Merge branch 'master' of https://github.com/elastic/kibana into feature-secops

.backportrc.json

@@ -1,5 +1,5 @@
 {
   "upstream": "elastic/kibana",
-  "branches": [{ "name": "6.x", "checked": true }, "6.6", "6.5", "6.4", "6.3", "6.2", "6.1", "6.0", "5.6"],
+  "branches": [{ "name": "7.x", "checked": true }, "7.0", "6.7", "6.6", "6.5", "6.4", "6.3", "6.2", "6.1", "6.0", "5.6"],
   "labels": ["backport"]
 }

.ci/packer_cache.sh

@@ -21,6 +21,5 @@ tar -cf "$HOME/.kibana/bootstrap_cache/master.tar" \
   x-pack/node_modules \
   x-pack/plugins/*/node_modules \
   x-pack/plugins/reporting/.chromium \
-  x-pack/plugins/reporting/.phantom \
   test/plugin_functional/plugins/*/node_modules \
   .es;

.eslintignore

@@ -7,12 +7,12 @@ bower_components
 /optimize
 /built_assets
 /src/fixtures/vislib/mock_data
-/src/ui/public/angular-bootstrap
-/src/ui/public/flot-charts
+/src/legacy/ui/public/angular-bootstrap
+/src/legacy/ui/public/flot-charts
 /test/fixtures/scenarios
 /src/legacy/core_plugins/console/public/webpackShims
 /src/legacy/core_plugins/console/public/tests/webpackShims
-/src/ui/public/utils/decode_geo_hash.js
+/src/legacy/ui/public/utils/decode_geo_hash.js
 /src/legacy/core_plugins/timelion/public/webpackShims/jquery.flot.*
 /src/core/lib/kbn_internal_native_observable
 /packages/*/target
@@ -25,7 +25,7 @@ bower_components
 /packages/kbn-ui-framework/dist
 /packages/kbn-ui-framework/doc_site/build
 /packages/kbn-ui-framework/generator-kui/*/templates/
-/x-pack/plugins/gis/public/vendor/**
+/x-pack/plugins/maps/public/vendor/**
 /x-pack/coverage
 /x-pack/build
 /x-pack/plugins/**/__tests__/fixtures/**

.eslintrc.js

@@ -331,7 +331,7 @@ module.exports = {
      * GIS overrides
      */
     {
-      files: ['x-pack/plugins/gis/**/*'],
+      files: ['x-pack/plugins/maps/**/*'],
       rules: {
         'react/prefer-stateless-function': [0, { ignorePureComponents: false }],
       },

.github/CODEOWNERS

@@ -11,9 +11,13 @@
 # Canvas
 /x-pack/plugins/canvas/  @elastic/kibana-canvas
 
+# Machine Learning
+/x-pack/plugins/ml/  @elastic/ml-ui
+
 # Security
 /x-pack/plugins/security/  @elastic/kibana-security
 /x-pack/plugins/spaces/  @elastic/kibana-security
+/src/legacy/server/csp/ @elastic/kibana-security
 
 # Design
 **/*.scss  @elastic/kibana-design

.i18nrc.json

@@ -1,12 +1,14 @@
 {
   "paths": {
-    "common.ui": "src/ui",
-    "server": "src/server",
+    "common.ui": "src/legacy/ui",
+    "server": "src/legacy/server",
     "console": "src/legacy/core_plugins/console",
+    "core": "src/core",
     "inputControl": "src/legacy/core_plugins/input_control_vis",
     "inspectorViews": "src/legacy/core_plugins/inspector_views",
     "interpreter": "src/legacy/core_plugins/interpreter",
     "kbn": "src/legacy/core_plugins/kibana",
+    "kbnDocViews": "src/legacy/core_plugins/kbn_doc_views",
     "kbnVislibVisTypes": "src/legacy/core_plugins/kbn_vislib_vis_types",
     "markdownVis": "src/legacy/core_plugins/markdown_vis",
     "metricVis": "src/legacy/core_plugins/metric_vis",
@@ -27,6 +29,7 @@
     "xpack.idxMgmt": "x-pack/plugins/index_management",
     "xpack.indexLifecycleMgmt": "x-pack/plugins/index_lifecycle_management",
     "xpack.infra": "x-pack/plugins/infra",
+    "xpack.kueryAutocomplete": "x-pack/plugins/kuery_autocomplete",
     "xpack.licenseMgmt": "x-pack/plugins/license_management",
     "xpack.ml": "x-pack/plugins/ml",
     "xpack.logstash": "x-pack/plugins/logstash",
@@ -44,8 +47,9 @@
     "xpack.watcher": "x-pack/plugins/watcher"
   },
   "exclude": [
-    "src/ui/ui_render/bootstrap/app_bootstrap.js",
-    "src/ui/ui_render/ui_render_mixin.js",
+    "src/core/public/fatal_errors/get_error_info.ts",
+    "src/legacy/ui/ui_render/bootstrap/app_bootstrap.js",
+    "src/legacy/ui/ui_render/ui_render_mixin.js",
     "x-pack/plugins/infra/public/graphql/types.ts",
     "x-pack/plugins/infra/public/utils/loading_state/loading_result.ts",
     "x-pack/plugins/infra/server/graphql/types.ts",

.node-version

@@ -1 +1 @@
-10.14.1
+10.15.1

.nvmrc

@@ -1 +1 @@
-10.14.1
+10.15.1

CONTRIBUTING.md

@@ -172,15 +172,39 @@ yarn kbn bootstrap
 
 (You can also run `yarn kbn` to see the other available commands. For more info about this tool, see https://github.com/elastic/kibana/tree/master/packages/kbn-pm.)
 
-Start elasticsearch from a nightly snapshot.
+### Running Elasticsearch
+
+There are a few options when it comes to running Elasticsearch:
+
+First, you'll need to have a `java` binary in `PATH` and `JAVA_HOME` set. The version of Java required is specified in [.ci/java-version.properties](https://github.com/elastic/elasticsearch/blob/master/.ci/java-versions.properties) on the ES branch.
+
+**Nightly snapshot**
+
+These snapshots are built on a nightly basis which expire after a couple weeks. If running from an old, untracted branch this snapshot might not exist. In which case you might need to run from source or an archive.
 
 ```bash
 yarn es snapshot
 ```
 
-This will run Elasticsearch with a `basic` license. Additional options are available, pass `--help` for more information.
+**Source**
+
+By default, it will reference an [elasticsearch](https://github.com/elastic/elasticsearch) checkout which is a sibling to the Kibana directory named `elasticsearch`. If you wish to use a checkout in another location you can provide that by supplying `--source-path`
+
+```bash
+yarn es source
+```
+
+**Archive**
+
+Use this if you already have a distributable. For released versions, one can be obtained on the [Elasticsearch downloads](https://www.elastic.co/downloads/elasticsearch) page.
+
+```bash
+yarn es archive <full_path_to_archive>
+```
+
+
+Each of these will run Elasticsearch with a `basic` license. Additional options are available, pass `--help` for more information.
 
-> You'll need to have a `java` binary in `PATH` or set `JAVA_HOME`.
 
 If you're just getting started with `elasticsearch`, you could use the following command to populate your instance with a few fake logs to hit the ground running.
 

README.md

@@ -32,7 +32,7 @@ out an open PR:
 
 - [CONTRIBUTING.md](CONTRIBUTING.md) will help you get Kibana up and running.
 - If you would like to contribute code, please follow our [STYLEGUIDE.md](STYLEGUIDE.md).
-- Learn more about our UI code with [UI_SYSTEMS.md](src/ui/public/UI_SYSTEMS.md).
+- Learn more about our UI code with [UI_SYSTEMS.md](src/legacy/ui/public/UI_SYSTEMS.md).
 - For all other questions, check out the [FAQ.md](FAQ.md) and
 [wiki](https://github.com/elastic/kibana/wiki).
 

bin/kibana

@@ -21,4 +21,4 @@ if [ ! -x "$NODE" ]; then
   exit 1
 fi
 
-NODE_ENV=production exec "${NODE}" $NODE_OPTIONS --no-warnings "${DIR}/src/cli" ${@}
+NODE_ENV=production exec "${NODE}" --no-warnings --max-http-header-size=65536 $NODE_OPTIONS "${DIR}/src/cli" ${@}

bin/kibana.bat

@@ -14,7 +14,7 @@ If Not Exist "%NODE%" (
   Exit /B 1
 )
 
-"%NODE%" %NODE_OPTIONS% --no-warnings "%DIR%\src\cli" %*
+"%NODE%" --no-warnings --max-http-header-size=65536 %NODE_OPTIONS% "%DIR%\src\cli" %*
 
 :finally
 

docs/CHANGELOG.asciidoc

@@ -13,371 +13,12 @@
 
 This section summarizes the changes in each release.
 
-* <<release-notes-7.0.0-alpha2>>
-* <<release-notes-7.0.0-alpha1>>
+* <<release-notes-8.0.0-alpha1>>
 
