Merge branch '6.8' into backport/6.8/pipeline-updates

docs/CHANGELOG.asciidoc

@@ -2990,7 +2990,7 @@ Visualizations::
 Watcher::
 * Removed error messages that were appearing when you created an email action
 for a watch without a body or subject. For more information, see
-{stack-ov}/actions-email.html[Email Action].
+{ref}/actions-email.html[Email action].
 
 [[release-notes-6.1.0]]
 == {kib} 6.1.0
@@ -3095,8 +3095,8 @@ Security::
 * Added `manage_index_templates` cluster privileges to the `kibana_system` role,
 which enables the {kib} system user to create and manage the index template for
 the `.kibana` index. For more information, see
-{stack-ov}/security-privileges.html[Security Privileges] and
-{stack-ov}/built-in-roles.html[Built-in Roles].
+{ref}/security-privileges.html[Security privileges] and
+{ref}/built-in-roles.html[Built-in roles].
 
 Sharing::
 * Add a feature for custom panel titles {pull}14831[#14831]
@@ -3272,7 +3272,7 @@ Security::
 * The built-in users (`elastic`, `kibana`, and `logstash_system`) no longer have
 default passwords. You must create passwords for these users and configure {kib}
 to use this information. For more information, see
-{stack-ov}/setting-up-authentication.html[Setting Up User Authentication].
+{ref}/setting-up-authentication.html[User authentication].
 
 Watcher::
 * The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced.

docs/api/role-management/put.asciidoc

@@ -28,7 +28,8 @@ The following parameters can be specified in the body of a PUT request to add or
 that begin with `_` are reserved for system usage.
 
 `elasticsearch`:: (object) Optional {es} cluster and index privileges, valid keys are
-`cluster`, `indices` and `run_as`. For more information, see {xpack-ref}/defining-roles.html[Defining Roles].
+`cluster`, `indices` and `run_as`. For more information, see
+{ref}/defining-roles.html[Defining roles].
 
 `kibana`:: (object) An object that specifies the <<kibana-privileges>>. Valid keys are `global` and `space`. Privileges defined in the `global` key will apply to all spaces within Kibana, and will take precedent over any privileges defined in the `space` key. For example, specifying `global: ["all"]` will grant full access to all spaces within Kibana, even if the role indicates that a specific space should only have `read` privileges.
 

docs/developer/security/rbac.asciidoc

@@ -1,7 +1,14 @@
 [[development-security-rbac]]
 === Role-based access control
 
-Role-based access control (RBAC) in {kib} relies upon the {xpack-ref}/security-privileges.html#application-privileges[application privileges] that Elasticsearch exposes. This allows {kib} to define the privileges that {kib} wishes to grant to users, assign them to the relevant users using roles, and then authorize the user to perform a specific action. This is handled within a secured instance of the `SavedObjectsClient` and available transparently to consumers when using `request.getSavedObjectsClient()` or `savedObjects.getScopedSavedObjectsClient()`.
+Role-based access control (RBAC) in {kib} relies upon the
+{ref}/security-privileges.html#application-privileges[application privileges]
+that Elasticsearch exposes. This allows {kib} to define the privileges that
+{kib} wishes to grant to users, assign them to the relevant users using roles,
+and then authorize the user to perform a specific action. This is handled within
+a secured instance of the `SavedObjectsClient` and available transparently to
+consumers when using `request.getSavedObjectsClient()` or 
+`savedObjects.getScopedSavedObjectsClient()`.
 
 [[development-rbac-privileges]]
 ==== {kib} Privileges

docs/getting-started/tutorial-load-dataset.asciidoc

@@ -65,7 +65,7 @@ and whether it's _tokenized_, or broken up into separate words.
 
 NOTE: If security is enabled, you must have the `all` Kibana privilege to run this tutorial.
 You must also have the `create`, `manage` `read`, `write,` and `delete` 
-index privileges. See {xpack-ref}/security-privileges.html[Security Privileges] 
+index privileges. See {ref}/security-privileges.html[Security privileges] 
 for more information.
 
