Merge branch 'master' into 102622

.github/CODEOWNERS

@@ -349,6 +349,21 @@
 /x-pack/test/case_api_integration @elastic/security-threat-hunting
 /x-pack/plugins/lists @elastic/security-detections-response
 
+## Security Solution sub teams - security-onboarding-and-lifecycle-mgt 
+/x-pack/plugins/security_solution/public/management/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/lib/endpoint*/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/common/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/actions/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/metadata/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/lib/policy/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/lib/license/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+
 # Security Intelligence And Analytics
 /x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
 

.i18nrc.json

@@ -16,6 +16,7 @@
     "esUi": "src/plugins/es_ui_shared",
     "devTools": "src/plugins/dev_tools",
     "expressions": "src/plugins/expressions",
+    "expressionError": "src/plugins/expression_error",
     "expressionRevealImage": "src/plugins/expression_reveal_image",
     "inputControl": "src/plugins/input_control_vis",
     "inspector": "src/plugins/inspector",

docs/developer/plugin-list.asciidoc

@@ -72,6 +72,10 @@ This API doesn't support angular, for registering angular dev tools, bootstrap a
 |This plugin contains reusable code in the form of self-contained modules (or libraries). Each of these modules exports a set of functionality relevant to the domain of the module.
 
 
+|{kib-repo}blob/{branch}/src/plugins/expression_error/README.md[expressionError]
+|Expression Error plugin adds an error renderer to the expression plugin. The renderer will display the error image.
+
+
 |{kib-repo}blob/{branch}/src/plugins/expression_reveal_image/README.md[expressionRevealImage]
 |Expression Reveal Image plugin adds a revealImage function to the expression plugin and an associated renderer. The renderer will display the given percentage of a given image.
 

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querysuggestiongetfnargs.md

@@ -19,6 +19,7 @@ export interface QuerySuggestionGetFnArgs
 |  [boolFilter](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.boolfilter.md) | <code>any</code> |  |
 |  [indexPatterns](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.indexpatterns.md) | <code>IIndexPattern[]</code> |  |
 |  [language](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.language.md) | <code>string</code> |  |
+|  [method](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.method.md) | <code>ValueSuggestionsMethod</code> |  |
 |  [query](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.query.md) | <code>string</code> |  |
 |  [selectionEnd](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.selectionend.md) | <code>number</code> |  |
 |  [selectionStart](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.selectionstart.md) | <code>number</code> |  |

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querysuggestiongetfnargs.method.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) &gt; [QuerySuggestionGetFnArgs](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.md) &gt; [method](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.method.md)
+
+## QuerySuggestionGetFnArgs.method property
+
+<b>Signature:</b>
+
+```typescript
+method?: ValueSuggestionsMethod;
+```

docs/getting-started/quick-start-guide.asciidoc

@@ -7,7 +7,7 @@ When you've finished, you'll know how to:
 
 * <<explore-the-data,Explore the data with *Discover*.>>
 
-* <<view-and-analyze-the-data,Gain insight into the data with *Dashboard*.>>
+* <<view-and-analyze-the-data,Analyze the data with *Dashboard*.>>
 
 [float]
 === Required privileges
@@ -24,125 +24,125 @@ include::{docs-root}/shared/cloud/ess-getting-started.asciidoc[]
 [[gs-get-data-into-kibana]]
 == Add the sample data
 
-Sample data sets come with sample visualizations, dashboards, and more to help you explore {kib} without adding your own data.
+Sample data sets come with sample visualizations, dashboards, and more to help you explore {kib} before you ingest or add your own data.
 
-. From the home page, click *Try our sample data*.
+. On the home page, click *Try our sample data*.
 
