Merge branch 'master' into alerting/consumer-based-rbac

* master:
  [Observability] Remove app logos (elastic#72259)
  Fix float percentiles line chart (elastic#71902)
  update chromedriver to 84 (elastic#72228)
  [esArchiver] actually re-delete the .kibana index if we lose recreate race (elastic#72354)
  [Maps] convert SavedGisMap to TS (elastic#72286)
  [DOCS] Removes occurrences of X-Pack Security and Reporting (elastic#72302)
  use WORKSPACE env var for stack_functional_integration tests, fix navigate path (elastic#71908)
  [Monitoring] Fix issue with ES node detail status (elastic#72298)
  [SIEM] Updates consumer in export_rule archive (elastic#72324)
  [kbn/dev-utils] add RunWithCommands utility (elastic#72311)
  [Security Solution][Endpoint][Exceptions] Only write manifest to policy when there are changes (elastic#72000)
  skip flaky suite (elastic#72339)
  [ML] Fix annotations pagination & change labels from letters to numbers (elastic#72204)
  [Lens] Fix switching with layers (elastic#71982)
  [Maps] 7.9 documenation updates (elastic#71893)
  docs: ✏️ add "Explore underlying data" user docs (elastic#70807)
  [Security Solution][Exceptions] - Remove initial add exception item button in builder (elastic#72215)
  Fix indentation level in code exploration doc (elastic#72274)
  register graph usage (elastic#72041)
  [Monitoring] Added a case for Alerting if security/ssl is disabled (elastic#71846)

docs/dev-tools/grokdebugger/index.asciidoc

@@ -32,7 +32,7 @@ in ingest node and Logstash.
 This example walks you through using the *Grok Debugger*. This tool
 is automatically enabled in {kib}. 
 
-NOTE: If you're using {security}, you must have the `manage_pipeline`
+NOTE: If you're using {stack-security-features}, you must have the `manage_pipeline`
 permission to use the Grok Debugger.
 
 . Open the menu, go to *Dev Tools*, then click *Grok Debugger*.

docs/developer/architecture/code-exploration.asciidoc

@@ -11,7 +11,7 @@ NOTE:
 ////
 
 [[code-exploration]]
-=== Exploring Kibana code
+== Exploring Kibana code
 
 The goals of our folder heirarchy are:
 
@@ -28,10 +28,10 @@ To that aim, we strive to:
 
 [discrete]
 [[kibana-services-applications]]
-==== Services and Applications
+=== Services and Applications
 
 [discrete]
-===== src/plugins
+==== src/plugins
 
 - {kib-repo}blob/{branch}/src/plugins/advanced_settings[advancedSettings]
 
@@ -283,7 +283,7 @@ WARNING: Missing README.
 
 
 [discrete]
-===== x-pack/plugins
+==== x-pack/plugins
 
 - {kib-repo}blob/{branch}/x-pack/plugins/actions/README.md[actions]
 

docs/drilldowns/explore-underlying-data.asciidoc

@@ -0,0 +1,41 @@
+[[explore-underlying-data]]
+== Explore the underlying data for a visualization
+
+++++
+<titleabbrev>Explore the underlying data</titleabbrev>
+++++
+
+Dashboard panels have an *Explore underlying data* action that navigates you to *Discover*,
+where you can narrow your documents to the ones you'll most likely use in a  visualization.
+This action is available for visualizations backed by a single index pattern.
+
+You can access *Explore underlying data* in two ways: from the panel context
+menu or from the menu that appears when you interact with the chart.
+
+[float]
+[[explore-data-from-panel-context-menu]]
+=== Explore data from panel context menu
+
+The *Explore underlying data* action in the panel menu navigates you to Discover,
+carrying over the index pattern, filters, query, and time range for the visualization.
+
+[role="screenshot"]
+image::images/explore_data_context_menu.png[Explore underlying data from panel context menu]
+
+[float]
+[[explore-data-from-chart]]
+=== Explore data from chart action
+
+Initiating *Explore underlying data* from the chart also navigates to Discover,
+carrying over the current context for the visualization. In addition, this action
+applies the filters and time range created by the events that triggered the action.
+
+[role="screenshot"]
+image::images/explore_data_in_chart.png[Explore underlying data from chart]
+
+You can disable this action by adding the following line to your `kibana.yml` config.
+
+["source","yml"]
+-----------
+xpack.discoverEnhanced.actions.exploreDataInChart.enabled: false
+-----------

docs/maps/heatmap-layer.asciidoc

@@ -7,8 +7,8 @@ Heat map layers cluster point data to show locations with higher densities.
 [role="screenshot"]
 image::maps/images/heatmap_layer.png[]
 
-To add a heat map layer to your map, click *Add layer*, then select the *Heat map* layer.
-The index must contain at least one field mapped as {ref}/geo-point.html[geo_point].
+To add a heat map layer to your map, click *Add layer*, then select *Heat map*.
+The index must contain at least one field mapped as {ref}/geo-point.html[geo_point] or {ref}/geo-shape.html[geo_shape].
 
 NOTE: Only count, sum, unique count metric aggregations are available with the grid aggregation source and heat map layers.
 Average, min, and max are turned off because the heat map will blend nearby values.

docs/maps/maps-aggregations.asciidoc

@@ -47,7 +47,7 @@ Grid aggregation layers use {ref}/search-aggregations-bucket-geotilegrid-aggrega
 Symbolize grid aggregation metrics as:
 
 *Clusters*:: Creates a <<vector-layer, vector layer>> with a cluster symbol for each gridded cell.
-The cluster location is the weighted centroid for all geo-points in the gridded cell.
+The cluster location is the weighted centroid for all documents in the gridded cell.
 
 *Grid rectangles*:: Creates a <<vector-layer, vector layer>> with a bounding box polygon for each gridded cell.
 
@@ -60,7 +60,7 @@ To enable a grid aggregation layer:
 To enable a blended layer that dynamically shows clusters or documents:
 
 . Click *Add layer*, then select the *Documents* layer.
-. Configure *Index pattern* and the *Geospatial field*. To enable clustering, the *Geospatial field* must be set to a field mapped as {ref}/geo-point.html[geo_point].
+. Configure *Index pattern* and the *Geospatial field*.
 . In *Scaling*, select *Show clusters when results exceed 10000*.
 
 

docs/maps/maps-getting-started.asciidoc

@@ -68,40 +68,17 @@ The first layer you'll add is a choropleth layer to shade world countries
 by web log traffic. Darker shades symbolize countries with more web log traffic,
 and lighter shades symbolize countries with less traffic.
 
-==== Add a vector layer to display world country boundaries
-
 . Click *Add layer*.
-. Select the *EMS Boundaries* layer.
+. Select *Choropleth*.
 . From the *Layer* dropdown menu, select *World Countries*.
+. Under *Statistics source*, set *Index pattern* to *kibana_sample_data_logs*.
+. Set *Join field* to *geo.src*.
 . Click the *Add layer* button.
 . Set *Name* to `Total Requests by Country`.
 . Set *Opacity* to 50%.
 . Click *Add* under *Tooltip fields*.
 . In the popover, select *ISO 3166-1 alpha-2 code* and *name* and click *Add*.
-
-===== Join the vector layer with the sample web log index
-
-You now have a vector layer containing the world countries.
-To symbolize countries by web traffic, you'll need to augment the world country features with the count of Elasticsearch weblog documents originating from each country.
-To do this, you'll create a <<terms-join, term join>> to link the vector source *World Countries* to
-the {es} index `kibana_sample_data_logs` on the shared key iso2 = geo.src.
-
-. Click plus image:maps/images/gs_plus_icon.png[] next to the *Term Joins* label.
-. Click *Join --select--*
-. Set *Left field* to *ISO 3166-1 alpha-2 code*.
-. Set *Right source* to *kibana_sample_data_logs*.
-. Set *Right field* to *geo.src*.
-. Click *and use metric count*.
-. Set *Custom label* to *web logs count*.
-
-===== Set the layer style
-
-All of the world countries are still a single color because the layer is using <<maps-vector-style-static, static styling>>.
-To shade the world countries based on which country is sending the most requests, you'll need to use <<maps-vector-style-data-driven, data driven styling>>.
-
-. Under *Fill color*, change the selected value from *Solid* to *By value*.
-. In the field select input, select *web logs count*.
-. Select the grey color ramp.
+. Under *Fill color*, select the grey color ramp.
 . Under *Border color*, change the selected color to *white*.
 . Click *Save & close*.
 +
@@ -127,7 +104,7 @@ This layer displays web log documents as points.
 The layer is only visible when users zoom in the map past zoom level 9.
 
 . Click *Add layer*.
-. Click the *Documents* layer.
+. Select *Documents*.
 . Set *Index pattern* to *kibana_sample_data_logs*.
 . Click the *Add layer* button.
 . Set *Name* to `Actual Requests`.
@@ -161,7 +138,7 @@ image::maps/images/grid_metrics_both.png[]
 ===== Add the layer
 
 . Click *Add layer*.
-. Click the *Clusters and grids* layer.
+. Select *Clusters and grids*.
 . Set *Index pattern* to *kibana_sample_data_logs*.
 . Click the *Add layer* button.
 . Set *Name* to `Total Requests and Bytes`.

docs/maps/tile-layer.asciidoc

@@ -7,7 +7,7 @@ Tile layers display image tiles served from a tile server.
 [role="screenshot"]
 image::maps/images/tile_layer.png[]
 
-To add a tile layer to your map, click *Add layer*, then select one of the following layers:
+To add a tile layer to your map, click *Add layer*, then select one of the following:
 
 *Configured Tile Map Service*:: Tile map service configured in kibana.yml.
 See map.tilemap.url in <<settings>> for details.
@@ -16,4 +16,6 @@ See map.tilemap.url in <<settings>> for details.
 
 *Tile Map Service*:: Tile map service configured in interface.
 
+*Vector tiles*:: Data service implementing the Mapbox vector tile specification.
+
 *Web Map Service*:: Maps from OGC Standard WMS.

docs/maps/vector-layer.asciidoc

@@ -7,15 +7,14 @@ Vector layers display points, lines, and polygons.
 [role="screenshot"]
 image::maps/images/vector_layer.png[]
 
-To add a vector layer to your map, click *Add layer*, then select one of the following layers:
+To add a vector layer to your map, click *Add layer*, then select one of the following:
 
-*Clusters and grids*:: Geospatial data grouped in grids with metrics for each gridded cell.
-The index must contain at least one field mapped as {ref}/geo-point.html[geo_point].
+*Choropleth*:: Shaded areas to compare statistics across boundaries.
 
-*Configured GeoJSON*:: Vector data from hosted GeoJSON configured in kibana.yml.
-See map.regionmap.* in <<settings>> for details.
+*Clusters and grids*:: Geospatial data grouped in grids with metrics for each gridded cell.
+The index must contain at least one field mapped as {ref}/geo-point.html[geo_point] or {ref}/geo-shape.html[geo_shape].
 
-*Documents*:: Vector data from a Kibana index pattern.
+*Documents*:: Points, lines, and polyons from Elasticsearch.
 The index must contain at least one field mapped as {ref}/geo-point.html[geo_point] or {ref}/geo-shape.html[geo_shape].
 
 NOTE: Document results are limited to the `index.max_result_window` index setting, which defaults to 10000.

docs/settings/monitoring-settings.asciidoc

@@ -7,7 +7,7 @@
 
 By default, the Monitoring application is enabled, but data collection
 is disabled.  When you first start {kib} monitoring, you are prompted to
-enable data collection. If you are using {security}, you must be
+enable data collection. If you are using {stack-security-features}, you must be
 signed in as a user with the `cluster:manage` privilege to enable
 data collection. The built-in `superuser` role has this privilege and the
 built-in `elastic` user has this role.

docs/setup/install.asciidoc

@@ -53,8 +53,8 @@ Formulae are available from the Elastic Homebrew tap for installing {kib} on mac
 <<brew>>
 
