elastic · florent-leborgne · Sep 26, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
@@ -60,7 +60,7 @@ Configuration options are available to specialize connections to TLS servers, in
 Rules are taking a long time to run and are impacting the overall health of your deployment.
 
 ::::{important}
-By default, only users with a `superuser` role can query the [preview] {{kib}} event log because it is a system index. To enable additional users to run this query, assign `read` privileges to the `.kibana-event-log*` index.
+By default, only users with a `superuser` role can query the {{kib}} event log because it is a system index. To enable additional users to run this query, assign `read` privileges to the `.kibana-event-log*` index.
 
 ::::
 

@@ -62,7 +62,7 @@ curl -X POST -k \
  -d '{"params":{"subject":"hallo","message":"hallo!","to":["me@example.com"]}}'
 ```
 
-[preview] In addition, there is a command-line client that uses legacy rule APIs, which can be easier to use, but must be updated for the new APIs. CLI tools to list, create, edit, and delete alerts (rules) and actions (connectors) are available in [kbn-action](https://github.com/pmuellr/kbn-action), which you can install as follows:
+{applies_to}`stack: preview` {applies_to}`serverless: preview` In addition, there is a command-line client that uses legacy rule APIs, which can be easier to use, but must be updated for the new APIs. CLI tools to list, create, edit, and delete alerts (rules) and actions (connectors) are available in [kbn-action](https://github.com/pmuellr/kbn-action), which you can install as follows:
 
 ```txt
 npm install -g pmuellr/kbn-action

@@ -61,7 +61,7 @@ You can add one or more actions to your rule to generate notifications when its
 
 Each action uses a connector, which provides connection information for a {{kib}} service or third party integration, depending on where you want to send the notifications.
 
-[preview] Some connectors that perform actions within {{kib}}, such as the [Cases connector](kibana://reference/connectors-kibana/cases-action-type.md), require less configuration. For example, you do not need to set the action frequency or variables.
+{applies_to}`stack: preview` {applies_to}`serverless: preview` Some connectors that perform actions within {{kib}}, such as the [Cases connector](kibana://reference/connectors-kibana/cases-action-type.md), require less configuration. For example, you do not need to set the action frequency or variables.
 
 After you select a connector, set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you an choose to run actions for each alert (at each check interval, only when the alert status changes, or at a custom interval).
 
@@ -129,7 +129,7 @@ When you snooze a rule, the rule checks continue to run on a schedule but alerts
 
 When a rule is in a snoozed state, you can cancel or change the duration of this state.
 
-[preview] To temporarily suppress notifications for rules, you can also create a [maintenance window](maintenance-windows.md).
+{applies_to}`stack: preview` {applies_to}`serverless: preview` To temporarily suppress notifications for rules, you can also create a [maintenance window](maintenance-windows.md).
 
 ## View rule details [rule-details]
 

@@ -68,23 +68,23 @@ If the rule’s action frequency is a summary of alerts, it passes the following
 
     **Properties of the alerts.all.data objects**:
 
-    `kibana.alert.end`
-    :   Datetime stamp of alert end. [preview]
+    `kibana.alert.end` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert end.
 
-    `kibana.alert.flapping`
-    :   A flag on the alert that indicates whether the alert status is changing repeatedly. [preview]
+    `kibana.alert.flapping` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   A flag on the alert that indicates whether the alert status is changing repeatedly.
 
-    `kibana.alert.instance.id`
-    :   ID of the source that generates the alert. [preview]
+    `kibana.alert.instance.id` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   ID of the source that generates the alert.
 
-    `kibana.alert.reason`
-    :   The reason of the alert (generated with the rule conditions). [preview]
+    `kibana.alert.reason` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   The reason of the alert (generated with the rule conditions).
 
-    `kibana.alert.start`
-    :   Datetime stamp of alert start. [preview]
+    `kibana.alert.start` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert start.
 
-    `kibana.alert.status`
-    :   Alert status (for example, active or OK). [preview]
+    `kibana.alert.status` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Alert status (for example, active or OK).
 
