[8.6] [DOCS] Option to schedule Osquery packs for individual policies or globally (#146482) (#147719)

# Backport

This will backport the following commits from `main` to `8.6`:
- [[DOCS] Option to schedule Osquery packs for individual policies or
globally (#146482)](https://github.com/elastic/kibana/pull/146482)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"nastasha-solomon","email":"79124755+nastasha-solomon@users.noreply.github.com"},"sourceCommit":{"committedDate":"2022-12-16T20:39:58Z","message":"[DOCS]
Option to schedule Osquery packs for individual policies or globally
(#146482)\n\nAddresses
https://github.com/elastic/kibana/issues/146468.\r\n\r\nPreview\r\n[here](https://kibana_146482.docs-preview.app.elstc.co/guide/en/kibana/master/osquery.html#osquery-schedule-query)\r\n(updated
step 4).\r\n\r\nCo-authored-by: Joe Peeples
<joe.peeples@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"d92e2f90bf6a93d39da55600b981eba92470b7fc","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","Team:Asset
Mgmt","Osquery","v8.6.0","v8.7.0"],"number":146482,"url":"https://github.com/elastic/kibana/pull/146482","mergeCommit":{"message":"[DOCS]
Option to schedule Osquery packs for individual policies or globally
(#146482)\n\nAddresses
https://github.com/elastic/kibana/issues/146468.\r\n\r\nPreview\r\n[here](https://kibana_146482.docs-preview.app.elstc.co/guide/en/kibana/master/osquery.html#osquery-schedule-query)\r\n(updated
step 4).\r\n\r\nCo-authored-by: Joe Peeples
<joe.peeples@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"d92e2f90bf6a93d39da55600b981eba92470b7fc"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/146482","number":146482,"mergeCommit":{"message":"[DOCS]
Option to schedule Osquery packs for individual policies or globally
(#146482)\n\nAddresses
https://github.com/elastic/kibana/issues/146468.\r\n\r\nPreview\r\n[here](https://kibana_146482.docs-preview.app.elstc.co/guide/en/kibana/master/osquery.html#osquery-schedule-query)\r\n(updated
step 4).\r\n\r\nCo-authored-by: Joe Peeples
<joe.peeples@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"d92e2f90bf6a93d39da55600b981eba92470b7fc"}}]}]
BACKPORT-->

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

docs/osquery/manage-integration.asciidoc

@@ -63,7 +63,7 @@ While this allows you to use advanced Osquery functionality like pack discovery
 
 . Edit the *Osquery config* JSON field to apply your preferred Osquery configuration. Note the following:
 
-* The field may already have content if you have scheduled packs for this agent policy. To keep these packs scheduled, do not remove the `packs` section.
+* The field may already have content if you've scheduled packs for this agent policy. To keep these packs scheduled, do not remove the `packs` section. The `shard` field value is the percentage of agents in the policy using the pack.
 
 * Refer to the https://osquery.readthedocs.io/en/stable/[Osquery documentation] for configuration options.
 

docs/osquery/osquery.asciidoc

@@ -82,23 +82,26 @@ You can run packs as live queries or schedule packs to run for one or more agent
 
 . Click the **Packs** tab.
 . Click **Add pack** to create a new pack, or click the name of an existing pack, then **Edit** to add queries to an existing pack.
+. Provide a name for the pack. The short description is optional. 
+. Schedule the pack to be deployed on specified agent policies (*Policy*) or on all agent policies (*Global*).
++
+TIP: Pack deployment details are stored within the <<osquery-custom-config,Osquery configuration>>. The `shard` field value is the percentage of agents in the policy using the pack.  
++
+If you choose the *Policy* option, configure these fields: 
++
+NOTE: When defining pack deployment details, you cannot configure the same policy multiple times. In other words, after specifying a policy, you can either choose to deploy the pack to all of the policy's agents or only a subset. You cannot choose both.
 
-. Provide the following fields:
+** *Scheduled {agent} policies (optional)*: Allows you to deploy the pack to specific agent policies. By default, the pack is deployed to all {agents} that are registered to the policies you define.  
+** *Partial deployment (shards)*: Allows you to deploy the pack to a portion of the agents on each specified agent policy. After defining a policy, use the *Shard* slider to set the amount of agents to which the pack is deployed. For example, after specifying a policy, you can choose to deploy the pack to half of the policy's agents by selecting 50% on the slider.
 
-* The name of the pack.
+. If you're creating a new pack, add queries to schedule:
 
-* A short description of the pack.
-
-* The agent policies where this pack should run. If no agent policies are set, the pack is not scheduled.
-
-. Add queries to schedule:
-
-* To add a query to the pack, click *Add query*, and then either add a saved query or enter a new query.
+ ** Click *Add query* and then add a saved query or enter a new query.
 Each query must include a unique query ID and the interval at which it should run.
 Optionally, set the minimum Osquery version and platform,
 or <<osquery-map-fields,map ECS fields>>. When you add a saved query to a pack, this adds a copy of the query. A connection is not maintained between saved queries and packs.
 
-* To upload queries from a `.conf` query pack, drag the pack to the drop zone under the query table. To explore the community packs that Osquery publishes, click *Example packs*.
+** Upload queries from a `.conf` query pack by dragging the pack to the drop zone under the query table. To explore the community packs that Osquery publishes, click *Example packs*.
 
 . Click *Save pack*. The queries run when the policy receives the update.