 In Kibana *Dev Tools > Console*, set up a mapping for the Shakespeare data set:

docs/getting-started/tutorial-sample-data.asciidoc

@@ -26,6 +26,6 @@ In this tutorial, you’ll learn to:
 * Inspect the data behind the scenes
 
 NOTE: If security is enabled, you must have `read`, `write`, and `manage` privileges
-on the `kibana_sample_data_*` indices. See {xpack-ref}/security-privileges.html[Security Privileges] 
-for more information.
+on the `kibana_sample_data_*` indices. See
+{ref}/security-privileges.html[Security privileges] for more information.
 

docs/limitations.asciidoc

@@ -11,9 +11,9 @@
 
 These {stack} features also have limitations that affect {kib}:
 
-* {stack-ov}/watcher-limitations.html[Alerting]
+* {ref}/watcher-limitations.html[Alerting]
 * {stack-ov}/ml-limitations.html[Machine learning]
-* {stack-ov}/security-limitations.html[Security]
+* {ref}/security-limitations.html[Security]
 
 --
 

docs/management/dashboard_only_mode/advanced_configuration.asciidoc

@@ -19,7 +19,8 @@ To grant read-only access to your custom {kib} instance,
 you must assign the read <<kibana-privileges, Kibana privilege>>.
 These privileges are available under *Management > Security > Roles*.
 
-For more information on roles and privileges, see {xpack-ref}/authorization.html[User Authorization].
+For more information on roles and privileges, see
+{ref}/authorization.html[User authorization].
 
 [role="screenshot"]
 image:management/dashboard_only_mode/images/custom_dashboard_mode_role.png["Custom dashboard mode role with read permissions on a custom kibana index"]

docs/management/dashboard_only_mode/index.asciidoc

@@ -7,7 +7,8 @@ what users see when they log in to {kib}. The `kibana_dashboard_only_user` role
 preconfigured with read-only permissions to {kib}.
 
 IMPORTANT: You must also assign roles that grant the user appropriate access to the data indices.
-For information on roles and privileges, see {xpack-ref}/authorization.html[User Authorization].
+For information on roles and privileges, see
+{ref}/authorization.html[User authorization].
 
 Users assigned this role are only able to see the Dashboard app in the navigation
 pane. When users open a dashboard, they will have a limited visual experience. 

docs/management/managing-indices.asciidoc

@@ -12,7 +12,7 @@ To access this feature, go to *Management > {es} > Index Management*.
 If security is enabled,
 you must have the `monitor` cluster privilege and the `view_index_metadata` 
 and `manage` index privileges to view the data.  See 
-{xpack-ref}/security-privileges.html[Security Privileges] for more
+{ref}/security-privileges.html[Security privileges] for more
 information.
 
 *Index Management* uses badges to make users aware when an index is {ref}/frozen-indices.html[frozen], 

docs/management/managing-licenses.asciidoc

@@ -25,4 +25,4 @@ license, extend the trial, or purchase a subscription.
 
 TIP: If {security-features} are enabled, before you revert to a Basic license or install 
 a Gold or Platinum license, you must configure Transport Layer Security (TLS) in {es}. 
-See {stack-ov}/encrypting-communications.html[Encrypting communications].
+See {ref}/encrypting-communications.html[Encrypting communications].

docs/management/watcher-ui/create-advanced-watch.asciidoc

@@ -16,7 +16,7 @@ This screen lets you define the core properties of an advanced watch.
 image:management/watcher-ui/images/advanced-watch/advanced-watch-create.png["Create Advanced Watch",link="management/watcher-ui/images/advanced-watch/advanced-watch-create.png"]
 
 The `ID` refers to the identifier used by Elasticsearch, whereas `Name` is the more user-friendly way to identify the watch. Refer to the 
-{stack-ov}/how-watcher-works.html#watch-definition[Watch definition documentation] 
+{ref}/how-watcher-works.html#watch-definition[Watch definition documentation] 
 for the Watch JSON.
 
 [float]

docs/settings/monitoring-settings.asciidoc

@@ -25,7 +25,7 @@ from Logstash, you configure
 in `logstash.yml`.
 
