[DOCS] Updates intro doc (#88376) (#89623)

* [DOCS] Updates intro doc

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* Update docs/user/introduction.asciidoc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>

* [DOCS] Incorporates review comments

* [DOCS] Add links to Security views

* [DOCS] Minor tweaks to improve the flow of the doc

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

docs/user/introduction.asciidoc

@@ -1,145 +1,444 @@
 [[introduction]]
-== {kib} — your window into the Elastic Stack
+== {kib}—your window into Elastic
 ++++
 <titleabbrev>What is Kibana?</titleabbrev>
 ++++
 
-**_Visualize and analyze your data and manage all things Elastic Stack._**
+{kib} enables you to give
+shape to your data and navigate the Elastic Stack.  With {kib}, you can:
 
-Whether you’re an analyst or an admin, {kib} makes your data actionable by providing
-three key functions. Kibana is:
+* *Visualize and analyze your data.*
+Search for hidden insights, visualize what you've found in charts, gauges,
+maps and more, and combine them in a dashboard.
 
-* **An open-source analytics and visualization platform.**
-Use {kib} to explore your {es} data, and then build beautiful visualizations and dashboards.
+* *Search, observe, and protect.*
+From discovering documents to analyzing logs to finding security vulnerabilities,
+{kib} is your portal for accessing these capabilities and more.
 
-* **A UI for managing the Elastic Stack.**
-Manage your security settings, assign user roles, take snapshots, roll up your data,
-and more &mdash; all from the convenience of a {kib} UI.
+* *Manage, monitor, and secure the Elastic Stack.*
+Manage your indices and ingest pipelines, monitor the health of your
+Elastic Stack cluster, and control which users have access to
+which features.
 
-* **A centralized hub for Elastic's solutions.** From log analytics to
-document discovery to SIEM, {kib} is the portal for accessing these and other capabilities.
 
-[role="screenshot"]
-image::images/intro-kibana.png[Kibana home page]
+*{kib} is for administrators, analysts, and business users.*
+As an admin, your role is to manage the Elastic Stack, from creating your
+deployment to getting {es} data into {kib}, and then
+managing the data.  As an analyst, your job is to discover insights
+in the data, visualize your data on dashboards, and share your findings.  As a business user,
+you want to view existing dashboards and drill down into details.
+
+*{kib} works with all types of data.* Your data can be structured or unstructured text,
+numerical data, time-series data, geospatial data, logs, metrics, security events,
+and more.  Kibana is designed to use Elasticsearch as a data store.
+No matter your data, {kib} can help you uncover patterns and relationships and visualize the results.
 
 [float]
-[[get-data-into-kibana]]
-=== Ingest data
+[[kibana-home-page]]
+=== Where to start
 
-{kib} is designed to use {es} as a data source. Think of Elasticsearch as the engine that stores
-and processes the data, with {kib} sitting on top.
-
-To start working with your data in Kibana, use one of the many ingest options,
-available from the home page. You can collect data from an app or service or upload a file that contains your data.
-If you're not ready to use your own data, you can add a sample data set
-to give {kib} a test drive.
+Start with the home page, where you’re guided toward the most common use cases.
+For a quick reference of {kib} use cases, refer to <<whats-the-right-app,What’s the right app for you?>>
 
 [role="screenshot"]
-image::setup/images/add-data-home.png[Built-in options for adding data to Kibana:  Add data, Add Elastic Agent, Upload a file]
+image::images/home-page.png[Kibana home page]
+
+The main menu gets you to where you need to go. Like the home page,
+the menu is organized by use case. Want to work with your logs, metrics, APM, or
+Uptime data? The apps you need are under *Observability*. The main menu also includes
+*Recently viewed*, so you can easily access your previously opened apps.
+
+Hidden by default, you open the main menu by clicking the
+hamburger icon. To keep the main menu visible at all times, click the *Dock navigation* item.
+
+[role="screenshot"]
+image::images/kibana-main-menu.png[Kibana main menu]
 
 [float]
-[[explore-and-query]]
-=== Explore & query
+[[kibana-navigation-search]]
+=== Search {kib}
 
-Ready to dive into your data? With <<discover, Discover>>, you can explore your data and
-search for hidden insights and relationships. Ask your questions, and then
-narrow the results to just the data you want.
+Using the Search field in the global header, you can
+search for applications and objects, such as
+dashboards and visualizations.
+
+Search suggestions include deep links into applications,
+allowing you to directly navigate to the views you need most.
 
