elastic · florent-leborgne · Dec 18, 2025 · Dec 19, 2025 · Dec 19, 2025 · benironside
@@ -29,9 +29,9 @@ spec:
 1. On cloud providers that support external load balancers, setting the type to `LoadBalancer` provisions a load balancer for your service. Alternatively, expose the service `<cluster-name>-es-remote-cluster` through one of the Kubernetes Ingress controllers that support TCP services.
 ::::
 
-::::{applies-item} eck: ga 3.0
+::::{applies-item} eck: ga 3.0-3.2
 
-In ECK 3.2 and earlier, you can't customize the service that ECK generates for the remote cluster interface, but you can create your own `LoadBalancer` service, `Ingress` object, or use another method available in your environment.
+You can't customize the service that ECK generates for the remote cluster interface, but you can create your own `LoadBalancer` service, `Ingress` object, or use another method available in your environment.
 
 For example, for a cluster named `quickstart`, the following command creates a separate `LoadBalancer` service named `quickstart-es-remote-cluster-lb`, pointing to the ECK-managed service `quickstart-es-remote-cluster`:
 

@@ -74,17 +74,15 @@ The following command regenerates auto-generated credentials of **all** {{stack}
 
 ::::{applies-switch}
 
-:::{applies-item} { "eck": "ga 3.2" }
-In ECK versions 3.2 and beyond:
+:::{applies-item} eck: ga 3.2+
 
 ```sh
 kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 ```
 
 :::
 
-:::{applies-item} { "eck": "ga 3.1" }
-In ECK versions prior to 3.2:
+:::{applies-item} eck: ga 3.0-3.1
 
 ```sh
 kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
@@ -95,7 +93,6 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.
 ::::
 
 ### Control the length of auto-generated passwords
-
 ```{applies_to}
   eck: ga 3.2
 ```

@@ -28,6 +28,17 @@ To manage these settings, go to the **GenAI Settings** page by using the navigat
 
 ::::{applies-switch}
 
+:::{applies-item} serverless: ga
+
+![GenAI Settings page for Serverless](/explore-analyze/images/ai-assistant-settings-page-serverless.png "")
+
+The **GenAI Settings** page has the following settings:
+
+- **Default AI Connector**: Click **Manage connectors** to open the **Connectors** page, where you can create or delete AI connectors. To update these settings, you need the `Actions and connectors: all` [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
+- **AI feature visibility**: Click **Go to Permissions tab** to access the active {{kib}} space's settings page, where you can specify which features each [user role](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) has access to in your environment. This includes AI-powered features. 
+
+:::
+
 :::{applies-item} stack: ga 9.2
 
 ![GenAI Settings page for Stack](/explore-analyze/images/ai-assistant-settings-page.png "")
@@ -48,16 +59,5 @@ The **GenAI Settings** page has the following settings:
 
 :::
 
-:::{applies-item} serverless:
-
-![GenAI Settings page for Serverless](/explore-analyze/images/ai-assistant-settings-page-serverless.png "")
-
-The **GenAI Settings** page has the following settings:
-
-- **Default AI Connector**: Click **Manage connectors** to open the **Connectors** page, where you can create or delete AI connectors. To update these settings, you need the `Actions and connectors: all` [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
-- **AI feature visibility**: Click **Go to Permissions tab** to access the active {{kib}} space's settings page, where you can specify which features each [user role](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) has access to in your environment. This includes AI-powered features. 
-
-:::
-
 ::::
 
@@ -35,15 +35,15 @@
 This feature is enabled by default.
 ::::
 
-::::{applies-item} stack: ga 9.2
+::::{applies-item} stack: ga =9.2
 This feature is disabled by default. You can enable background searches by setting [`data.search.sessions.enabled`](kibana://reference/configuration-reference/search-sessions-settings.md) to `true` in the [`kibana.yml`](/deploy-manage/stack-settings.md) configuration file.
 
