elastic · karenzone · Feb 26, 2025 · Feb 26, 2025 · Feb 26, 2025 · Feb 26, 2025
@@ -40,7 +40,7 @@ You’ll start with installing the Elastic GCP integration to add pre-built dash
 
 4. Click **Save integration**.
 
-:::::{admonition}
+:::::{note}
 This tutorial assumes the Elastic cluster is already running. To continue, you’ll need your **Cloud ID** and an **API Key**.
 
 To find the Cloud ID of your [deployment](https://cloud.elastic.co/deployments), go to the deployment’s **Overview** page.

@@ -29,7 +29,7 @@ To collect Kinesis data stream metrics from Amazon CloudWatch, you typically nee
 Expand the **quick guide** to learn how, or skip to the next section if your data is already in {{es}}.
 
 :::::{dropdown} **Quick guide: Add data**
-::::{admonition}
+::::{note}
 1. In the Observability UI, find **Integrations** in the main menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. In the query bar, search for and select the **Amazon Kinesis Data Stream** integration.
 3. Read the overview to make sure you understand integration requirements and other considerations.
@@ -48,7 +48,7 @@ Expand the **quick guide** to learn how, or skip to the next section if your dat
 7. Click **Save and continue**. This step takes a minute or two to complete. When it’s done, you’ll have an agent policy that contains an integration policy for the configuration you just specified. If an {{agent}} is already assigned to the policy, you’re done. Otherwise, you need to deploy an {{agent}}.
 8. To deploy an {{agent}}:
 
-    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent*** flyout. If you accidentally close the popup or the flyout doesn’t open, go to ***{{fleet}} → Agents**, then click **Add agent** to access the flyout.
+    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent** flyout. If you accidentally close the popup or the flyout doesn’t open, go to **{{fleet}} → Agents**, then click **Add agent** to access the flyout.
     2. Follow the steps in the **Add agent** flyout to download, install, and enroll the {{agent}}.
 
 9. When incoming data is confirmed—after a minute or two—click **View assets** to access the dashboards.

@@ -25,7 +25,7 @@ To collect SQS metrics, you typically need to install the Elastic [Amazon SQS in
 Expand the **quick guide** to learn how, or skip to the next section if your data is already in {{es}}.
 
 :::::{dropdown} **Quick guide: Add data**
-::::{admonition}
+::::{note}
 1. In the Observability UI, find **Integrations** in the main menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. In the query bar, search for and select the **Amazon SQS** integration.
 3. Read the overview to make sure you understand integration requirements and other considerations.
@@ -44,7 +44,7 @@ Expand the **quick guide** to learn how, or skip to the next section if your dat
 7. Click **Save and continue**. This step takes a minute or two to complete. When it’s done, you’ll have an agent policy that contains an integration policy for the configuration you just specified. If an {{agent}} is already assigned to the policy, you’re done. Otherwise, you need to deploy an {{agent}}.
 8. To deploy an {{agent}}:
 
-    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent*** flyout. If you accidentally close the popup or the flyout doesn’t open, go to ***{{fleet}} → Agents**, then click **Add agent** to access the flyout.
+    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent** flyout. If you accidentally close the popup or the flyout doesn’t open, go to **{{fleet}} → Agents**, then click **Add agent** to access the flyout.
     2. Follow the steps in the **Add agent** flyout to download, install, and enroll the {{agent}}.
 
 9. When incoming data is confirmed—after a minute or two—click **View assets** to access the dashboards.

@@ -28,7 +28,7 @@ To collect S3 metrics, you typically need to install the Elastic [Amazon S3 inte
 Expand the **quick guide** to learn how, or skip to the next section if your data is already in {{es}}.
 
