elastic · florent-leborgne · Dec 4, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
@@ -27,7 +27,7 @@ This Hot/Frozen – High Availability architecture is intended for organizations
 * Have a requirement for cost effective long term data storage (many months or years).
 * Provide insights and alerts using logs, metrics, traces, or various event types to ensure optimal performance and quick issue resolution for applications.
 * Apply [machine learning anomaly detection](/explore-analyze/machine-learning/anomaly-detection.md) to help detect patterns in time series data to find root cause and resolve problems faster.
-* Use an AI assistant ([Observability](/explore-analyze/ai-assistant.md), [Security](/solutions/security/ai/ai-assistant.md), or [Playground](/solutions/search/rag/playground.md)) for investigation, incident response, reporting, query generation, or query conversion from other languages using natural language.
+* Use an AI assistant ([Observability](/explore-analyze/ai-features/ai-assistant.md), [Security](/solutions/security/ai/ai-assistant.md), or [Playground](/solutions/search/rag/playground.md)) for investigation, incident response, reporting, query generation, or query conversion from other languages using natural language.
 * Deploy an architecture model that allows for maximum flexibility between storage cost and performance.
 
 ::::{important}

@@ -33,12 +33,12 @@ $$$token-limits$$$
 
 AI Assistant requires specific privileges and a large language model (LLM) connector. The capabilities and ways to interact with AI Assistant can differ for each solution. To learn more about how it works in each solution, refer to:
 
-- [{{obs-ai-assistant}}](../solutions/observability/observability-ai-assistant.md)
-- [AI Assistant for Security](../solutions/security/ai/ai-assistant.md)
+- [{{obs-ai-assistant}}](../../solutions/observability/observability-ai-assistant.md)
+- [AI Assistant for Security](../../solutions/security/ai/ai-assistant.md)
 
 To learn more about configuring LLM connectors, refer to:
 
-- [Enable LLM access](../solutions/security/ai/set-up-connectors-for-large-language-models-llm.md)
+- [Enable LLM access](../../solutions/security/ai/set-up-connectors-for-large-language-models-llm.md)
 
 ## Prompt best practices [rag-for-esql]
 Elastic AI Assistant allows you to take full advantage of the Elastic platform to improve your operations. It can help you write an ES|QL query for a particular use case, or answer general questions about how to use the platform. Its ability to assist you depends on the specificity and detail of your questions. The more context and detail you provide, the more tailored and useful its responses will be.
@@ -57,5 +57,5 @@ Elastic does not control third-party tools, and assumes no responsibility or lia
 
 ## Elastic Managed LLM [elastic-managed-llm-ai-assistant]
 
-:::{include} ../solutions/_snippets/elastic-managed-llm.md
+:::{include} ../../solutions/_snippets/elastic-managed-llm.md
 :::
diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
@@ -0,0 +1,155 @@
+---
+navigation_title: AI-powered features
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+  - id: observability
+  - id: security
+  - id: cloud-serverless
+---
+
+# AI-powered features
+
+AI is built into many parts of the {{stack}}. This page describes Elastaic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
+
+To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
+
+
+## AI-powered features in {{es}}
+
+### Agent builder
+
+```{applies_to}
+stack: preview 9.2
+serverless:
+  elasticsearch: preview
+  observability: unavailable
+  security: unavailable
+```
+
+[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your Elasticsearch data, execute queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
+
+### AI Assistant
+```{applies_to}
+stack:
+serverless:
+```
+
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### AI-powered search
+```{applies_to}
+stack:
+serverless:
+```
+
+[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. 
+
+Depending on your team's technical expertise and requirements, you can choose from two main paths to implement AI-powered search in {{es}}. You can use managed workflows that abstract away much of the complexity, or you can work directly with the underlying vector search technology.
+
+### Hybrid search
+```{applies_to}
+stack:
+serverless:
+```
+[Hybrid search](/solutions/search/hybrid-search.md) combines traditional full-text search with AI-powered search for more powerful search experiences that serve a wider range of user needs.
+
+### Playground
+```{applies_to}
+stack: preview 9.0, beta 9.1
+serverless: beta
+```
+
+[Playground](/solutions/search/rag/playground.md) enables you to use large language models (LLMs) to understand, explore, and analyze your {{es}} data using retrieval augmented generation (RAG), via a chat interface. Playground is also very useful for testing and debugging your {{es}} queries, using the [retrievers](/solutions/search/retrievers-overview.md) syntax with the `_search` endpoint.
+
+### Model context protocol
+```{applies_to}
+stack:
+serverless:
+```
+
+The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI agents and assistants to your {{es}} data to enable natural language interactions with your indices.
+
+
+## AI-powered features in {{observability}}
+
+### AI Assistant
+```{applies_to}
+stack:
+serverless:
+```
+
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### Streams 
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+
+[Streams](/solutions/observability/streams/streams.md) provides a single, centralized UI within Kibana that streamlines common tasks like extracting fields, setting data retention, and routing data, so you don't need to use multiple applications or manually configure underlying Elasticsearch components. Streams incorporates AI in the following ways:
+
+#### Generate significant events with AI
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+[Significant Events](/solutions/observability/streams/management/significant-events.md) periodically runs a query on your stream to find important events. These can include error messages, exceptions, and other relevant log messages. You can use AI to suggest queries based on previously identified significant events in your Stream.
+
+#### Generate Grok patterns
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) using AI instead of writing them by by hand. 
+
+## AI-powered features in {{elastic-sec}}
+
+### AI Assistant for Security
+```{applies_to}
+stack: all
+serverless:
+  security: all
+```
+
+[Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you interact with your {{elastic-sec}} data and assists with tasks such as alert investigation, incident response, and query generation. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### Attack Discovery
+```{applies_to}
+stack: ga
+serverless:
+  security: ga
+```
+
+[Attack Discovery](/solutions/security/ai/attack-discovery.md) leverages large language models (LLMs) to analyze alerts in your environment and identify threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. This can help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond.
+
+### Automatic Migration
+
+[Automatic Migration](/solutions/security/get-started/automatic-migration.md) helps you quickly migrate Splunk assets to {{elastic-sec}}. The following asset types are supported:
+
+* {applies_to}`stack: preview 9.0, ga 9.1` {applies_to}`serverless: ga` Splunk rules
+* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Splunk dashboards
+
+### Automatic Import
+```{applies_to}
+stack: ga
+serverless:
+  security: ga
+```
+
+[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. 
+
+### Automatic Troubleshooting
+```{applies_to}
+stack: ga 9.2, preview 9.0
+serverless:
+  security: ga
+```
+[Automatic troubleshooting](/solutions/security/manage-elastic-defend/automatic-troubleshooting.md) helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas:
+
+* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
+* **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
+
+This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
@@ -152,8 +152,10 @@ toc:
       - file: scripting/modules-scripting-expression.md
       - file: scripting/modules-scripting-engine.md
       - file: scripting/painless-lab.md
-  - file: ai-assistant.md
-  - file: manage-access-to-ai-assistant.md
+  - file: ai-features/ai-features.md
+    children:
+      - file: ai-features/ai-assistant.md
+      - file: ai-features/manage-access-to-ai-assistant.md
   - file: discover.md
     children:
       - file: discover/discover-get-started.md

