Merge branch 'master' into kbnarchiver-switch-visualize

docs/concepts/index-patterns.asciidoc

@@ -10,10 +10,9 @@ or all indices that contain your data.  It can also point to a
 
 You’ll learn how to:
 
-* Create an index pattern
-* Explore and configure the data fields
+* Create index patterns
 * Set the default index pattern
-* Delete an index pattern
+* Delete index patterns
 
 [float]
 [[index-patterns-read-only-access]]
@@ -133,77 +132,23 @@ To exclude a cluster, use `cluster_*:logstash-*,cluster_one:-*`.
 Once an index pattern is configured using the {ccs} syntax, all searches and
 aggregations using that index pattern in {kib} take advantage of {ccs}.
 
-
-[float]
-[[reload-fields]]
-=== Explore and configure the data fields
-
-To explore and configure the data fields in your index pattern, open the main menu, then click
-*Stack Management > Index Patterns*.  Each field has a {ref}/mapping.html[mapping],
-which indicates the type of data the field contains in {es},
-such as strings or boolean values. The field mapping also determines
-how you can use the field, such as whether it can be searched or aggregated.
-
-When a new field is added to the index, the index pattern field list is updated
-the next time the index pattern is loaded, for example, when you load the page or
-move between {kib} apps.
-
-[role="screenshot"]
-image:management/index-patterns/images/new-index-pattern.png["Create index pattern"]
-
-[float]
-=== Format the display of common field types
-
-Whenever possible, {kib} uses the same field type for display as
-{es}. However, some field types that {es} supports are not available
-in {kib}. Using field formatters, you can manually change the field type in {kib} to display your data the way you prefer
-to see it, regardless of how it is stored in {es}.
-
-For example, if you store
-date values in {es}, you can use a {kib} field formatter to change the display to mm/dd/yyyy format.
-{kib} has field formatters for
-<<field-formatters-string, strings>>,
-<<field-formatters-date, dates>>,
-<<field-formatters-geopoint, geopoints>>,
-and <<field-formatters-numeric, numbers>>.
-
-To customize the displayed field name provided by {es}, you can
-use *Custom Label* .
-
-A popularity counter keeps track of the fields you use most often.
-The top five most popular fields and their values are displayed in <<discover,*Discover*>>.
-
-To edit the field display, click the edit icon
-(image:management/index-patterns/images/edit_icon.png[]) in the index pattern detail view.
-
-[role="screenshot"]
-image:management/index-patterns/images/edit-field-format.png["Edit field format"]
-
 [float]
-[[default-index-pattern]]
-=== Set the default index pattern
+[[delete-index-pattern]]
+=== Delete index patterns
 
-The first index pattern you create is automatically designated as the default pattern,
-but you can set any index pattern as the default.  The default index pattern is automatically selected when you first open <<discover,*Discover*>> or create a visualization from scratch.
+When you delete an index pattern, you are unable to recover the associated field formatters, scripted fields, source filters,
+and field popularity data. Deleting an index pattern does not remove any indices or data documents from {es}.
 
-. In *Index patterns*, click the index pattern name.
-. Click the star icon (image:management/index-patterns/images/star.png[Star icon]).
+WARNING: Deleting an index pattern breaks all visualizations, saved searches, and other saved objects that reference the index pattern.
 
-[float]
-[[delete-index-pattern]]
-=== Delete an index pattern
+. Open the main menu, then click *Stack Management > Index Patterns*.
 
-This action removes the pattern from the list of saved objects in {kib}.
-You will not be able to recover field formatters, scripted fields, source filters,
-and field popularity data associated with the index pattern. Deleting an
-index pattern does not remove any indices or data documents from {es}.
+. Click the index pattern you want to delete.
 
-WARNING:  Deleting an index pattern breaks all visualizations, saved searches, and other saved objects that reference the pattern.
-
-. In *Index patterns*, click the index pattern name.
-. Click the delete icon (image:management/index-patterns/images/delete.png[Delete icon]).
+. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the index pattern.
 