 :::::{dropdown} **Quick guide: Add data**
-::::{admonition}
+::::{note}
 1. In the Observability UI, find **Integrations** in the main menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. In the query bar, search for and select the **Amazon S3** integration.
 3. Read the overview to make sure you understand integration requirements and other considerations.
@@ -47,7 +47,7 @@ Expand the **quick guide** to learn how, or skip to the next section if your dat
 7. Click **Save and continue**. This step takes a minute or two to complete. When it’s done, you’ll have an agent policy that contains an integration policy for the configuration you just specified. If an {{agent}} is already assigned to the policy, you’re done. Otherwise, you need to deploy an {{agent}}.
 8. To deploy an {{agent}}:
 
-    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent*** flyout. If you accidentally close the popup or the flyout doesn’t open, go to ***{{fleet}} → Agents**, then click **Add agent** to access the flyout.
+    1. In the popup, click **Add {{agent}} to your hosts** to open the **Add agent** flyout. If you accidentally close the popup or the flyout doesn’t open, go to **{{fleet}} → Agents**, then click **Add agent** to access the flyout.
     2. Follow the steps in the **Add agent** flyout to download, install, and enroll the {{agent}}.
 
 9. When incoming data is confirmed—after a minute or two—click **View assets** to access the dashboards.

@@ -45,7 +45,7 @@ In this step, you create an Amazon Simple Queue Service (SQS) queue and configur
 
 You should already have an S3 bucket that contains exported VPC flow logs. If you don’t, create one now. To learn how, refer to [publishing flow logs to an S3 bucket](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.md).
 
-::::{admonition}
+::::{note}
 **Why is an SQS queue needed?**
 
 Creating an SQS queue helps avoid significant lagging caused by polling all log files from each S3 bucket. Instead of polling each bucket, you configure the S3 buckets to send a notification to the SQS queue whenever a new object is created. The {{agent}} monitors the SQS queue for new object creation messages and uses information in the messages to retrieve logs from the S3 buckets. With this setup, periodic polling from each S3 bucket is not needed. Instead, the {{agent}} S3 input guarantees near real-time data collection from S3 buckets with both speed and reliability.
@@ -188,7 +188,7 @@ VPC flow logs are sent to an S3 bucket, which sends a notification to the SQS qu
 
 ## Step 4: Collect S3 access logs [aws-elastic-agent-collect-s3-access-logs]
 
-::::{admonition}
+::::{note}
 S3 access logs contain detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.
 
 ::::

@@ -5,7 +5,7 @@ mapped_pages:
 
 # Monitor Microsoft Azure OpenAI [monitor-azure-openai]
 
-::::{admonition}
+::::{note}
 **New to Elastic?** Follow the steps in our [getting started guide](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/getting-started-observability.html) instead of the steps described here. Return to this tutorial after you’ve learned the basics.
 
 ::::

@@ -5,7 +5,7 @@ mapped_pages:
 
 # Monitor Microsoft Azure with the Azure Native ISV Service [monitor-azure-native]
 
-::::{admonition}
+::::{note}
 The {{ecloud}} Azure Native ISV Service allows you to deploy managed instances of the {{stack}} directly in Azure, through the Azure integrated marketplace. The service includes native capabilities for consolidating Azure logs and metrics in Elastic. For more information, refer to [Azure Native ISV Service](../../../deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md).
 
 **Using {{agent}} to monitor Azure?** Refer to [Monitor Microsoft Azure with {{agent}}](monitor-microsoft-azure-with-elastic-agent.md).

@@ -5,7 +5,7 @@ mapped_pages:
 
 # Monitor Microsoft Azure with Beats [monitor-azure]
 
-::::{admonition}
+::::{note}
 **Are you sure you want to use {{beats}}?**
 
 {{agent}} is the recommended way to monitor Azure if you want to manage your agents centrally in {{fleet}}. To learn how to use {{agent}}, refer to [Monitor Microsoft Azure with {{agent}}](monitor-microsoft-azure-with-elastic-agent.md).

@@ -5,7 +5,7 @@ mapped_pages:
 
 # Monitor Microsoft Azure with Elastic Agent [monitor-azure-elastic-agent]
 
-::::{admonition}
+::::{note}
 **New to Elastic?** Follow the steps in our [getting started guide](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/getting-started-observability.html) instead of the steps described here. Return to this tutorial after you’ve learned the basics.
 
 **Using the native Azure integration from the marketplace?** Refer to [Monitor Microsoft Azure with the Azure Native ISV Service](monitor-microsoft-azure-with-azure-native-isv-service.md).
@@ -195,7 +195,7 @@ To create an Azure event hub:
 7. Click **Review + create**, and then click **Create** to deploy the resource.
 8. Make a note of the namespace and event hub name because you will need them later.
 
