elastic · mdbirnstiehl · Mar 5, 2025 · Mar 3, 2025 · Mar 3, 2025 · Mar 3, 2025
@@ -146,7 +146,7 @@ APM Server provides a command line interface for creating, retrieving, invalidat
 
     The user requesting to create an API Key needs to have APM privileges used by the APM Server. A superuser, by default, has these privileges.
 
-    ::::{dropdown} **Expand for more information on assigning these privileges to other users**
+    ::::{dropdown} Expand for more information on assigning these privileges to other users
     To create an APM Server user with the required privileges for creating and managing API keys:
 
     1. Create an **API key role**, called something like `apm_api_key`, that has the following `cluster` level privileges:

@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/add-logs-service-name.html
   - https://www.elastic.co/guide/en/serverless/current/observability-add-logs-service-name.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Add a service name to logs [observability-add-logs-service-name]
@@ -42,7 +45,7 @@ For more on defining processors, refer to [define processors](asciidocalypse://d
 
 For logs that with an existing field being used to represent the service name, map that field to the `service.name` field using the [alias field type](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/mapping-reference/field-alias.md). Follow these steps to update your mapping:
 
-1. find **Stack Management** in the main menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
+1. Find **Stack Management** in the main menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select **Index Templates**.
 3. Search for the index template you want to update.
 4. From the **Actions** menu for that template, select **edit**.
@@ -58,13 +61,5 @@ For more ways to add a field to your mapping, refer to [add a field to an existi
 
 The {{stack}} provides additional ways to process your data:
 
-* **https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html[Ingest pipelines]:** convert data to ECS, normalize field data, or enrich incoming data.
-* **https://www.elastic.co/guide/en/logstash/current/introduction.html[Logstash]:** enrich your data using input, output, and filter plugins.
-
-
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [ ] ./raw-migrated-files/observability-docs/observability/add-logs-service-name.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/observability-add-logs-service-name.md
+* **[Ingest pipelines](../../../manage-data/ingest/transform-enrich/ingest-pipelines.md):** convert data to ECS, normalize field data, or enrich incoming data.
+* **[Logstash](https://www.elastic.co/guide/en/logstash/current):** enrich your data using input, output, and filter plugins.
@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/logs-send-application.html
   - https://www.elastic.co/guide/en/serverless/current/observability-send-application-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # APM agent log sending [observability-send-application-logs]

@@ -1,6 +1,8 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/observability/current/categorize-logs.html
+applies_to:
+  stack: all
 ---
 
 # Categorize log entries [categorize-logs]

@@ -1,11 +1,16 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/observability/current/configure-data-sources.html
+applies_to:
+  stack: all
 ---
 
 # Configure data sources [configure-data-sources]
 
-::::{admonition} There’s a new, better way to explore your logs!
+::::{Note}
+
+**There’s a new, better way to explore your logs!**
+
 These settings only apply to the Logs Stream app. The Logs Stream app and dashboard panel are deactivated by default. We recommend viewing and inspecting your logs with [Logs Explorer](logs-explorer.md) as it provides more features, better performance, and more intuitive navigation.
 
 To activate the Logs Stream app, refer to [Activate Logs Stream](logs-stream.md#activate-logs-stream).

@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/logs-ecs-application.html
   - https://www.elastic.co/guide/en/serverless/current/observability-ecs-application-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # ECS formatted application logs [logs-ecs-application]
@@ -73,20 +76,20 @@ Install {{filebeat}} on the server you want to monitor by running the commands t
 
 ::::::{tab-item} DEB
 ```sh
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-darwin-x86_64.tar.gz
-tar xzvf filebeat-9.0.0-beta1-darwin-x86_64.tar.gz
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-darwin-x86_64.tar.gz
+tar xzvf filebeat-{{version}}-darwin-x86_64.tar.gz
 ```
 ::::::
 
 ::::::{tab-item} RPM
 ```sh
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-linux-x86_64.tar.gz
-tar xzvf filebeat-9.0.0-beta1-linux-x86_64.tar.gz
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-linux-x86_64.tar.gz
+tar xzvf filebeat-{{version}}-linux-x86_64.tar.gz
 ```
 ::::::
 