 --
 
 
-[[release-notes-7.0.0-alpha2]]
-== {kib} 7.0.0-alpha2
-
-
-[float]
-[[breaking-7.0.0-alpha2]]
-=== Breaking changes
-
-For more details about breaking changes in this release, see 
-<<breaking-changes-7.0, Breaking changes in 7.0>>.
-
-[float]
-[[highlight-7.0.0-alpha2]]
-=== Highlights
-Canvas::
-* Canvas now has a template tab in the workpad manager where users can find workpad templates, 
-demos, and tutorials to help them get started. See {pull}23966[#23966] for more information.
-Kibana App:: 
-* Visualizations in Kibana will use a new data pipeline introduced as part of Canvas. 
-The change does not yet apply to Vega, Timelion, or Time Series Visual Builder (TSVB). 
-See {pull}25711[#25711] for more information.
-Index Lifecyle Management:: 
-* Implements a user interface to create, update, edit, or delete index lifecyle policies.
-See {pull}25553[#25553] for more information.
-
-[float]
-[[enhancement-7.0.0-alpha2]]
-=== Enhancements
-Canvas::
-* Implements a clipboard and stores the copied elements in `localStorage` {pull}25890[#25890]
-* Adds the ability to reuse assets without editing an element's expression {pull}25764[#25764]
-* Adds the `clear` function {pull}26397[#26397]
-* Adds workpad-level CSS {pull}24143[#24143]
-Dashboard::
-* Adds `href` option in addition to `onClick` for navigational links {pull}25233[#25233]
-Design::
-* Updates logos for marketing {pull}25489[#25489]
-* Adds Kibana 7.0 breadcrumbs to home screen {pull}26605[#26605]
-* Moves elastic/eui typings to single file {pull}23950[#23950]
-Kibana App::
-* Maps inspector requests by id so single requests can be reset at a time {pull}26770[#26770]
-* Adds ODBC to blurb for start trail {pull}27223[#27223]
-Management::
-* Adds `Request timestamp` to request inspector stats {pull}25667[#25667]
-* Adds "Reload indices" button to Index Management {pull}27033[#27033]
-Machine Learning::
-* Adds the configuration files for two new auditbeat data recognizer modules for 
-detecting unusual processes on hosts and Docker containers {pull}25716[#25716]
-* Adds support for saved searches created using Kuery to the job wizards {pull}26094[#26094]
-* Allows users to enter their own query in the Discover page; stops passing the query 
-from the job datafeed config in custom URLs {pull}26957[#26957]
-* Rewrites Calendar to React/EUI {pull}26741[#26741]
-* Converts Setting page to React/EUI {pull}27144[#27144]
-* Ensures loading indicator is present on initial jobs load {pull}27151[#27151]
-* Prevents a new calendar save if a calendar with that id already exists {pull}27104[#27104]
-Observability::
-* Adds a new plugin for Uptime Monitoring {pull}25480[#25480]
-Platform::
-* Adds `rest_total_hits_as_int` to all requests in platform code that eventually 
-look up `hits.total` {pull}26432[#26432]
-* Adds `dist` flag to the configuration context {pull}26545[#26545]
-* Prepares `@kbn/datemath` to be republished as `@elastic/datemath` {pull}26559[#26559]
-* Wraps `remote` methods in `browser` service {pull}26394[#26394]
-* Uses `stream.pipeline` to manage error handling {pull}27246[#27246]
-Querying & Filtering::
-* Moves the `buildESQuery` module (including filters and Kuery) into a separate package {pull}23345[#23345]
-* Adds comment explaining why `getComputedFields` adds a `docvalue` to `docvalue_fields` 
-for each date field in an index pattern. {pull}25725[#25725]
-* Moves filtering functions out of `vis.API.events` {pull}25280[#25280]
-Reporting::
-* Adds browser type to the reporting side panel {pull}26307[#26307]
-* Adds better logging for `waitForSelector` failure {pull}25762[#25762]
-* Enhances error messaging and handling {pull}26299[#26299]
-* Adds "Info" button in the Reporting listing {pull}25421[#25421]
-Rollups::
-* Adds support for rolling up metrics of date fields {pull}26450[#26450]
-Security::
-* Updates the GET `/api/security/role` endpoint to return the list of roles sorted 
-by name, rather than creation date {pull}26491[#26491]
-* Updates the Account Settings screen to show the change password form only when
-a password change is possible for the authentication realm {pull}26779[#26779]
-* Makes space selector a `button` {pull}26889[#26889]
-Visualizations::
-* Removes experimental flag from Visual Builder (TSVB) {pull}25634[#25634]
-* Implements new visualization type selection {pull}23833[#23833]
-* Removes `lab` stage for visualizations, making `experimental` the only non-production 
-stage available {pull}25702[#25702]
-
-[float]
-[[bug-7.0.0-alpha2]]
-=== Bug fixes
-Canvas::
-* Fixes page preview size issue {pull}26795[#26795]
-* Fixes visual bug when opening the workpad loader {pull}26647[#26647]
-* Fixes page thumbnail sizes {pull}26573[#26573]
-* Decreases size of tray toggle {pull}25470[#25470]
-* Makes selection border 1px {pull}26739[#26739]
-* Fixes interpreter socket error {pull}26870[#26870]
-Geo::
-* Resolves URL dynamically when requesting EMS data {pull}25685[#25685]
-* Fixes EMS hotlink {pull}26868[#26868]
-Infrastructure UI:: 
-* Fixes potential color bugs {pull}26292[#26292]
-* Fixes auto refresh button on node detail page {pull}26426[#26426]
-* Changes the time range from the last hour to the last 5 minutes for the Waffle Map {pull}26278[#26278]
-* Passes flag in request to force BWC hit count {pull}26517[#26517]
-* Replaces redux source slice with constate container {pull}26121[#26121]
-* Changes node detail link to set time range to 1 hour {pull}26977[#26977]
-* Stops showing sidenav while loading. {pull}27119[#27119]
-* Fixes styling after breaking EUI changes {pull}27021[#27021]
-* Fixes graphql type generation after package upgrades {pull}26991[#26991]
-* Removes usage of `ts-optchain` in the browser {pull}27148[#27148]
-Kibana App:: 
-* Fixes support for React 16.4+ by only resetting state if adaptors are updated {pull}26138[#26138]
-* Fixes scrolling list on Firefox {pull}26246[#26246]
-* Guards against empty and undefined index pattern arrays passed to QueryBar {pull}24607[#24607]
-* Removes unused indexPattern from vega/tsvb/timelion request handler {pull}26007[#26007]
-* Passes global filters from editor down to visualize  {pull}26009[#26009]
-* Stops using schemas in aggconfigs to output DSL {pull}26010[#26010]
-* Fixes `kbn-interpreter` package to not import from UI {pull}26161[#26161]
-* Fixes OSS dynamic plugin loading by reverting to Canvas way of loading plugins {pull}26463[#26463]
-* Fixes other bucket option to correctly apply without having to change other settings {pull}26874[#26874]
-* Adds `en` as a valid numeral locale setting {pull}25948[#25948]
-* Adds `rest_total_hits_as_int` into Kibana App {pull}26404[#26404]
-* Uses Canvas pipeline to fetch data inside Visualize {pull}25996[#25996]
-Management::
-* Fixes index pattern wizard when there are remote clusters but no local indices  {pull}24339[#24339]
-* Uses new `_graph` endpoints {pull}26956[#26956]
-* Adjusts spacing of Management navigation items {pull}25666[#25666]
-* Updates "Disenroll" text to be consistent with menu option "Unenroll" {pull}26816[#26816]
-* Fixes broken breadcrumb link for index management {pull}27164[#27164]
-* Fixes issue with multiple execution in Console {pull}26933[#26933]
-* Reloads full index list when reload hits missing index {pull}27197[#27197]
-Machine Learning::
-* Allows user to add/edit/delete annotations in the Single Series Viewer {pull}26034[#26034]
-* Does not pass datafeed query to Discover in custom URL {pull}26957[#26957]
-* Fixes word break in Anomalies and Jobs tables {pull}26978[#26978]
-* Fixes alignment of filter icons in the Anomalies table {pull}26253[#26253]
-Monitoring::
-* Fixes error handling for local stats collection/permissions {pull}26560[#26560]
-* Removes initial delay to check and send Telemetry data {pull}26575[#26575]
-* Pulls local Kibana usage stats {pull}26496[#26496]
-* Converts the Elasticsearch monitoring UIs to using EUI tables and page layout {pull}26217[#26217]
-Platform & Operations::
-* Decreases start limit and interval {pull}25474[#25474]
-* Adds `--download` flag to snapshot command to warm the cache {pull}25830[#25830]
-* Implements `--prefer-offline` flag {pull}25840[#25840]
-* Fixes watcher routes broken by Hapi upgrade {pull}26713[#26713]
-* Fixes non-conforming licenses on devDependencies and adds the ability to whitelist devOnly licenses {pull}23859[#23859]
-* Watches optimizer cache invalidation  {pull}24172[#24172]
-* Adds `normalizePath` in order to fix watch optimizer when running on Windows {pull}26486[#26486]
-* Creates vendor dll for the client modules {pull}22618[#22618]
-* Upgrades to NodeJS 10 {pull}25157[#25157]
-* Improves plugin version mismatch error message {pull}25774[#25774]
-* Improves build/packaging {pull}26096[#26096]
-* Swaps `jstimezonedetect` with `moment.tz.guess` {pull}21800[#21800]
-* Upgrades resize-observer-polyfill version {pull}26990[#26990]
-* Fixes saved objects client `_processBatchQueue` function to handle errors {pull}26763[#26763]
-* Changes kbn pm webpack config to generate dist files in mode=none {pull}26847[#26847]
-* Hides logs from deleteAll on task: clean client modules into dll {pull}26884[#26884]
-* Upgrades `resize-observer-polyfill` version {pull}26990[#26990]
-* Uses `single-node` discovery type for the test ES node/cluster {pull}27125[#27125]
-* Moves moment to peerDependency in elastic-datemath {pull}27264[#27264]
-Reporting::
-* Deletes `sortOrder` once items have been sorted and does not pass to `EuiContextMenuItem` 
-in the share context menu {pull}26890[#26890]
-* Fixes a regression bug in detection of Error and Warning toast notifications {pull}25482[#25482]
-* Stops passing an empty `formatConfig` to the fieldFormats helper {pull}27168[#27168]
-Rollups:: 
-* Shows loading state in Rollup Job detail panel. {pull}25752[#25752]
-* Specifies Rollup Jobs breadcrumbs in header. {pull}26590[#26590]
-* Requires histogram interval in Rollup Job wizard to be a whole number. {pull}26596[#26596]
-Security::
-* Moves the server-side `SavedObjectClient` types from the `spaces` plugin to the 
-same location as the corresponding JavaScript source files {pull}26448[#26448]
-* Respects the `basePath` for the link to the user profile in the k7 header {pull}26417[#26417]
-* Fixes `prettier` throw rule error  {pull}26071[#26071]
-* Fixes authentication logic to fail out of auth flow on first provider failure {pull}26648[#26648]
-* Fixes issues with the `url.search` being null in Node 10 {pull}26992[#26992]
-* Fixes DLS query toggle on the role management page {pull}27213[#27213]
-Visualizations::
-* Fixes filter function on pie chart segment {pull}26321[#26321]
-* Rewrites URL when closing vis type selection modal {pull}26327[#26327]
-* Changes unbind calls from `.on` to `.off` {pull}24575[#24575]
-* Fixes date field in controls visualization by generating labels with the field 
-formatter {pull}25654[#25654]
-* Replaces LESS files with Sass in `ui/public/vis`, `visLib`, and `visualize` {pull}25333[#25333]
-* Replaces LESS files with Sass for the visualization types in `core_plugin/metrics` {pull}24250[#24250]
-* Moves `timeout` to `_msearch` body to fix time series visual builder requests {pull}26510[#26510]
-* Adds description for all visualization types {pull}26243[#26243]
-
-
-
-
-
-
-[[release-notes-7.0.0-alpha1]]
-== {kib} 7.0.0-alpha1
-
-[float]
-[[breaking-7.0.0]]
-=== Breaking changes
-
-For more details about breaking changes in this release, see 
-<<breaking-changes-7.0, Breaking changes in 7.0>>.
-
-Discover::
-* Does not apply `query:queryString:options` to `query_string` filters {pull}15640[#15640]
-* Removes `default_field` from `query:queryString:options` {pull}18966[#18966]
-
-Monitoring::
-* Removes `node_resolver` setting {pull}21181[#21181]
-
-Operations::
-* Removes tribe node support {pull}16397[#16397]
-* Creates separate startup scripts for development and production {pull}13806[#13806]
-* Sets default port based on protocol  {pull}21564[#21564]
-* Removes deprecated `/shorten` API {pull}21861[#21861]
-
-[float]
-[[deprecation-7.0.0]]
-=== Deprecations
-
-Geo::
-* Fixes legacy tilemap loading {pull}22095[#22095]
-
-[float]
-[[K7-design-7.0.0]]
-=== K7 UI Design
-
-{kib} 7.0.0-alpha1 includes a new design for {kib} called K7. In this early stage, 
-K7 is still a little rough around the edges. If you'd like to switch back to the 
-existing K6 design, go to *Management > Advanced Settings* and turn 
-off the *k7design* setting. The option to switch to the old design 
-will be removed before 7.0.0 GA.
-
-[float]
-[[enhancement-7.0.0]]
-=== Enhancements
-
-Machine Learning::
-* Updates job type and APM module icon to new designs {pull}25380[#25380]
-* Allows model plot enablement via checkbox in  MultiMetric/Population Job creation {pull}24914[#24914]
-* Adds support for the rare detector for charts in Anomaly Explorer and Singe Metric viewer {pull}21524[#21524]
-
-Reporting::
-* Adds png output to reports {pull}24759[#24759]
-* Sorts ascending on sort order first then ascending on name. Any menu item 
-without a sort order gets set to zero. {pull}25058[#25058]
-
-Visualizations::
-* Adds a console.error for visualize errors {pull}24581[#24581]
-
-[float]
-[[bug-7.0.0]]
-=== Bug fixes
-
-APM::
-* Overrides EUI chart default styles for gridlines {pull}21723[#21723]
-* Adds section titles to span detail modal {pull}20717[#20717]
-
-Canvas::
-* Fixes duplicate `Value` options in math select value {pull}25556[#25556]
-* Gets correct plugins path {pull}25448[#25448]
-* Quotes the index pattern in SQL input {pull}25488[#25488]
-* Decreases the size of tray toggle {pull}25470[#25470]
-* Improves the plugin pre-build {pull}25267[#25267]
-
-Dashboard::
-* Removes `dashboardContext` function and makes Timelion, Vega, and Time Series 
-Visual Builder use `buildEsQuery` {pull}23227[#23227]
-
-Design::
-* Converts Security UI from LESS to Sass {pull}25079[#25079]
-* Adds boilerplate Sass for Kibana core {pull}21185[#21185]
-
-Discover::
-* Adds debug code to flaky field_data test {pull}15535[#15535]
-* Gets even more debug info for flaky field_data test {pull}17627[#17627]
-
-Geo::
-* Fixes feature/align map config settings {pull}19450[#19450]
-
-Kibana App::
-
-* Adds warning to the `documentation_links` file about link validation gotcha {pull}24786[#24786]
-* Adds workaround for `getDerivedStateFromProps` change in react 16.4 {pull}25142[#25142]
-
-Kibana Home &amp; Add Data::
-* Fixes "Set up index patterns" link on home page {pull}16128[#16128]
-
-Machine Learning::
-* Shows useful error on invalid query in JobList search bar {pull}25153[#25153]
-* Adds user privilege check to Jobs List group selector control {pull}25225[#25225]
-* Fixes file data viz file size check and formats as bytes {pull}25295[#25295]
-* Fixes the layout of the cards in the Data Visualizer on IE {pull}25383[#25383]
-* Adds better error reporting for reading and importing data {pull}24269[#24269]
-* Displays an ordinal y axis for low cardinality rare charts {pull}24852[#24852]
-* Fixes typo in job validation message {pull}25130[#25130]
-* Removes deprecated `angularjs` based jobs list and related code {pull}25216[#25216]
-
-Management::
-* Adds boilerplate for remote clusters management app {pull}25369[#25369]
-* Adds `ignore_failure` to ingest common auto complete in console {pull}24915[#24915]
-* Removes support for expression-based scripted fields {pull}14310[#14310]
-* Adds WatchErrors to capture invalid watches {pull}23887[#23887]
-* Rewords the translation id for error with missing property in Watcher {pull}24753[#24753]
-
-Monitoring::
-* Renames Monitoring `FormattedMessage` to `FormattedAlert` {pull}24197[#24197]
-* Uses the cluster name from metadata if it exists {pull}24495[#24495]
-
-Operations::
-* Removes node fallback from kibana-keystore {pull}15066[#15066]
-* Adds debug script to set inspect flags {pull}15967[#15967]
-* Uses snake case for scripts/kibana-keystore.js and scripts/kibana-plugin.js {pull}15331[#15331]
-* Updates license info in package.json {pull}20353[#20353]
-* Fixes error log formatting {pull}24788[#24788]
-* Matches chalk dependency version on Kibana with the one used on X-Pack {pull}20621[#20621]
-* Fixes non-conforming licenses on devDependencies and adds the ability to whitelist devOnly licenses {pull}23859[#23859]
-* Adds jsxa11y into eslint rules {pull}23932[#23932]
-* Reverts Bump react-grid-layout to 0.16.0 {pull}14912[#14912]
-* Reverts breaking change for Status API {pull}21927[#21927]
-* Converts `utils/collection` to TypeScript {pull}23992[#23992]
-* Removes usage of update_all_types {pull}16406[#16406]
-* Improves the `yarn kbn bootstrap` speed by using yarn workspaces for packages inside `packages/*` and `x-pack` {pull}24095[#24095]
-* Runs jenkins:unit task with dev flag in order to run license check {pull}19832[#19832]
-* Does not break on startup in debug mode {pull}19219[#19219]
-
-
-Platform::
-* Transforms plugin deprecations before checking for unused settings {pull}21294[#21294]
-* Expands list of restricted globals in `eslint-config-kibana` {pull}15798[#15798]
-* Makes logs easier to read on Windows with chalk colors {pull}15557[#15557]
-
-Querying &amp; Filtering::
-* Fixes wildcard queries against the default field {pull}24778[#24778]
-
-Reporting::
-* Returns promise in Reporting jobs API {pull}24769[#24769]
-
-Security::
-* Implements the K7 login screen {pull}23512[#23512]
-
-Sharing::
-
-* Fixes issue with debounce function running after component was unmounted {pull}15045[#15045]
-
-Visualizations::
-* Defaults the scroll wheel zoom to false on Vega maps {pull}21169[#21169]
-* Fixes problem within the input_vis_control plugin that prevents it from updating correctly 
-if the field is switched, and then switched back to the previous field {pull}25164[#25164]
-* Uses `vega-nocanvas` instead of vega lib {pull}16137[#16137]
-* Migrates visualization from Angular to React {pull}16425[#16425]
-* Fixes maps for reporting (#15272) {pull}15358[#15358]
-* Stops creation of nested search source per postflightrequest {pull}20373[#20373]
-* Moves inspector code from Vis to embeddable visualize handler {pull}24112[#24112]
-* Removes inspector from Vis {pull}24112[#24112]
-
-
-
+[[release-notes-8.0.0-alpha1]]
+== {kib} 8.0.0-alpha1
 
+coming[8.0.0]

docs/api/saved-objects/bulk_create.asciidoc

@@ -33,6 +33,9 @@ contains the following properties:
 `attributes` (required)::
   (object) The data to persist
 
+`references` (optional)::
+  (array) An array of objects with `name`, `id`, and `type` properties that describe the other saved objects this object references. The `name` can be used in the attributes to refer to the other saved object, but never the `id`, which may be updated automatically in the future during migrations or import/export.
+
 `version` (optional)::
   (number) Enables specifying a version
 

docs/api/saved-objects/create.asciidoc

@@ -33,6 +33,8 @@ Note: You cannot access this endpoint via the Console in Kibana.
 `attributes` (required)::
   (object) The data to persist
 
+`references` (optional)::
+  (array) An array of objects with `name`, `id`, and `type` properties that describe the other saved objects this object references. The `name` can be used in the attributes to refer to the other saved object, but never the `id`, which may be updated automatically in the future during migrations or import/export.
 
 ==== Examples
 

docs/api/saved-objects/find.asciidoc

@@ -21,12 +21,16 @@ Note: You cannot access this endpoint via the Console in Kibana.
   (number) The page of objects to return
 `search` (optional)::
   (string) A {ref}/query-dsl-simple-query-string-query.html[simple_query_string] Elasticsearch query to filter the objects in the response
+`default_search_operator` (optional)::
+  (string) The default operator to use for the `simple_query_string`
 `search_fields` (optional)::
   (array|string) The fields to perform the `simple_query_string` parsed query against
 `fields` (optional)::
   (array|string) The fields to return in the response
 `sort_field` (optional)::
   (string) The field on which the response will be sorted
+`has_reference` (optional)::
+  (object) Filters to objects having a relationship with the type and id combination
 
 [NOTE]
 ==============================================

docs/api/saved-objects/update.asciidoc

@@ -26,6 +26,8 @@ Note: You cannot access this endpoint via the Console in Kibana.
 `attributes` (required)::
   (object) The data to persist
 
+`references` (optional)::
+  (array) An array of objects with `name`, `id`, and `type` properties that describe the other saved objects this object references. The `name` can be used in the attributes to refer to the other saved object, but never the `id`, which may be updated automatically in the future during migrations or import/export.
 
 ==== Examples
 

docs/apm/bottlenecks.asciidoc

@@ -2,25 +2,24 @@
 [[apm-bottlenecks]]
 == Visualizing Application Bottlenecks
 
-Elastic APM monitors transactions and errors in your application. A transaction
-can be a request to your server or a batch job or a custom transaction type.
-You can see information about response times, requests per minute, and status
-codes per endpoint. You can also dive into a specific request sample and get a
-complete waterfall view of what your application is spending its time on. For
-example, you might see that the bottlenecks are in database queries, cache
-calls, or external requests. This information enables you to easily compare and
-debug fast responses to slow responses.
+Elastic APM captures different types of information from within instrumented applications:
 
-//TBD: What are we wanting them to notice in the following screenshot?
-//For example, the APM UI shows that the following transaction is spending over 400 ms querying the orders database?
+* {apm-overview-ref-v}/transaction-spans.html[*Spans*] contain information about a specific code path that has been executed.
+They measure from the start to end of an activity,
+and they can have a parent/child relationship with other spans.
+* {apm-overview-ref-v}/transactions.html[*Transactions*] are a special kind of span that have extra metadata associated with them.
+You can think of transactions as the highest level of work you’re measuring within a service.
+As an example, a transaction could be a request to your server, a batch job, or a custom transaction type.
+* {apm-overview-ref-v}/errors.html[*Errors*] contain information about the original exception that occurred or about a log created when the exception occurred.
 
-[role="screenshot"]
-image::apm/images/apm-transaction.png[Example view of a transaction in the APM UI in Kibana]
+Each of these information types have a specific page associated with them in the APM UI.
+These various pages display the captured data in curated charts and tables that allow you to easily compare and debug your applications.
 
-For each incoming request and each application error, you can also see
-contextual information such as the request header, user information, system
-values, or custom data that you manually attached to the request.
+For example, you can see information about response times, requests per minute, and status codes per endpoint.
+You can even dive into a specific request sample and get a complete waterfall view of what your application is spending its time on.
+You might see that your bottlenecks are in database queries, cache calls, or external requests.
+For each incoming request and each application error,
+you can also see contextual information such as the request header, user information,
+system values, or custom data that you manually attached to the request.
 
-Having access to application-level insights with just a few clicks can
-drastically decrease the time you spend debugging errors, slow response times,
-and crashes.
+Having access to application-level insights with just a few clicks can drastically decrease the time you spend debugging errors, slow response times, and crashes.

docs/apm/errors.asciidoc

@@ -0,0 +1,46 @@
+[[errors]]
+=== Errors overview
+
+TIP: {apm-overview-ref-v}/errors.html[Errors] are defined as groups of exceptions with matching exception or log messages.
+
+The *Errors* overview provides a high-level view of the error message and culprit,
+the number of occurrences, and the most recent occurrence.
+Just like the transaction overview, you'll notice we group together like errors.
+This makes it very easy to quickly see which errors are affecting your services,
+and to take actions to rectify them.
+
+[role="screenshot"]
+image::apm/images/apm-errors-overview.png[Example view of the errors overview in the APM UI in Kibana]
+
+Selecting an error group ID or error message brings you to the *Error group*.
+
+[role="screenshot"]
+image::apm/images/apm-error-group.png[Example view of the error group page in the APM UI in Kibana]
+
+Here, you'll see the error message, culprit, and the number of occurrences over time.
+
+Further down, you'll see the Error occurrence table.
+This is where you can see the details of a sampled error within this group.
+The error shown is always the most recent to occur.
+
+Each error occurrence features a breakdown of the exception, including the stack trace from when the error occurred,
+and additional contextual information to help debug the issue.
+In some cases, you might also see a Transaction sample ID.
+This feature allows you to make a connection between the errors and transactions,
+by linking you to the specific transaction where the error occurred.
+This allows you to see the whole trace, including which services the request went through. 
+
+[float]
+[[errors-alerts-with-watcher]]
+==== Error reports with Watcher
+
+You can use the power of the alerting features with Watcher to get reports on error occurrences.
+The Watcher assistant, which is available on the errors overview, can help you set up a watch per service.
+
+Configure the watch with an occurrences threshold, time interval, and the desired actions, such as email or Slack notifications.
+With Watcher, your team can set up reports within minutes.
+
+Watches are managed separately in the dedicated Watcher UI available in Advanced Settings.
+
+[role="screenshot"]
+image::apm/images/apm-errors-watcher-assistant.png[Example view of the Watcher assistant for errors in APM UI in Kibana]

docs/apm/getting-started.asciidoc

@@ -2,21 +2,20 @@
 [[apm-getting-started]]
 == Getting Started
 
-If you have not already installed and configured Elastic APM, the
-**APM > Getting Started** page in {kib} provides information to help you
-complete the setup.
+If you have not already installed and configured Elastic APM,
+the *Setup Instructions* will get you started.
 
 [role="screenshot"]
-image::apm/images/apm-setup.jpg[Installation instructions on the APM page in Kibana]
+image::apm/images/apm-setup.png[Installation instructions on the APM page in Kibana]
 
-After you install the Elastic APM agent library in your application, the
-application automatically appears in the APM UI in {kib}. No further
-configuration is required.
+After you install the Elastic APM agent library in your application,
+the application automatically appears in the APM UI in {kib}.
+No further configuration is required.
 
-If you also use Elastic Stack for logging and server-level metrics, you can
-optionally import the APM dashboards that come with the APM Server. You can use
-these APM-specific visualizations to correlate APM data with other data sources.
-To get the dashboards, click the "Load Kibana objects" button at the bottom of the Getting Started guides for APM in Kibana.
+If you also use the Elastic Stack for logging and server-level metrics,
+you can import the APM dashboards that come with the APM Server.
+You can use these APM specific visualizations to correlate APM data with other data sources.
+To get the dashboards, click *Load Kibana objects* at the bottom of the Setup Instructions.
 
-For more setup information, see
-{apm-get-started-ref}/index.html[Getting Started with APM].
+[role="screenshot"]
+image::apm/images/apm-setup-dashboards.png[Install dashboards for APM in Kibana]

docs/apm/index.asciidoc

@@ -11,11 +11,16 @@ The **APM** page in {kib} is provided with the basic license. It
 enables developers to drill down into the performance data for their applications
 and quickly locate the performance bottlenecks.
 
-For more information about the components of Elastic APM, see
-{apm-get-started-ref}/overview.html[APM Overview].
+* <<apm-getting-started>>
+* <<apm-bottlenecks>>
+* <<apm-ui>>
 
+NOTE: For more information about the components of Elastic APM,
+see the {apm-get-started-ref}/overview.html[APM Overview].
 --
 
 include::getting-started.asciidoc[]
+
 include::bottlenecks.asciidoc[]
+
 include::using-the-apm-ui.asciidoc[]

docs/apm/metrics.asciidoc

@@ -0,0 +1,26 @@
+[[metrics]]
+=== Metrics overview
+
+The *Metrics* overview shows a combination of transaction, error, CPU, and memory data.
+
+If you're experiencing a problem with your service, you can use this page to attempt to find the underlying cause.
+For example, you might be able to correlate a high number of errors with a long transaction duration, high CPU usage, or a memory leak.   
+
+[role="screenshot"]
+image::apm/images/apm-metrics.png[Example view of the Metrics overview in APM UI in Kibana]
+
+[[machine-learning-integration]]
+=== Machine Learning integration
+
+The Machine Learning integration will initiate a new job predefined to calculate anomaly scores on transaction response times.
+The response time graph will show the expected bounds and annotate the graph when the anomaly score is 75 or above.
+
+[role="screenshot"]
+image::apm/images/apm-ml-integration.png[Example view of anomaly scores on response times in APM UI in Kibana]
+
+Jobs can be created per transaction type and based on the average response time.
+You can manage jobs in the *Machine Learning jobs management*.
+It might take some time for results to appear on the graph.
+
+Machine learning is a platinum feature. For a comparison of the Elastic license levels,
+see https://www.elastic.co/subscriptions[the subscription page]. 

docs/apm/query-bar.asciidoc

@@ -0,0 +1,31 @@
+[[query-bar]]
+=== Advanced queries
+
+The query bar is a powerful data query feature.
+Similar to the query bar in {kibana-ref}/discover.html[Discover],
+it enables you to pass advanced queries on your data to filter on particular pieces of information that you're interested in.
+It comes with a handy autocomplete that helps find the fields and even provides suggestions to the data they include.
+You can select the query bar and hit the down arrow on your keyboard to begin seeing recommendations.
+
+When querying, you're simply searching and selecting data from fields in Elasticsearch documents.
+It may be helpful to view some of your documents in {kibana-ref}/discover.html[Discover] to better understand how APM data is stored in Elasticsearch. 
+
+The query bar is available in the Services, Transactions, Errors, Metrics, and Traces views,
+and any input will persist as you move between pages.
+
+TIP: Interactions with the query bar change the URL of the page you're on.
+This means you can simply copy and paste the URL of your page to share a specific query or view with others.
+
+In the screenshot below, you can begin to see some of the transaction fields available for filtering on:  
+
+[role="screenshot"]
+image::apm/images/apm-query-bar.png[Example of the Kibana Query bar in APM UI in Kibana]
+
+==== Example queries
+
+* Exclude response times slower than 2000 ms: `transaction.duration.us > 2000000`
+* Filter by response status code: `context.response.status_code >= 400`
+* Filter by single user ID: `context.user.id : 12`
+* View _all_ transactions for an endpoint, instead of just a sample - `processor.event: "transaction" AND transaction.name: "<TRANSACTION_NAME_HERE>"`
+
+TIP: Read the {kibana-ref}/kuery-query.html[Kibana Query Language Enhancements] documentation to learn more about the capabilities of the {kib} query language.

docs/apm/services.asciidoc

@@ -0,0 +1,10 @@
+[[services]]
+=== Services overview
+
+The *Services* overview gives you quick insights into the health and general performance of each service.
+The <<set-time-filter,global time range filter>> in {kib} defines which services are available.
+
+You can add services by setting the `service.name` configuration in each of the {apm-agents-ref}[APM agents] you’re instrumenting.
+
+[role="screenshot"]
+image::apm/images/apm-services-overview.png[Example view of services table the APM UI in Kibana]

docs/apm/spans.asciidoc

@@ -0,0 +1,40 @@
+[[spans]]
+=== Span timeline
+
+TIP: A {apm-overview-ref-v}/transaction-spans.html[span] is defined as the duration of a single event.
+Spans are automatically captured by APM agents, and you can also define custom spans.
+Each span has a type and is defined by a different color in the timeline/waterfall visualization.
+
+The span timeline visualization is a bird's-eye view of what your application was doing while it was trying to respond to the request that came in.
+This makes it useful for visualizing where the selected transaction spent most of its time.
+
+[role="screenshot"]
+image::apm/images/apm-distributed-tracing.png[Example view of the distributed tracing in APM UI in Kibana]
+
+View a span in detail by clicking on it in the timeline waterfall.
+For example, in the below screenshot we've clicked on an SQL Select database query.
+The information displayed includes the actual SQL that was executed, how long it took,
+and the percentage of the trace's total time.
+You also get a stack trace, which shows the SQL query in your code.
+Finally, APM knows which files are your code and which are just modules or libraries that you've installed.
+These library frames will be minimized by default in order to show you the most relevant stack trace. 
+
+[role="screenshot"]
+image::apm/images/apm-span-detail.png[Example view of a span detail in the APM UI in Kibana]
+
+If your span timeline is colorful, it's indicative of a <<distributed-tracing,distributed trace>>.
+Services in a distributed trace are separated by color and listed in the order they occur.
+
+[role="screenshot"]
+image::apm/images/apm-services-trace.png[Example of distributed trace colors in the APM UI in Kibana]
+
+Don't forget, a distributed trace includes more than one transaction.
+When viewing these distributed traces in the timeline waterfall, you'll see this image:apm/images/transaction-icon.png[APM icon] icon,
+which indicates the next transaction in the trace.
+These transactions can be expanded and viewed in detail by clicking on them.
+
+After exploring these traces,
+you can return to the full trace by clicking *View full trace* in the upper right hand corner of the page.
+
+[role="screenshot"]
+image::apm/images/apm-view-full-trace.png[Example of distributed trace colors in the APM UI in Kibana]

docs/apm/traces.asciidoc

@@ -0,0 +1,36 @@
+[[traces]]
+=== Traces overview
+
+The *Traces* overview displays the entry transaction for all traces in your application.
+If you're using <<distributed-tracing>>, this view is key to finding the critical paths within your application.
+Transactions with the same name are grouped together and only shown once in this table.
+
+By default, transactions are sorted by _Impact_.
+Impact helps show the most used and slowest endpoints in your service - in other words,
+it's the collective amount of pain a specific endpoint is causing your users.
+If there's a particular endpoint you're worried about, you can click on it to view the <<transaction-details, transaction details>>.
+
+[role="screenshot"]
+image::apm/images/apm-traces.png[Example view of the Traces overview in APM UI in Kibana]
+
+[float]
+[[distributed-tracing]]
+==== Distributed tracing
+
+Elastic APM supports distributed tracing.
+Distributed tracing is a key feature of modern application performance monitoring as application architectures are shifting from monolithic to more distributed,
+service-based architectures.
+
+Distributed tracing allows APM users to automatically trace requests all the way through the service architecture,
+and visualize those traces in one single view in the APM UI.
+This is accomplished by tracing all of the requests, from the initial web request to your front-end service,
+to queries made to your back-end services.
+This makes finding possible bottlenecks throughout your application much easier and faster.
+
+By definition, a distributed trace includes more than one transaction.
+You can use the <<spans,span timeline visualization>> to view a waterfall display of all of the transactions from individual services that are connected in a trace.
+
+[role="screenshot"]
+image::apm/images/apm-distributed-tracing.png[Example view of the distributed tracing in APM UI in Kibana]
+
+TIP: Distributed tracing is supported by all APM agents and there’s no additional configuration needed.

docs/apm/transactions.asciidoc

@@ -0,0 +1,90 @@
+[[transactions]]
+=== Transaction overview
+
+TIP: A {apm-overview-ref-v}/transactions.html[transaction] describes an event captured by an Elastic APM agent instrumenting a service.
+The APM agents automatically collect performance metrics on HTTP requests, database queries, and much more.
+
+// Clicking *service* brings you to detail of transaction
+Selecting a <<services,*service*>> will display all associated *transactions*.
+The charts and table on this dashboard display the transaction duration, requests per minute, and a list of transactions for the selected service.
+
+[role="screenshot"]
+image::apm/images/apm-transactions-overview.png[Example view of transactions table in the APM UI in Kibana]
+
+*Transaction duration* shows the response times for this service and is broken down into average, 95th, and 99th percentile.
+If there's a weird spike that you'd like to investigate,
+you can simply zoom in on the graph - this will adjust the specific time range,
+and all of the data on the page will update accordingly.
+
+*Requests per minute* is divided into response codes: 2xx, 3xx, 4xx, etc.,
+and is useful for determining if you're serving more of one code than you typically do.
+Like in the Transaction duration graph, you can zoom in on anomalies to further investigate them.
+
+The table at the bottom is similar to the <<traces,traces>> overview and shows the name of each transaction occurring in the selected service.
+Transactions with the same name are grouped together and only shown once in this table.
+By default, transactions are sorted by _Impact_.
+Impact helps show the most used and slowest endpoints in your service - in other words,
+it's the collective amount of pain a specific endpoint is causing your users.
+If there's a particular endpoint you're worried about, you can click on it to view the <<transaction-details, transaction details>>.
+
+[IMPORTANT]
+====
+The transaction overview will only display helpful information when the transactions in your service are named correctly.
+
+Elastic APM Agents come with built-in support for popular frameworks out-of-the-box.
+However, if you only see one route in the Transaction overview page, or if you have transactions named "unknown route",
+it could be a symptom that the agent either wasn't installed correctly or doesn't support your framework. 
+
+For further details, including troubleshooting and custom implementation instructions,
+refer to the documentation for each {apm-agents-ref}[APM Agent] you've implemented.
+====
+
+[[transaction-details]]
+==== Transaction details
+
+Selecting a transaction group will bring you to the *transaction* details.
+Transaction details include a high-level overview of the transaction group duration,
+requests per minute, and transaction group duration distribution.
+It's important to note that all three of these graphs show data from every transaction within the selected transaction group. 
+
+[role="screenshot"]
+image::apm/images/apm-transaction-response-dist.png[Example view of response time distribution]
+
+A single sampled transaction is also displayed.
+This sampled transaction is based on your selection in the *Transactions duration distribution*.
+You can update the sampled transaction by selecting a new _bucket_ in the transactions duration distribution graph.
+The number of requests per bucket is displayed when hovering over the graph, and the selected bucket is highlighted to stand out.
+
+[role="screenshot"]
+image::apm/images/apm-transaction-duration-dist.png[Example view of transactions duration distribution graph]
+
+Let's look at an example.
+In the screenshot below,
+you'll notice most of our requests fall into buckets on the left side of the graph,
+with a long tail of smaller buckets to the right.
+This is a typical distribution, and indicates most of our requests were served quickly - awesome!
+It's the requests on the right, the ones taking longer than average, that we probably want to focus on.
+By clicking on these buckets,
+we're presented with a span timeline waterfall showing what a typical request in that bucket was doing.
+By investigating this timeline waterfall, we can hopefully see why it was slow and then implement a fix.
+
+[role="screenshot"]
+image::apm/images/apm-transaction-sample.png[Example view of transactions sample]
+
+NOTE: More information on timeline waterfalls is available in <<spans, spans>>.
+
+For a particular transaction sample, we can get even more information in the tabs:
+
+* *Timeline* - See the <<spans, Spans>> section for more information.
+* *Request* - The URL, headers, body, etc..
+* *Response* - The response.
+* *System* - The system hostname, architecture, platform, etc..
+* *Service* - The service/application runtime, agent, name, etc..
+* *Process* - The process id that served up the request.
+* *User* - This requires additional configuration, but allows you to see which user experienced the current transaction.
+This can be extremely useful if it's determined that specific users are getting slow requests.
+* *Tags* - Useful if you want to start correlating transactions with log files or metrics from Metricbeat.
+* *Custom* - You can configure your agent to add custom contextual information on transactions.
+
+TIP: All of this data is stored in documents in Elasticsearch.
+This means you can select "Actions - View sample document" to see the actual Elasticsearch document under the discover tab.

docs/apm/using-the-apm-ui.asciidoc

@@ -1,91 +1,32 @@
 [role="xpack"]
 [[apm-ui]]
-== Using the APM UI
+== Using APM
 
-The APM UI is designed to be as intuitive as possible, but you might come across certain terms or concepts that don’t feel native to you. Not to worry, that’s why we’ve created this guide to help you get the most out of the solution.
+APM is designed to be as intuitive as possible,
+but you might come across certain terms or concepts that don’t feel native to you.
+Not to worry, we've created this guide to help you get the most out of Elastic APM.
 
-* <<services>>
-* <<transactions>>
-* <<spans>>
-* <<errors>>
-* <<errors-alerts-with-watcher>>
-* <<machine-learning-integration>>
-* <<query-bar>>
+APM is available via the navigation sidebar in {Kib}.
 