 `alerts.new.count`
 :   The count of new alerts.
@@ -94,23 +94,23 @@ If the rule’s action frequency is a summary of alerts, it passes the following
 
     **Properties of the alerts.new.data objects**:
 
-    `kibana.alert.end`
-    :   Datetime stamp of alert end. [preview]
+    `kibana.alert.end` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert end.
 
-    `kibana.alert.flapping`
-    :   A flag on the alert that indicates whether the alert status is changing repeatedly. [preview]
+    `kibana.alert.flapping` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   A flag on the alert that indicates whether the alert status is changing repeatedly.
 
-    `kibana.alert.instance.id`
-    :   ID of the source that generates the alert. [preview]
+    `kibana.alert.instance.id` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   ID of the source that generates the alert.
 
-    `kibana.alert.reason`
-    :   The reason of the alert (generated with the rule conditions). [preview]
+    `kibana.alert.reason` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   The reason of the alert (generated with the rule conditions).
 
-    `kibana.alert.start`
-    :   Datetime stamp of alert start. [preview]
+    `kibana.alert.start` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert start.
 
-    `kibana.alert.status`
-    :   Alert status (for example, active or OK). [preview]
+    `kibana.alert.status` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Alert status (for example, active or OK).
 
 `alerts.ongoing.count`
 :   The count of ongoing alerts.
@@ -120,23 +120,23 @@ If the rule’s action frequency is a summary of alerts, it passes the following
 
     **Properties of the alerts.ongoing.data objects**:
 
-    `kibana.alert.end`
-    :   Datetime stamp of alert end. [preview]
+    `kibana.alert.end` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert end.
 
-    `kibana.alert.flapping`
-    :   A flag on the alert that indicates whether the alert status is changing repeatedly. [preview]
+    `kibana.alert.flapping` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   A flag on the alert that indicates whether the alert status is changing repeatedly.
 
-    `kibana.alert.instance.id`
-    :   ID of the source that generates the alert. [preview]
+    `kibana.alert.instance.id` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   ID of the source that generates the alert.
 
-    `kibana.alert.reason`
-    :   The reason of the alert (generated with the rule conditions). [preview]
+    `kibana.alert.reason` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   The reason of the alert (generated with the rule conditions).
 
-    `kibana.alert.start`
-    :   Datetime stamp of alert start. [preview]
+    `kibana.alert.start` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert start.
 
-    `kibana.alert.status`
-    :   Alert status (for example, active or OK). [preview]
+    `kibana.alert.status` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Alert status (for example, active or OK).
 
 `alerts.recovered.count`
 :   The count of recovered alerts.
@@ -146,23 +146,23 @@ If the rule’s action frequency is a summary of alerts, it passes the following
 
     **Properties of the alerts.recovered.data objects**:
 
-    `kibana.alert.end`
-    :   Datetime stamp of alert end. [preview]
+    `kibana.alert.end` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert end.
 
-    `kibana.alert.flapping`
-    :   A flag on the alert that indicates whether the alert status is changing repeatedly. [preview]
+    `kibana.alert.flapping` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   A flag on the alert that indicates whether the alert status is changing repeatedly.
 
-    `kibana.alert.instance.id`
-    :   ID of the source that generates the alert. [preview]
+    `kibana.alert.instance.id` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   ID of the source that generates the alert.
 
-    `kibana.alert.reason`
-    :   The reason of the alert (generated with the rule conditions). [preview]
+    `kibana.alert.reason` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   The reason of the alert (generated with the rule conditions).
 
-    `kibana.alert.start`
-    :   Datetime stamp of alert start. [preview]
+    `kibana.alert.start` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Datetime stamp of alert start.
 
-    `kibana.alert.status`
-    :   Alert status (for example, active or OK). [preview]
+    `kibana.alert.status` {applies_to}`stack: preview` {applies_to}`serverless: preview`
+    :   Alert status (for example, active or OK).
 