 For more information, see
-{xpack-ref}/xpack-monitoring.html[Monitoring the Elastic Stack].
+{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster].
 
 [float]
 [[monitoring-general-settings]]

docs/settings/ssl-settings.asciidoc

@@ -2,7 +2,7 @@
 === {component} TLS/SSL Settings
 You can configure the following TLS/SSL settings. If the settings are not
 configured, the default values are used. See
-{stack-ov}/security-settings.html[Default TLS/SSL Settings].
+{ref}/security-settings.html[Default TLS/SSL Settings].
 
 ifdef::server[]
 +{ssl-prefix}.ssl.enabled+::
@@ -45,7 +45,7 @@ Java Cryptography Architecture documentation]. Defaults to the value of
 The following settings are used to specify a private key, certificate, and the
 trusted certificates that should be used when communicating over an SSL/TLS connection.
 If none of the settings below are specified, the default values are used.
-See {stack-ov}/security-settings.html[Default TLS/SSL settings].
+See {ref}/security-settings.html[Default TLS/SSL settings].
 
 ifdef::server[]
 A private key and certificate must be configured.
@@ -55,7 +55,7 @@ A private key and certificate are optional and would be used if the server requi
 authentication.
 endif::server[]
 If none of the settings below are specified, the defaults values are used.
-See {stack-ov}/security-settings.html[Default TLS/SSL settings]. 
+See {ref}/security-settings.html[Default TLS/SSL settings]. 
 
 [float]
 ===== PEM Encoded Files

docs/setup/docker.asciidoc

@@ -9,7 +9,7 @@ https://github.com/elastic/kibana-docker/tree/{branch}[GitHub].
 
 These images are free to use under the Elastic license. They contain open source 
 and free commercial features and access to paid commercial features.  
-{xpack-ref}/license-management.html[Start a 30-day trial] to try out all of the 
+{stack-ov}/license-management.html[Start a 30-day trial] to try out all of the 
 paid commercial features. See the 
 https://www.elastic.co/subscriptions[Subscriptions] page for information about 
 Elastic license levels.

docs/setup/install.asciidoc

@@ -48,8 +48,8 @@ downloaded from the Elastic Docker Registry.
 <<docker,Running Kibana on Docker>>
 
 IMPORTANT: If your Elasticsearch installation is protected by
-{xpack-ref}/xpack-security.html[{security}] see
-{kibana-ref}/using-kibana-with-security.html[Configuring Security in Kibana] for
+{ref}/secure-cluster.html[{security-features}] see
+{kibana-ref}/using-kibana-with-security.html[Configuring security in Kibana] for
 additional setup instructions.
 
 

docs/setup/install/deb.asciidoc

@@ -7,7 +7,7 @@ Kibana on any Debian-based system such as Debian and Ubuntu.
 
 This package is free to use under the Elastic license. It contains open source 
 and free commercial features and access to paid commercial features. 
-{xpack-ref}/license-management.html[Start a 30-day trial] to try out all of the 
+{stack-ov}/license-management.html[Start a 30-day trial] to try out all of the 
 paid commercial features. See the 
 https://www.elastic.co/subscriptions[Subscriptions] page for information about 
 Elastic license levels.

docs/setup/install/rpm.asciidoc

@@ -11,7 +11,7 @@ such as SLES 11 and CentOS 5.  Please see <<targz>> instead.
 
 This package is free to use under the Elastic license. It contains open source 
 and free commercial features and access to paid commercial features. 
-{xpack-ref}/license-management.html[Start a 30-day trial] to try out all of the 
+{stack-ov}/license-management.html[Start a 30-day trial] to try out all of the 
 paid commercial features. See the 
 https://www.elastic.co/subscriptions[Subscriptions] page for information about 
 Elastic license levels.

docs/setup/install/targz.asciidoc

@@ -6,7 +6,7 @@ are the easiest formats to use when trying out Kibana.
 