 [role="screenshot"]
-image::images/intro-discover.png[Discover UI]
+image::images/app-navigation-search.png[Example of searching for apps]
+
+When searching for objects, you can search by type, name, and tag.
+Tags are keywords or labels that you assign to {kib} objects,
+so you can classify the objects in a way that is meaningful to you.
+You can then quickly search for related objects based on shared tags.
+
+[role="screenshot"]
+image::images/tags-search.png[Example of searching for tags]
+
+To get the most from the search feature, follow these tips:
+
+* Use the keyboard shortcut&mdash;Ctrl+/ on Windows and Linux, Command+/ on MacOS&mdash;to focus on the input at any time.
+
+* Use the provided syntax keywords.
++
+[cols=2*]
+|===
+|Search by type
+|`type:dashboard`
+
+Available types: `application`, `canvas-workpad`, `dashboard`, `index-pattern`, `lens`, `maps`, `query`, `search`, `visualization`
+
+|Search by tag
+|`tag:mytagname` +
+`tag:"tag name with spaces"`
+
+|Search by type and name
+|`type:dashboard my_dashboard_title`
+
+|Advanced&nbsp;searches
+|`tag:(tagname1 or tagname2) my_dashboard_title` +
+`type:lens tag:(tagname1 or tagname2)` +
+`type:(dashboard or canvas-workpad) logs` +
+|===
+
 
 [float]
 [[visualize-and-analyze]]
-=== Visualize & analyze
+=== Analyze your data
 
-A visualization is worth a thousand log lines, and {kib} provides
-many options for showcasing your data. Use <<create-panels-with-lens,Lens>>,
-our drag-and-drop interface,
-to rapidly build
-charts, tables, metrics, and more. If there
-is a better visualization for your data, *Lens* suggests it, allowing for quick
-switching between visualization types.
-
-Once your visualizations are just the way you want,
-use <<dashboard, Dashboard>> to collect them in one place. A dashboard provides
-insights into your data from multiple perspectives.
+Data analysis is the core functionality of {kib}.
+You can quickly search through large amounts of data, explore fields and values,
+and then use {kib}’s drag-and-drop interface to rapidly build charts, tables, metrics, and more.
 
 [role="screenshot"]
-image::images/intro-dashboard.png[Sample eCommerce data set dashboard]
+image::images/visualization-journey.png[User visualization journey]
 
-{kib} also offers these visualization features:
+[[get-data-into-kibana]]
+. *Add data.* The best way to add {es} data to {kib} is to use one of our guided processes,
+available from the <<kibana-home-page,home page>>. You can collect data from an app or service, upload a
+file, or add a sample data set.
 
-* <<canvas, Canvas>> gives you the ability to present your data in a
-visually compelling, pixel-perfect report. Give your data the “wow” factor
-needed to impress your CEO or to captivate coworkers with a big-screen display.
+. *Explore.* With <<discover,*Discover*>>, you can search your data for hidden
+insights and relationships. Ask your questions, and then filter the results to just the data you want.
+You can also limit your results to the most recent documents added to {es}.
 
-* <<maps, Maps>> enables you to ask (and answer) meaningful
-questions of your location-based data. Maps supports multiple
-layers and data sources, mapping of individual geo points and shapes,
-and dynamic client-side styling.
+. *Visualize.* {kib} provides many options to create visualizations of your data, from
+aggregation-based data to time series data.
+<<dashboard, *Dashboard*>> is your starting point to create visualizations,
+and then pulling them together to show your data from multiple perspectives.
 
-* <<tsvb-advanced-editor, TSVB>> allows you to combine
-an infinite number of aggregations to display complex data.
-With TSVB, you can customize
-every aspect of your visualization. Choose your own date format and color
-gradients, and easily switch your data view between time series, metric,
-top N, gauge, and markdown.
+. *Present.*  With <<canvas, *Canvas*>>, you can display your data on a visually
+compelling, pixel-perfect workpad. **Canvas** can give your data
+the “wow” factor needed to impress your CEO and captivate coworkers with a big-screen display.
+
+. *Share.* Ready to <<reporting-getting-started, share>> your findings with a larger audience? {kib} offers many options&mdash;embed
+a dashboard, share a link, export to PDF, and more.
 