 :::{note} - Exception for search sessions users
 If you upgrade to version 9.2 or later with search sessions enabled in the version you upgrade from, background searches are automatically enabled.
 :::
 ::::
 
-::::{applies-item} stack: ga 9.0
+::::{applies-item} stack: ga 9.0-9.1
 This feature is named **Search sessions** and is disabled by default unless you upgraded from a previous version where you were already using the feature. You can enable search sessions by setting [`data.search.sessions.enabled`](kibana://reference/configuration-reference/search-sessions-settings.md) to `true` in the [`kibana.yml`](/deploy-manage/stack-settings.md) configuration file.
 ::::
 
@@ -55,17 +55,21 @@
 
 The background searches that you run are personal and only visible by you. To use this feature, you must have the following minimum permissions:
 
-:::::{tab-set}
-:group: background search
+:::::{applies-switch}
+
+::::{applies-item} serverless: ga
+
+To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
-To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
+To send searches to the background, and to view and interact with the list of background searches from the **Discover** and **Dashboards** apps, you need permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
-To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
+To send searches to the background, and to view and interact with the list of background searches from the **Discover** and **Dashboards** apps, you need permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
+::::
+
+::::{applies-item} stack: ga 9.2
 
-::::{tab-item} 9.2 and later
-:sync: 92
 To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
 ::::
 
-::::{tab-item} 9.1 and earlier
-:sync: 91
-In versions 9.1 and earlier, this feature is named **Search sessions**.
+::::{applies-item} stack: ga 9.0-9.1
+
+In these versions, this feature is named **Search sessions**.
 * To save a session, you must have permissions for **Discover** and **Dashboard**, and the [Search sessions subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges).
 * To view and restore a saved session, you must have access to {{stack-manage-app}}.
 ::::

@@ -56,7 +56,7 @@ The following image is displayed:
 For detailed information about writing on GitHub, click **Syntax help** on the top-right of the Markdown editor.
 ::::
 
-::::{applies-item} stack: ga 9.0
+::::{applies-item} stack: ga 9.0-9.1
 1. From your dashboard, select **Add panel**.
 2. In the **Add panel** flyout, select **Text**. A Markdown editor appears and lets you configure the information you want to display.
 3. In the **Markdown** field, enter your text, then click **Update**.

@@ -18,7 +18,7 @@ The following diagrams show the reference architecture for OpenTelemetry with El
    :alt: APM data ingest path (ECH)
    :::
 
-- {applies_to}`stack: ga 9.1`
+- {applies_to}`stack: ga =9.1`
 
    :::{image} /solutions/images/observability-apm-otel-distro-ech.png
    :alt: APM data ingest path (ECH)

@@ -23,8 +23,8 @@ The {{motlp}} is designed for the following use cases:
 Keep reading to learn how to use the {{motlp}} to send logs, metrics, and traces to your Serverless project or {{ech}} cluster.
 
 :::{note}
-:applies_to: { ess:, stack: preview 9.2 }
-The Managed OTLP endpoint might not be available in all {{ech}} regions during the Technical Preview.
+:applies_to: ess: preview
+On {{ech}}, the Managed OTLP endpoint requires a deployment version 9.2 or later and might not be available in all {{ech}} regions during the Technical Preview.
 :::
 
 ## Send data to Elastic
@@ -46,8 +46,8 @@ To retrieve your {{motlp}} endpoint address and API key, follow these steps:
 Alternatively, you can retrieve the endpoint from the **Manage project** page and create an API key manually from the **API keys** page.
 :::
 
-:::{applies-item} ess:
-{applies_to}`stack: preview 9.2`
+:::{applies-item} ess: preview
+You need an {{ech}} deployment version 9.2 or later.
 1. In {{ecloud}}, create an {{ech}} deployment or open an existing one.
 2. Go to **Add data**, select **Applications** and then select **OpenTelemetry**.
 3. Copy the endpoint and authentication headers values.

@@ -17,16 +17,16 @@ Open a new {{observability}} case to keep track of issues and share the details
 
 ::::{applies-switch}
 
-:::{applies-item} stack:
+:::{applies-item} serverless:
 **Requirements**
 
-To access and send cases to external systems, you need the appropriate [subscription](https://www.elastic.co/pricing), and your role must have the required {{kib}} feature privileges. Refer to [](../incident-management/configure-access-to-cases.md) for more information.
+For {{observability}} projects, you need the appropriate [feature tier](https://www.elastic.co/pricing), and your role must have the **Editor** role or higher to create and manage cases. To learn more, refer to [Assign user roles and privileges](/deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
 :::
 