 These packages are free to use under the Elastic license. They contain open 
 source and free commercial features and access to paid commercial features. 
-{xpack-ref}/license-management.html[Start a 30-day trial] to try out all of the 
+{stack-ov}/license-management.html[Start a 30-day trial] to try out all of the 
 paid commercial features. See the 
 https://www.elastic.co/subscriptions[Subscriptions] page for information about 
 Elastic license levels.

docs/setup/install/windows.asciidoc

@@ -5,7 +5,7 @@ Kibana can be installed on Windows using the `.zip` package.
 
 This package is free to use under the Elastic license. It contains open source 
 and free commercial features and access to paid commercial features. 
-{xpack-ref}/license-management.html[Start a 30-day trial] to try out all of the 
+{stack-ov}/license-management.html[Start a 30-day trial] to try out all of the 
 paid commercial features. See the 
 https://www.elastic.co/subscriptions[Subscriptions] page for information about 
 Elastic license levels.

docs/setup/production.asciidoc

@@ -23,7 +23,7 @@ and an Elasticsearch client node on the same machine. For more information, see
 [[configuring-kibana-shield]]
 === Using {stack} {security-features}
 
-You can use {stack-ov}/elasticsearch-security.html[{stack} {security-features}] 
+You can use {ref}/elasticsearch-security.html[{stack} {security-features}] 
 to control what {es} data users can access through Kibana.
 
 When {security-features} are enabled, Kibana users have to log in. They need to

docs/user/monitoring/configuring-monitoring.asciidoc

@@ -15,7 +15,7 @@ You can also use {kib} to
 <<monitoring-data,visualize monitoring data from across the {stack}>>.
 
 To learn about monitoring in general, see 
-{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. 
+{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. 
 
 include::monitoring-kibana.asciidoc[]
 include::monitoring-metricbeat.asciidoc[]

docs/user/monitoring/elasticsearch-details.asciidoc

@@ -23,7 +23,7 @@ highlighted in yellow or red.
 TIP: Conditions that require your attention are listed at the top of the
 Clusters page. You can also set up watches to alert you when the status
 of your cluster changes. To learn how, see
-{xpack-ref}/watch-cluster-status.html[Watch Your Cluster Health].
+{ref}/watch-cluster-status.html[Watch your cluster health].
 
 The panel at the top shows the current cluster statistics, the charts show the
 search and indexing performance over time, and the table at the bottom shows

docs/user/monitoring/index.asciidoc

@@ -21,7 +21,7 @@ NOTE: Watcher must be enabled to view cluster alerts. If you have a Basic
 license, Top Cluster Alerts are not displayed.
 
 For more information, see <<configuring-monitoring>> and 
-{stack-ov}/xpack-monitoring.html[Monitoring the {stack}].  
+{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster].  
 
 --
 

docs/user/monitoring/monitoring-kibana.asciidoc

@@ -13,7 +13,7 @@ which ultimately routes them to the monitoring cluster. For an alternative
 method, see <<monitoring-metricbeat>>. 
 
 To learn about monitoring in general, see 
-{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. 
+{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. 
 
 . Set the `xpack.monitoring.collection.enabled` setting to `true` on each
 node in the production cluster. By default, it is is disabled (`false`). 

docs/user/monitoring/monitoring-metricbeat.asciidoc

@@ -13,7 +13,7 @@ production cluster as described in <<monitoring-kibana>>.
 image::user/monitoring/images/metricbeat.png[Example monitoring architecture]
 
 To learn about monitoring in general, see 
-{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. 
+{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster]. 
 
 //NOTE: The tagged regions are re-used in the Stack Overview.
 
@@ -134,9 +134,9 @@ If the Elastic {security-features} are enabled, you must also provide a user
 ID and password so that {metricbeat} can collect metrics successfully. 
 
 .. Create a user on the production cluster that has the 
-`remote_monitoring_collector` {stack-ov}/built-in-roles.html[built-in role]. 
+`remote_monitoring_collector` {ref}/built-in-roles.html[built-in role]. 
 Alternatively, use the `remote_monitoring_user` 
-{stack-ov}/built-in-users.html[built-in user].
+{ref}/built-in-users.html[built-in user].
 
 .. Add the `username` and `password` settings to the {kib} module configuration 
 file.
@@ -197,9 +197,9 @@ provide a valid user ID and password so that {metricbeat} can send metrics
 successfully. 
 