 [float]
-[[organize-and-secure]]
-=== Organize & secure
+==== Plot location data on a map
+If you’re looking to better understand the “where’’ in your data, your data
+analysis journey will also include <<maps, *Maps*>>. This app is the right
+choice when you’re looking for a spatial pattern, performing ad-hoc location-driven analysis,
+or analyzing metrics with a geographic perspective. With *Maps*, you can build
+world country maps, administrative region maps, and point-to-point origin-destination maps.
+You can also visualize and track movement over space and through time.
 
-Want to share Kibana’s goodness with other people or teams? You can do so with
-<<xpack-spaces, Spaces>>, built for organizing your visualizations, dashboards, and indices.
-Think of a space as its own mini {kib} installation &mdash; it’s isolated from
-all other spaces, so you can tailor it to your specific needs without impacting others.
+[float]
+==== Model data behavior
 
-You can even choose which features to enable within each space. Don’t need
-Machine learning in your “Executive” space? Simply turn it off.
+To model the behavior of your data, you'll want to use
+<<xpack-ml, *{ml-cap}*>>.
+This app can help you extract insights from your data that you might otherwise miss.
+You can forecast unusual behavior in your time series data.
+You can also perform outlier detection, regression, and classification analysis
+on your data and generate annotated results.
 
+[float]
+==== Graph relationships
+
+Looking to uncover how items in your data are related?
+<<xpack-graph, *Graph*>> is your app. Graphing relationships is useful in a variety of use cases,
+from fraud detection to recommendation engines. For example, graph exploration
+can help you uncover website vulnerabilities that hackers are targeting,
+so you can harden your website. Or, you might provide graph-based
+personalized recommendations to your e-commerce customers.
+
+[float]
+[[extend-your-use-case]]
+=== Search, observe, and protect
+
+Being able to search, observe, and protect your data is a requirement for any analyst.
+{kib} provides solutions for each of these use cases.
+
+* https://www.elastic.co/guide/en/enterprise-search/current/index.html[*Enterprise Search*] enables you to create a search experience for your app, workplace, and website.
+
+* {observability-guide}/observability-introduction.html[*Elastic Observability*] enables you to monitor and apply analytics in real time
+to events happening across all your environments. You can analyze log events, monitor the performance metrics for the host or container
+that it ran in, trace the transaction, and check the overall service availability.
+
+* Designed for security analysts, {security-guide}/es-overview.html[*Elastic Security*] provides an overview of
+the events and alerts from your environment.  Elastic Security helps you defend
+your organization from threats before damage and loss occur.
++
 [role="screenshot"]
-image::images/intro-spaces.png[Space selector screen]
-
-You can take this all one step further with Kibana’s security features, and
-control which users have access to each space. {kib} allows for fine-grained
-controls, so you can give a user read-only access to
-dashboards in one space, but full access to all of Kibana’s features in another.
+image::siem/images/detections-ui.png[]
 
 [float]
 [[manage-all-things-stack]]
 === Manage all things Elastic Stack
 
-<<management, Stack Management>> provides guided processes for managing all
-things Elastic Stack &mdash; indices, clusters, licenses, UI settings,
-and more. Want to update your {es} indices? Set user roles and privileges?
-Turn on dark mode? Kibana has UIs for all that.
+{kib}'s <<management, Stack Management>> takes you under the hood,
+so you can twist the levers and turn the knobs.  *Stack Management* provides
+guided processes for administering all things Elastic Stack,
+including data, indices, clusters, alerts, and security.
 
 [role="screenshot"]
 image::images/intro-management.png[]
 
 [float]
-[[extend-your-use-case]]
-=== Extend your use case &mdash; or add a new one
+==== Manage your data, indices, and clusters
 
-As a hub for Elastic's https://www.elastic.co/products/[solutions], {kib}
-can help you find security vulnerabilities,
-monitor performance, and address your business needs. Get alerted if a key
-metric spikes. Detect anomalous behavior or forecast future spikes. Root out
-bottlenecks in your application code. Kibana doesn’t limit or dictate how you explore your data.
+{kib} offers these data management tasks&mdash;all from the convenience of a UI:
+
+* Refresh, flush, and clear the cache of your indices.
+* Define the lifecycle of an index as it ages.
+* Define a policy for taking snapshots of your cluster.
+* Roll up data from one or more indices into a new, compact index.
+* Replicate indices on a remote cluster and copy them to a local cluster.
+
+[float]
+==== Alert and take action
+Detecting and acting on significant shifts and signals in your data is a need
+that exists in almost every use case. For example, you might set an alert to notify you when:
+
+* A shift occurs in your business critical KPIs.
+* System resources, such as memory, CPU and disk space, take a dip.
+* An unusually high number of service requests, suspicious processes, and login attempts occurs.
+
+An alert is triggered when a specified condition is met. For example,
+an alert might trigger when the average or max of one of
+your metrics exceeds a threshold within a specified time frame.
+
+When the alert triggers, you can send a notification to a system that is part of
+your daily workflow. {kib} integrates with email, Slack, PagerDuty, and ServiceNow,
+to name a few.
+
+A dedicated view for creating, searching, and editing alerts is in <<alert-management,*Alerts and Actions*>>.
 