 . On the *Sample eCommerce orders* card, click *Add data*.
 +
 [role="screenshot"]
-image::getting-started/images/add-sample-data.png[Add data UI]
+image::images/add-sample-data.png[Add data UI for the sample data sets]
 
 [float]
 [[explore-the-data]]
 == Explore the data
 
-*Discover* displays an interactive histogram that shows the distribution of of data, or documents, over time, and a table that lists the fields for each document that matches the index. By default, all fields are shown for each matching document.
+*Discover* displays the data in an interactive histogram that shows the distribution of data, or documents, over time, and a table that lists the fields for each document that matches the index pattern. To view a subset of the documents, you can apply filters to the data, and customize the table to display only the fields you want to explore.
 
 . Open the main menu, then click *Discover*.
 
 . Change the <<set-time-filter, time filter>> to *Last 7 days*.
 +
 [role="screenshot"]
-image::images/tutorial-discover-2.png[]
+image::images/tutorial-discover-2.png[Time filter menu with Last 7 days filter configured]
 
-. To focus in on the documents you want to view, use the <<kuery-query,{kib} Query Language>>. In the *KQL* search field, enter:
+. To view the sales orders for women's clothing that are $60 or more, use the <<kuery-query,*KQL*>> search field:
 +
 [source,text]
-products.taxless_price >= 60 AND category : Women's Clothing
-+
-The query returns the women's clothing orders for $60 and more.
+products.taxless_price >= 60 and category : Women's Clothing
 +
 [role="screenshot"]
-image::images/tutorial-discover-4.png[]
+image::images/tutorial-discover-4.png[Discover tables that displays only the orders for women's clothing that are $60 or more]
 
-. Hover over the list of *Available fields*, then click *+* next to the fields you want to view in the table.
-+
-For example, when you add the *category* field, the table displays the product categories for the orders.
+. To view only the product categories that contain sales orders, hover over the *category* field, then click *+*.
 +
 [role="screenshot"]
-image::images/tutorial-discover-3.png[]
-+
-For more information, refer to <<discover, *Discover*>>.
+image::images/tutorial-discover-3.png[Discover table that displays only the product categories that contain orders]
 
 [float]
 [[view-and-analyze-the-data]]
 == View and analyze the data
 
-A dashboard is a collection of panels that you can use to view and analyze the data. Panels contain visualizations, interactive controls, Markdown, and more.
+A dashboard is a collection of panels that you can use to view and analyze the data. Panels contain visualizations, interactive controls, text, and more.
 
 . Open the main menu, then click *Dashboard*. 
 
 . Click *[eCommerce] Revenue Dashboard*.
 +
 [role="screenshot"]
-image::getting-started/images/tutorial-sample-dashboard.png[]
+image::getting-started/images/tutorial-sample-dashboard.png[The [eCommerce] Revenue Dashboard that comes with the Sample eCommerce order data set]
 
 [float]
-[[filter-and-query-the-data]]
-=== Filter the data
+[[create-a-visualization]]
+=== Create a visualization panel
+
+Create a treemap panel that shows the top sales regions and manufacturers, then add the panel to the dashboard.
 
-To focus in on the data you want to view on the dashboard, use filters. 
+. From the toolbar, click *Edit*, then click *Create visualzation*.
 
-. From the *[eCommerce] Controls* panel, make a selection from the *Manufacturer* and *Category* dropdowns, then click *Apply changes*.
+. Open the *Chart type* menu, then select *Treemap*.
 +
-For example, the following dashboard shows the data for women's clothing from Gnomehouse. 
+[role="screenshot"]
+image::getting-started/images/tutorial-visualization-dropdown.png[Chart type menu with Treemap selected]
+
+. From the *Available fields* list, drag and drop the following fields onto the workspace:
+
+* *geoip.city_name*
+
+* *manufacturer.keyword*
 +
 [role="screenshot"]
-image::getting-started/images/tutorial-sample-filter.png[]
+image::getting-started/images/tutorial-visualization-treemap.png[Treemap that displays Top values of geoip.city_name and Top values or manufacturer.keyword fields]
 