-[[services]]
-=== Services
+* <<services,Services overview>>
+* <<traces,Traces overview>>
+* <<transactions,Transaction overview>>
+* <<spans,Span timeline visualization>>
+* <<errors,Debug errors>>
+* <<metrics,Metrics overview>>
+* <<machine-learning-integration,Machine learning integration>>
+* <<query-bar,Advanced queries>>
 
-You can add services by setting the `service.name` in the APM agent configuration per service you’re instrumenting. The global time range filter in Kibana defines which services are available. The Services overview gives you a quick insight into the health and general performance of each service.
+include::services.asciidoc[]
 
-[role="screenshot"]
-image::apm/images/apm-services-overview.png[Example view of services table the APM UI in Kibana]
+include::traces.asciidoc[]
 
-[[transactions]]
-=== Transactions
+include::transactions.asciidoc[]
 
-The APM agents automatically collect performance metrics on HTTP requests, database queries, and much more. Please refer to the documentation for each agent for more detail. Each `transaction.type` is displayed separately to make it easy for you to navigate to the transaction.
+include::spans.asciidoc[]
 
-[role="screenshot"]
-image::apm/images/apm-transactions-overview.png[Example view of transactions table in the APM UI in Kibana]
+include::errors.asciidoc[]
 
-[[spans]]
-=== Spans
+include::metrics.asciidoc[]
 
-A span is defined as the duration of a single event. Spans are automatically captured by the APM agents, but you can also define custom spans. Each span has a type and is defined by a different colour in the Timeline visualization (also known as the waterfall).
-
-[role="screenshot"]
-image::apm/images/apm-transaction-detail.png[Example view of transactions detail page in the APM UI in Kibana]
-
-You can view a span in detail by clicking it in the Timeline. This displays the recorded SQL database query or source code (in-app frames) around the event that was captured.
-
-[role="screenshot"]
-image::apm/images/apm-span-detail.png[Example view of a span detail in the APM UI in Kibana]
-
-[[errors]]
-=== Errors
-
-Errors are defined as groups of exceptions with matching exception or log messages. Each error group features a breakdown of the exception including the stackframes from when the error occurred and additional contextual information to help debug the issue.
-
-[role="screenshot"]
-image::apm/images/apm-errors-overview.png[Example view of the errors overview in the APM UI in Kibana]
-
-[role="screenshot"]
-image::apm/images/apm-error-group.png[Example view of the error group page in the APM UI in Kibana]
-
-[[errors-alerts-with-watcher]]
-=== Errors alerts with Watcher
-
-You can use the power of the alerting features with Watcher to get alerts on error occurrences. The Watcher assistant, which is available on the Errors overview page, can help you set up a watch per service.
-
-Configure the watch with occurrences threshold and time interval and set the desired actions, such as email or Slack notifications. Your team can be set up with alerts in minutes.
-
-Watches are managed separately in the dedicated Watcher UI available in Advanced Settings.
-
-[role="screenshot"]
-image::apm/images/apm-errors-watcher-assistant.png[Example view of the Watcher assistant for errors in APM UI in Kibana]
-
-[[machine-learning-integration]]
-=== Machine Learning integration
-
-The Machine Learning integration will initiate a new job predefined to calculate anomaly scores on transaction response times. The response time graph will show the expected bounds and annotate the graph when the anomaly score is 75 or above.
-
-[role="screenshot"]
-image::apm/images/apm-ml-integration.png[Example view of anomaly scores on response times in APM UI in Kibana]
-
-Jobs can be created per transaction type and based on the average response time. You can manage jobs in the Machine Learning jobs management page. It might take some time for results to appear on the graph.
-
-[[query-bar]]
-=== Query bar
-
-The query bar is a powerful data query feature. Similar to the query bar in {kibana-ref}/discover.html[Discover] it enables you to pass advanced queries on your data to filter on particular pieces of information that you're interested in. It comes with a handy autocomplete that helps find the fields and even provides suggestions to the data they include. The query bar is available on Services, Transaction and Errors views, and any input will persist as you move between them.
-
-[role="screenshot"]
-image::apm/images/apm-query-bar.png[Example of the Kibana Query bar in APM UI in Kibana]
-
-==== Example queries
-
-* Exclude response times faster than 2000 ms; `transaction.duration.us > 2000000`
-* Filter by response status code; `context.response.status_code >= 400`
-* Filter by single user ID; `context.user.id : 12`
-
-Read the {kibana-ref}/kuery-query.html[Kibana Query Language Enhancements] documentation to learn more about the capabilities in the Kibana query language.
+include::query-bar.asciidoc[]

docs/development/core/development-modules.asciidoc

@@ -14,13 +14,13 @@ modules. The sole purpose of these modules is to extend the environment with
 certain components. Here is a breakdown of those modules:
 
 - *`import 'ui/autoload/styles'`*
-    Imports all styles at the root of `src/ui/public/styles`
+    Imports all styles at the root of `src/legacy/ui/public/styles`
 
 - *`import 'ui/autoload/directives'`*
-    Imports all directives in `src/ui/public/directives`
+    Imports all directives in `src/legacy/ui/public/directives`
 
 - *`import 'ui/autoload/filters'`*
-    Imports all filters in `src/ui/public/filters`
+    Imports all filters in `src/legacy/ui/public/filters`
 
 - *`import 'ui/autoload/modules'`*
     Imports angular and several ui services and "components" which Kibana
@@ -38,7 +38,7 @@ Kibana uses Webpack to bundle Kibana's dependencies.
 
 Here is how import/require statements are resolved to a file:
 
-. Check the beginning of the module path  
+. Check the beginning of the module path
   * if the path starts with a '.'
     ** append it the directory of the current file
     ** proceed to *3*

docs/development/visualize/development-embedding-visualizations.asciidoc

@@ -35,7 +35,7 @@ For a more complex use-case you usually want to use that method.
 `params` is a parameter object specifying several parameters, that influence rendering.
 
 You will find a detailed description of all the parameters in the inline docs
-in the {repo}blob/{branch}/src/ui/public/visualize/loader/types.ts[loader source code].
+in the {repo}blob/{branch}/src/legacy/ui/public/visualize/loader/types.ts[loader source code].
 
 Both methods return an `EmbeddedVisualizeHandler`, that gives you some access
 to the visualization. The `embedVisualizationWithSavedObject` method will return
@@ -55,4 +55,4 @@ The returned `EmbeddedVisualizeHandler` itself has the following methods and pro
 - `removeRenderCompleteListener(listener)`: removes an event listener from the handler again
 
 You can find the detailed `EmbeddedVisualizeHandler` documentation in its
-{repo}blob/{branch}/src/ui/public/visualize/loader/embedded_visualize_handler.ts[source code].
+{repo}blob/{branch}/src/legacy/ui/public/visualize/loader/embedded_visualize_handler.ts[source code].

docs/discover.asciidoc

@@ -3,13 +3,15 @@
 
 [partintro]
 --
-You can interactively explore your data from the Discover page. You have access to every document in every index that
-matches the selected index pattern. You can submit search queries, filter the search results, and view document data.
-You can also see the number of documents that match the search query and get field value statistics. If a time field is
-configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the
-top of the page.
+*Discover* enables you to explore your data with {kib}'s data discovery functions. 
+You have access to every document in every index that matches the selected index pattern. 
+You can submit search queries, filter the search results, and view document data.
+You can also see the number of documents that match the search query and get field value statistics. 
+If a time field is configured for the selected index pattern, the distribution of 
+documents over time is displayed in a histogram at the top of the page.
 
-image::images/Discover-Start-Annotated.png[Discover]
+[role="screenshot"]
+image::images/Discover-Start.png[Discover]
 --
 
 include::discover/set-time-filter.asciidoc[]

docs/discover/kuery.asciidoc

@@ -1,23 +1,11 @@
 [[kuery-query]]
-=== Kibana Query Language Enhancements
+=== Kibana Query Language
 
-experimental[This functionality is experimental and may be changed or removed completely in a future release.]
+In Kibana 6.3, we introduced a number of exciting experimental query language enhancements. These
+features are now available by default in 7.0. Out of the box, Kibana's query language now includes scripted field support and a 
+simplified, easier to use syntax. If you have a Basic license or above, autocomplete functionality will also be enabled. 
 
-[NOTE]
-============
-In 6.0 we introduced an experimental query language called Kuery. We've taken what we learned from that experiment
-and applied it to the standard Kibana query language. As a result, Kuery is no longer available as a standalone 
-option. Saved searches using Kuery will automatically be opted in to using the language enhancements described on 
-this page. However, some breaking changes have been made to the query syntax, so read on for the full details on 
-what's new.
-============
-
-Starting in 6.3, you can choose to opt-in to a number of exciting experimental query language enhancements under the
-options menu in the query bar. Currently, opting in will enable scripted field support and a simplified, easier to 
-use syntax. If you have a Basic license or above, autocomplete functionality will also be enabled. We're hard at 
-work building even more features for you to try out. Take these features for a spin and let us know what you think!
-
-==== New Simplified Syntax
+==== Language Syntax
 
 If you're familiar with Kibana's old lucene query syntax, you should feel right at home with the new syntax. The basics
 stay the same, we've simply refined things to make the query language easier to use. Read about the changes below.

docs/discover/search.asciidoc

@@ -1,11 +1,12 @@
 [[search]]
 == Searching Your Data
 You can search the indices that match the current index pattern by entering
-your search criteria in the Query bar. You can use Kibana's standard query language
-(based on Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax]) 
-or the full JSON-based {ref}/query-dsl.html[Elasticsearch Query DSL]. Autocomplete 
-and a simplified query syntax are available for the Kibana query language as experimental
-features which you can opt-in to under the options menu in the Query Bar. 
+your search criteria in the Query bar. By default you can use Kibana's standard query language
+which features autocomplete and a simple, easy to use syntax. Kibana's legacy query
+language (based on Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax])
+is still available for the time being under the options menu in the Query Bar. When this
+legacy query language is selected, the full JSON-based {ref}/query-dsl.html[Elasticsearch Query DSL]
+can also be used.
 
 When you submit a search request, the histogram, Documents table, and Fields
 list are updated to reflect the search results. The total number of hits
@@ -20,15 +21,12 @@ To search your data, enter your search criteria in the Query bar and
 press *Enter* or click *Search* image:images/search-button.jpg[] to submit
 the request to Elasticsearch.
 
-[NOTE]
-===========
-You can opt-in to our experimental query features by default by changing `search:queryLanguage`
-to `kuery` under Advanced Settings.
-===========
+include::kuery.asciidoc[]
 
 [[lucene-query]]
 === Lucene Query Syntax
-Kibana's query language has historically been based on the Lucene query syntax. The following
+Kibana's legacy query language was based on the Lucene query syntax. For the time being this syntax
+is still available under the options menu in the Query Bar and in Advanced Settings. The following
 are some tips that can help get you started.
 
 * To perform a free text search, simply enter a text string. For example, if
@@ -55,7 +53,6 @@ docs.
 NOTE: These examples use the Lucene query syntax. When lucene is selected as your
 query language you can also submit queries using the {ref}/query-dsl.html[Elasticsearch Query DSL].
 
-include::kuery.asciidoc[]
 
 [[save-open-search]]
 === Saving and Opening Searches

docs/discover/set-time-filter.asciidoc

@@ -1,45 +1,46 @@
 [[set-time-filter]]
-== Setting the Time Filter
+== Setting the time filter
 The time filter restricts the search results to a specific time period. You can
 set a time filter if your index contains time-based events and a time-field is
 configured for the selected index pattern.
 
-By default the time filter is set to the last 15 minutes. You can use the Time
-Picker to change the time filter or select a specific time interval or time
+By default the time filter is set to the last 15 minutes. You can use the time
+picker to change the time filter, or select a specific time interval or time
 range in the histogram at the top of the page.
+[role="screenshot"]
 
-To set a time filter with the Time Picker:
+[float]
+=== Filtering with the time picker
 
-. Click Time Picker image:images/time-picker.jpg[] in the Kibana toolbar.
-. To set a quick filter, click one of the shortcut links.
-+
-image::images/time-filter.jpg[Time filter shortcuts]
-. To specify a time filter relative to the current time, click *Relative* and
-specify the start time as a number of seconds, minutes, hours, days,
-months, or years. You can also specify the end time relative
-to the current time. Relative times can be in the past or future.
-+
-image::images/time-filter-relative.jpg[Relative time filter]
-. To specify both the start and end times for the time filter, click
-*Absolute* and select a start and end date. You can adjust the time
-by editing the *To* and *From* fields.
-+
-image::images/time-filter-absolute.jpg[Absolute time filter]
-. Click the caret in the bottom right corner to close the Time Picker.
+You can specify a time filter in one of four ways:
 
-To set a time filter from the histogram, do one of the following:
+* *Quick*. Click your desired time window from the options listed.
+* *Relative*. Specify a time filter relative to the current time. You can 
+specify the end time relative to the current time. Relative times can be in the past or future.
+* *Absolute*. Specify both the start and end times for the time filter. You can 
+adjust the time by editing the *To* and *From* fields.
+* *Recent*. Click one of the times from your list of recently used time filters.
+
+[role="screenshot"]
+image::images/Timepicker-View.png[Time picker menu]
+
+[float]
+=== Filtering from the histogram
+
+You can set a time filter from the histogram in one of two ways:
 
 * Click the bar that represents the time interval you want to zoom in on.
 * Click and drag to view a specific timespan. You must start the selection with
 the cursor over the background of the chart--the cursor changes to a plus sign
 when you hover over a valid start point.
 
-To move forward/backward in time, click the arrows to the left or right of the Time Picker:
+[role="screenshot"]
+image::images/Histogram-Time.png[Time range selector in Histogram]
 
-image::images/time-picker-step.jpg[Move backwards in time]
+More options:
+
+* Use the browser Back button to undo your changes.
+* To move forward or backward in time, click the arrows to the left or right of the time rage. 
+* To use a different interval, click the dropdown and select an interval.
 
-You can use the browser Back button to undo your changes.
 
-The displayed time range and interval are shown on the histogram. By default,
-the interval is set automatically based on the time range. To use a different
-interval, click the link and select an interval.

docs/getting-started/tutorial-visualizing.asciidoc

@@ -75,14 +75,14 @@ image::images/tutorial-visualize-pie-3.png[]
 
 To save this chart so you can use it later:
 
-* Click *Save* in the top menu bar and enter `Pie Example`.
+Click *Save* in the top menu bar and enter `Pie Example`.
 
 === Bar chart
 
 You'll use a bar chart to look at the Shakespeare data set and compare
 the number of speaking parts in the plays.
 
-* Create a *Vertical Bar* chart and set the search source to `shakes*`.
+Create a *Vertical Bar* chart and set the search source to `shakes*`.
 
 Initially, the chart is a single bar that shows the total count
 of documents that match the default wildcard query.
@@ -114,9 +114,6 @@ Show the plays along the X-axis.
 . Give the axis a custom label, `Play Name`.
 . Click  *Apply changes* image:images/apply-changes-button.png[].
 
-[role="screenshot"]
-image::images/0[]
-
 Hovering over a bar shows a tooltip with the number of speaking parts for
 that play.
 
@@ -174,7 +171,7 @@ The final visualization is a Markdown widget that renders formatted text.
 The Markdown widget uses **markdown** syntax.
 > Blockquotes in Markdown use the > character.
 
-. Click  *Apply changes* image:images/apply-changes-button.png[].
+. Click *Apply changes* image:images/apply-changes-button.png[].
 
 The Markdown renders in the preview pane:
 

docs/index.asciidoc

@@ -28,8 +28,6 @@ include::monitoring/configuring-monitoring.asciidoc[]
 
 include::security/securing-kibana.asciidoc[]
 
-include::settings/settings-xkb.asciidoc[]
-
 include::getting-started.asciidoc[]
 
 include::discover.asciidoc[]

docs/management/advanced-options.asciidoc

@@ -1,5 +1,5 @@
 [[advanced-options]]
-== Setting Advanced Options
+== Setting advanced options
 
 The *Advanced Settings* page enables you to directly edit settings that control the behavior of the Kibana application.
 For example, you can change the format used to display dates, specify the default index pattern, and set the precision
@@ -12,18 +12,17 @@ To set advanced options:
 . Enter a new value for the option.
 . Click the *Save* button.
 
-[float]
 [[kibana-settings-reference]]
 
 WARNING: Modifying the following settings can significantly affect Kibana's performance and cause problems that are
 difficult to diagnose. Setting a property's value to a blank field will revert to the default behavior, which may not be
 compatible with other configuration settings. Deleting a custom setting removes it from Kibana permanently.
 
-.Kibana Settings Reference
+.Kibana settings reference
 [horizontal]
 `query:queryString:options`:: Options for the Lucene query string parser.
 `query:allowLeadingWildcards`:: When set, * is allowed as the first character in a query clause. Currently only applies when experimental query features are enabled in the query bar. To disallow leading wildcards in basic lucene queries, use query:queryString:options.
-`search:queryLanguage`:: Default is `lucene`. Query language used by the query bar. Choose between the lucene query syntax and kuery, an experimental new language built specifically for Kibana.
+`search:queryLanguage`:: Default is `kuery`. Query language used by the query bar. Choose between the lucene query syntax and kuery, a new language built specifically for Kibana.
 `sort:options`:: Options for the Elasticsearch {ref}/search-request-sort.html[sort] parameter.
 `dateFormat`:: The format to use for displaying pretty-formatted dates.
 `dateFormat:tz`:: The timezone that Kibana uses. The default value of `Browser` uses the timezone detected by the browser.

docs/management/managing-beats.asciidoc

@@ -57,6 +57,23 @@ Add one or more configuration blocks to the tag. A tag can have configuration
 blocks for different types of {beats}. When the enrolled {beats} run, they will
 use the configuration blocks that are valid for their type.
 