 [role="screenshot"]
-image::siem/images/detections-ui.png[]
+image::images/alerts-and-actions.png[Alerts and Actions view]
+
+
+[float]
+[[organize-and-secure]]
+=== Organize your work in spaces
+
+Want to share {kib}’s goodness with other people or teams without overwhelming them? You can do so
+with <<xpack-spaces, Spaces>>, built for organizing your visualizations, dashboards, and indices.
+Think of a space as its own mini {kib} installation&mdash;it’s isolated from all other spaces,
+so you can tailor it to your specific needs without impacting others.
+
+[role="screenshot"]
+image::images/select-your-space.png[Space selector screen]
+
+Most of {kib}’s entities are space-aware, including dashboards, visualizations, index patterns,
+Canvas workpads, Timelion visualizations, graphs, tags, and machine learning jobs.
+
+In addition:
+
+* **Elastic Security** is space-aware, so the timelines and investigations
+you open in one space will not be available to other spaces.
+
+* **Observability** is currently partially space-aware, but will be enhanced to become fully space-aware.
+
+* Most of the **Stack Management** features are not space aware because they
+are primarily used to manage features of {es}, which serves as a shared data store for all spaces.
+
+* Alerts are space-aware and work nicely with the {kib} role-based access control
+model to allow you secure access to them, depending on the alert type and your user roles.
+For example, roles with no access to an app will not have access to its alerts.
+
+[float]
+==== Control feature visibility
+
+You can take spaces one step further and control which features are visible
+within each space. For example, you might hide **Dev Tools** in your "Executive"
+space or show **Stack Monitoring** only in your "Admin" space.
+
+Controlling feature visibility is not a security feature. To secure access
+to specific features on a per-user basis, you must configure
+<<xpack-security-authorization,{kib} Security>>.
+
+[role="screenshot"]
+image::images/features-control.png[Features Controls screen]
+
+[float]
+[[intro-kibana-Security]]
+=== Secure {kib}
+
+{kib} offers a range of security features for you to control who has access to what.
+The security features are automatically turned on when
+{ref}/get-started-enable-security.html[security is enabled in
+{es}]. For a description of all available configuration options,
+see <<security-settings-kb,Security settings in {kib}>>.
+
+[float]
+==== Log in
+Kibana supports several <<kibana-authentication,authentication providers>>,
+allowing you to login using {es}’s built-in realms, or by your own single sign-on provider.
+
+[role="screenshot"]
+image::images/login-screen.png[Login screen]
+
+[float]
+==== Secure access
+
+{kib} provides roles and privileges for controlling which users can
+view and manage {kib} features. Privileges grant permission to view an application
+or perform a specific action and are assigned to roles. Roles allow you to describe
+a “template” of capabilities that you can grant to many users,
+without having to redefine what each user should be able to do.
+
+When you create a role, you can scope the assigned {kib} privileges to specific spaces.
+This makes it possible to grant users different access levels in different spaces,
+or even give users their very own private space. For example, power users might
+have privileges to create and edit visualizations and dashboards,
+while analysts or executives might have *Dashboard* and *Canvas* with read-only privileges.
+
+{kib}’s role management interface allows you to describe these various access
+levels, or you can automate role creation via our <<role-management-api,API>>.
+
+[role="screenshot"]
+image::images/roles-and-privileges.png[{kib privileges}]
+
+[float]
+==== Audit access
+
+Once you have your users and roles configured, you might want to maintain a
+record of who did what, when. The {kib} audit log will record this information for you,
+which can then be correlated with {es} audit logs to gain more insights into your
+users’ behavior. For more information, see <<xpack-security-audit-logging,{kib} audit logging>>.
+
+[float]
+[[whats-the-right-app]]
