[7.0] Backport multiple doc PRs (#9167 #10647 #10740 #10741 #10742 #1…

…0833 #10859)  (#11120)

* Add steps for loading journalbeat dashboards  (#9167)

* Add steps for loading and viewing dashboards

* Deprecate global options for backoff, max_backoff, seek, and include_matches

* Add screen capture

* Move tip to correct place in doc

* Fix log path format in logging example (#10647)

* Add systemd compatibility statement (#10740)

* Remove simplistic docker command examples (#10741)

* Fix attribute references (#10742)

* Remove broken link to docker source code (#10833)

* Remove link to old repo for docker source

* Remove dockergithub attribute

* Add links to Logstash docs about working with Filebeat modules (#10859)

filebeat/docs/getting-started.asciidoc

@@ -231,10 +231,7 @@ sudo service {beatname_lc} start
 
 *docker:*
 
-["source", "shell", subs="attributes"]
-----------------------------------------------------------------------
-docker run {dockerimage}
-----------------------------------------------------------------------
+See <<running-on-docker>>.
 
 *mac and linux:*
 

filebeat/docs/modules-getting-started.asciidoc

@@ -100,7 +100,7 @@ load the ingest pipelines manually. To do this, run the `setup` command with
 the `--pipelines` option specified. If you used the
 <<modules-command,`modules`>> command to enable modules in the `modules.d`
 directory, also specify the `--modules` flag. For example, the following command
-loads the ingest pipelines used by all metricsets enabled in the system, nginx,
+loads the ingest pipelines used by all filesets enabled in the system, nginx,
 and mysql modules:
 
 // override modulename attribute so it works with the --modules option
@@ -134,5 +134,9 @@ and mysql modules:
 PS > .{backslash}{beatname_lc}.exe setup --pipelines --modules {modulename}
 ----
 
+TIP: If you're loading ingest pipelines manually because you want to send events
+to {ls}, also see
+{logstash-ref}/filebeat-modules.html[Working with {beatname_uc} modules].
+
 :has_module_steps!:
 :modulename!:

journalbeat/docs/general-options.asciidoc

@@ -29,26 +29,28 @@ data path. See the <<directory-layout>> section for details. The default is `${p
 ----
 
 [float]
-==== `backoff`
+==== `backoff` deprecated[5.6.1,Use the option under `paths` instead.]
+
 This option is valid as a global setting under the +{beatname_lc}+ namespace
 or under `paths`. For a description of this option, see
 <<{beatname_lc}-backoff,`backoff`>>.
 
 [float]
-==== `max_backoff`
+==== `max_backoff` deprecated[5.6.1,Use the option under `paths` instead.]
+
 This option is valid as a global setting under the +{beatname_lc}+ namespace
 or under `paths`. For a description of this option, see
 <<{beatname_lc}-max-backoff,`max_backoff`>>.
 
 [float]
-==== `seek`
+==== `seek` deprecated[5.6.1,Use the option under `paths` instead.]
 
 This option is valid as a global setting under the +{beatname_lc}+ namespace
 or under `paths`. For a description of this option, see
 <<{beatname_lc}-seek,`seek`>>. 
 
 [float]
-==== `include_matches`
+==== `include_matches` deprecated[5.6.1,Use the option under `paths` instead.]
 
 This option is valid as a global setting under the +{beatname_lc}+ namespace
 or under `paths`. For a description of this option, see

journalbeat/docs/getting-started.asciidoc

@@ -6,7 +6,9 @@ include::{libbeat-dir}/docs/shared-getting-started-intro.asciidoc[]
 * <<{beatname_lc}-installation>>
 * <<{beatname_lc}-configuration>>
 * <<{beatname_lc}-template>>
+* <<load-kibana-dashboards>>
 * <<{beatname_lc}-starting>>
+* <<view-kibana-dashboards>>
 * <<setup-repositories>>
 
 [id="{beatname_lc}-installation"]
@@ -159,8 +161,15 @@ include::{libbeat-dir}/docs/step-look-at-config.asciidoc[]
 
 include::{libbeat-dir}/docs/shared-template-load.asciidoc[]
 
+[[load-kibana-dashboards]]
+=== Step 4: Set up the Kibana dashboards
+
+:requires-sudo: yes
+include::../../libbeat/docs/dashboards.asciidoc[]
+:requires-sudo!:
+
 [id="{beatname_lc}-starting"]
-=== Step 4: Start {beatname_uc}
+=== Step 5: Start {beatname_uc}
 
 Start {beatname_uc} by issuing the appropriate command for your platform. If you
 are accessing a secured Elasticsearch cluster, make sure you've configured
@@ -193,18 +202,27 @@ in the _Beats Platform Reference_.
 {beatname_uc} is now ready to send journal events to the defined output.
 