+Central management supports configuration settings for:
+
+* {filebeat} modules
+* {metricbeat} modules
+* {filebeat} inputs
+* {filebeat} and {metricbeat} outputs 
+
+NOTE: Central management supports the following outputs only: {es}, {ls}, Kafka,
+and Redis. Other output types are not supported for {beats} that are enrolled in
+central management.
+
+Use the Central Management UI to define and manage settings for supported
+configuration blocks. You cannot define those settings in local {beats}
+configuration files. For configuration blocks that are not supported by central
+management, configure the settings in the local configuration file after
+enrolling the Beat in central management. 
+
 [float]
 === Manage enrolled {beats}
 

docs/migration.asciidoc

@@ -6,7 +6,9 @@
 This section discusses the changes that you need to be aware of when migrating
 your application from one version of Kibana to another.
 
+* <<breaking-changes-8.0>>
+
 See also <<release-highlights>> and <<release-notes>>. 
 --
 
-include::migration/migrate_7_0.asciidoc[]
+include::migration/migrate_8_0.asciidoc[]

docs/migration/migrate_7_0.asciidoc

@@ -1,125 +0,0 @@
-[[breaking-changes-7.0]]
-== Breaking changes in 7.0
-++++
-<titleabbrev>7.0</titleabbrev>
-++++
-
-This section discusses the changes that you need to be aware of when migrating
-your application to Kibana 7.0.
-
-See also <<release-highlights>> and <<release-notes>>.
-
-[float]
-=== Removed support for users relying on direct index privileges to the Kibana index in Elasticsearch
-*Details:* With the introduction of Kibana RBAC in 6.4, users no longer require privileges to the Kibana index in Elasticsearch. Instead, users 
-should be granted <<kibana-privileges>>. Prior to 7.0, when a user that relies upon direct index privileges logs into Kibana, a deprecation warning is logged. If you are using the `kibana_user` or `kibana_dashboard_only_user` role to grant access to Kibana, or a custom role using <<kibana-privileges>>, no changes are required.
-
-*Impact:* You must change any roles which grant access to Kibana using index privileges to instead use <<kibana-privileges>>. Watcher jobs using the Reporting attachment type must be updated as well.
-
-[float]
-=== Removed support for tribe nodes
-*Details:* Elasticsearch 7.0 removes the tribe node feature, so Kibana removes it as well.
-
-*Impact:* You must remove any tribe node configurations in Kibana. Consider using <<management-cross-cluster-search>> instead, which does not require kibana.yml configurations in Kibana.
-
-
-[float]
-=== Removed support for running Kibana with a global Node.js installation
-*Details:* Previous versions of Kibana would fallback to using a global installation of Node.js if the distribution included with Kibana was not found.
-Kibana 7.0 will only use the Node.js distribution included in the package.
-
-*Impact:* There is no expected impact unless Kibana is installed in a non-standard way.
-
-[float]
-=== Removed support for using PhantomJS browser for screenshots in Reporting
-*Details:* Since the first release of Kibana Reporting, PhantomJS was used as
-the headless browser to capture screenshots of Kibana dashboards and
-visualizations. In that short time, Chromium has started offering a new
-headless browser library and the PhantomJS maintainers abandoned their project.
-We started planning for a transition in 6.5.0, when we made Chromium the
-default option, but allowed users to continue using Phantom with the
-`xpack.reporting.capture.browser.type: phantom` setting. In 7.0, that setting
-will still exist for compatibility, but the only valid option will be
-`chromium`.
-
-*Impact:* Before upgrading to 7.0, if you have `xpack.reporting.capture.browser.type`
-set in kibana.yml, make sure it is set to `chromium`.
-
-[NOTE]
-============
-Reporting 7.0 uses a version of the Chromium headless browser that RHEL 6,
-CentOS 6.x, and other old versions of Linux derived from RHEL 6. This change
-effectively removes RHEL 6 OS server support from Kibana Reporting. Users with
-RHEL 6 must upgrade to RHEL 7 to use Kibana Reporting starting with version
-7.0.0 of the Elastic stack.
-============
-
-[float]
-=== Advanced setting query:queryString:options no longer applies to filters
-*Details:* In previous versions of Kibana the Advanced Setting `query:queryString:options` was applied to both queries
-and custom filters using the `query_string` query. This could cause errors if a custom filter used options that
-conflicted with the Advanced Setting. In 7.0 `query:queryString:options` will no longer be applied to filters so that
-users can have full control over their custom filters.
-
-*Impact:* You must ensure that any saved searches with a `query_string` filter aren't relying implicitly on
-`query:queryString:options`.
-
-[float]
-=== Advanced setting query:queryString:options no longer applies `default_field: *` by default.
-*Details:* Elasticsearch removed the ability to create indices with an _all field in 6.0. As a result, a user could end
-up with a mix of indices with and without _all fields if they upgraded from an older version of ES. This could lead to
-inconsistent highlighting in Discover. To work around this issue we added `default_field: *` to query:queryString:options
-to force consistent querying across indices with and without _all. In 7.0 the _all field will be gone from all indices
-so we no longer need this workaround.
-
-*Impact:* Since we'll no longer send the `default_field` parameter in Kibana's query_string query, Elasticsearch
-will use the index setting instead. The default for the index setting is also `*`, so most users should not be impacted.
-If some of your indices have a non-default `default_field` setting, you may want to update it or re-add the parameter
-to Kibana's advanced setting.
-
-[float]
-=== Deprecated kibana.yml setting `xpack.monitoring.node_resolver` has been removed
-*Details:* This setting has been deprecated since 5.6, when it was explicitly recommended to use `uuid` as its value.
-
-*Impact:* This setting is no longer necessary. If you enable {monitoring} across the Elastic Stack, a monitoring agent runs
-on each Elasticsearch node, Logstash node, Kibana instance, and Beat to collect and index metrics. Each node and instance is
-considered unique based on its persistent UUID, which is written to the path.data directory when the node or instance starts.
-
-[float]
-=== Deprecated API `/shorten` has been removed
-*Details:* The `/shorten` API has been deprecated since 6.5, when it was replaced by the `/api/shorten_url` API.
-
-*Impact:* The '/shorten' API has been removed. Use the '/api/shorten_url' API instead.
-
-[float]
-=== Deprecated kibana.yml setting logging.useUTC has been replaced with logging.timezone
-*Details:* Any timezone can now be specified by canonical id.
-
-*Impact:* The logging.useUTC flag will have to be replaced with a timezone id.  If set to true the id is `UTC`.
-
-[float]
-=== kibana.yml setting `elasticsearch.url` sets port based on protocol
-*Details:* In prior versions of Kibana, if no port was specified in `elasticsearch.url` a default of 9200 was chosen.
-The port is now protocol dependent: https ports will use 443, and http ports will use 80.
-
-*Impact:* If your `elasticsearch.url` was dependent on an unspecified port set to 9200, `:9200` will have to be appended to the url.
-
-[float]
-=== kibana.yml setting `server.ssl.supportedProtocols` excludes TLSv1 by default
-*Details:* TLSv1 support has been removed by default, it's still possible to opt-in to TLSv1 support by explicitly setting
-`server.ssl.supportedProtocols`
-
-*Impact:* Users relying upon TLSv1 will be unable to use Kibana unless `server.ssl.supportedProtocols` is explicitly set.
-
-[float]
-=== kibana.yml setting `server.ssl.cert` is no longer valid
-*Details:* This deprecated setting has been removed and `server.ssl.certificate` should be used instead.
-
-*Impact:* Users with `server.ssl.cert` set should use `server.ssl.certificate` instead
-
-[float]
-=== kibana.yml `server.ssl.enabled` must be set to `true` to enable SSL
-*Details:* Previously, if `server.ssl.certificate` and `server.ssl.key` were set, SSL would automatically be enabled. 
-It's now required that the user sets `server.ssl.enabled` to true for this to occur.
-
-*Impact:* Users with both `server.ssl.certificate` and `server.ssl.key` set must now also set `server.ssl.enabled` to enable SSL.

docs/migration/migrate_8_0.asciidoc

@@ -0,0 +1,12 @@
+[[breaking-changes-8.0]]
+== Breaking changes in 8.0
+++++
+<titleabbrev>8.0</titleabbrev>
+++++
+
+This section discusses the changes that you need to be aware of when migrating
+your application to Kibana 8.0.
+
+coming[8.0.0]
+
+See also <<release-highlights>> and <<release-notes>>.

docs/ml/index.asciidoc

@@ -54,6 +54,10 @@ occurring in your operational environment at that time:
 [role="screenshot"]
 image::ml/images/ml-annotations-list.jpg[Single Metric Viewer with annotations]
 
+In some circumstances, annotations are also added automatically. For example, if
+the {ml} analytics detect that there is missing data, it annotates the affected
+time period. For more information, see 
+{stack-ov}/ml-delayed-data-detection.html[Handling delayed data].
 The *Job Management* pane shows the full list of annotations for each job.
 
 NOTE: The {kib} {ml-features} use pop-ups. You must configure your

docs/monitoring/configuring-monitoring.asciidoc

@@ -20,4 +20,3 @@ To learn about monitoring in general, see
 include::monitoring-kibana.asciidoc[]
 include::monitoring-metricbeat.asciidoc[]
 include::viewing-metrics.asciidoc[]
-include::{kib-repo-dir}/settings/monitoring-settings.asciidoc[]

docs/plugins.asciidoc

@@ -54,27 +54,6 @@ NOTE: This command creates the specified directory if it does not already exist.
 
 WARNING: This option is deprecated and will be removed in Kibana 7. It is known to not work with some plugins, including {xpack}.
 
-[float]
-=== Installing Plugins with Linux packages
-
-The Kibana server needs to be able to write to files in the `optimize` directory.  If you're installing plugins using sudo or su you'll
-want to make sure these commands are ran as the user `kibana`.  This user is already added for you as part of the package installation.
-
-[source,shell]
-$ sudo -u kibana bin/kibana-plugin install x-pack
-
-If plugins were installed as a different user and the server is not starting, then you will need to change the owner of these files:
-
-[source,shell]
-$ chown -R kibana:kibana /path/to/kibana/optimize
-
-[float]
-=== Installing plugins while deferring optimization
-
-The majority of the time spent installing a plugin is running the optimizer.  If you're installing multiple plugins it can make sense to omit that step and only run it once.
-This can be done by providing --no-optimize to the plugin installation command. You can then either execute bin/kibana --optimize to run the optimizer,
-or it will be ran the first time Kibana is started.
-
 [float]
 === Proxy support for plugin installation
 

docs/redirects.asciidoc

@@ -12,3 +12,10 @@ The following pages have moved or been deleted.
 
 See <<monitoring-kibana>>.
 
+
+[role="exclude",id="settings-xpack-kb"]
+== {xpack} Settings in {kib}
+
+include::{asciidoc-dir}/../../shared/settings.asciidoc[]
+
+For more {kib} configuration settings, see <<settings>>.

docs/release-notes.asciidoc

@@ -1,17 +0,0 @@
-[[release-notes]]
-= Release Notes
-
-[partintro]
---
-This section summarizes the changes in each release.
-
-* <<release-notes-7.0.0-alpha2>>
-* <<release-notes-7.0.0-alpha1>>
-* <<release-notes-6.0.0-alpha2>>
-* <<release-notes-6.0.0-alpha1>>
-
---
-include::release-notes/7.0.0-alpha2.asciidoc[]
-include::release-notes/7.0.0-alpha1.asciidoc[]
-include::release-notes/6.0.0-alpha2.asciidoc[]
-include::release-notes/6.0.0-alpha1.asciidoc[]

docs/release-notes/highlights-7.0.0.asciidoc

@@ -1,9 +0,0 @@
-[[release-highlights-7.0.0]]
-== 7.0.0 release highlights
-++++
-<titleabbrev>7.0.0</titleabbrev>
-++++
-
-coming[7.0.0]
-
-See also <<breaking-changes-7.0>> and <<release-notes>>.

docs/release-notes/highlights-8.0.0.asciidoc

@@ -0,0 +1,9 @@
+[[release-highlights-8.0.0]]
+== 8.0.0 release highlights
+++++
+<titleabbrev>8.0.0</titleabbrev>
+++++
+
+coming[8.0.0]
+
+See also <<breaking-changes-8.0,breaking changes>> and <<release-notes>>.

docs/release-notes/highlights.asciidoc

@@ -9,8 +9,8 @@
 This section summarizes the most important changes in each release. For the 
 full list, see <<release-notes>> and <<breaking-changes>>. 
 
-* <<release-highlights-7.0.0>>
+* <<release-highlights-8.0.0>>
 
 --
 
-include::highlights-7.0.0.asciidoc[]
+include::highlights-8.0.0.asciidoc[]

docs/reporting/getting-started.asciidoc

@@ -31,7 +31,7 @@ image:reporting/images/share-button.png["Reporting Button",link="share-button.pn
 .. If you're on Visualize or Dashboard:
   ... Select *PDF Reports*
 
-  ... Choose to enable *Optimize for printing* layout mode. For an explanation of the different layout modes, see <<pdf-layout-modes, PDF Layout Modes>>.
+  ... Dashboard only: Choose to enable *Optimize for printing* layout mode. For an explanation of the different layout modes, see <<pdf-layout-modes, PDF Layout Modes>>.
 
   ... Click the *Generate PDF* button.
 

docs/reporting/pdf-layout-modes.asciidoc

@@ -1,7 +1,7 @@
 [[pdf-layout-modes]]
 == PDF Layout Modes
 
-When creating a PDF report, there are two layout modes *Optimize PDF for printing* and *Preserve existing layout in PDF*
+When creating a PDF report of a dashboard, there are two layout modes: *Optimize PDF for printing* and *Preserve existing layout in PDF*
 
 --
 [role="screenshot"]
@@ -27,3 +27,5 @@ This will create a PDF preserving the existing layout and size of the Visualizat
 [role="screenshot"]
 image:reporting/images/preserve-layout.png["Preserve existing layout in PDF",link="preserve-layout.png"]
 --
+
+When creating a PNG or a PDF report of a visualization, the "Optimize for printing" option will automatically be used.

docs/security/securing-kibana.asciidoc

@@ -1,8 +1,8 @@
 [role="xpack"]
 [[using-kibana-with-security]]
-== Configuring Security in {kib}
+== Configuring security in {kib}
 ++++
-<titleabbrev>Configuring Security</titleabbrev>
+<titleabbrev>Configuring security</titleabbrev>
 ++++
 
 {kib} users have to log in when {security} is enabled on your cluster. You
@@ -126,4 +126,3 @@ NOTE: This must be a user who has been assigned the `kibana_user` role.
 include::authentication/index.asciidoc[]
 include::securing-communications/index.asciidoc[]
 include::audit-logging.asciidoc[]
-include::{kib-repo-dir}/settings/security-settings.asciidoc[]

docs/settings/apm-settings.asciidoc

@@ -1,8 +1,8 @@
 [role="xpack"]
 [[apm-settings-kb]]
-=== APM Settings in Kibana
+=== APM settings in Kibana
 ++++
-<titleabbrev>APM Settings</titleabbrev>
+<titleabbrev>APM settings</titleabbrev>
 ++++
 
 You do not need to configure any settings to use APM. It is enabled by default.
@@ -11,7 +11,7 @@ copy and paste the relevant settings below into your `kibana.yml` configuration
 
 [float]
 [[general-apm-settings-kb]]
-==== General APM Settings
+==== General APM settings
 
 xpack.apm.enabled:: Set to `false` to disabled the APM plugin {kib}. Defaults to
 `true`.

docs/settings/dev-settings.asciidoc

@@ -1,8 +1,8 @@
 [role="xpack"]
 [[dev-settings-kb]]
-=== Development Tools Settings in Kibana
+=== Development tools settings in Kibana
 ++++
-<titleabbrev>Development Tools Settings</titleabbrev>
+<titleabbrev>Development tools settings</titleabbrev>
 ++++
 
 You do not need to configure any settings to use the development tools in {kib}.
@@ -10,7 +10,7 @@ They are enabled by default.
 
 [float]
 [[grok-settings]]
-==== Grok Debugger Settings
+==== Grok Debugger settings
 
 `xpack.grokdebugger.enabled`::
 Set to `true` (default) to enable the <<xpack-grokdebugger,Grok Debugger>>.

docs/settings/graph-settings.asciidoc

@@ -1,14 +1,14 @@
 [role="xpack"]
 [[graph-settings-kb]]
-=== Graph Settings in Kibana
+=== Graph settings in Kibana
 ++++
-<titleabbrev>Graph Settings</titleabbrev>
+<titleabbrev>Graph settings</titleabbrev>
 ++++
 
-You do not need to configure any settings to use {graph}.
+You do not need to configure any settings to use the {graph-features}.
 
 [float]
 [[general-graph-settings]]
-==== General Graph Settings
+==== General graph settings
 `xpack.graph.enabled`::
-Set to `false` to disable {graph}.
+Set to `false` to disable the {graph-features}.

docs/settings/infrastructure-ui-settings.asciidoc

@@ -1,14 +1,14 @@
 [role="xpack"]
 [[infrastructure-ui-settings-kb]]
-=== Infrastructure UI Settings in Kibana
+=== Infrastructure UI settings in Kibana
 ++++
-<titleabbrev>Infrastructure UI Settings</titleabbrev>
+<titleabbrev>Infrastructure UI settings</titleabbrev>
 ++++
 
 You do not need to configure any settings to use the Infrastructure UI. It is enabled by default.
 