-:::{applies-item} serverless:
+:::{applies-item} stack:
 **Requirements**
 
-For {{observability}} projects, you need the appropriate [feature tier](https://www.elastic.co/pricing), and your role must have the **Editor** role or higher to create and manage cases. To learn more, refer to [Assign user roles and privileges](/deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles).
+To access and send cases to external systems, you need the appropriate [subscription](https://www.elastic.co/pricing), and your role must have the required {{kib}} feature privileges. Refer to [](../incident-management/configure-access-to-cases.md) for more information.
 :::
 
 ::::
@@ -49,14 +49,14 @@ To create a case:
 
     ::::{applies-switch}
 
-    :::{applies-item} stack:
-    You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md).
-    :::
-
     :::{applies-item} serverless:
     You can add users who are assigned the **Editor** user role (or a more permissive role) for the project.
     :::
 
+    :::{applies-item} stack:
+    You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md).
+    :::
+
     ::::
 
 6. If you defined [custom fields](/solutions/observability/incident-management/configure-case-settings.md#case-custom-fields), they appear in the **Additional fields** section.

@@ -26,21 +26,13 @@ To use Attack Discovery, your role needs specific privileges.
 
 ::::{applies-switch}
 
-:::{applies-item} { "stack": "ga 9.0" }
-
-Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature.
-
-![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png)
-
-:::
-
-:::{applies-item} { "stack": "ga 9.1"}
+:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" }
 
 Ensure your role has:
 
-* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature.
+* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature.
 
-    ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png)
+    ![attack-discovery-rules-rbac](/solutions/images/attack-discovery-rules-rbac.png "elasticsearch =60%x60%")
 
 * The appropriate [index privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md#adding_index_privileges), based on what you want to do with Attack Discovery alerts:
 
@@ -51,13 +43,13 @@ Ensure your role has:
 
 :::
 
-:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" }
+:::{applies-item} stack: ga =9.1
 
 Ensure your role has:
 
-* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature.
+* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature.
 
-    ![attack-discovery-rules-rbac](/solutions/images/attack-discovery-rules-rbac.png "elasticsearch =60%x60%")
+    ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png)
 
 * The appropriate [index privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md#adding_index_privileges), based on what you want to do with Attack Discovery alerts:
 
@@ -68,6 +60,14 @@ Ensure your role has:
 
 :::
 
+:::{applies-item} stack: ga =9.0
+
+Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature.
+
+![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png)
+
+:::
+
 ::::
 
 

@@ -4,8 +4,7 @@

 After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete.
 
 ## Why isn't my agentless agent appearing in Fleet?
-
 ```{applies_to}
   stack: ga 9.1
   serverless: ga
@@ -20,7 +19,7 @@
 Go to the **Settings** tab of the **Fleet** page. Navigate to the **Advanced Settings** section, and enable **Show agentless resources**.
 :::
 
-:::{applies-item} stack: ga 9.1
+:::{applies-item} stack: ga =9.1
 Add the following query to the end of the **Fleet** page's URL: `?showAgentless=true`. 
 :::
 

@@ -18,27 +18,27 @@ You can ingest your data before migrating your assets, or migrate your assets fi
 
 ::::{applies-switch}
 
-:::{applies-item} { "stack": "ga 9.0" }
+:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" }
 **Requirements**
 
-* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature.
+* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature.
 * A working [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
 * {{stack}} users: an [Enterprise](https://www.elastic.co/pricing) subscription.
 * {{Stack}} users: {{ml}} must be enabled.
 * {{serverless-short}} users: a [Security Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md) subscription.
 * {{ecloud}} users: {{ml}} must be enabled. We recommend a minimum size of 4GB of RAM per {{ml}} zone.
-
 :::
 
-:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" }
+:::{applies-item} stack: ga 9.0-9.2
 **Requirements**
 
-* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature.
+* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature.
 * A working [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
 * {{stack}} users: an [Enterprise](https://www.elastic.co/pricing) subscription.
 * {{Stack}} users: {{ml}} must be enabled.
 * {{serverless-short}} users: a [Security Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md) subscription.
 * {{ecloud}} users: {{ml}} must be enabled. We recommend a minimum size of 4GB of RAM per {{ml}} zone.
+
 :::
 
 ::::