merge with main

.eslintrc.js

@@ -850,6 +850,10 @@ module.exports = {
                 name: 'semver',
                 message: 'Please use "semver/*/{function}" instead',
               },
+              {
+                name: '@kbn/rule-data-utils',
+                message: `Import directly from @kbn/rule-data-utils/* submodules in public/common code`,
+              },
             ],
           },
         ],

.github/CODEOWNERS

@@ -397,7 +397,7 @@
 # Security Solution sub teams
 /x-pack/plugins/cases @elastic/security-threat-hunting
 /x-pack/plugins/timelines @elastic/security-threat-hunting
-/x-pack/test/case_api_integration @elastic/security-threat-hunting
+/x-pack/test/cases_api_integration @elastic/security-threat-hunting
 /x-pack/plugins/lists @elastic/security-detections-response
 
 ## Security Solution sub teams - security-onboarding-and-lifecycle-mgt
@@ -415,11 +415,15 @@
 /x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
 /x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
 
+## Security Solution sub teams - security-telemetry (Data Engineering)
+x-pack/plugins/security_solution/server/usage/ @elastic/security-telemetry
+x-pack/plugins/security_solution/server/lib/telemetry/ @elastic/security-telemetry
+
 ## Security Solution sub teams - security-engineering-productivity
-x-pack/plugins/security_solution/cypress/ccs_integration
-x-pack/plugins/security_solution/cypress/upgrade_integration
-x-pack/plugins/security_solution/cypress/README.md
-x-pack/test/security_solution_cypress
+x-pack/plugins/security_solution/cypress/ccs_integration @elastic/security-engineering-productivity
+x-pack/plugins/security_solution/cypress/upgrade_integration @elastic/security-engineering-productivity
+x-pack/plugins/security_solution/cypress/README.md @elastic/security-engineering-productivity
+x-pack/test/security_solution_cypress @elastic/security-engineering-productivity
 
 # Security Intelligence And Analytics
 /x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics

dev_docs/contributing/how_we_use_github.mdx

@@ -46,7 +46,7 @@ In order to assist with developer tooling we ask that all Elastic engineers use
  1. Update the git config for your current repository to commit with your `@elastic.co` email:
 
     ```bash
-    git config --local user.email [email protected]
+    git config user.email [email protected]
     ```
 
  1. Create a commit using the new email address

docs/apm/correlations.asciidoc

@@ -38,7 +38,7 @@ in a table below the chart. The table is sorted by correlation coefficients that
 range from 0 to 1. Attributes with higher correlation values are more likely to
 contribute to high latency transactions. By default, the attribute with the
 highest correlation value is added to the chart. To see the latency distribution
-for other attributes, hover over their row in the table.
+for other attributes, select their row in the table.
 
 If a correlated attribute seems noteworthy, use the **Filter** quick links:
 
@@ -47,12 +47,14 @@ the selected value.
 * `-` creates a new query in the {apm-app} to filter out transactions containing
 the selected value.
 
-In this example screenshot, transactions with the field
-`labels.orderPriceRange` and value `large` are skewed to the right with slower
-response times than the overall latency distribution. If you select the `+`
-filter in the appropriate row of the table, it creates a new query in the
-{apm-app} for transactions with this attribute. With the "noise" now filtered
-out, you can begin viewing sample traces to continue your investigation.
+You can also click the icon beside the field name to view and filter its most
+popular values.
+
+In this example screenshot, there are transactions that are skewed to the right
+with slower response times than the overall latency distribution. If you select
+the `+` filter in the appropriate row of the table, it creates a new query in
+the {apm-app} for transactions with this attribute. With the "noise" now
+filtered out, you can begin viewing sample traces to continue your investigation.
 
 [discrete]
 [[correlations-error-rate]]
@@ -67,25 +69,23 @@ is determined by its {ecs-ref}/ecs-event.html#field-event-outcome[event.outcome]
 value. For example, APM agents set the `event.outcome` to `failure` when an HTTP
 transaction returns a `5xx` status code.
 
-// The chart highlights the failed transactions in the overall latency distribution for the transaction group. 
-If there are attributes that have a statistically significant correlation with
-failed transactions, they are listed in a table. The table is sorted by scores,
-which are mapped to high, medium, or low impact levels. Attributes with high
-impact levels are more likely to contribute to failed transactions.
-//  By default, the attribute with the highest score is added to the chart. To see a different attribute in the chart, hover over its row in the table.
+The chart highlights the failed transactions in the overall latency distribution
+for the transaction group. If there are attributes that have a statistically
+significant correlation with failed transactions, they are listed in a table.
+The table is sorted by scores, which are mapped to high, medium, or low impact
+levels. Attributes with high impact levels are more likely to contribute to
+failed transactions. By default, the attribute with the highest score is added
+to the chart. To see a different attribute in the chart, select its row in the
+table. 
 
-For example, in the screenshot below, the field
-`kubernetes.pod.name` and value `frontend-node-59dff47885-fl5lb` has a medium
-impact level and existed in 19% of the failed transactions.
+For example, in the screenshot below, there are attributes such as a specific
+node and pod name that have medium impact on the failed transactions.
 
 [role="screenshot"]
 image::apm/images/correlations-failed-transactions.png[Failed transaction correlations]
 
-TIP: Some details, such as the failure and success percentages, are available
-only when the
-<<observability-enable-inspect-es-queries,observability:enableInspectEsQueries>>
-advanced setting is enabled.
-
 Select the `+` filter to create a new query in the {apm-app} for transactions
-with this attribute. You might do his for multiple attributes--each time
-filtering out more and more noise and bringing you closer to a diagnosis.
+with one or more of these attributes. If you are unfamiliar with a field, click
+the icon beside its name to view its most popular values and optionally filter
+on those values too. Each time that you add another attribute, it is filtering
+out more and more noise and bringing you closer to a diagnosis.

docs/developer/contributing/development-github.asciidoc

@@ -53,7 +53,7 @@ In order to assist with developer tooling we ask that all Elastic engineers use
 +
 ["source","shell"]
 -----------
-git config --local user.email [email protected]
+git config user.email [email protected]
 -----------
  4. Create a commit using the new email address
 +

docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md

@@ -163,7 +163,6 @@ readonly links: {
             readonly luceneQuerySyntax: string;
             readonly percolate: string;
             readonly queryDsl: string;
-            readonly autocompleteChanges: string;
         };
         readonly date: {
             readonly dateMath: string;

docs/getting-started/quick-start-guide.asciidoc

@@ -11,7 +11,7 @@ When you've finished, you'll know how to:
 
 [float]
 === Required privileges
-When security is enabled, you must have `read`, `write`, and `manage` privileges on the `kibana_sample_data_*` indices. 
+You must have `read`, `write`, and `manage` privileges on the `kibana_sample_data_*` indices. 
 Learn how to <<tutorial-secure-access-to-kibana, secure access to {kib}>>, or refer to {ref}/security-privileges.html[Security privileges] for more information.
 
 [float]
@@ -144,4 +144,4 @@ image::images/dashboard_sampleDataAddFilter_7.15.0.png[The [eCommerce] Revenue D
 
 *Create a dashboard with your own data.* Ready to learn more about analyzing your data in *Dashboard*? Go to <<dashboard, Dashboard>>.
 
-*Try out the {ml-features}.* Ready to analyze the sample data sets and generate models for its patterns of behavior? Go to {ml-docs}/ml-getting-started.html[Getting started with {ml}].
+*Try out the {ml-features}.* Ready to analyze the sample data sets and generate models for its patterns of behavior? Go to {ml-docs}/ml-getting-started.html[Getting started with {ml}].

docs/index.asciidoc

@@ -13,6 +13,7 @@ include::{docs-root}/shared/versions/stack/{source_branch}.asciidoc[]
 :es-docker-image: {es-docker-repo}:{version}
 :blob:            {kib-repo}blob/{branch}/
 :security-ref:    https://www.elastic.co/community/security/
+:Data-source:     Data view
 :data-source:     data view
 :data-sources:    data views
 :a-data-source:   a data view

docs/settings/alert-action-settings.asciidoc

@@ -191,3 +191,6 @@ Specifies the default timeout for the all rule types tasks. The time is formatte
 `<count>[ms,s,m,h,d,w,M,Y]` 
 +
 For example, `20m`, `24h`, `7d`, `1w`. Default: `60s`.
+
+`xpack.alerting.cancelAlertsOnRuleTimeout`::
+Specifies whether to skip writing alerts and scheduling actions if rule execution is cancelled due to timeout. Default: `true`. This setting can be overridden by individual rule types.

docs/setup/docker.asciidoc

@@ -97,10 +97,10 @@ services:
 