 [float]
+[[reload-fields]]
 === What’s next
 
-* Learn about <<scripted-fields,scripted fields>> and how to create data on the fly.
+Learn how to <<managing-index-patterns,manage the data fields>> in your index patterns.

docs/concepts/index.asciidoc

@@ -49,10 +49,9 @@ that accesses the {kib} API.
 
 {kib} uses the index pattern to show you a list of fields, such as
 `event.duration`. You can customize the display name and format for each field.
-For example, you can tell Kibana to display `event.duration` in seconds.
+For example, you can tell {kib} to display `event.duration` in seconds.
 {kib} has <<managing-fields,field formatters>> for strings,
-dates, geopoints,
-and numbers.
+dates, geopoints, and numbers.
 
 [float]
 [[kibana-concepts-searching-your-data]]

docs/developer/getting-started/monorepo-packages.asciidoc

@@ -82,6 +82,7 @@ yarn kbn watch-bazel
 - @kbn/logging
 - @kbn/securitysolution-constants
 - @kbn/securitysolution-utils
+- @kbn/securitysolution-es-utils
 - @kbn/securitysolution-io-ts-utils
 - @kbn/std
 - @kbn/telemetry-utils

docs/development/core/public/kibana-plugin-core-public.doclinksstart.md

@@ -17,7 +17,5 @@ export interface DocLinksStart
 |  --- | --- | --- |
 |  [DOC\_LINK\_VERSION](./kibana-plugin-core-public.doclinksstart.doc_link_version.md) | <code>string</code> |  |
 |  [ELASTIC\_WEBSITE\_URL](./kibana-plugin-core-public.doclinksstart.elastic_website_url.md) | <code>string</code> |  |
-
 |  [links](./kibana-plugin-core-public.doclinksstart.links.md) | <code>{</code><br/><code>        readonly canvas: {</code><br/><code>            readonly guide: string;</code><br/><code>        };</code><br/><code>        readonly dashboard: {</code><br/><code>            readonly guide: string;</code><br/><code>            readonly drilldowns: string;</code><br/><code>            readonly drilldownsTriggerPicker: string;</code><br/><code>            readonly urlDrilldownTemplateSyntax: string;</code><br/><code>            readonly urlDrilldownVariables: string;</code><br/><code>        };</code><br/><code>        readonly discover: Record&lt;string, string&gt;;</code><br/><code>        readonly filebeat: {</code><br/><code>            readonly base: string;</code><br/><code>            readonly installation: string;</code><br/><code>            readonly configuration: string;</code><br/><code>            readonly elasticsearchOutput: string;</code><br/><code>            readonly elasticsearchModule: string;</code><br/><code>            readonly startup: string;</code><br/><code>            readonly exportedFields: string;</code><br/><code>        };</code><br/><code>        readonly auditbeat: {</code><br/><code>            readonly base: string;</code><br/><code>        };</code><br/><code>        readonly metricbeat: {</code><br/><code>            readonly base: string;</code><br/><code>            readonly configure: string;</code><br/><code>            readonly httpEndpoint: string;</code><br/><code>            readonly install: string;</code><br/><code>            readonly start: string;</code><br/><code>        };</code><br/><code>        readonly enterpriseSearch: {</code><br/><code>            readonly base: string;</code><br/><code>            readonly appSearchBase: string;</code><br/><code>            readonly workplaceSearchBase: string;</code><br/><code>        };</code><br/><code>        readonly heartbeat: {</code><br/><code>            readonly base: string;</code><br/><code>        };</code><br/><code>        readonly logstash: {</code><br/><code>            readonly base: string;</code><br/><code>        };</code><br/><code>        readonly functionbeat: {</code><br/><code>            readonly base: string;</code><br/><code>        };</code><br/><code>        readonly winlogbeat: {</code><br/><code>            readonly base: string;</code><br/><code>        };</code><br/><code>        readonly aggs: {</code><br/><code>            readonly composite: string;</code><br/><code>            readonly composite_missing_bucket: string;</code><br/><code>            readonly date_histogram: string;</code><br/><code>            readonly date_range: string;</code><br/><code>            readonly date_format_pattern: string;</code><br/><code>            readonly filter: string;</code><br/><code>            readonly filters: string;</code><br/><code>            readonly geohash_grid: string;</code><br/><code>            readonly histogram: string;</code><br/><code>            readonly ip_range: string;</code><br/><code>            readonly range: string;</code><br/><code>            readonly significant_terms: string;</code><br/><code>            readonly terms: string;</code><br/><code>            readonly avg: string;</code><br/><code>            readonly avg_bucket: string;</code><br/><code>            readonly max_bucket: string;</code><br/><code>            readonly min_bucket: string;</code><br/><code>            readonly sum_bucket: string;</code><br/><code>            readonly cardinality: string;</code><br/><code>            readonly count: string;</code><br/><code>            readonly cumulative_sum: string;</code><br/><code>            readonly derivative: string;</code><br/><code>            readonly geo_bounds: string;</code><br/><code>            readonly geo_centroid: string;</code><br/><code>            readonly max: string;</code><br/><code>            readonly median: string;</code><br/><code>            readonly min: string;</code><br/><code>            readonly moving_avg: string;</code><br/><code>            readonly percentile_ranks: string;</code><br/><code>            readonly serial_diff: string;</code><br/><code>            readonly std_dev: string;</code><br/><code>            readonly sum: string;</code><br/><code>            readonly top_hits: string;</code><br/><code>        };</code><br/><code>        readonly runtimeFields: {</code><br/><code>            readonly overview: string;</code><br/><code>            readonly mapping: string;</code><br/><code>        };</code><br/><code>        readonly scriptedFields: {</code><br/><code>            readonly scriptFields: string;</code><br/><code>            readonly scriptAggs: string;</code><br/><code>            readonly painless: string;</code><br/><code>            readonly painlessApi: string;</code><br/><code>            readonly painlessLangSpec: string;</code><br/><code>            readonly painlessSyntax: string;</code><br/><code>            readonly painlessWalkthrough: string;</code><br/><code>            readonly luceneExpressions: string;</code><br/><code>        };</code><br/><code>        readonly search: {</code><br/><code>            readonly sessions: string;</code><br/><code>        };</code><br/><code>        readonly indexPatterns: {</code><br/><code>            readonly introduction: string;</code><br/><code>            readonly fieldFormattersNumber: string;</code><br/><code>            readonly fieldFormattersString: string;</code><br/><code>        };</code><br/><code>        readonly addData: string;</code><br/><code>        readonly kibana: string;</code><br/><code>        readonly upgradeAssistant: string;</code><br/><code>        readonly elasticsearch: Record&lt;string, string&gt;;</code><br/><code>        readonly siem: {</code><br/><code>            readonly guide: string;</code><br/><code>            readonly gettingStarted: string;</code><br/><code>        };</code><br/><code>        readonly query: {</code><br/><code>            readonly eql: string;</code><br/><code>            readonly kueryQuerySyntax: string;</code><br/><code>            readonly luceneQuerySyntax: string;</code><br/><code>            readonly percolate: string;</code><br/><code>            readonly queryDsl: string;</code><br/><code>        };</code><br/><code>        readonly date: {</code><br/><code>            readonly dateMath: string;</code><br/><code>            readonly dateMathIndexNames: string;</code><br/><code>        };</code><br/><code>        readonly management: Record&lt;string, string&gt;;</code><br/><code>        readonly ml: Record&lt;string, string&gt;;</code><br/><code>        readonly transforms: Record&lt;string, string&gt;;</code><br/><code>        readonly visualize: Record&lt;string, string&gt;;</code><br/><code>        readonly apis: Readonly&lt;{</code><br/><code>            bulkIndexAlias: string;</code><br/><code>            byteSizeUnits: string;</code><br/><code>            createAutoFollowPattern: string;</code><br/><code>            createFollower: string;</code><br/><code>            createIndex: string;</code><br/><code>            createSnapshotLifecyclePolicy: string;</code><br/><code>            createRoleMapping: string;</code><br/><code>            createRoleMappingTemplates: string;</code><br/><code>            createRollupJobsRequest: string;</code><br/><code>            createApiKey: string;</code><br/><code>            createPipeline: string;</code><br/><code>            createTransformRequest: string;</code><br/><code>            cronExpressions: string;</code><br/><code>            executeWatchActionModes: string;</code><br/><code>            indexExists: string;</code><br/><code>            openIndex: string;</code><br/><code>            putComponentTemplate: string;</code><br/><code>            painlessExecute: string;</code><br/><code>            painlessExecuteAPIContexts: string;</code><br/><code>            putComponentTemplateMetadata: string;</code><br/><code>            putSnapshotLifecyclePolicy: string;</code><br/><code>            putIndexTemplateV1: string;</code><br/><code>            putWatch: string;</code><br/><code>            simulatePipeline: string;</code><br/><code>            timeUnits: string;</code><br/><code>            updateTransform: string;</code><br/><code>        }&gt;;</code><br/><code>        readonly observability: Record&lt;string, string&gt;;</code><br/><code>        readonly alerting: Record&lt;string, string&gt;;</code><br/><code>        readonly maps: Record&lt;string, string&gt;;</code><br/><code>        readonly monitoring: Record&lt;string, string&gt;;</code><br/><code>        readonly security: Readonly&lt;{</code><br/><code>            apiKeyServiceSettings: string;</code><br/><code>            clusterPrivileges: string;</code><br/><code>            elasticsearchSettings: string;</code><br/><code>            elasticsearchEnableSecurity: string;</code><br/><code>            indicesPrivileges: string;</code><br/><code>            kibanaTLS: string;</code><br/><code>            kibanaPrivileges: string;</code><br/><code>            mappingRoles: string;</code><br/><code>            mappingRolesFieldRules: string;</code><br/><code>            runAsPrivilege: string;</code><br/><code>        }&gt;;</code><br/><code>        readonly watcher: Record&lt;string, string&gt;;</code><br/><code>        readonly ccs: Record&lt;string, string&gt;;</code><br/><code>        readonly plugins: Record&lt;string, string&gt;;</code><br/><code>        readonly snapshotRestore: Record&lt;string, string&gt;;</code><br/><code>        readonly ingest: Record&lt;string, string&gt;;</code><br/><code>    }</code> |  |
 