-. To manually add a filter, click *Add filter*, then specify the options.
+. Click *Save and return*.
 +
-For example, to view the orders for Wednesday, select *day_of_week* from the *Field* dropdown, select *is* from the *Operator* dropdown, then select *Wednesday* from the *Value* dropdown.
+The treemap appears as the last visualization panel on the dashboard.
 +
 [role="screenshot"]
-image::getting-started/images/tutorial-sample-filter2.png[]
+image::getting-started/images/tutorial-final-dashboard.gif[Final dashboard with new treemap visualization]
+
+[float]
+[[interact-with-the-data]]
+=== Interact with the data
+
+You can interact with the dashboard data using controls that allow you to apply dashboard-level filters. Interact with the *[eCommerce] Controls* panel to view the women's clothing data from the Gnomehouse manufacturer. 
 
-. When you are done, remove the filters.
+. From the *Manufacturer* dropdown, select *Gnomehouse*.
+
+. From the *Category* dropdown, select *Women's Clothing*.
+
+. Click *Apply changes*.
 +
-For more information, refer to <<dashboard,*Dashboard*>>.
+[role="screenshot"]
+image::getting-started/images/tutorial-sample-filter.png[The [eCommerce] Revenue Dashboard that shows only the women's clothing data from the Gnomehouse manufacturer]
 
 [float]
-[[create-a-visualization]]
-=== Create a visualization panel
-
-Create a treemap panel that shows the top regions and manufacturers, then add the panel to the dashboard.
+[[filter-and-query-the-data]]
+=== Filter the data
 
-. From the toolbar, click *Edit*, then click *Create new*.
+To view a subset of the data, you can apply filters to the dashboard panels. Apply a filter to view the women's clothing data generated on Wednesday from the Gnomehouse manufacturer.
 
-. On the *New Visualization* window, click *Lens*.
+. Click *Add filter*.
 
-. From the *Available fields* list, drag and drop the following fields to the visualization builder:
+. From the *Field* dropdown, select *day_of_week*.
 
-* *geoip.city_name*
+. From the *Operator* dropdown, select *is*.
 
-* *manufacturer.keyword*
-+
-. From the visualization dropdown, select *Treemap*.
-+
-[role="screenshot"]
-image::getting-started/images/tutorial-visualization-dropdown.png[Visualization dropdown with Treemap selected]
+. From the *Value* dropdown, select *Wednesday*.
 
 . Click *Save*.
-
-. On the *Save Lens visualization*, enter a title and make sure *Add to Dashboard after saving* is selected, then click *Save and return*.
-+
-The treemap appears as the last visualization panel on the dashboard.
 +
 [role="screenshot"]
-image::getting-started/images/tutorial-final-dashboard.gif[Final dashboard with new treemap visualization]
-+
-For more information, refer to <<dashboard,Dashboard>>.
+image::getting-started/images/tutorial-sample-filter2.png[The [eCommerce] Revenue Dashboard that shows only the women's clothing data generated on Wednesday from the Gnomehouse manufacturer]
 
 [float]
 [[quick-start-whats-next]]
 == What's next?
 
-If you are you ready to add your own data, refer to <<connect-to-elasticsearch,Add data to {kib}>>.
+*Add your own data.* Ready to add your own data? Go to {fleet-guide}/fleet-quick-start.html[Quick start: Get logs and metrics into the Elastic Stack] to learn how to ingest your data, or go to <<connect-to-elasticsearch,Add data to {kib}>> and learn about all the other ways you can add data.
 
-If you want to ingest your data, refer to {fleet-guide}/fleet-quick-start.html[Quick start: Get logs and metrics into the Elastic Stack].
+*Explore your own data in Discover.* Ready to learn more about exploring your data in *Discover*? Go to <<discover, Discover>>.
 
-If you want to secure access to your data, refer to our guide on <<tutorial-secure-access-to-kibana, securing {kib}>>
+*Create a dashboard with your own data.* Ready to learn more about analyzing your data in *Dashboard*? Go to <<dashboard, Dashboard>>.
 