 ::::::{tab-item} macOS
-1. Download the {{filebeat}} Windows zip file: https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-windows-x86_64.zip[https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-windows-x86_64.zip]
+1. Download the {{filebeat}} Windows zip file: `https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-windows-x86_64.zip`
 2. Extract the contents of the zip file into `C:\Program Files`.
 3. Rename the `filebeat-{{version}}-windows-x86_64` directory to `{{filebeat}}`.
 4. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select **Run As Administrator**).
@@ -103,15 +106,15 @@ If script execution is disabled on your system, you need to set the execution po
 
 ::::::{tab-item} Linux
 ```sh
-curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-amd64.deb
-sudo dpkg -i filebeat-9.0.0-beta1-amd64.deb
+curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-amd64.deb
+sudo dpkg -i filebeat-{{version}}-amd64.deb
 ```
 ::::::
 
 ::::::{tab-item} Windows
 ```sh
-curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-x86_64.rpm
-sudo rpm -vi filebeat-9.0.0-beta1-x86_64.rpm
+curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-x86_64.rpm
+sudo rpm -vi filebeat-{{version}}-x86_64.rpm
 ```
 ::::::
 

@@ -11,7 +11,7 @@ Logs Explorer allows you to quickly search and filter your log data, get informa
 
 Logs Explorer also provides {{ml}} to detect specific [log anomalies](inspect-log-anomalies.md) automatically and [categorize log messages](categorize-log-entries.md) to quickly identify patterns in your log events.
 
-To view Logs Explorer, find `Logs Explorer` in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md))
+To view Logs Explorer, find **Logs Explorer** in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md))
 
 
 

@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/logs-filter-and-aggregate.html
   - https://www.elastic.co/guide/en/serverless/current/observability-filter-and-aggregate-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Filter and aggregate logs [observability-filter-and-aggregate-logs]
@@ -16,8 +19,7 @@ This guide shows you how to:
 
 ## Before you get started [logs-filter-and-aggregate-prereq]
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 **For Observability serverless projects**, the **Admin** role or higher is required to create ingest pipelines and set the index template. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 

@@ -1,14 +1,16 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/serverless/current/observability-get-started-with-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Get started with system logs [observability-get-started-with-logs]
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
-The **Admin** role or higher is required to onboard log data. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
+**For Observability Serverless projects**, the **Admin** role or higher is required to onboard log data. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/manage-users.md#general-assign-user-roles).
 
 ::::
 
@@ -17,8 +19,8 @@ In this guide you’ll learn how to onboard system log data from a machine or se
 
 To onboard system log data:
 
-1. [Create a new {{obs-serverless}} project](../get-started/create-an-observability-project.md), or open an existing one.
-2. In your {{obs-serverless}} project, go to **Add data**.
+1. Open an [{{obs-serverless}} project](../get-started/create-an-observability-project.md) or Elastic Stack deployment.
+2. From the Observability UI, go to **Add data**.
 3. Under **What do you want to monitor?**, select **Host** → **Elastic Agent: Logs & Metrics**.
 4. Follow the in-product steps to auto-detect your logs and install and configure the {{agent}}.
 

@@ -1,6 +1,8 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/observability/current/inspect-log-anomalies.html
+applies_to:
+  stack: all
 ---
 
 # Inspect log anomalies [inspect-log-anomalies]

@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/explore-logs.html
   - https://www.elastic.co/guide/en/serverless/current/observability-discover-and-explore-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Logs Explorer [explore-logs]

@@ -1,6 +1,9 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/observability/current/logs-index-template.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Logs index template reference [logs-index-template]

@@ -5,7 +5,9 @@ mapped_pages:
 
 # Logs Stream [tail-logs]
 
-::::{admonition} There’s a new, better way to explore your logs!
+::::{note}
+**There’s a new, better way to explore your logs!**
+
 The Logs Stream app and dashboard panel are deactivated by default. We recommend viewing and inspecting your logs with [Logs Explorer](logs-explorer.md) as it provides more features, better performance, and more intuitive navigation.
 