 [float]
 [[general-infra-ui-settings-kb]]
-==== General Infrastructure UI Settings
+==== General Infrastructure UI settings
 
 include::general-infra-logs-ui-settings.asciidoc[]

docs/settings/logs-ui-settings.asciidoc

@@ -1,14 +1,14 @@
 [role="xpack"]
 [[logs-ui-settings-kb]]
-=== Logs UI Settings in Kibana
+=== Logs UI settings in Kibana
 ++++
-<titleabbrev>Logs UI Settings</titleabbrev>
+<titleabbrev>Logs UI settings</titleabbrev>
 ++++
 
 You do not need to configure any settings to use the Logs UI. It is enabled by default.
 
 [float]
 [[general-logs-ui-settings-kb]]
-==== General Logs UI Settings
+==== General Logs UI settings
 
 include::general-infra-logs-ui-settings.asciidoc[]

docs/settings/ml-settings.asciidoc

@@ -1,20 +1,21 @@
 [role="xpack"]
 [[ml-settings-kb]]
-=== Machine Learning Settings in Kibana
+=== Machine learning settings in Kibana
 ++++
-<titleabbrev>Machine Learning Settings</titleabbrev>
+<titleabbrev>Machine learning settings</titleabbrev>
 ++++
 
-You do not need to configure any settings to use {ml}. It is enabled by default.
+You do not need to configure any settings to use {kib} {ml-features}. They are
+enabled by default.
 
 [float]
 [[general-ml-settings-kb]]
-==== General Machine Learning Settings
+==== General {ml} settings
 
 `xpack.ml.enabled`::
-Set to `true` (default) to enable {ml}. +
+Set to `true` (default) to enable {kib} {ml-features}. +
 +
 If set to `false` in `kibana.yml`, the {ml} icon is hidden in this {kib}
 instance. If `xpack.ml.enabled` is set to `true` in `elasticsearch.yml`, however,
 you can still use the {ml} APIs. To disable {ml} entirely, see the
-{ref}/ml-settings.html[{es} Machine Learning Settings].
+{ref}/ml-settings.html[{es} {ml} settings].

docs/settings/monitoring-settings.asciidoc

@@ -1,8 +1,8 @@
 [role="xpack"]
 [[monitoring-settings-kb]]
-=== Monitoring Settings in Kibana
+=== Monitoring settings in Kibana
 ++++
-<titleabbrev>Monitoring Settings</titleabbrev>
+<titleabbrev>Monitoring settings</titleabbrev>
 ++++
 
 By default, the Monitoring application is enabled, but data collection
@@ -25,14 +25,14 @@ from Logstash, you configure
 in `logstash.yml`.
 
 For more information, see
-{xpack-ref}/xpack-monitoring.html[Monitoring the Elastic Stack].
+{stack-ov}/xpack-monitoring.html[Monitoring the Elastic Stack].
 
 [float]
 [[monitoring-general-settings]]
-==== General Monitoring Settings
+==== General monitoring settings
 
 `xpack.monitoring.enabled`::
-Set to `true` (default) to enable {monitoring} in {kib}. Unlike the
+Set to `true` (default) to enable the {monitor-features} in {kib}. Unlike the
 `xpack.monitoring.ui.enabled` setting, when this setting is `false`, the
 monitoring back-end does not run and {kib} stats are not sent to the monitoring
 cluster.
@@ -54,9 +54,6 @@ Specifies the password that {kib} uses for authentication when it retrieves data
 from the monitoring cluster. If not set, {kib} uses the value of the
 `elasticsearch.password` setting.
 
-`xpack.monitoring.report_stats`::
-deprecated[6.3.0, Use `xpack.xpack_main.telemetry.enabled` instead.]
-
 `xpack.xpack_main.telemetry.enabled`::
 Set to `true` (default) to send cluster statistics to Elastic. Reporting your
 cluster statistics helps us improve your user experience. Your data is never
@@ -71,7 +68,7 @@ which has a default value of `30000`.
 
 [float]
 [[monitoring-collection-settings]]
-==== Monitoring Collection Settings
+==== Monitoring collection settings
 
 These settings control how data is collected from {kib}.
 
@@ -87,7 +84,7 @@ Defaults to `10000` (10 seconds).
 
 [float]
 [[monitoring-ui-settings]]
-==== Monitoring UI Settings
+==== Monitoring UI settings
 
 These settings adjust how the {kib} Monitoring page displays monitoring data.
 However, the defaults work best in most circumstances. For more information
@@ -114,7 +111,7 @@ value in this setting.
 
 [float]
 [[monitoring-ui-cgroup-settings]]
-===== Monitoring UI Container Settings
+===== Monitoring UI container settings
 
 The Monitoring UI exposes the Cgroup statistics that we collect for you to make
 better decisions about your container performance, rather than guessing based on

docs/settings/reporting-settings.asciidoc

@@ -1,21 +1,21 @@
 [role="xpack"]
 [[reporting-settings-kb]]
-=== {reporting} settings in Kibana
+=== Reporting settings in Kibana
 ++++
-<titleabbrev>Reporting Settings</titleabbrev>
+<titleabbrev>Reporting settings</titleabbrev>
 ++++
 
 You can configure `xpack.reporting` settings in your `kibana.yml` to:
 
-* <<reporting-kibana-server-settings,Control how {reporting}  communicates with the {kib} server>>
+* <<reporting-kibana-server-settings,Control how the {report-features} communicate with the {kib} server>>
 * <<reporting-job-queue-settings,Manage background jobs>>
 * <<reporting-capture-settings,Capture screenshots>>
 
 [float]
 [[general-reporting-settings]]
-==== General Reporting Settings
+==== General reporting settings
 [[xpack-enable-reporting]]`xpack.reporting.enabled`::
-Set to `false` to disable {reporting}.
+Set to `false` to disable the {report-features}.
 
 `xpack.reporting.encryptionKey`::
 Set to any text string. By default, Kibana will generate a random key when it
@@ -24,7 +24,7 @@ setting to preserve the same key across multiple restarts and multiple instances
 
 [float]
 [[reporting-kibana-server-settings]]
-==== Kibana Server Settings
+==== Kibana server settings
 
 Reporting uses the Kibana interface to generate reports. In most cases, you don't need
 to configure Reporting to communicate with Kibana. However, if you use a reverse-proxy
@@ -44,7 +44,7 @@ proxy host requires that the Kibana server has network access to the proxy.
 
 [float]
 [[reporting-job-queue-settings]]
-==== Background Job Settings
+==== Background job settings
 
 Reporting generates reports in the background and jobs are coordinated using documents
 in Elasticsearch. Depending on how often you generate reports and the overall number of
@@ -78,7 +78,7 @@ Defaults to `120000` (two minutes).
 
 [float]
 [[reporting-capture-settings]]
-==== Capture Settings
+==== Capture settings
 
 Reporting works by capturing screenshots from Kibana. The following settings
 control the capturing process.
@@ -96,7 +96,7 @@ backward compatibility. The only valid option is `chromium`.
 
 [float]
 [[reporting-chromium-settings]]
-==== Chromium Settings
+==== Chromium settings
 
 When `xpack.reporting.capture.browser.type` is set to `chromium` (default) you can also specify the following settings.
 
@@ -120,7 +120,7 @@ Examples of valid entries are "elastic.co", "*.elastic.co", ".elastic.co", ".ela
 
 [float]
 [[reporting-csv-settings]]
-==== CSV Settings
+==== CSV settings
 [[xpack-reporting-csv]]`xpack.reporting.csv.maxSizeBytes`::
 The maximum size of a CSV file before being truncated. This setting exists to prevent
 large exports from causing performance and storage issues.
@@ -128,7 +128,7 @@ Defaults to `10485760` (10mB)
 
 [float]
 [[reporting-advanced-settings]]
-==== Advanced Settings
+==== Advanced settings
 
 `xpack.reporting.index`::
 Reporting uses a weekly index in Elasticsearch to store the reporting job and

docs/settings/security-settings.asciidoc

@@ -1,21 +1,22 @@
 [role="xpack"]
 [[security-settings-kb]]
-=== Security Settings in Kibana
+=== Security settings in Kibana
 ++++
-<titleabbrev>Security Settings</titleabbrev>
+<titleabbrev>Security settings</titleabbrev>
 ++++
 
-You do not need to configure any additional settings to use {security} in {kib}.
-It is enabled by default.
+You do not need to configure any additional settings to use the
+{security-features} in {kib}. They are enabled by default.
 
 [float]
 [[general-security-settings]]
-==== General Security Settings
+==== General security settings
+
 `xpack.security.enabled`::
-Set to `true` (default) to enable {security}. +
+Set to `true` (default) to enable {security-features}. +
 +
-Do not set this to `false`. To disable {security} entirely, see
-{ref}/security-settings.html[{es} Security Settings]. +
+Do not set this to `false`. To disable {security-features} entirely, see
+{ref}/security-settings.html[{es} security settings]. +
 +
 If set to `false` in `kibana.yml`, the login form, user and role management screens, and 
 authorization using <<kibana-privileges>> are disabled. +
@@ -30,7 +31,7 @@ for more details.
 
 [float]
 [[security-ui-settings]]
-==== User Interface Security Settings
+==== User interface security settings
 
 You can configure the following settings in the `kibana.yml` file:
 

docs/settings/settings-xkb.asciidoc

@@ -1,19 +0,0 @@
-[role="xpack"]
-[[settings-xpack-kb]]
-== {xpack} Settings in {kib}
-++++
-<titleabbrev>{xpack} Settings</titleabbrev>
-++++
-
-include::{asciidoc-dir}/../../shared/settings.asciidoc[]
-
-For more {kib} configuration settings, see <<settings>>.
-
-include::apm-settings.asciidoc[]
-include::dev-settings.asciidoc[]
-include::graph-settings.asciidoc[]
-include::infrastructure-ui-settings.asciidoc[]
-include::logs-ui-settings.asciidoc[]
-include::ml-settings.asciidoc[]
-include::reporting-settings.asciidoc[]
-include::spaces-settings.asciidoc[]

docs/settings/ssl-settings.asciidoc

@@ -1,5 +1,5 @@
 [float]
-=== {component} TLS/SSL Settings
+=== {component} TLS/SSL settings
 You can configure the following TLS/SSL settings. If the settings are not
 configured, the default values are used. See
 {stack-ov}/security-settings.html[Default TLS/SSL Settings].
@@ -40,7 +40,7 @@ Java Cryptography Architecture documentation]. Defaults to the value of
 `xpack.ssl.cipher_suites`.
 
 [float]
-==== {component} TLS/SSL Key and Trusted Certificate Settings
+==== {component} TLS/SSL key and trusted certificate settings
 
 The following settings are used to specify a private key, certificate, and the
 trusted certificates that should be used when communicating over an SSL/TLS connection.
@@ -58,7 +58,7 @@ If none of the settings below are specified, the defaults values are used.
 See {stack-ov}/security-settings.html[Default TLS/SSL settings]. 
 
 [float]
-===== PEM Encoded Files
+===== PEM encoded files
 
 When using PEM encoded files, use the following settings:
 
@@ -77,7 +77,7 @@ that will be presented when requested.
 List of paths to the PEM encoded certificate files that should be trusted.
 
 [float]
-===== Java Keystore Files
+===== Java keystore files
 
 When using Java keystore files (JKS), which contain the private key, certificate
 and certificates that should be trusted, use the following settings:

docs/setup.asciidoc

@@ -52,8 +52,6 @@ include::setup/start-stop.asciidoc[]
 
 include::setup/settings.asciidoc[]
 
-include::setup/secure-settings.asciidoc[]
-
 include::setup/docker.asciidoc[]
 
 include::setup/access.asciidoc[]

docs/setup/production.asciidoc

@@ -2,6 +2,7 @@
 == Using Kibana in a production environment
 
 * <<configuring-kibana-shield>>
+* <<csp-strict-mode>>
 * <<enabling-ssl>>
 * <<load-balancing>>
 
@@ -36,6 +37,25 @@ which users can load which dashboards.
 For information about setting up Kibana users, see
 {kibana-ref}/using-kibana-with-security.html[Configuring security in Kibana].
 
+[float]
+[[csp-strict-mode]]
+=== Require Content Security Policy
+
+Kibana uses a Content Security Policy to help prevent the browser from allowing
+unsafe scripting, but older browsers will silently ignore this policy. If your
+organization does not need to support Internet Explorer 11 or much older
+versions of our other supported browsers, we recommend that you enable Kibana's
+`strict` mode for content security policy, which will block access to Kibana
+for any browser that does not enforce even a rudimentary set of CSP
+protections.
+
+To do this, set `csp.strict` to `true` in your `kibana.yml`:
+
+--------
+csp.strict: true
+--------
+
+
 [float]
 [[enabling-ssl]]
 === Enabling SSL

docs/setup/secure-settings.asciidoc

@@ -1,5 +1,5 @@
 [[secure-settings]]
-=== Secure Settings
+=== Secure settings
 
 Some settings are sensitive, and relying on filesystem permissions to protect
 their values is not sufficient. For this use case, Kibana provides a

docs/setup/settings.asciidoc

@@ -7,94 +7,155 @@ if you installed {kib} from an archive distribution (`.tar.gz` or `.zip`), by
 default it is in `$KIBANA_HOME/config`. By default, with package distributions 
 (Debian or RPM), it is in `/etc/kibana`. 
 
-The default settings configure Kibana to run
-on `localhost:5601`. To change the host or port number, or connect to Elasticsearch running on a different machine,
-you'll need to update your `kibana.yml` file. You can also enable SSL and set a variety of other options. Finally, environment variables can be injected into configuration using `${MY_ENV_VAR}` syntax.
+The default settings configure Kibana to run on `localhost:5601`. To change the
+host or port number, or connect to Elasticsearch running on a different machine,
+you'll need to update your `kibana.yml` file. You can also enable SSL and set a
+variety of other options. Finally, environment variables can be injected into
+configuration using `${MY_ENV_VAR}` syntax.
 
-.Kibana Configuration Settings
+.Kibana configuration settings
 
-`console.enabled:`:: *Default: true* Set to false to disable Console.  Toggling this will cause the server to regenerate assets on the next startup, which may cause a delay before pages start being served.
+`console.enabled:`:: *Default: true* Set to false to disable Console.  Toggling
+this will cause the server to regenerate assets on the next startup, which may
+cause a delay before pages start being served.
 
-`cpu.cgroup.path.override:`:: Override for cgroup cpu path when mounted in manner that is inconsistent with `/proc/self/cgroup`
+`cpu.cgroup.path.override:`:: Override for cgroup cpu path when mounted in a
+manner that is inconsistent with `/proc/self/cgroup`
 
-`cpuacct.cgroup.path.override:`:: Override for cgroup cpuacct path when mounted in manner that is inconsistent with `/proc/self/cgroup`
+`cpuacct.cgroup.path.override:`:: Override for cgroup cpuacct path when mounted
+in a manner that is inconsistent with `/proc/self/cgroup`
 
-`elasticsearch.customHeaders:`:: *Default: `{}`* Header names and values to send to Elasticsearch. Any custom headers
-cannot be overwritten by client-side headers, regardless of the `elasticsearch.requestHeadersWhitelist` configuration.
+`csp.rules:`:: A template
+https://w3c.github.io/webappsec-csp/[content-security-policy] that disables
+certain unnecessary and potentially insecure capabilities in the browser. All
+instances of `{nonce}` will be replaced with an automatically generated nonce
+at load time. We strongly recommend that you keep the default CSP rules that
+ship with Kibana.
 
-`elasticsearch.logQueries:`:: *Default: `false`* Logs queries sent to Elasticsearch. Requires `logging.verbose` set to `true`. This is useful for seeing the query DSL generated by applications that currently do not have an inspector, for example Timelion and Monitoring.
+`csp.strict:`:: *Default: `false`* Blocks access to Kibana to any browser that
+does not enforce even rudimentary CSP rules. In practice, this will disable
+support for older, less safe browsers like Internet Explorer.
 
-`elasticsearch.pingTimeout:`:: *Default: the value of the `elasticsearch.requestTimeout` setting* Time in milliseconds to
-wait for Elasticsearch to respond to pings.
+`csp.warnLegacyBrowsers:`:: *Default: `true`* Shows a warning message after
+loading Kibana to any browser that does not enforce even rudimentary CSP rules,
+though Kibana is still accessible. This configuration is effectively ignored
+when `csp.strict` is enabled.
 
-`elasticsearch.preserveHost:`:: *Default: true* When this setting’s value is true Kibana uses the hostname specified in
-the `server.host` setting. When the value of this setting is `false`, Kibana uses the hostname of the host that connects
-to this Kibana instance.
+`elasticsearch.customHeaders:`:: *Default: `{}`* Header names and values to send
+to Elasticsearch. Any custom headers cannot be overwritten by client-side
+headers, regardless of the `elasticsearch.requestHeadersWhitelist` configuration.
 
