitoring-metricbeat.asciidoc index 94799bd147e3..f03a2ce1525a 100644 --- a/docs/user/monitoring/monitoring-metricbeat.asciidoc +++ b/docs/user/monitoring/monitoring-metricbeat.asciidoc @@ -13,7 +13,7 @@ production cluster as described in <>. image::user/monitoring/images/metricbeat.png[Example monitoring architecture] To learn about monitoring in general, see -{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. +{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. //NOTE: The tagged regions are re-used in the Stack Overview. @@ -134,9 +134,9 @@ If the Elastic {security-features} are enabled, you must also provide a user ID and password so that {metricbeat} can collect metrics successfully: .. Create a user on the production cluster that has the -`remote_monitoring_collector` {stack-ov}/built-in-roles.html[built-in role]. +`remote_monitoring_collector` {ref}/built-in-roles.html[built-in role]. Alternatively, use the `remote_monitoring_user` -{stack-ov}/built-in-users.html[built-in user]. +{ref}/built-in-users.html[built-in user]. .. Add the `username` and `password` settings to the {kib} module configuration file. @@ -197,9 +197,9 @@ must provide a valid user ID and password so that {metricbeat} can send metrics successfully: .. Create a user on the monitoring cluster that has the -`remote_monitoring_agent` {stack-ov}/built-in-roles.html[built-in role]. +`remote_monitoring_agent` {ref}/built-in-roles.html[built-in role]. Alternatively, use the `remote_monitoring_user` -{stack-ov}/built-in-users.html[built-in user]. +{ref}/built-in-users.html[built-in user]. .. Add the `username` and `password` settings to the {es} output information in the {metricbeat} configuration file. diff --git a/docs/user/monitoring/viewing-metrics.asciidoc b/docs/user/monitoring/viewing-metrics.asciidoc index b4718d07491e..61bcb9a49c90 100644 --- a/docs/user/monitoring/viewing-metrics.asciidoc +++ b/docs/user/monitoring/viewing-metrics.asciidoc @@ -41,7 +41,7 @@ default value, in the `kibana.yml` file. For more information, see must provide a user ID and password so {kib} can retrieve the data. .. Create a user that has the `monitoring_user` -{stack-ov}/built-in-roles.html[built-in role] on the monitoring cluster. +{ref}/built-in-roles.html[built-in role] on the monitoring cluster. .. Add the `xpack.monitoring.elasticsearch.username` and `xpack.monitoring.elasticsearch.password` settings in the `kibana.yml` file. @@ -64,7 +64,7 @@ remote monitoring cluster, you must use credentials that are valid on both the -- .. Create users that have the `monitoring_user` and `kibana_user` -{stack-ov}/built-in-roles.html[built-in roles]. +{ref}/built-in-roles.html[built-in roles]. . Open {kib} in your web browser. + diff --git a/docs/user/reporting/gs-index.asciidoc b/docs/user/reporting/gs-index.asciidoc index 61e1acce0c87..87918ee76340 100644 --- a/docs/user/reporting/gs-index.asciidoc +++ b/docs/user/reporting/gs-index.asciidoc @@ -16,7 +16,7 @@ The following Reporting button appears in the {kib} toolbar: image:images/reporting.jpg["Reporting",link="reporting.jpg"] -You can also {stack-ov}/automating-report-generation.html[generate reports automatically]. +You can also <>. IMPORTANT: Reports are stored in the `.reporting-*` indices. Any user with access to these indices has access to every report generated by all users. diff --git a/docs/user/reporting/watch-example.asciidoc b/docs/user/reporting/watch-example.asciidoc index 6e147ccdf9ee..4f5f011d4107 100644 --- a/docs/user/reporting/watch-example.asciidoc +++ b/docs/user/reporting/watch-example.asciidoc @@ -59,4 +59,4 @@ report from the Kibana UI. NOTE: Reporting is integrated with Watcher only as an email attachment type. For more information about configuring watches, see -{stack-ov}/how-watcher-works.html[How Watcher Works]. +{ref}/how-watcher-works.html[How Watcher works]. diff --git a/docs/user/security/audit-logging.asciidoc b/docs/user/security/audit-logging.asciidoc index bca2df5d0657..f72ae0dcf9c9 100644 --- a/docs/user/security/audit-logging.asciidoc +++ b/docs/user/security/audit-logging.asciidoc @@ -12,7 +12,7 @@ audit logging to get a holistic view of all security related events. {kib} defers to {es}'s security model for authentication, data index authorization, and features that are driven by cluster-wide privileges. For more information on enabling audit logging in {es}, see -{stack-ov}/auditing.html[Auditing Security Events]. +{ref}/auditing.html[Auditing security events]. [IMPORTANT] ============================================================================ diff --git a/docs/user/security/authorization/index.asciidoc b/docs/user/security/authorization/index.asciidoc index 05182d9dc687..803d22a91a30 100644 --- a/docs/user/security/authorization/index.asciidoc +++ b/docs/user/security/authorization/index.asciidoc @@ -2,7 +2,7 @@ [[xpack-security-authorization]] === Granting access to {kib} -The Elastic Stack comes with the `kibana_user` {stack-ov}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. +The Elastic Stack comes with the `kibana_user` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_user` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_user` has access to all the features in all spaces. diff --git a/docs/user/security/index.asciidoc b/docs/user/security/index.asciidoc index 44ffb39a9061..7b7e38d61084 100644 --- a/docs/user/security/index.asciidoc +++ b/docs/user/security/index.asciidoc @@ -7,7 +7,7 @@ security, you can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing. For more information, see -{stack-ov}/elasticsearch-security.html[Securing {es} and {kib}] and +{ref}/secure-cluster.html[Secure a cluster] and <>. [float] @@ -16,7 +16,7 @@ auditing. For more information, see You can create and manage users on the *Management -> Security -> Users* page. You can also change their passwords and roles. For more information about authentication and built-in users, see -{stack-ov}/setting-up-authentication.html[Setting up user authentication]. +{ref}/setting-up-authentication.html[Setting up user authentication]. [float] === Roles @@ -25,7 +25,7 @@ You can manage roles on the *Management -> Security -> Roles* page, or use the <>. For more information on configuring roles for {kib}, see <>. For a more holistic overview of configuring roles for the entire stack, -see {stack-ov}/authorization.html[Configuring role-based access control]. +see {ref}/authorization.html[User authorization]. [NOTE] ============================================================================ diff --git a/docs/user/security/securing-kibana.asciidoc b/docs/user/security/securing-kibana.asciidoc index 51c796e7fe9e..fa11d5925bdb 100644 --- a/docs/user/security/securing-kibana.asciidoc +++ b/docs/user/security/securing-kibana.asciidoc @@ -40,7 +40,7 @@ APIs and the `.kibana` index. The server does _not_ need access to user indices. The password for the built-in `kibana` user is typically set as part of the {security} configuration process on {es}. For more information, see -{stack-ov}/built-in-users.html[Built-in users]. +{ref}/built-in-users.html[Built-in users]. -- . Set the `xpack.security.encryptionKey` property in the `kibana.yml`