 To activate the Logs Stream app, refer to [Activate Logs Stream](#activate-logs-stream).

@@ -2,12 +2,14 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/logs-parse.html
   - https://www.elastic.co/guide/en/serverless/current/observability-parse-log-data.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Parse and route logs [observability-parse-log-data]
 
-::::{admonition} Required role
-:class: note
+::::{note}
 
 **For Observability serverless projects**, the **Admin** role or higher is required to create ingest pipelines that parse and route logs. To learn more, refer to [Assign user roles and privileges](../../../deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 

@@ -2,6 +2,9 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/observability/current/logs-plaintext.html
   - https://www.elastic.co/guide/en/serverless/current/observability-plaintext-application-logs.html
+applies_to:
+  stack: all
+  serverless: all
 ---
 
 # Plaintext application logs [logs-plaintext]
@@ -41,27 +44,27 @@ Install {{filebeat}} on the server you want to monitor by running the commands t
 
 ::::::{tab-item} DEB
 ```sh
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-darwin-x86_64.tar.gz
-tar xzvf filebeat-9.0.0-beta1-darwin-x86_64.tar.gz
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-darwin-x86_64.tar.gz
+tar xzvf filebeat-{{version}}-darwin-x86_64.tar.gz
 ```
 ::::::
 
 ::::::{tab-item} RPM
 ```sh
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-linux-x86_64.tar.gz
-tar xzvf filebeat-9.0.0-beta1-linux-x86_64.tar.gz
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-linux-x86_64.tar.gz
+tar xzvf filebeat-{{version}}-linux-x86_64.tar.gz
 ```
 ::::::
 
 ::::::{tab-item} macOS
-1. Download the {{filebeat}} Windows zip file: https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-windows-x86_64.zip[https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-windows-x86_64.zip]
+1. Download the {{filebeat}} Windows zip file: `https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-windows-x86_64.zip`
 2. Extract the contents of the zip file into `C:\Program Files`.
 3. Rename the `filebeat-{{version}}-windows-x86_64` directory to `{{filebeat}}`.
 4. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select **Run As Administrator**).
 5. From the PowerShell prompt, run the following commands to install {{filebeat}} as a Windows service:
 
     ```powershell
-    PS > cd 'C:\Program Files\{filebeat}'
+    PS > cd 'C:\Program Files\{{filebeat}}'
     PS C:\Program Files\{filebeat}> .\install-service-filebeat.ps1
     ```
 
@@ -71,15 +74,15 @@ If script execution is disabled on your system, you need to set the execution po
 
 ::::::{tab-item} Linux
 ```sh
-curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-amd64.deb
-sudo dpkg -i filebeat-9.0.0-beta1-amd64.deb
+curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-amd64.deb
+sudo dpkg -i filebeat-{{version}}-amd64.deb
 ```
 ::::::
 
 ::::::{tab-item} Windows
 ```sh
-curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-9.0.0-beta1-x86_64.rpm
-sudo rpm -vi filebeat-9.0.0-beta1-x86_64.rpm
+curl -L -O https\://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{version}}-x86_64.rpm
+sudo rpm -vi filebeat-{{version}}-x86_64.rpm
 ```
 ::::::
 

@@ -1,6 +1,8 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/serverless/current/observability-run-log-pattern-analysis.html
+applies_to:
+  stack: all
 ---
 
 # Run a pattern analysis on log data [observability-run-log-pattern-analysis]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,7 +11,7 @@ Logs Explorer allows you to quickly search and filter your log data, get informa

		Logs Explorer also provides {{ml}} to detect specific [log anomalies](inspect-log-anomalies.md) automatically and [categorize log messages](categorize-log-entries.md) to quickly identify patterns in your log events.

		To view Logs Explorer, find `Logs Explorer` in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md))
		To view Logs Explorer, find Logs Explorer in the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md))



Expand Down