-:::::{admonition}
+:::::{note}
 **When do I need more than one event hub?**
 
 Typically you create an event hub for each service you want to monitor. For example, imagine that you want to collect activity logs from the Azure Monitor service plus signin and audit logs from the Active Directory service. Rather than sending all logs to a single event hub, you create an event hub for each service:

@@ -9,8 +9,7 @@ mapped_pages:
 # Create an observability project [observability-create-an-observability-project]
 
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 The **Admin** role or higher is required to create projects. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
 

@@ -113,8 +113,8 @@ When the script is done, you’ll see a message like "{{agent}} is configured an
 
 There might be a slight delay before logs and other data are ingested.
 
-::::{admonition} Need to scan your host again?
-:class: note
+::::{note}
+**Need to scan your host again?**
 
 The auto-detection script (`auto_detect.sh`) is downloaded to the directory where you ran the installation command. You can re-run the script on the same host to detect additional logs. The script will scan the host and reconfigure {{agent}} with any additional logs that are found. If the script misses any custom logs, you can add them manually by entering `n` after the script has finished scanning the host.
 

@@ -8,8 +8,7 @@ mapped_urls:
 
 % Serverless only for the following role, does stateful require a special role?
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 For Observability serverless projects, the **Editor** role or higher is required to create and edit connectors. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 
@@ -54,7 +53,7 @@ After creating a connector, you can set your cases to [automatically close](../.
 ### Create a connector [new-connector-observability]
 
 1. From the **Incident management system** list, select **Add new connector**.
-2. Select the system to send cases to: **{{sn}}**, **{{jira}}***, ***{{ibm-r}}***, ***{{swimlane}}***, ***TheHive**, or **{{webhook-cm}}**.
+2. Select the system to send cases to: **{{sn}}**, **{{jira}}**, **{{ibm-r}}**, **{{swimlane}}**, **TheHive**, or **{{webhook-cm}}**.
 
     :::{image} ../../../images/serverless-observability-cases-add-connector.png
     :alt: Add a connector to send cases to an external source

@@ -9,16 +9,15 @@ mapped_pages:
 # Create an anomaly detection rule [observability-aiops-generate-anomaly-alerts]
 
 
-::::{admonition} Required role
-:class: note
+::::{note} 
 
 The **Editor** role or higher is required to create anomaly detection rules. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
 
 ::::
 
 
-::::{admonition} Anomaly detection alerting is in beta
-:class: important
+::::{important} 
+**Anomaly detection alerting is in beta**
 
 The Anomaly detection alerting functionality is in beta and is subject to change. The design and code is less mature than official generally available features and is being provided as-is with no warranties.
 

@@ -13,8 +13,7 @@ To use the APM Anomaly rule, you have to enable [machine learning](../../../solu
 
 ::::
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 For Observability serverless projects, the **Editor** role or higher is required to create anomaly rules. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 
@@ -29,7 +28,7 @@ You can create an anomaly rule to alert you when either the latency, throughput,
 :::
 
 ::::{tip}
-These steps show how to use the **Alerts** UI. You can also create an anomaly rule directly from any page within **Applications***. Click the ***Alerts and rules*** button, and select ***Create anomaly rule***. When you create a rule this way, the ***Name** and **Tags** fields will be prepopulated but you can still change these.
+These steps show how to use the **Alerts** UI. You can also create an anomaly rule directly from any page within **Applications**. Click the **Alerts and rules** button, and select **Create anomaly rule**. When you create a rule this way, the **Name** and **Tags** fields will be prepopulated but you can still change these.
 
 ::::
 
@@ -40,7 +39,7 @@ To create your anomaly rule:
 2. Select **Manage Rules** from the **Alerts** page, and select **Create rule**.
 3. Enter a **Name** for your rule, and any optional **Tags** for more granular reporting (leave blank if unsure).
 4. Select the **APM Anomaly** rule type.
-5. Select the appropriate **Service**, **Type***, and ***Environment** (or leave **ALL** to include all options).
+5. Select the appropriate **Service**, **Type**, and **Environment** (or leave **ALL** to include all options).
 6. Select the desired severity (critical, major, minor, warning) from **Has anomaly with severity**.
 7. Define the interval to check the rule (for example, check every 1 minute).
 8. (Optional) Set up **Actions**.