-If you want to try out {ml-features} with the sample data sets, refer to
-{ml-docs}/ml-getting-started.html[Getting started with {ml}].
+*Try out the {ml-features}.* Ready to analyze the sample data sets and generate models for its patterns of behavior? Go to {ml-docs}/ml-getting-started.html[Getting started with {ml}].

docs/management/rollups/create_and_manage_rollups.asciidoc

@@ -64,13 +64,16 @@ You can read more at {ref}/rollup-job-config.html[rollup job configuration].
 === Try it: Create and visualize rolled up data
 
 This example creates a rollup job to capture log data from sample web logs.
-To follow along, add the sample web logs data set.
+Before you start, <<add-sample-data, add the web logs sample data set>>.
 
 In this example, you want data that is older than 7 days in the target index pattern `kibana_sample_data_logs`
-to roll up once a day into the index `rollup_logstash`. You’ll bucket the
+to roll up into the `rollup_logstash` index. You’ll bucket the
 rolled up data on an hourly basis, using 60m for the time bucket configuration.
 This allows for more granular queries, such as 2h and 12h.
 
+For this example, the job will perform the rollup every minute. However, you'd
+typically roll up less frequently in production.
+
 [float]
 ==== Create the rollup job
 
@@ -80,7 +83,7 @@ As you walk through the *Create rollup job* UI, enter the data:
 |*Field* |*Value*
 
 |Name
-|logs_job
+|`logs_job`
 
 |Index pattern
 |`kibana_sample_data_logs`
@@ -89,12 +92,13 @@ As you walk through the *Create rollup job* UI, enter the data:
 |`rollup_logstash`
 
 |Frequency
-|Every day at midnight
+|Every minute
 
 |Page size
 |1000
 
-|Delay (latency buffer)|7d
+|Latency buffer
+|7d
 
 |Date field
 |@timestamp
@@ -118,6 +122,8 @@ As you walk through the *Create rollup job* UI, enter the data:
 |bytes (average)
 |===
 
+On the **Review and save** page, click **Start job now** and **Save**.
+
 The terms, histogram, and metrics fields reflect
 the key information to retain in the rolled up data: where visitors are from (geo.src),
 what operating system they are using (machine.os.keyword),
@@ -133,7 +139,6 @@ rollup index, or you can remove or archive it using <<creating-index-lifecycle-p
 Your next step is to visualize your rolled up data in a vertical bar chart.
 Most visualizations support rolled up data, with the exception of Timelion and Vega visualizations.
 
-
 . Open the main menu, then click *Stack Management > Index Patterns*.
 
 . Click *Create index pattern*, and select *Rollup index pattern* from the dropdown.
@@ -149,21 +154,27 @@ is `rollup_logstash,kibana_sample_data_logs`. In this index pattern, `rollup_log
 matches the rolled up index pattern and `kibana_sample_data_logs` matches the index
 pattern for raw data.
 
-. Open the main menu, click *Dashboard*, then create and add a vertical bar chart.
+. Open the main menu, click *Dashboard*, then *Create dashboard*.
+
+. Set the <<set-time-filter,time filter>> to *Last 90 days*.
+
+. On the dashboard, click *Create visualization*.
 
 . Choose `rollup_logstash,kibana_sample_data_logs`
 as your source to see both the raw and rolled up data.
 +
 [role="screenshot"]
 image::images/management-create-rollup-bar-chart.png[][Create visualization of rolled up data]
 
-. Look at the data in your visualization.
-+
-[role="screenshot"]
-image::images/management_rollup_job_vis.png[][Visualization of rolled up data]
+. Select *Bar vertical stacked* in the chart type dropdown.
 
-. Optionally, create a dashboard that contains visualizations of the rolled up
-data, raw data, or both.
+. Add the `@timestamp` field to the *Horizontal axis*.
+
+. Add the `bytes` field to the *Vertical axis*, defaulting to an `Average of
+bytes`.
++
+{kib} creates a vertical bar chart of your data. Select a section of the chart
+to zoom in.
 +
 [role="screenshot"]
 image::images/management_rollup_job_dashboard.png[][Dashboard with rolled up data]