 IMPORTANT: If your Elasticsearch installation is protected by
-{ref}/elasticsearch-security.html[{security}] see
-{kibana-ref}/using-kibana-with-security.html[Configuring security in Kibana] for
+{ref}/elasticsearch-security.html[{stack-security-features}] see
+{kibana-ref}/using-kibana-with-security.html[Configuring security in {kib}] for
 additional setup instructions.
 
 include::install/targz.asciidoc[]

docs/user/dashboard.asciidoc

@@ -160,6 +160,7 @@ When you're finished adding and arranging the panels, save the dashboard.
 . Enter the dashboard *Title* and optional *Description*, then *Save* the dashboard.
 
 include::{kib-repo-dir}/drilldowns/drilldowns.asciidoc[]
+include::{kib-repo-dir}/drilldowns/explore-underlying-data.asciidoc[]
 
 [[sharing-dashboards]]
 == Share the dashboard

docs/user/monitoring/monitoring-kibana.asciidoc

@@ -20,9 +20,10 @@ node in the production cluster. By default, it is is disabled (`false`).
 +
 --
 NOTE: You can specify this setting in either the `elasticsearch.yml` on each
-node or across the cluster as a dynamic cluster setting. If {es}
-{security-features} are enabled, you must have `monitor` cluster privileges to
-view the cluster settings and `manage` cluster privileges to change them.
+node or across the cluster as a dynamic cluster setting. If
+{stack-security-features} are enabled, you must have `monitor` cluster
+privileges to view the cluster settings and `manage` cluster privileges to
+change them.
 
 --
 
@@ -33,7 +34,7 @@ view the cluster settings and `manage` cluster privileges to change them.
 --
 By default, if you are running {kib} locally, go to `http://localhost:5601/`.
 
-If {es} {security-features} are enabled, log in.
+If {security-features} are enabled, log in.
 --
 
 ... Open the menu, then go to *Stack Monitoring*. If data collection is
@@ -80,13 +81,13 @@ monitoring cluster prevents production cluster outages from impacting your
 ability to access your monitoring data. It also prevents monitoring activities
 from impacting the performance of your production cluster.
 
-If {security} is enabled on the production cluster, use an HTTPS URL such
-as `https://<your_production_cluster>:9200` in this setting.
+If {security-features} are enabled on the production cluster, use an HTTPS
+URL such as `https://<your_production_cluster>:9200` in this setting.
 ===============================
 
 --
 
-. If the Elastic {security-features} are enabled on the production cluster:
+. If {security-features} are enabled on the production cluster:
 
 .. Verify that there is a
 valid user ID and password in the `elasticsearch.username` and

docs/user/reporting/chromium-sandbox.asciidoc

@@ -2,14 +2,16 @@
 [[reporting-chromium-sandbox]]
 === Chromium sandbox
 
-When {reporting} uses the Chromium browser for generating PDF reports, it's recommended to use the sandbox for
-an additional layer of security. The Chromium sandbox uses operating system provided mechanisms to ensure that
-code execution cannot make persistent changes to the computer or access confidential information. The specific
-sandboxing techniques differ for each operating system.
+When {report-features} uses the Chromium browser for generating PDF reports,
+it's recommended to use the sandbox for an additional layer of security. The
+Chromium sandbox uses operating system provided mechanisms to ensure that
+code execution cannot make persistent changes to the computer or access
+confidential information. The specific sandboxing techniques differ for each
+operating system.
 
 ==== Linux sandbox
 The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. However, many
-distributions don't have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. {reporting}
+distributions don't have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. The {report-features}
 will automatically disable the sandbox when it is running on Debian and CentOS as additional steps are required to enable
 unprivileged usernamespaces. In these situations, you'll see the following message in your {kib} startup logs:
 `Chromium sandbox provides an additional layer of protection, but is not supported for your OS.

docs/user/reporting/configuring-reporting.asciidoc

@@ -2,18 +2,18 @@
 [[configuring-reporting]]
 == Reporting configuration
 
-You can configure settings in `kibana.yml` to control how {reporting}
-communicates with the {kib} server, manages background jobs, and captures
+You can configure settings in `kibana.yml` to control how the {report-features}
+communicate with the {kib} server, manages background jobs, and captures
 screenshots. See <<reporting-settings-kb, Reporting Settings>> for the complete
 list of settings.
 