@@ -9,8 +9,7 @@ mapped_pages:
 # Create an Elasticsearch query rule [observability-create-elasticsearch-query-rule]
 
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 The **Editor** role or higher is required to create Elasticsearch query rules. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
 

@@ -9,8 +9,7 @@ navigation_title: "Error count threshold"
 # Create an error count threshold rule [observability-create-error-count-threshold-alert-rule]
 
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 For Observability serverless projects, the **Editor** role or higher is required to create error count threshold rules. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 
@@ -25,7 +24,7 @@ Create an error count threshold rule to alert you when the number of errors in a
 :::
 
 ::::{tip}
-These steps show how to use the **Alerts** UI. You can also create an error count threshold rule directly from any page within **Applications***. Click the ***Alerts and rules*** button, and select ***Create error count rule***. When you create a rule this way, the ***Name** and **Tags** fields will be prepopulated but you can still change these.
+These steps show how to use the **Alerts** UI. You can also create an error count threshold rule directly from any page within **Applications**. Click the **Alerts and rules** button, and select **Create error count rule**. When you create a rule this way, the **Name** and **Tags** fields will be prepopulated but you can still change these.
 
 ::::
 
@@ -36,7 +35,7 @@ To create your error count threshold rule:
 2. Select **Manage Rules** from the **Alerts** page, and select **Create rule**.
 3. Enter a **Name** for your rule, and any optional **Tags** for more granular reporting (leave blank if unsure).
 4. Select the **Error count threshold** rule type from the APM use case.
-5. Select the appropriate **Service**, **Environment***, and ***Error Grouping Key*** (or leave ***ALL** to include all options). Alternatively, you can select **Use KQL Filter** and enter a KQL expression to limit the scope of your rule.
+5. Select the appropriate **Service**, **Environment**, and **Error Grouping Key** (or leave **ALL** to include all options). Alternatively, you can select **Use KQL Filter** and enter a KQL expression to limit the scope of your rule.
 6. Enter the error threshold in **Is Above** (defaults to 25 errors).
 7. Define the period to be assessed in **For the last** (defaults to last 5 minutes).
 8. Choose how to **Group alerts by**. Every unique value will create an alert.
@@ -168,7 +167,7 @@ This guide will create an alert for an error group ID based on the following cri
 * Check every 1 minute
 * Send the alert via email to the site reliability team
 
-From any page in **Applications**, select **Alerts and rules*** → ***Create threshold rule** → **Error count rule**. Change the name of the alert (if you wish), but do not edit the tags.
+From any page in **Applications**, select **Alerts and rules** → **Create threshold rule** → **Error count rule**. Change the name of the alert (if you wish), but do not edit the tags.
 
 Based on the criteria above, define the following rule details:
 

@@ -9,8 +9,7 @@ navigation_title: "Inventory"
 # Create an inventory rule [observability-create-inventory-threshold-alert-rule]
 
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 For Observability serverless projects, the **Editor** role or higher is required to create inventory threshold rules. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 

@@ -9,8 +9,7 @@ navigation_title: "Custom threshold"
 # Create a custom threshold rule [observability-create-custom-threshold-alert-rule]
 
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 **For Observability serverless projects**, the **Editor** role or higher is required to create a custom threshold rule. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 
@@ -128,8 +127,8 @@ The behavior of the alert depends on whether any **group alerts by** fields are
     * If `host-1` reports CPU usage below the threshold of 80%, the alert status is changed to recovered.
 
 
-::::{admonition} How to untrack decommissioned hosts
-:class: note
+::::{note} 
+**How to untrack decommissioned hosts**
 
 If a host (for example, `host-1`) is decommissioned, you probably no longer want to see "no data" alerts about it. To mark an alert as untracked: Go to the Alerts table, click the ![More actions](../../../images/serverless-boxesHorizontal.svg "") icon to expand the "More actions" menu, and click *Mark as untracked*.