-`elasticsearch.requestHeadersWhitelist:`:: *Default: `[ 'authorization' ]`* List of Kibana client-side headers to send to Elasticsearch.
-To send *no* client-side headers, set this value to [] (an empty list).
+`elasticsearch.hosts:`:: *Default: "http://localhost:9200"* The URLs of the
+Elasticsearch instances to use for all your queries. All nodes listed here must
+be on the same cluster.
 
-`elasticsearch.requestTimeout:`:: *Default: 30000* Time in milliseconds to wait for responses from the back end or
-Elasticsearch. This value must be a positive integer.
+`elasticsearch.logQueries:`:: *Default: `false`* Logs queries sent to
+Elasticsearch. Requires `logging.verbose` set to `true`. This is useful for
+seeing the query DSL generated by applications that currently do not have an
+inspector, for example Timelion and Monitoring.
 
-`elasticsearch.shardTimeout:`:: *Default: 30000* Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+`elasticsearch.pingTimeout:`::
+*Default: the value of the `elasticsearch.requestTimeout` setting* Time in
+milliseconds to wait for Elasticsearch to respond to pings.
 
-`elasticsearch.sniffInterval:`:: *Default: false* Time in milliseconds between requests to check Elasticsearch for an updated list of nodes.
+`elasticsearch.preserveHost:`:: *Default: true* When this setting’s value is
+true, Kibana uses the hostname specified in the `server.host` setting. When the
+value of this setting is `false`, Kibana uses the hostname of the host that
+connects to this Kibana instance.
 
-`elasticsearch.sniffOnStart:`:: *Default: false* Attempt to find other Elasticsearch nodes on startup.
+`elasticsearch.requestHeadersWhitelist:`:: *Default: `[ 'authorization' ]`* List
+of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+headers, set this value to [] (an empty list).
 
-`elasticsearch.sniffOnConectionFault:`:: *Default: false* Update the list of Elasticsearch nodes immediately following a connection fault.
+`elasticsearch.requestTimeout:`:: *Default: 30000* Time in milliseconds to wait
+for responses from the back end or Elasticsearch. This value must be a positive
+integer.
 
-`elasticsearch.ssl.certificate:` and `elasticsearch.ssl.key:`:: Optional settings that provide the paths to the PEM-format SSL
-certificate and key files. These files are used to verify the identity of Kibana to Elasticsearch and are required when `xpack.ssl.verification_mode` in Elasticsearch is set to either `certificate` or `full`.
+`elasticsearch.shardTimeout:`:: *Default: 30000* Time in milliseconds for
+Elasticsearch to wait for responses from shards. Set to 0 to disable.
 
-`elasticsearch.ssl.certificateAuthorities:`:: Optional setting that enables you to specify a list of paths to the PEM file for the certificate authority for your Elasticsearch instance.
+`elasticsearch.sniffInterval:`:: *Default: false* Time in milliseconds between
+requests to check Elasticsearch for an updated list of nodes.
 
-`elasticsearch.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
+`elasticsearch.sniffOnStart:`:: *Default: false* Attempt to find other
+Elasticsearch nodes on startup.
 
-`elasticsearch.ssl.verificationMode:`:: *Default: full* Controls the verification of certificates presented by Elasticsearch. Valid values are `none`, `certificate`, and `full`.
-`full` performs hostname verification, and `certificate` does not.
+`elasticsearch.sniffOnConectionFault:`:: *Default: false* Update the list of
+Elasticsearch nodes immediately following a connection fault.
 
-`elasticsearch.ssl.alwaysPresentCertificate:`:: *Default: false* Controls whether to always present the certificate specified
-by `elasticsearch.ssl.certificate` when requested. This applies to all requests to Elasticsearch, including requests that are
-proxied for end-users. Setting this to `true` when Elasticsearch is using certificates to authenticate users can lead to proxied
-requests for end-users being executed as the identity tied to the configured certificate.
+`elasticsearch.ssl.alwaysPresentCertificate:`:: *Default: false* Controls
+whether to always present the certificate specified by
+`elasticsearch.ssl.certificate` when requested. This applies to all requests to
+Elasticsearch, including requests that are proxied for end-users. Setting this
+to `true` when Elasticsearch is using certificates to authenticate users can
+lead to proxied requests for end-users being executed as the identity tied to
+the configured certificate.
 
-`elasticsearch.startupTimeout:`:: *Default: 5000* Time in milliseconds to wait for Elasticsearch at Kibana startup before
-retrying.
+`elasticsearch.ssl.certificate:` and `elasticsearch.ssl.key:`:: Optional
+settings that provide the paths to the PEM-format SSL certificate and key files.
+These files are used to verify the identity of Kibana to Elasticsearch and are
+required when `xpack.ssl.verification_mode` in Elasticsearch is set to either
+`certificate` or `full`.
 
-`elasticsearch.hosts:`:: *Default: "http://localhost:9200"* The URLs of the Elasticsearch instances to use for all your
-queries.  All nodes listed here must be on the same cluster.
+`elasticsearch.ssl.certificateAuthorities:`:: Optional setting that enables you
+to specify a list of paths to the PEM file for the certificate authority for
+your Elasticsearch instance.
 
-`elasticsearch.username:` and `elasticsearch.password:`:: If your Elasticsearch is protected with basic authentication,
-these settings provide the username and password that the Kibana server uses to perform maintenance on the Kibana index at
-startup. Your Kibana users still need to authenticate with Elasticsearch, which is proxied through the Kibana server.
+`elasticsearch.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt
+the private key. This value is optional as the key may not be encrypted.
+
+`elasticsearch.ssl.verificationMode:`:: *Default: full* Controls the
+verification of certificates presented by Elasticsearch. Valid values are `none`,
+`certificate`, and `full`. `full` performs hostname verification, and
+`certificate` does not.
+
+`elasticsearch.startupTimeout:`:: *Default: 5000* Time in milliseconds to wait
+for Elasticsearch at Kibana startup before retrying.
+
+`elasticsearch.username:` and `elasticsearch.password:`:: If your Elasticsearch
+is protected with basic authentication, these settings provide the username and
+password that the Kibana server uses to perform maintenance on the Kibana index
+at startup. Your Kibana users still need to authenticate with Elasticsearch,
+which is proxied through the Kibana server.
 
 `kibana.defaultAppId:`:: *Default: "discover"* The default application to load.
 
-`kibana.index:`:: *Default: ".kibana"* Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-dashboards. Kibana creates a new index if the index doesn’t already exist.
+`kibana.index:`:: *Default: ".kibana"* Kibana uses an index in Elasticsearch to
+store saved searches, visualizations and dashboards. Kibana creates a new index
+if the index doesn’t already exist.
 
-`logging.dest:`:: *Default: `stdout`* Enables you specify a file where Kibana stores log output.
+`logging.dest:`:: *Default: `stdout`* Enables you specify a file where Kibana
+stores log output.
 
-`logging.quiet:`:: *Default: false* Set the value of this setting to `true` to suppress all logging output other than
-error messages.
+`logging.quiet:`:: *Default: false* Set the value of this setting to `true` to
+suppress all logging output other than error messages.
 
-`logging.silent:`:: *Default: false* Set the value of this setting to `true` to suppress all logging output.
+`logging.silent:`:: *Default: false* Set the value of this setting to `true` to
+suppress all logging output.
 
-[[logging-verbose]]`logging.verbose:`:: *Default: false* Set the value of this setting to `true` to log all events, including system usage information and all requests. Supported on Elastic Cloud Enterprise.
+`logging.timezone`:: *Default: UTC* Set to the canonical timezone id
+(e.g. `US/Pacific`) to log events using that timezone. A list of timezones can
+be referenced at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
 
-`logging.timezone`:: *Default: UTC* Set to the canonical timezone id (e.g. `US/Pacific`) to log events using that timezone.  A list of timezones can be referenced at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
+[[logging-verbose]]`logging.verbose:`:: *Default: false* Set the value of this
+setting to `true` to log all events, including system usage information and all
+requests. Supported on Elastic Cloud Enterprise.
 
-`map.includeElasticMapsService:`:: *Default: true* Turns on or off whether layers from the Elastic Maps Service should be included in the vector and tile layer option list.
-By turning this off, only the layers that are configured here will be included.
+`map.includeElasticMapsService:`:: *Default: true* Turns on or off whether
+layers from the Elastic Maps Service should be included in the vector and tile
+layer option list. By turning this off, only the layers that are configured here
+will be included.
 
-[[regionmap-settings]] `map.regionmap:`:: Specifies additional vector layers for use in <<regionmap, Region Map>> visualizations. Supported on Elastic Cloud Enterprise.
-Each layer object points to an external vector file that contains a geojson FeatureCollection.
-The file must use the https://en.wikipedia.org/wiki/World_Geodetic_System[WGS84 coordinate reference system] and only include polygons.
-If the file is hosted on a separate domain from Kibana, the server needs to be CORS-enabled so Kibana can download the file.
+[[regionmap-settings]] `map.regionmap:`:: Specifies additional vector layers for
+use in <<regionmap, Region Map>> visualizations. Supported on {ece}. Each layer
+object points to an external vector file that contains a geojson
+FeatureCollection. The file must use the
+https://en.wikipedia.org/wiki/World_Geodetic_System[WGS84 coordinate reference system]
+and only include polygons. If the file is hosted on a separate domain from
+Kibana, the server needs to be CORS-enabled so Kibana can download the file.
 The following example shows a valid regionmap configuration.
-
++
+--
     map.regionmap:
       includeElasticMapsService: false
       layers:
@@ -106,72 +167,136 @@ The following example shows a valid regionmap configuration.
                 description: "Full department name"
               - name: "INSEE"
                 description: "INSEE numeric identifier"
+--
 
-[[regionmap-name]]`map.regionmap.layers[].name:`:: Mandatory. A description of the map being provided. Supported on Elastic Cloud Enterprise.
+[[regionmap-ES-map]]`map.regionmap.includeElasticMapsService:`:: Turns on or off
+whether layers from the Elastic Maps Service should be included in the vector
+layer option list. Supported on Elastic Cloud Enterprise. By turning this off,
+only the layers that are configured here will be included. The default is `true`.
 
-[[regionmap-url]]`map.regionmap.layers[].url:`:: Mandatory. The location of the geojson file as provided by a webserver. Supported on Elastic Cloud Enterprise.
+[[regionmap-attribution]]`map.regionmap.layers[].attribution:`:: Optional.
+References the originating source of the geojson file. Supported on {ece}.
 
-[[regionmap-attribution]]`map.regionmap.layers[].attribution:`:: Optional. References the originating source of the geojson file. Supported on Elastic Cloud Enterprise.
+[[regionmap-fields]]`map.regionmap.layers[].fields[]:`:: Mandatory. Each layer
+can contain multiple fields to indicate what properties from the geojson
+features you wish to expose. The example above shows how to define multiple
+properties. Supported on {ece}.
 
-[[regionmap-fields]]`map.regionmap.layers[].fields[]:`:: Mandatory. Each layer can contain multiple fields to indicate what properties from the geojson features you wish to expose. The example above shows how to define multiple properties. Supported on Elastic Cloud Enterprise.
+[[regionmap-field-description]]`map.regionmap.layers[].fields[].description:`::
+Mandatory. The human readable text that is shown under the Options tab when
+building the Region Map visualization. Supported on {ece}.
 
-[[regionmap-field-name]]`map.regionmap.layers[].fields[].name:`:: Mandatory. This value is used to do an inner-join between the document stored in Elasticsearch and the geojson file. e.g. if the field in the geojson is called `Location` and has city names, there must be a field in Elasticsearch that holds the same values that Kibana can then use to lookup for the geoshape data. Supported on Elastic Cloud Enterprise.
+[[regionmap-field-name]]`map.regionmap.layers[].fields[].name:`:: Mandatory.
+This value is used to do an inner-join between the document stored in
+Elasticsearch and the geojson file. For example, if the field in the geojson is
+called `Location` and has city names, there must be a field in Elasticsearch
+that holds the same values that Kibana can then use to lookup for the geoshape
+data. Supported on {ece}.
 
-[[regionmap-field-description]]`map.regionmap.layers[].fields[].description:`:: Mandatory. The human readable text that is shown under the Options tab when building the Region Map visualization. Supported on Elastic Cloud Enterprise.
+[[regionmap-name]]`map.regionmap.layers[].name:`:: Mandatory. A description of
+the map being provided. Supported on {ece}.
 
-[[regionmap-ES-map]]`map.regionmap.includeElasticMapsService:`:: turns on or off whether layers from the Elastic Maps Service should be included in the vector layer option list. Supported on Elastic Cloud Enterprise.
-By turning this off, only the layers that are configured here will be included. The default is true.
+[[regionmap-url]]`map.regionmap.layers[].url:`:: Mandatory. The location of the
+geojson file as provided by a webserver. Supported on {ece}.
 
-[[tilemap-settings]] `map.tilemap.options.attribution:`:: *Default: `"© [Elastic Maps Service](https://www.elastic.co/elastic-maps-service)"`* The map attribution string. Supported on Elastic Cloud Enterprise.
+[[tilemap-settings]] `map.tilemap.options.attribution:`::
+*Default: `"© [Elastic Maps Service](https://www.elastic.co/elastic-maps-service)"`*
+The map attribution string. Supported on {ece}.
 
-[[tilemap-max-zoom]]`map.tilemap.options.maxZoom:`:: *Default: 10* The maximum zoom level. Supported on Elastic Cloud Enterprise.
+[[tilemap-max-zoom]]`map.tilemap.options.maxZoom:`:: *Default: 10* The maximum
+zoom level. Supported on {ece}.
 
-[[tilemap-min-zoom]]`map.tilemap.options.minZoom:`:: *Default: 1* The minimum zoom level. Supported on Elastic Cloud Enterprise.
+[[tilemap-min-zoom]]`map.tilemap.options.minZoom:`:: *Default: 1* The minimum
+zoom level. Supported on {ece}.
 
-[[tilemap-subdomains]]`map.tilemap.options.subdomains:`:: An array of subdomains used by the tile service.
-Specify the position of the subdomain the URL with the token `{s}`. Supported on Elastic Cloud Enterprise.
+[[tilemap-subdomains]]`map.tilemap.options.subdomains:`:: An array of subdomains
+used by the tile service. Specify the position of the subdomain the URL with
+the token `{s}`. Supported on {ece}.
 
-[[tilemap-url]]`map.tilemap.url:`:: The URL to the tileservice that Kibana uses to display map tiles in tilemap visualizations. Supported on Elastic Cloud Enterprise.
-By default, Kibana reads this url from an external metadata service, but users can still override this parameter to use their own Tile Map Service. For example: `"https://tiles.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana"`
-`server.basePath:`:: Enables you to specify a path to mount Kibana at if you are running behind a proxy. Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath from requests it receives, and to prevent a deprecation warning at startup. This setting cannot end in a slash (`/`).
+[[tilemap-url]]`map.tilemap.url:`:: The URL to the tileservice that Kibana uses
+to display map tiles in tilemap visualizations. Supported on {ece}. By default,
+Kibana reads this url from an external metadata service, but users can still
+override this parameter to use their own Tile Map Service. For example:
+`"https://tiles.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana"`
 
-`path.data:`:: *Default: `data`* The path where Kibana stores persistent data not saved in Elasticsearch.
+`path.data:`:: *Default: `data`* The path where Kibana stores persistent data
+not saved in Elasticsearch.
 
 `pid.file:`:: Specifies the path where Kibana creates the process ID file.
 
-`ops.interval:`:: *Default: 5000* Set the interval in milliseconds to sample system and process performance metrics.
-The minimum value is 100.
+`ops.interval:`:: *Default: 5000* Set the interval in milliseconds to sample
+system and process performance metrics. The minimum value is 100.
 
-`server.rewriteBasePath:`:: *Default: false* Specifies whether Kibana should rewrite requests that are prefixed with `server.basePath` or require that they are rewritten by your reverse proxy. This setting was effectively always `false` before Kibana 6.3 and will default to `true` starting in Kibana 7.0.
+`server.basePath:`:: Enables you to specify a path to mount Kibana at if you are
+running behind a proxy. Use the `server.rewriteBasePath` setting to tell Kibana
+if it should remove the basePath from requests it receives, and to prevent a
+deprecation warning at startup. This setting cannot end in a slash (`/`).
 
-`server.customResponseHeaders:`:: *Default: `{}`* Header names and values to send on all responses to the client from the Kibana server.
+`server.customResponseHeaders:`:: *Default: `{}`* Header names and values to
+  send on all responses to the client from the Kibana server.
 
-[[server-default]]`server.defaultRoute:`:: *Default: "/app/kibana"* This setting specifies the default route when opening Kibana. You can use this setting to modify the landing page when opening Kibana. Supported on Elastic Cloud Enterprise.
+[[server-default]]`server.defaultRoute:`:: *Default: "/app/kibana"* This setting
+specifies the default route when opening Kibana. You can use this setting to
+modify the landing page when opening Kibana. Supported on {ece}.
 