@@ -582,6 +582,10 @@ redirects:
 # Remote cluster settings moved to reference: https://github.com/elastic/docs-content/issues/579
   'deploy-manage/remote-clusters/remote-clusters-settings.md': 'elasticsearch://reference/elasticsearch/configuration-reference/remote-clusters.md'
 
+# Moved explore-analyze AI assistant content into a subfolder (docs-content-internal/issues/455)
+  'explore-analyze/manage-access-to-ai-assistant.md': 'explore-analyze/ai-features/manage-access-to-ai-assistant.md'
+  'explore-analyze/ai-assistant.md': 'explore-analyze/ai-features/ai-assistant.md'
+
 # Related to https://github.com/elastic/docs-content/pull/3685
   'deploy-manage/monitor/autoops/cc-cloud-connect-autoops-faq.md': 'deploy-manage/monitor/autoops/ec-autoops-faq.md'
 

@@ -60,7 +60,7 @@ stack: ga 9.2
 serverless: ga
 ```
 
-The [**GenAI settings**](/explore-analyze/manage-access-to-ai-assistant.md) page allows you to:
+The [**GenAI settings**](/explore-analyze/ai-features/manage-access-to-ai-assistant.md) page allows you to:
 
 - Manage which AI connectors are available in your environment. 
 - Enable or disable AI Assistant and other AI-powered features in your environment.

@@ -12,9 +12,9 @@ products:
 navigation_title: AI Assistant
 ---
 
-# AI Assistant for {{elastic-sec}}
+# Elastic AI Assistant for Security
 
-The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity operations team. It allows users to interact with {{elastic-sec}} for tasks such as alert investigation, incident response, and query generation or conversation using natural language and much more.
+Elastic AI Assistant for Security helps you interact with your {{elastic-sec}} data and assists with tasks such as alert investigation, incident response, and query generation. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
 :::{image} /solutions/images/security-assistant-basic-view.png
 :alt: Image of AI Assistant chat window
@@ -23,7 +23,7 @@ The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity op
 :::
 
 ::::{warning}
-The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. Users should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
+The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. You should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
 ::::
 
 ::::{admonition} Requirements
@@ -42,7 +42,7 @@ stack: ga 9.2
 serverless: ga
 ```
 
-The [**GenAI settings**](/explore-analyze/manage-access-to-ai-assistant.md) page allows you to:
+The [**GenAI settings**](/explore-analyze/ai-features/manage-access-to-ai-assistant.md) page allows you to:
 
 - Manage which AI connectors are available in your environment. 
 - Enable or disable AI Assistant and other AI-powered features in your environment.

@@ -12,12 +12,12 @@ products:
 
 # Automatic troubleshooting
 
-Automatic troubleshooting helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. This feature provides actionable insights into the following common problem areas:
+Automatic troubleshooting helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas:
 
 * {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
 * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
 
-With these checks, you can resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
+This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
 
 ::::{admonition} Requirements
 To use this feature, you need: