[DOCS] Changes level offset for anomaly detection pages

docs/en/stack/ml/anomaly-detection/anomaly-examples.asciidoc

@@ -1,7 +1,7 @@
 [role="xpack"]
 [testenv="platinum"]
 [[anomaly-examples]]
-== {anomaly-detect-cap} examples
+= {anomaly-detect-cap} examples
 ++++
 <titleabbrev>Examples</titleabbrev>
 ++++
@@ -15,13 +15,13 @@ The scenarios in this section describe some best practices for generating useful
 * <<ml-configuring-aggregation>>
 * <<ml-configuring-categories>>
 * <<ml-configuring-detector-custom-rules>>
-* <<ml-configuring-pop>>
+* <<ml-configuring-populations>>
 * <<ml-configuring-transform>>
 * <<ml-delayed-data-detection>>
 
 [discrete]
 [[anomaly-examples-blog-posts]]
-=== {anomaly-detect-cap} examples in blog posts
+== {anomaly-detect-cap} examples in blog posts
 
 The blog posts listed below show how to get the most out of Elastic {ml} 
 {anomaly-detect}.

docs/en/stack/ml/anomaly-detection/create-jobs.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[create-jobs]]
-== Create {anomaly-jobs}
+= Create {anomaly-jobs}
 
 {anomaly-jobs-cap} contain the configuration information and metadata
 necessary to perform an analytics task.
@@ -21,7 +21,7 @@ A _multi-metric job_ can contain more than one detector, which is more efficient
 than running multiple jobs against the same data.
 
 A _population job_ detects activity that is unusual compared to the behavior of
-the population. For more information, see <<ml-configuring-pop>>.
+the population. For more information, see <<ml-configuring-populations>>.
 
 A _categorization job_ groups log messages into categories and uses
 <<ml-count-functions,count>> or <<ml-rare-functions,rare>> functions to detect
@@ -73,7 +73,7 @@ These wizards create {anomaly-jobs}, dashboards, searches, and visualizations
 that are customized to help you analyze your {auditbeat}, {filebeat}, and
 {metricbeat} data.
 
-[NOTE] 
+[NOTE]
 ===============================
 If your data is located outside of {es}, you cannot use {kib} to create
 your jobs and you cannot use {dfeeds} to retrieve your data in real time.

docs/en/stack/ml/anomaly-detection/index.asciidoc

@@ -1,69 +1,83 @@
 include::xpack-ml.asciidoc[]
 
-include::ml-overview.asciidoc[]
+include::ml-overview.asciidoc[leveloffset=+1]
 
-include::ml-concepts.asciidoc[]
+include::ml-concepts.asciidoc[leveloffset=+1]
 
-include::ml-jobs.asciidoc[leveloffset=+1]
+include::ml-jobs.asciidoc[leveloffset=+2]
 
-include::ml-datafeeds.asciidoc[leveloffset=+1]
+include::ml-datafeeds.asciidoc[leveloffset=+2]
 
-include::ml-buckets.asciidoc[leveloffset=+1]
+include::ml-buckets.asciidoc[leveloffset=+2]
 
-include::ml-influencers.asciidoc[leveloffset=+1]
+include::ml-influencers.asciidoc[leveloffset=+2]
 
-include::ml-calendars.asciidoc[leveloffset=+1]
+include::ml-calendars.asciidoc[leveloffset=+2]
 
-include::ml-rules.asciidoc[leveloffset=+1]
+include::ml-rules.asciidoc[leveloffset=+2]
 
-include::ml-model-snapshots.asciidoc[leveloffset=+1]
+include::ml-model-snapshots.asciidoc[leveloffset=+2]
 
-include::ml-configuration.asciidoc[]
+include::ml-configuration.asciidoc[leveloffset=+1]
 
-include::create-jobs.asciidoc[leveloffset=+1]
+include::create-jobs.asciidoc[leveloffset=+2]
 
-include::job-tips.asciidoc[leveloffset=+2]
+include::job-tips.asciidoc[leveloffset=+3]
 
-include::stopping-ml.asciidoc[leveloffset=+1]
+include::stopping-ml.asciidoc[leveloffset=+2]
 
-include::ml-api-quickref.asciidoc[]
+include::ml-api-quickref.asciidoc[leveloffset=+1]
 
-include::ootb-ml-jobs.asciidoc[]
+include::ootb-ml-jobs.asciidoc[leveloffset=+1]
 
-include::ootb-ml-jobs-apache.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-apache.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-apm.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-apm.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-auditbeat.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-auditbeat.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-logs-ui.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-logs-ui.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-metricbeat.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-metricbeat.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-nginx.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-nginx.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-siem.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-siem.asciidoc[leveloffset=+2]
 
-include::ootb-ml-jobs-uptime.asciidoc[leveloffset=+1]
+include::ootb-ml-jobs-uptime.asciidoc[leveloffset=+2]
+////
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-functions.asciidoc[leveloffset=+1]
 
-include::{es-repo-dir}/ml/anomaly-detection/functions.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-count-functions.asciidoc[leveloffset=+2]
 
-include::anomaly-examples.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-geo-functions.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/customurl.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-info-functions.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/aggregations.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-metric-functions.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/detector-custom-rules.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-rare-functions.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/categories.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-sum-functions.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/populations.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/functions/ml-time-functions.asciidoc[leveloffset=+2]
+////
+include::anomaly-examples.asciidoc[leveloffset=+1]
+////
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-url.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/transforms.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-aggregations.asciidoc[leveloffset=+2]
 
-include::{es-repo-dir}/ml/anomaly-detection/delayed-data-detection.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-detector-custom-rules.asciidoc[leveloffset=+2]
 
-include::ml-limitations.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-categories.asciidoc[leveloffset=+2]
 
-//include::ml-troubleshooting.asciidoc[]
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-populations.asciidoc[leveloffset=+2]
+
+include::{es-repo-dir}/ml/anomaly-detection/ml-configuring-transform.asciidoc[leveloffset=+2]
+
+include::{es-repo-dir}/ml/anomaly-detection/ml-delayed-data-detection.asciidoc[leveloffset=+2]
+////
+include::ml-limitations.asciidoc[leveloffset=+1]
+
+//include::ml-troubleshooting.asciidoc[leveloffset=+1]

docs/en/stack/ml/anomaly-detection/job-tips.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[job-tips]]
-== Machine learning job tips
+= Machine learning job tips
 ++++
 <titleabbrev>Job tips</titleabbrev>
 ++++
@@ -12,7 +12,7 @@ results.
 
 [discrete]
 [[bucket-span]]
-=== Bucket span
+== Bucket span
 
 The bucket span is the time interval that {ml} analytics use to summarize and
 model data for your job. When you create an {anomaly-job} in {kib}, you can
@@ -27,7 +27,7 @@ information about choosing an appropriate bucket span, see <<ml-buckets>>.
 
 [discrete]
 [[cardinality]]
-=== Cardinality
+== Cardinality
 
 If there are logical groupings of related entities in your data, {ml} analytics
 can make data models and generate results that take these groupings into
@@ -41,11 +41,11 @@ job uses more memory resources. In particular, if the cardinality of the
 
 Likewise if you are performing population analysis and the cardinality of the
 `over_field_name` is below 10, you are advised that this might not be a suitable
-field to use. For more information, see <<ml-configuring-pop>>.
+field to use. For more information, see <<ml-configuring-populations>>.
 
 [discrete]
 [[detectors]]
-=== Detectors
+== Detectors
 
 Each {anomaly-job} must have one or more _detectors_. A detector applies an
 analytical function to specific fields in your data. If your job does not
@@ -58,14 +58,14 @@ duplicates if they have the same `function`, `field_name`, `by_field_name`,
 
 [discrete]
 [[influencers]]
-=== Influencers
+== Influencers
 
 See <<ml-influencers>>.
 
 
 [discrete]
 [[model-memory-limits]]
-=== Model memory limits
+== Model memory limits
 
 For each {anomaly-job}, you can optionally specify a `model_memory_limit`, which
 is the approximate maximum amount of memory resources that are required for
@@ -108,7 +108,7 @@ increase the size of the {ml} nodes in your cluster.
 
 [discrete]
 [[dedicated-indices]]
-=== Dedicated indices
+== Dedicated indices
 
 For each {anomaly-job}, you can optionally specify a dedicated index to store 
 the {anomaly-detect} results. As {anomaly-jobs} may produce a large amount 

docs/en/stack/ml/anomaly-detection/ml-api-quickref.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-api-quickref]]
-== API quick reference
+= API quick reference
 
 All {ml} {anomaly-detect} endpoints have the following base:
 

docs/en/stack/ml/anomaly-detection/ml-buckets.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-buckets]]
-== Buckets
+= Buckets
 
 The {ml-features} use the concept of a _bucket_ to divide the time series into
 batches for processing.
@@ -20,7 +20,7 @@ The bucket span has a significant impact on the analysis. When you’re trying t
 
 [discrete]
 [[ml-bucket-results]]
-=== Bucket results
+== Bucket results
 
 When you view your {ml} results, each bucket has an anomaly score. This score is
 a statistically aggregated and normalized view of the combined anomalousness of

docs/en/stack/ml/anomaly-detection/ml-calendars.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-calendars]]
-== Calendars and scheduled events
+= Calendars and scheduled events
 
 Sometimes there are periods when you expect unusual activity to take place,
 such as bank holidays, "Black Friday", or planned system outages. If you

docs/en/stack/ml/anomaly-detection/ml-concepts.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-concepts]]
-== Concepts
+= Concepts
 
 This section explains the fundamental concepts of the Elastic {ml} 
 {anomaly-detect} feature.

docs/en/stack/ml/anomaly-detection/ml-configuration.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-configuration]]
-== Configure {anomaly-detect}
+= Configure {anomaly-detect}
 
 If you want to use {ml-features}, there must be at least one {ml} node in
 your cluster and all master-eligible nodes must have {ml} enabled. By default,

docs/en/stack/ml/anomaly-detection/ml-datafeeds.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-datafeeds]]
-== {dfeeds-cap}
+= {dfeeds-cap}
 
 {anomaly-jobs-cap} can analyze data that is stored in {es} or data that is
 sent from some other source via an API. _{dfeeds-cap}_ retrieve data from {es}

docs/en/stack/ml/anomaly-detection/ml-influencers.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-influencers]]
-== Influencers
+= Influencers
 
 When anomalous events occur, we want to know why. To determine the cause,
 however, you often need a broader knowledge of the domain. If you have
@@ -40,7 +40,7 @@ can be overwhelming and there is a small overhead to the analysis.
 
 [discrete]
 [[ml-influencer-results]]
-=== Influencer results
+== Influencer results
 
 The influencer results show which entities were anomalous and when. One
 influencer result is written per bucket for each influencer that affects the

docs/en/stack/ml/anomaly-detection/ml-jobs.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ml-jobs]]
-== {anomaly-jobs-cap}
+= {anomaly-jobs-cap}
 ++++
 <titleabbrev>Jobs</titleabbrev>
 ++++