 .. Create a user on the monitoring cluster that has the 
-`remote_monitoring_agent` {stack-ov}/built-in-roles.html[built-in role]. 
+`remote_monitoring_agent` {ref}/built-in-roles.html[built-in role]. 
 Alternatively, use the `remote_monitoring_user` 
-{stack-ov}/built-in-users.html[built-in user].
+{ref}/built-in-users.html[built-in user].
 
 .. Add the `username` and `password` settings to the {es} output information in 
 the {metricbeat} configuration file.

docs/user/monitoring/viewing-metrics.asciidoc

@@ -29,8 +29,8 @@ By default, data is retrieved from the cluster specified in the
 from a different cluster, set `xpack.monitoring.elasticsearch.hosts`.
 
 To learn more about typical monitoring architectures, 
-see {stack-ov}/how-monitoring-works.html[How monitoring works] and 
-{stack-ov}/monitoring-production.html[Monitoring in a production environment].
+see {ref}/how-monitoring-works.html[How monitoring works] and 
+{ref}/monitoring-production.html[Monitoring in a production environment].
 --
 
 . Verify that `xpack.monitoring.ui.enabled` is set to `true`, which is the
@@ -41,7 +41,7 @@ default value, in the `kibana.yml` file. For more information, see
 must provide a user ID and password so {kib} can retrieve the data. 
 
 .. Create a user that has the `monitoring_user` 
-{stack-ov}/built-in-roles.html[built-in role] on the monitoring cluster.
+{ref}/built-in-roles.html[built-in role] on the monitoring cluster.
 
 .. Add the `xpack.monitoring.elasticsearch.username` and 
 `xpack.monitoring.elasticsearch.password` settings in the `kibana.yml` file.
@@ -64,7 +64,7 @@ remote monitoring cluster, you must use credentials that are valid on both the
 --
 
 .. Create users that have the `monitoring_user` and `kibana_user` 
-{stack-ov}/built-in-roles.html[built-in roles].
+{ref}/built-in-roles.html[built-in roles].
 
 . Open {kib} in your web browser. 
 +

docs/user/reporting/automating-report-generation.asciidoc

@@ -25,12 +25,12 @@ number of seconds in the `Retry-After` header in the response until the PDF is r
 
 To configure a watch to email reports, you use the `reporting` attachment type
 in an `email` action. For more information, see
-{stack-ov}/actions-email.html#configuring-email[Configuring Email Accounts].
+{ref}/actions-email.html#configuring-email[Configuring email accounts].
 
 include::watch-example.asciidoc[]
 
 For more information about configuring watches, see
-{stack-ov}/how-watcher-works.html[How Watcher Works].
+{ref}/how-watcher-works.html[How {watcher} Works].
 
 == Deprecated Report URLs
 

docs/user/reporting/gs-index.asciidoc

@@ -16,13 +16,13 @@ The following Reporting button appears in the {kib} toolbar:
 
 image:images/reporting.jpg["Reporting",link="reporting.jpg"]
 
-You can also {stack-ov}/automating-report-generation.html[generate reports automatically].
+You can also <<automating-report-generation,generate reports automatically>>.
 
 IMPORTANT: Reports are stored in the `.reporting-*` indices. Any user with
 access to these indices has access to every report generated by all users.
 
-To use {reporting} in a production environment, {stack-ov}/securing-reporting.html[secure
-the Reporting endpoints].
+To use {reporting} in a production environment, <<secure-reporting,secure
+the Reporting endpoints>>.
 --
 
 include::getting-started.asciidoc[]

docs/user/security/audit-logging.asciidoc

@@ -12,7 +12,7 @@ audit logging to get a holistic view of all security related events.
 {kib} defers to {es}'s security model for authentication, data
 index authorization, and features that are driven by cluster-wide privileges.
 For more information on enabling audit logging in {es}, see
-{stack-ov}/auditing.html[Auditing Security Events].
+{ref}/auditing.html[Auditing security events].
 
 [IMPORTANT]
 ============================================================================