 [[view-kibana-dashboards]]
-=== Step 5: View your data in Kibana
+=== Step 6: View the sample Kibana dashboards
+
+To make it easier for you to visualize your log data, we have created example
+{beatname_uc} dashboards. You loaded the dashboards earlier when you ran the
+`setup` command.
+
+include::../../libbeat/docs/opendashboards.asciidoc[]
+
+The dashboards are provided as examples. We recommend that you
+{kibana-ref}/dashboard.html[customize] them to meet your needs.
 
-There are currently no example dashboards available for {beatname_uc}.
+[role="screenshot"]
+image:./images/journald-log-data.png[Journald data]
 
-To learn how to view and explore your data, see the
-_{kibana-ref}/index.html[{kib} User Guide]_.
 
 [NOTE]
 =====
-By default, the Logs UI in {kib} only shows logs from `filebeat-*`
-indexes. To show {beatname_uc} indexes, add the following settings to the {kib}
-configuration: 
+You can also use the {infra-guide}/logs-ui-overview.html[Logs UI] in {kib} to
+tail logs in real time. By default, however, the Logs UI only shows logs from
+`filebeat-*` indexes. To show {beatname_uc} indexes, add the following settings
+to the {kib} configuration: 
 
 [source,yaml]
 ----

journalbeat/docs/index.asciidoc

@@ -17,7 +17,6 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[]
 :rpm_os:
 :linux_os:
 :docker_platform:
-:no_dashboards:
 
 include::{libbeat-dir}/docs/shared-beats-attributes.asciidoc[]
 

journalbeat/docs/overview.asciidoc

@@ -13,3 +13,9 @@ https://www.elastic.co/products/elasticsearch[Elasticsearch] or
 https://www.elastic.co/products/logstash[Logstash].
 
 include::{libbeat-dir}/docs/shared-libbeat-description.asciidoc[]
+
+[float]
+=== Compatibility
+
+{beatname_uc} requires systemd v233 or later. Versions prior to systemd v233
+have a defect that prevents {beatname_uc} from reading rotated journals.

libbeat/docs/loggingconfig.asciidoc

@@ -19,6 +19,7 @@ ifndef::serverless[]
 The logging system can write logs to the syslog or rotate log files. If logging
 is not explicitly configured the file output is used.
 
+ifndef::win_only[]
 ["source","yaml",subs="attributes"]
 ----
 logging.level: info
@@ -29,6 +30,20 @@ logging.files:
   keepfiles: 7
   permissions: 0644
 ----
+endif::win_only[]
+
+ifdef::win_only[]
+["source","yaml",subs="attributes"]
+----
+logging.level: info
+logging.to_files: true
+logging.files:
+  path: C:{backslash}ProgramData{backslash}{beatname_lc}{backslash}Logs
+  name: {beatname_lc}
+  keepfiles: 7
+  permissions: 0644
+----
+endif::win_only[]
 
 TIP: In addition to setting logging options in the config file, you can modify
 the logging output configuration from the command line. See

libbeat/docs/opendashboards.asciidoc

@@ -21,11 +21,11 @@ pattern is selected to see {beatname_uc} data.
 [role="screenshot"]
 image:./images/kibana-created-indexes.png[Discover tab with index selected]
 
-Go to the *Dashboard* page and select the dashboard that you want to open.
-
 TIP: If you don’t see data in {kib}, try changing the date range to a larger
 range. By default, {kib} shows the last 15 minutes.
 