 ### Action frequency: For each alert [alert-action-variables]
 

@@ -25,7 +25,7 @@ Some rule types are subscription features, while others are free features. For a
 | --- | --- |
 | [{{es}} query](rule-type-es-query.md) | Run a user-configured {{es}} query, compare the number of matches to a configured threshold, and schedule actions to run when the threshold condition is met. |
 | [Index threshold](rule-type-index-threshold.md) | Aggregate field values from documents using {{es}} queries, compare them to threshold values, and schedule actions to run when the thresholds are met. |
-| [{{transform-cap}} rules](../../transforms/transform-alerts.md) | [beta] Run scheduled checks on a {{ctransform}} to check its health. If a {{ctransform}} meets the conditions, an alert is created and the associated action is triggered. |
+| [{{transform-cap}} rules](../../transforms/transform-alerts.md) | {applies_to}`stack: beta` {applies_to}`serverless: beta` Run scheduled checks on a {{ctransform}} to check its health. If a {{ctransform}} meets the conditions, an alert is created and the associated action is triggered. |
 | [Tracking containment](geo-alerting.md) | Run an {{es}} query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule’s conditions are met. |
 
 ## {{observability}} rules [observability-rules]
@@ -38,8 +38,12 @@ If you create a rule in the {{observability}} app, its alerts are not visible in
 ::::
 
 ## Machine learning rules [ml-rules]
+```{applies_to}
+stack: beta
+serverless: beta
+```
 
-[beta] [{{ml-cap}} rules](../../machine-learning/anomaly-detection/ml-configuring-alerts.md) run scheduled checks on an {{anomaly-job}} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
+[{{ml-cap}} rules](../../machine-learning/anomaly-detection/ml-configuring-alerts.md) run scheduled checks on an {{anomaly-job}} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
 
 ## Security rules [security-rules]
 

@@ -29,7 +29,11 @@ or by directly opening the proper connector edit flyout:
 :screenshot:
 :::
 
-## [preview] Troubleshooting connectors with the `kbn-action` tool [_troubleshooting_connectors_with_the_kbn_action_tool]
+## Troubleshooting connectors with the `kbn-action` tool [_troubleshooting_connectors_with_the_kbn_action_tool]
+```{applies_to}
+stack: preview
+serverless: preview
+```
 
 You can run an email action via [kbn-action](https://github.com/pmuellr/kbn-action). In this example, it is a Cloud hosted deployment of the {{stack}}:
 

@@ -13,7 +13,7 @@ products:
 
 When the conditions of a rule are met, it creates an alert. If the rule has actions, they run at the defined frequency. For example, the rule can send email notifications for each alert at a custom interval. For an introduction to the concepts of rules, alerts, and actions, refer to [Alerting](../alerts.md).
 
-You can manage the alerts for each rule in **{{stack-manage-app}}** > **{{rules-ui}}**. Alternatively, manage all your alerts in **{{stack-manage-app}}** > **Alerts**. [preview]
+You can manage the alerts for each rule in **{{stack-manage-app}}** > **{{rules-ui}}**. Alternatively, manage all your alerts in **{{stack-manage-app}}** > **Alerts**.
 
 :::{image} /explore-analyze/images/kibana-stack-management-alerts-page.png
 :alt: Alerts page with multiple alerts

@@ -13,7 +13,7 @@ products:
 
 Cases are used to open and track issues directly in {{kib}}. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can create cases automatically when alerts occur or send cases to external incident management systems by configuring connectors.
 
-You can also optionally add custom fields and case templates. [preview]
+{applies_to}`stack: preview` {applies_to}`serverless: preview` You can also optionally add custom fields and case templates.
 
 :::{image} /explore-analyze/images/kibana-cases-list.png
 :alt: Cases page

@@ -23,7 +23,7 @@ Open a new case to keep track of issues and share their details with colleagues.
    :screenshot:
    :::
 
-2. If you defined [templates](manage-cases-settings.md#case-templates), you can optionally select one to use its default field values. [preview]
+2. If you defined [templates](manage-cases-settings.md#case-templates), you can optionally select one to use its default field values.
 3. Give the case a name, severity, and description.
    ::::{tip}
    In the `Description` area, you can use [Markdown](https://www.markdownguide.org/cheat-sheet) syntax to create formatted text.
@@ -32,14 +32,10 @@ Open a new case to keep track of issues and share their details with colleagues.
 4. Optionally, add a category, assignees, and tags. You can add users only if they meet the necessary [prerequisites](setup-cases.md).
 5. If you defined any [custom fields](manage-cases-settings.md#case-custom-fields), they appear in the **Additional fields** section.
 