-`server.host:`:: *Default: "localhost"* This setting specifies the host of the back end server.
+`server.host:`:: *Default: "localhost"* This setting specifies the host of the
+back end server.
 
-`server.maxPayloadBytes:`:: *Default: 1048576* The maximum payload size in bytes for incoming server requests.
+`server.maxPayloadBytes:`:: *Default: 1048576* The maximum payload size in bytes
+for incoming server requests.
 
-`server.name:`:: *Default: "your-hostname"* A human-readable display name that identifies this Kibana instance.
+`server.name:`:: *Default: "your-hostname"* A human-readable display name that
+identifies this Kibana instance.
 
-`server.port:`:: *Default: 5601* Kibana is served by a back end server. This setting specifies the port to use.
+`server.port:`:: *Default: 5601* Kibana is served by a back end server. This
+setting specifies the port to use.
 
-`server.ssl.enabled:`:: *Default: "false"* Enables SSL for outgoing requests from the Kibana server to the browser. When set to `true`, `server.ssl.certificate` and `server.ssl.key` are required
+`server.rewriteBasePath:`:: *Default: false* Specifies whether Kibana should
+rewrite requests that are prefixed with `server.basePath` or require that they
+are rewritten by your reverse proxy. This setting was effectively always `false`
+before Kibana 6.3 and will default to `true` starting in Kibana 7.0.
 
-`server.ssl.certificate:` and `server.ssl.key:`:: Paths to the PEM-format SSL certificate and SSL key files, respectively.
+`server.ssl.certificate:` and `server.ssl.key:`:: Paths to the PEM-format SSL
+certificate and SSL key files, respectively.
 
-`server.ssl.certificateAuthorities:`:: List of paths to PEM encoded certificate files that should be trusted.
+`server.ssl.certificateAuthorities:`:: List of paths to PEM encoded certificate
+files that should be trusted.
 
-`server.ssl.cipherSuites:`:: *Default: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, DHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA256, HIGH,!aNULL, !eNULL, !EXPORT, !DES, !RC4, !MD5, !PSK, !SRP, !CAMELLIA*. Details on the format, and the valid options, are available via the [OpenSSL cipher list format documentation](https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT)
+`server.ssl.cipherSuites:`:: *Default: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, DHE-RSA-AES256-SHA384, ECDHE-RSA-AES256-SHA256, DHE-RSA-AES256-SHA256, HIGH,!aNULL, !eNULL, !EXPORT, !DES, !RC4, !MD5, !PSK, !SRP, !CAMELLIA*.
+Details on the format, and the valid options, are available via the
+https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT[OpenSSL cipher list format documentation].
 
-`server.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
+`server.ssl.enabled:`:: *Default: "false"* Enables SSL for outgoing requests
+from the Kibana server to the browser. When set to `true`,
+`server.ssl.certificate` and `server.ssl.key` are required.
 
-`server.ssl.redirectHttpFromPort:`:: Kibana will bind to this port and redirect all http requests to https over the port configured as `server.port`.
+`server.ssl.keyPassphrase:`:: The passphrase that will be used to decrypt the
+private key. This value is optional as the key may not be encrypted.
 
-`server.ssl.supportedProtocols:`:: *Default: TLSv1.1, TLSv1.2*  An array of supported protocols with versions. Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`
+`server.ssl.redirectHttpFromPort:`:: Kibana will bind to this port and redirect
+all http requests to https over the port configured as `server.port`.
 
-`status.allowAnonymous:`:: *Default: false* If authentication is enabled, setting this to `true` allows
-unauthenticated users to access the Kibana server status API and status page.
-`rollup.enabled:`:: *Default: true* Set this value to false to disable the Rollup user interface.
+`server.ssl.supportedProtocols:`:: *Default: TLSv1.1, TLSv1.2*  An array of
+supported protocols with versions. Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`
 
-`license_management.enabled`:: *Default: true* Set this value to false to disable the License Management user interface.
+`status.allowAnonymous:`:: *Default: false* If authentication is enabled,
+setting this to `true` enables unauthenticated users to access the Kibana
+server status API and status page.
+
+`xpack.license_management.enabled`:: *Default: true* Set this value to false to
+disable the License Management user interface.
+
+`xpack.rollup.enabled:`:: *Default: true* Set this value to false to disable the
+Rollup user interface.
+
+include::{docdir}/settings/apm-settings.asciidoc[]
+include::{docdir}/settings/dev-settings.asciidoc[]
+include::{docdir}/settings/graph-settings.asciidoc[]
+include::{docdir}/settings/infrastructure-ui-settings.asciidoc[]
+include::{docdir}/settings/logs-ui-settings.asciidoc[]
+include::{docdir}/settings/ml-settings.asciidoc[]
+include::{docdir}/settings/monitoring-settings.asciidoc[]
+include::{docdir}/settings/reporting-settings.asciidoc[]
+include::secure-settings.asciidoc[]
+include::{docdir}/settings/security-settings.asciidoc[]
+include::{docdir}/settings/spaces-settings.asciidoc[]

docs/spaces/securing-spaces.asciidoc

@@ -2,6 +2,73 @@
 [[spaces-securing]]
 === Securing spaces
 
-With security enabled, you can control who has access to specific spaces. You can manage access in **Management > Roles**.
 
-image::spaces/images/securing-spaces.png["Securing spaces"]
+With a Gold or Platinum license, you can control which roles have access to 
+each space. To get started, navigate to **Management > Roles**.
+
+[role="screenshot"]
+image::images/spaces_secure_all_privileges.png[]
+
+==== Setting privileges
+
+Access for all spaces in {kib} is governed by a concept called "minimum privilege."
+There are three options for minimum privilege:
+
+
+[cols="2*^<"]
+|===
+
+|`all`
+|Users have read/write access to all spaces in {kib}. Additionally, 
+users can create, edit, and delete individual spaces. This extends to spaces 
+that users create in the future.
+
+|`read`
+|Users have read-only access to all spaces in {kib}. This extends to spaces 
+that users create in the future.
+
+|`none`
+|Users do not have the all-spaces access.  You must set access on 
+individual spaces.
+
+
+|===
+
+Once you set the minimum privilege for all spaces, you can then add read and write 
+access to individual spaces. 
+
+
+==== Examples
+[cols="2*^<"]
+|===
+
+s|To provide
+s|Do this
+
+|Full access to all spaces
+|Set the minimum privilege to `all`.  This grants 
+full access to all spaces. In this case, you can't
+customize access to specific spaces.
+
+|Read-only access to all spaces, with full access to specific spaces
+|Set the minimum privilege to `read`,
+then grant the `all` privilege to individual spaces as needed. You can't revoke 
+access to an individual space.
+
+|Read-only access to a specific space
+|Set the minimum privilege to `none` to prevent all-space access,
+then set the `read` privilege for an individual space, 
+as shown below.
+
+|===
+
+[role="screenshot"]
+image::images/spaces_secure_specific_spaces.png[]
+
+
+
+[float]
+=== Viewing all space privileges
+
+To see which roles have access to each space, click *View summary of spaces privileges*.
+

kibana.d.ts

@@ -25,7 +25,7 @@ export * from './target/types/type_exports';
  * All exports from TS ambient definitions (where types are added for JS source in a .d.ts file).
  */
 import * as LegacyElasticsearch from './src/legacy/core_plugins/elasticsearch';
-import * as LegacyKibanaServer from './src/server/kbn_server';
+import * as LegacyKibanaServer from './src/legacy/server/kbn_server';
 
 /**
  *  Re-export legacy types under a namespace.

package.json

@@ -11,7 +11,7 @@
     "dashboarding"
   ],
   "private": true,
-  "version": "7.0.0",
+  "version": "8.0.0",
   "branch": "master",
   "types": "./kibana.d.ts",
   "build": {
@@ -50,7 +50,7 @@
     "test:coverage": "grunt test:coverage",
     "checkLicenses": "grunt licenses --dev",
     "build": "node scripts/build --all-platforms",
-    "start": "node scripts/kibana --dev",
+    "start": "node --trace-warnings --trace-deprecation scripts/kibana --dev ",
     "debug": "node --nolazy --inspect scripts/kibana --dev",
     "debug-break": "node --nolazy --inspect-brk scripts/kibana --dev",
     "precommit": "node scripts/precommit_hook",
@@ -95,7 +95,7 @@
   },
   "dependencies": {
     "@elastic/datemath": "5.0.2",
-    "@elastic/eui": "6.7.0",
+    "@elastic/eui": "6.10.1",
     "@elastic/filesaver": "1.1.2",
     "@elastic/good": "8.1.1-kibana2",
     "@elastic/numeral": "2.3.2",
@@ -109,6 +109,7 @@
     "@kbn/pm": "1.0.0",
     "@kbn/test-subj-selector": "0.2.1",
     "@kbn/ui-framework": "1.0.0",
+    "@types/lodash.clonedeep": "^4.5.4",
     "JSONStream": "1.1.1",
     "abortcontroller-polyfill": "^1.1.9",
     "angular": "1.6.9",
@@ -137,8 +138,8 @@
     "d3-cloud": "1.2.1",
     "del": "^3.0.0",
     "dragula": "3.7.0",
-    "elasticsearch": "^15.2.0",
-    "elasticsearch-browser": "^15.2.0",
+    "elasticsearch": "^15.4.1",
+    "elasticsearch-browser": "^15.4.1",
     "encode-uri-query": "1.0.0",
     "execa": "^1.0.0",
     "expiry-js": "0.1.7",
@@ -170,6 +171,7 @@
     "less": "2.7.1",
     "less-loader": "4.1.0",
     "lodash": "npm:@elastic/lodash@3.10.1-kibana1",
+    "lodash.clonedeep": "^4.5.0",
     "lru-cache": "4.1.1",
     "markdown-it": "^8.4.1",
     "mini-css-extract-plugin": "0.4.4",
@@ -215,12 +217,11 @@
     "rxjs": "^6.2.1",
     "script-loader": "0.7.2",
     "semver": "^5.5.0",
-    "socket.io": "^2.1.1",
     "stream-stream": "^1.2.6",
     "style-loader": "0.23.1",
     "tar": "2.2.0",
     "terser-webpack-plugin": "^1.1.0",
-    "thread-loader": "^1.2.0",
+    "thread-loader": "^2.1.2",
     "tinygradient": "0.3.0",
     "tinymath": "1.1.1",
     "topojson-client": "3.0.0",
@@ -242,7 +243,7 @@
     "webpack-merge": "4.1.4",
     "whatwg-fetch": "^3.0.0",
     "wreck": "^14.0.2",
-    "x-pack": "7.0.0",
+    "x-pack": "8.0.0",
     "yauzl": "2.7.0"
   },
   "devDependencies": {
@@ -250,6 +251,7 @@
     "@babel/types": "^7.0.0",
     "@elastic/eslint-config-kibana": "0.15.0",
     "@elastic/eslint-plugin-kibana-custom": "1.1.0",
+    "@elastic/makelogs": "^4.4.0",
     "@kbn/es": "1.0.0",
     "@kbn/eslint-import-resolver-kibana": "2.0.0",
     "@kbn/eslint-plugin-license-header": "1.0.0",
@@ -273,6 +275,7 @@
     "@types/eslint": "^4.16.2",
     "@types/execa": "^0.9.0",
     "@types/fetch-mock": "7.2.1",
+    "@types/json5": "^0.0.30",
     "@types/getopts": "^2.0.0",
     "@types/glob": "^5.0.35",
     "@types/globby": "^8.0.0",
@@ -344,7 +347,7 @@
     "fetch-mock": "7.3.0",
     "geckodriver": "1.12.2",
     "getopts": "2.0.0",
-    "grunt": "1.0.1",
+    "grunt": "1.0.3",
     "grunt-cli": "^1.2.0",
     "grunt-contrib-watch": "^1.1.0",
     "grunt-karma": "2.0.0",
@@ -355,11 +358,13 @@
     "has-ansi": "^3.0.0",
     "image-diff": "1.6.0",
     "intl-messageformat-parser": "^1.4.0",
+    "is-path-inside": "^2.0.0",
     "istanbul-instrumenter-loader": "3.0.1",
     "jest": "^23.6.0",
     "jest-cli": "^23.6.0",
     "jest-raw-loader": "^1.0.1",
     "jimp": "0.2.28",
+    "json-stable-stringify": "^1.0.1",
     "json5": "^1.0.1",
     "karma": "3.1.4",
     "karma-chrome-launcher": "2.1.1",
@@ -375,6 +380,7 @@
     "load-grunt-config": "0.19.2",
     "makelogs": "^4.3.0",
     "mocha": "3.3.0",
+    "multistream": "^2.1.1",
     "murmurhash3js": "3.0.1",
     "mutation-observer": "^1.0.3",
     "nock": "8.0.0",
@@ -383,6 +389,7 @@
     "pixelmatch": "4.0.2",
     "pkg-up": "^2.0.0",
     "postcss": "^7.0.5",
+    "postcss-url": "^8.0.0",
     "prettier": "^1.14.3",
     "proxyquire": "1.7.11",
     "regenerate": "^1.4.0",
@@ -411,7 +418,7 @@
     "zlib": "^1.0.5"
   },
   "engines": {
-    "node": "10.14.1",
+    "node": "10.15.1",
     "yarn": "^1.10.1"
   }
 }

packages/kbn-dev-utils/src/streams/concat_stream.js

@@ -33,7 +33,6 @@ import { createReduceStream } from './reduce_stream';
  *  Concatenate values into an array:
  *    createListStream([1,2,3])
  *      .pipe(createConcatStream([]))
- *      .pipe(createJsonStringifyStream())
  *      .on('data', console.log)
  *      // logs "[1,2,3]"
  *

packages/kbn-es-query/.babelrc

@@ -1,3 +0,0 @@
-{
-  "presets": ["@kbn/babel-preset/webpack_preset"]
-}

packages/kbn-es-query/README.md

@@ -0,0 +1,94 @@
+# kbn-es-query
+
+This module is responsible for generating Elasticsearch queries for Kibana. See explanations below for each of the subdirectories.
+
+## es_query
+
+This folder contains the code that combines Lucene/KQL queries and filters into an Elasticsearch query.
+
+```javascript
+buildEsQuery(indexPattern, queries, filters, config)
+```
+
+Generates the Elasticsearch query DSL from combining the queries and filters provided.
+
+```javascript
+buildQueryFromFilters(filters, indexPattern)
+```
+
+Generates the Elasticsearch query DSL from the given filters.
+
+```javascript
+luceneStringToDsl(query)
+```
+
+Generates the Elasticsearch query DSL from the given Lucene query.
+
+```javascript
+migrateFilter(filter, indexPattern)
+```
+
+Migrates a filter from a previous version of Elasticsearch to the current version.
+
+```javascript
+decorateQuery(query, queryStringOptions)
+```
+
+Decorates an Elasticsearch query_string query with the given options.
+
+## filters
+
+This folder contains the code related to Kibana Filter objects, including their definitions, and helper functions to create them. Filters in Kibana always contain a `meta` property which describes which `index` the filter corresponds to, as well as additional data about the specific filter.
+
+The object that is created by each of the following functions corresponds to a Filter object in the `lib` directory (e.g. `PhraseFilter`, `RangeFilter`, etc.)
+
+```javascript
+buildExistsFilter(field, indexPattern)
+```
+
+Creates a filter (`ExistsFilter`) where the given field exists.
+
+```javascript
+buildPhraseFilter(field, value, indexPattern)
+```
+
+Creates an filter (`PhraseFilter`) where the given field matches the given value.
+
+```javascript
+buildPhrasesFilter(field, params, indexPattern)
+```
+
+Creates a filter (`PhrasesFilter`) where the given field matches one or more of the given values. `params` should be an array of values. 
+
+```javascript
+buildQueryFilter(query, index)
+```
+
+Creates a filter (`CustomFilter`) corresponding to a raw Elasticsearch query DSL object.
+
+```javascript
+buildRangeFilter(field, params, indexPattern)
+```
+
+Creates a filter (`RangeFilter`) where the value for the given field is in the given range. `params` should contain `lt`, `lte`, `gt`, and/or `gte`.
+
+## kuery
+
+This folder contains the code corresponding to generating Elasticsearch queries using the Kibana query language.
+
+It also contains code corresponding to the original implementation of Kuery (released in 6.0) which should be removed at some point (see legacy_kuery.js, legacy_kuery.peg).
+
+In general, you will only need to worry about the following functions from the `ast` folder:
+
+```javascript
+fromExpression(expression)
+```
+
+Generates an abstract syntax tree corresponding to the raw Kibana query `expression`. 
+
+```javascript
+toElasticsearchQuery(node, indexPattern)
+```
+
+Takes an abstract syntax tree (generated from the previous method) and generates the Elasticsearch query DSL using the given `indexPattern`. Note that if no `indexPattern` is provided, then an Elasticsearch query DSL will still be generated, ignoring things like the index pattern scripted fields, field types, etc.
+