+Go to the *Dashboard* page and select the dashboard that you want to open.
+
 [role="screenshot"]
 image:./images/kibana-navigation-vis.png[Navigation widget in Kibana]
 

libbeat/docs/security/basic-auth.asciidoc

@@ -79,12 +79,12 @@ rollover indices:
 --
 ["source","sh",subs="attributes"]
 ---------------------------------------------------------------
-POST _xpack/security/role/{beatname_lc}_ilm
+POST _xpack/security/role/{beat_default_index_prefix}_ilm
 {
   "cluster": ["manage_ilm"],
   "indices": [
     {
-      "names": [ "{beatname_lc}-*","shrink-{beatname_lc}-*"],
+      "names": [ "{beat_default_index_prefix}-*","shrink-{beat_default_index_prefix}-*"],
       "privileges": ["write","create_index","manage","manage_ilm"]
     }
   ]

libbeat/docs/shared-beats-attributes.asciidoc

@@ -14,7 +14,6 @@
 :monitoringdoc: https://www.elastic.co/guide/en/elastic-stack-overview/{doc-branch}
 :dashboards: https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-{stack-version}.zip
 :dockerimage: docker.elastic.co/beats/{beatname_lc}:{version}
-:dockergithub: https://github.com/elastic/beats-docker/tree/{doc-branch}
 :dockerconfig: https://raw.githubusercontent.com/elastic/beats/{doc-branch}/deploy/docker/{beatname_lc}.docker.yml
 :downloads: https://artifacts.elastic.co/downloads/beats
 :ES-version: {stack-version}

libbeat/docs/shared-docker.asciidoc

@@ -5,8 +5,7 @@ Docker images for {beatname_uc} are available from the Elastic Docker
 registry. The base image is https://hub.docker.com/_/centos/[centos:7].
 
 A list of all published Docker images and tags is available at
-https://www.docker.elastic.co[www.docker.elastic.co]. The source code is in
-{dockergithub}[GitHub].
+https://www.docker.elastic.co[www.docker.elastic.co]. 
 
 These images are free to use under the Elastic license. They contain open source 
 and free commercial features and access to paid commercial features.  

libbeat/docs/shared-logstash-config.asciidoc

@@ -22,7 +22,7 @@ the {stack} getting started tutorial. Also see the documentation for the
 If you want to use {ls} to perform additional processing on the data collected by
 {beatname_uc}, you need to configure {beatname_uc} to use {ls}.
 
-To do this, you edit the {beatname_uc} configuration file to disable the Elasticsearch
+To do this, you edit the {beatname_uc} configuration file to disable the {es}
 output by commenting it out and enable the {ls} output by uncommenting the
 logstash section:
 
@@ -36,8 +36,14 @@ output.logstash:
 The `hosts` option specifies the {ls} server and the port (`5044`) where {ls} is configured to listen for incoming
 Beats connections.
 
-For this configuration, you must <<load-template-manually,load the index template into Elasticsearch manually>>
-because the options for auto loading the template are only available for the Elasticsearch output.
+For this configuration, you must <<load-template-manually,load the index template into {es} manually>>
+because the options for auto loading the template are only available for the {es} output.
+
+ifeval::["{beatname_lc}"=="filebeat"]
+Want to use <<filebeat-modules,{beatname_uc} modules>> with {ls}? You need to do
+some extra setup. For more information, see
+{logstash-ref}/filebeat-modules.html[Working with {beatname_uc} modules].
+endif::[]
 
 ifndef::win-only[]
 ifndef::apm-server[]

packetbeat/docs/gettingstarted.asciidoc

@@ -270,10 +270,7 @@ sudo service {beatname_lc} start
 
 *docker:*
 
-["source","sh",subs="attributes"]
-----------------------------------------------------------------------
-docker run {dockerimage}
-----------------------------------------------------------------------
+See <<running-on-docker>>.
 
 *mac and linux:*
 

winlogbeat/docs/getting-started.asciidoc

@@ -74,7 +74,7 @@ output.elasticsearch:
 
 logging.to_files: true
 logging.files:
-  path: C:/ProgramData/winlogbeat/Logs
+  path: C:\ProgramData\winlogbeat\Logs
 logging.level: info
 --------------------------------------------------------------------------------