 [float]
 [[encryption-keys]]
 === Encryption keys for multiple {kib} instances
 
-By default, a new encryption key is generated for {reporting} each time
-you start {kib}. This means if a static encryption key is not persisted in the
-{kib} configuration, any pending reports will fail when you restart {kib}.
+By default, a new encryption key is generated for the {report-features} each
+time you start {kib}. This means if a static encryption key is not persisted in
+the {kib} configuration, any pending reports will fail when you restart {kib}.
 
 If you are load balancing across multiple {kib} instances, they need to have
 the same reporting encryption key. Otherwise, report generation will fail if a

docs/user/reporting/development/index.asciidoc

@@ -1,9 +1,11 @@
 [role="xpack"]
 [[reporting-integration]]
 == Reporting integration
-Integrating a {kib} application with {reporting} requires a minimum amount of code, and the goal is to not have to
-modify the Reporting code as we add additional applications. Instead, applications abide by a contract that Reporting
-uses to determine the information that is required to export CSVs and PDFs.
+Integrating a {kib} application with the {report-features} requires a minimum
+amount of code, and the goal is to not have to modify the reporting code as we
+add additional applications. Instead, applications abide by a contract that
+{report-features} use to determine the information that is required to export
+CSVs and PDFs.
 
 [IMPORTANT]
 ==============================================
@@ -18,7 +20,7 @@ X-Pack uses the `share` plugin of the Kibana platform to register actions in the
 
 [float]
 === Generate job URL
-To generate a new {reporting} job, different export types require different `jobParams` that are Rison encoded into a URL
+To generate a new reporting job, different export types require different `jobParams` that are Rison encoded into a URL
 that abide by the following convention: `/api/reporting/generate?jobParams=${rison.encode(jobParams)}`. If you use the
 aforementioned <<reporting-nav-bar-extensions, nav bar extensions>> then this detail will be abstracted away, but if you
 provide a custom UI for generating the report, you will have to generate the URL and create a POST request to the URL.

docs/user/reporting/gs-index.asciidoc

@@ -21,7 +21,7 @@ You can also <<automating-report-generation,generate reports automatically>>.
 IMPORTANT: Reports are stored in the `.reporting-*` indices. Any user with
 access to these indices has access to every report generated by all users.
 
-To use {reporting} in a production environment,
+To use {report-features} in a production environment,
 <<securing-reporting,secure the Reporting endpoints>>.
 --
 

docs/user/reporting/index.asciidoc

@@ -19,7 +19,7 @@ image::user/reporting/images/share-button.png["Share"]
 [float]
 == Setup
 
-{reporting} is automatically enabled in {kib}. It runs a custom build of the Chromium web browser, which
+The {report-features} are automatically enabled in {kib}. It runs a custom build of the Chromium web browser, which
 runs on the server in headless mode to load {kib} and capture the rendered {kib} charts as images.
 
 Chromium is an open-source project not related to Elastic, but the Chromium binary for {kib} has been custom-built by Elastic to ensure it

docs/user/reporting/script-example.asciidoc

@@ -19,7 +19,8 @@ curl \
 // CONSOLE
 
 <1> `POST` method is required.
-<2> Provide user credentials for a user with permission to access Kibana and X-Pack reporting.
+<2> Provide user credentials for a user with permission to access Kibana and
+{report-features}.
 <3> The `kbn-version` header is required for all `POST` requests to Kibana.
 **The value must match the dotted-numeral version of the Kibana instance.**
 <4> The POST URL. You can copy and paste the URL for any report from the Kibana UI.

docs/user/reporting/watch-example.asciidoc

@@ -52,7 +52,7 @@ report from the Kibana UI.
 <3> Optional, default is 40
 <4> Optional, default is 15s
 <5> Provide user credentials for a user with permission to access Kibana and
-{reporting}.
+the {report-features}.
 //For more information, see <<secure-reporting>>.
 //<<reporting-app-users, Setting up a Reporting Role>>.