-

docs/management/field-formatters/color-formatter.asciidoc

@@ -1,10 +1,5 @@
-The `Color` field formatter enables you to specify colors with specific ranges of values for a numeric field.
+The *Color* field formatter enables you to specify colors with ranges of values for a number field.
 
-When you select the `Color` field formatter, Kibana displays the *Range*, *Font Color*, *Background Color*, and 
-*Example* fields.
-
-Click the *Add Color* button to add a range of values to associate with a particular color. You can click in the *Font 
-Color* and *Background Color* fields to display a color picker. You can also enter a specific hex code value in the 
-field. The effect of your current color choices are displayed in the *Example* field.
+When you select the *Color* formatter, click *Add Color*, then specify the *Range*, *Text color*, and *Background color*.
 
 image::images/colorformatter.png[]

docs/management/field-formatters/duration-formatter.asciidoc

@@ -1,4 +1,4 @@
-The `Duration` field formatter can display the numeric value of a field in the following increments:
+The *Duration* field formatter displays the numeric value of a field in the following increments:
 
 * Picoseconds
 * Nanoseconds
@@ -12,4 +12,4 @@ The `Duration` field formatter can display the numeric value of a field in the f
 * Months
 * Years
 
-You can specify these increments with up to 20 decimal places for both input and output formats.
+You can specify these increments with up to 20 decimal places for input and output formats.

docs/management/field-formatters/string-formatter.asciidoc

@@ -1,11 +1,20 @@
-The `String` field formatter can apply the following transformations to the field's contents:
+The *String* field formatter enables you to apply transforms to the field.
+
+Supported transformations include:
 
 * Convert to lowercase
+
 * Convert to uppercase
+
 * Convert to title case
-* Apply the short dots transformation, which replaces the content before a `.` character with the first character of
-that content, as in the following example:
+
+* Apply the short dots transformation, which replaces the content before the `.` character with the first character of
+the content. For example:
 
 [horizontal]
 *Original*:: *Becomes*
 `com.organizations.project.ClassName`:: `c.o.p.ClassName`
+
+* Base64 decode
+
+* URL param decode