-    :::{admonition} Added in 8.15.0
-    This functionality was added in 8.15.0.
-    :::
-
 6. For the **External incident management system**, select a connector. For more information, refer to [External incident management systems](manage-cases-settings.md#case-connectors).
 7. After you’ve completed all of the required fields, click **Create case**.
 
-[preview] Alternatively, you can configure your rules to automatically create cases by using [case actions](kibana://reference/connectors-kibana/cases-action-type.md). By default, the rule adds all of the alerts within a specified time window to a single case. You can optionally choose a field to group the alerts and create separate cases for each group. You can also choose whether you want the rule to reopen cases or open new ones when the time window elapses.
+{applies_to}`stack: preview` {applies_to}`serverless: preview` Alternatively, you can configure your rules to automatically create cases by using [case actions](kibana://reference/connectors-kibana/cases-action-type.md). By default, the rule adds all of the alerts within a specified time window to a single case. You can optionally choose a field to group the alerts and create separate cases for each group. You can also choose whether you want the rule to reopen cases or open new ones when the time window elapses.
 
 ## Add email notifications [add-case-notifications]
 

@@ -18,7 +18,7 @@ ELSER is an out-of-domain model which means it does not require fine-tuning on y
 This model is recommended for English language documents and queries. If you want to perform semantic search on non-English language documents, use the [E5](ml-nlp-e5.md) model.
 
 ::::{important}
-While ELSER V2 is generally available, ELSER V1 is in [preview] and will remain in technical preview.
+While ELSER V2 is generally available, ELSER V1 is and will remain in technical preview.
 ::::
 
 ## Tokens - not synonyms [elser-tokens]

@@ -173,7 +173,7 @@ $$$jdbc-cfg-timezone$$$
 `catalog`
 :   Default catalog (cluster) for queries. If unspecified, the queries execute on the data in the local cluster only.
 
-    [preview] See [{{ccs}}](../../../solutions/search/cross-cluster-search.md).
+    See [{{ccs}}](../../../solutions/search/cross-cluster-search.md).
 
 
 

@@ -18,7 +18,7 @@ Access these specialized tools in Kibana and the Serverless UI to develop, debug
 | [Console](tools/console.md) | Interact with the REST APIs of {{es}} and {{kib}}, including sending requests and viewing API documentation. |
 | [{{searchprofiler}}](tools/search-profiler.md) | Inspect and analyze your search queries. |
 | [Grok Debugger](tools/grok-debugger.md) | Build and debug grok patterns before you use them in your data processing pipelines. |
-| [Painless Lab](../scripting/painless-lab.md) | [beta] Test and debug Painless scripts in real-time. |
+| [Painless Lab](../scripting/painless-lab.md) | {applies_to}`stack: beta` {applies_to}`serverless: beta` Test and debug Painless scripts in real-time. |
 | [Playground](tools/playground.md) | Combine your Elasticsearch data with the power of large language models (LLMs) for retrieval augmented generation (RAG), using a chat interface. |
 
 

@@ -152,7 +152,7 @@ Create and share JSON files for workpads.
 
 ## Embed outside of {{kib}} [_embed_outside_of_kib]
 
-* [beta] **Share on a website** — Download and securely share **Canvas** workpads on any website.
+* {applies_to}`stack: beta` {applies_to}`serverless: beta` **Share on a website** — Download and securely share **Canvas** workpads on any website.
 * **Embed code** — Embed fully interactive dashboards as an iframe on web pages.
 
 ::::{note}
@@ -164,8 +164,12 @@ For {{ech}} deployments, {{kib}} instances require a minimum of 2GB RAM to gener
 
 
 ## Share workpads on a website [add-workpad-website]
+```{applies_to}
+stack: beta
+serverless: beta
+```
 
-[beta] Create and securely share static **Canvas** workpads on a website. To customize the behavior of the workpad on your website, you can choose to autoplay the pages or hide the workpad toolbar.
+Create and securely share static **Canvas** workpads on a website. To customize the behavior of the workpad on your website, you can choose to autoplay the pages or hide the workpad toolbar.
 
 1. Go to **Canvas**.
 2. Open the workpad you want to share.