+=== What’s the right app for you?
+
+{kib} has a wealth of apps, each with its own area of specialty.
+Scan this table to quickly find the app that gets you to our goal.
+
+[cols=2*]
+|===
+
+2+| *Get started*
+
+|Get {kib}
+|https://www.elastic.co/cloud/elasticsearch-service/signup[Sign up for a free trial] and start exploring data in minutes.
+
+|Don’t know where to begin
+|The home page.  If you’re looking to explore and visualize your data, follow
+the <<get-started,{kib} Quick start>>.
+
+|Add data
+|The Add data page, available from the home page.
+
+|See the full list of {kib} features
+|The https://www.elastic.co/kibana/features[{kib} features page on elastic.co]
+
+2+| *Analyze and visualize your data*
+
+|Know what’s in your data
+|<<discover,Discover>>
+
+|Create charts and other visualizations
+|<<dashboard, Dashboard>>
+
+|Show your data from different perspectives
+|<<dashboard, Dashboard>>
+
+|Work with location data
+|<<maps, Maps>>
+
+|Create a presentation of your data
+|<<canvas, Canvas>>
+
+|Generate models for your data’s behavior
+|<<xpack-ml, {ml-cap}>>
+
+|Explore connections in your data
+|<<xpack-graph, Graph>>
+
+|Share your data
+|<<dashboard, Dashboard>>, <<canvas, Canvas>>
+
+2+|*Build a search experience*
+
+|Create a search experience for your workplace
+|https://www.elastic.co/guide/en/workplace-search/current/workplace-search-getting-started.html[Workplace Search]
+
+|Build a search experience for your app
+|https://www.elastic.co/guide/en/app-search/current/getting-started.html[App Search]
+
+
+2+|*Monitor, analyze, and react to events*
+
+|Monitor software services and applications in real-time by collecting performance information
+|{observability-guide}/apm.html[APM]
+
+|Monitor the availability of your sites and services
+|{observability-guide}/monitor-uptime.html[Uptime]
+
+|Search, filter, and tail all your logs
+|{observability-guide}/monitor-logs.html[Logs]
+
+|Analyze metrics from your infrastructure, apps, and services
+|{observability-guide}/analyze-metrics.html[Metrics]
+
+2+|*Prevent, detect, and respond to threats*
+
+|Create and manage rules for suspicious source events, and view the alerts these rules create.
+|{security-guide}/detection-engine-overview.html[Detections]
+
+|View all hosts and host-related security events.
+|{security-guide}/hosts-overview.html[Hosts]
+
+|View key network activity metrics via an interactive map.
+|{security-guide}/network-page-overview.html[Network]
+
+|Investigate alerts and complex threats, such as lateral movement of malware across hosts in your network.
+|{security-guide}/timelines-ui.html[Timelines]
+
+|Create and track security issues
+|{security-guide}/cases-overview.html[Cases]
+
+|View and manage hosts that are running Endpoint Security
+|{security-guide}/admin-page-ov.html[Administration]
+
+2+|*Administer your Kibana instance*
+
+|Manage your Elasticsearch data
+|<<manage-data,Stack Management > Data>>
+
+|Set up alerts
+|<<alert-management,Stack Management > Alerts and Actions>>
+
+|Organize your workspace and users
+|<<xpack-spaces,Stack Management > Spaces>>
+
+|Define user roles and privileges
+|<<xpack-security,Stack Management > Users>>
+
+|Customize {kib} to suit your needs
+|<<advanced-options,Stack Management > Advanced Settings>>
+
+|===
 
 [float]
 [[try-kibana]]
-=== Give {kib} a try
+=== Getting help
 
-There is no faster way to try out {kib} than with our hosted {es} Service.
-https://www.elastic.co/cloud/elasticsearch-service/signup[Sign up for a free trial]
-and start exploring data in minutes.
+Using our in-product guidance can help you get up and running, faster.
+Click the help icon image:images/intro-help-icon.png[Help icon in navigation bar]
+for help with questions or to provide feedback.
 
-You can also <<install, install {kib} on your own>> &mdash; no code, no additional
-infrastructure required.
-
-Our <<get-started, Quick start>> and in-product guidance can
-help you get up and running, faster. Click the help icon image:images/intro-help-icon.png[Help icon in navigation bar] for help with questions or to provide feedback.
+To keep up with what’s new and changed in Elastic, click the celebration icon in the global header.