 By default, {kib] auto-generates a keystore file for secure settings at startup. To persist your {kibana-ref}/secure-settings.html[secure settings], use the `kibana-keystore` utility to bind-mount the parent directory of the keystore to the container. For example:
 
-[source,sh]
+["source","sh",subs="attributes"]
 ----
-docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:7.14.0 bin/kibana-keystore create
-docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:7.14.0 bin/kibana-keystore add test_keystore_setting
+docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data {docker-image} bin/kibana-keystore create
+docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data {docker-image} bin/kibana-keystore add test_keystore_setting
 ----
 
 [float]

docs/user/canvas.asciidoc

@@ -112,9 +112,6 @@ Choose the type of element you want to use, then use the preconfigured demo data
 By default, most of the elements you create use the demo data until you change the data source. The demo data includes a small data set that you can use to experiment with your element.
 
 . Click *Add element*, then select the element you want to use.
-+
-[role="screenshot"]
-image::images/canvas-element-select.gif[Canvas elements]
 
 . To connect the element to your data, select *Data*, then select one of the following data sources:
 

docs/user/dashboard/dashboard.asciidoc

@@ -361,17 +361,31 @@ To exit *Edit* mode, click *Switch to view mode*.
 
 [float]
 [[download-csv]]
-== Download panel data
+== View the panel data and requests
 
-Download panel data in a CSV file. When you download visualization panels with multiple layers, each layer produces a CSV file, and the file names contain the visualization and layer index names.
+View the data in visualizations and the requests that collect the data. 
 
-. Open the panel menu, then select *Inspect*.
+. Open the panel menu, then click *More > Inspect*.
 
-. Click *Download CSV*, then select the format type from the dropdown:
+. View and download the panel data.
+
+.. Open the *View* dropdown, then click *Data*.
+
+.. Click *Download CSV*, then select the format type from the dropdown:
 
 * *Formatted CSV* — Contains human-readable dates and numbers.
 
 * *Unformatted* — Best used for computer use.
++
+When you download visualization panels with multiple layers, each layer produces a CSV file, and the file names contain the visualization and layer {data-source} names.
+
+. View the requests that collect the data.
+
+.. Open the *View* dropdown, then click *Requests*.
+
+.. From the dropdown, select the requests you want to view.
+
+.. To view the requests in *Console*, click *Request*, then click *Open in Console*.
 
 [float]
 [[share-the-dashboard]]

docs/user/dashboard/make-dashboards-interactive.asciidoc

@@ -94,20 +94,26 @@ To save the panel to the dashboard:
 [[explore-the-underlying-documents]]
 === Open panel data in Discover
 
-You can add interactions to panels that allow you to open *Discover* and explore the panel data. To use the *Discover* interactions, the panel must use only one index pattern, and you must enable <<settings-explore-data-in-context,`xpack.discoverEnhanced.actions.`>> and <<settings-explore-data-in-chart,`xpack.discoverEnhanced.actions.exploreDataInChart.enabled`>> in kibana.yml. 
+You can add interactions to panels that allow you to open and explore the data in *Discover*. To use the interactions, the panel must use only one {data-view}. 
 
-If you are using 7.13.0 and earlier, panel interactions are enabled by default.
+There are three types of *Discover* interactions you can add to dashboards:
 
-There are two types of *Discover* interactions that you can add to dashboards:
-
-* *Panel interactions* &mdash; Opens the panel data in *Discover*, including the dashboard-level filters, but not the panel-level filters.
+* *Panel interactions* &mdash; Opens panel data in *Discover*, including the dashboard-level filters, but not the panel-level filters.
++
+To enable panel interactions, configure <<settings-explore-data-in-context,`xpack.discoverEnhanced.actions.`>> in kibana.yml. If you are using 7.13.0 and earlier, panel interactions are enabled by default.
 +
 To use panel interactions, open the panel menu, then click *Explore underlying data*.
 
 * *Series data interactions* &mdash; Opens the series data in *Discover*.
 +
+To enable series data interactions, configure <<settings-explore-data-in-chart,`xpack.discoverEnhanced.actions.exploreDataInChart.enabled`>> in kibana.yml. If you are using 7.13.0 and earlier, data series interactions are enabled by default.
++
 To use series data interactions, click a data series in the panel.
 
+* *Saved search interactions* &mdash; Opens <<save-your-search,saved search>> data in *Discover*.
++
+To use saved search interactions, open the panel menu, then click *More > View saved search*.
+
 [float]
 [[create-drilldowns]]
 === Create drilldowns