From 2c6df5908ca0d88baad32b7260826d796505378b Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 3 Jan 2024 16:58:02 -0500 Subject: [PATCH] First draft --- docs/assistant/security-assistant.asciidoc | 2 +- docs/detections/about-rules.asciidoc | 2 +- docs/detections/api/rules/rules-api-create.asciidoc | 2 +- docs/detections/rules-ui-create.asciidoc | 2 +- docs/events/timeline-ui-overview.asciidoc | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/assistant/security-assistant.asciidoc b/docs/assistant/security-assistant.asciidoc index bbaec83b0e..876e3d6b09 100644 --- a/docs/assistant/security-assistant.asciidoc +++ b/docs/assistant/security-assistant.asciidoc @@ -178,7 +178,7 @@ The *Show anonymized* toggle controls whether you see the obfuscated or plaintex [discrete] [[ai-assistant-knowledge-base]] === Knowledge base -beta::[] +beta::["Do not use {esql} on production environments. This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features."] The **Knowledge base** tab of the AI Assistant settings menu allows you to enable retrieval-augmented generation so that AI Assistant can answer questions about the Elastic Search Query Language ({esql}), or about alerts in your environment. diff --git a/docs/detections/about-rules.asciidoc b/docs/detections/about-rules.asciidoc index 96e131c745..d47e4c4117 100644 --- a/docs/detections/about-rules.asciidoc +++ b/docs/detections/about-rules.asciidoc @@ -44,7 +44,7 @@ TIP: You can also use value lists as the indicator match index. See <>: Searches the defined indices and creates an alert when results match an {ref}/esql.html[Elasticsearch Query Language (ES|QL)] query. + -preview::[] +preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] [role="screenshot"] image::images/all-rules.png[Shows the Rules page] diff --git a/docs/detections/api/rules/rules-api-create.asciidoc b/docs/detections/api/rules/rules-api-create.asciidoc index 3a58fcf0ee..6b4806d338 100644 --- a/docs/detections/api/rules/rules-api-create.asciidoc +++ b/docs/detections/api/rules/rules-api-create.asciidoc @@ -39,7 +39,7 @@ mappings should be {ecs-ref}[ECS-compliant]. * *New terms*: Generates an alert for each new term detected in source documents within a specified time range. * *{esql}*: Uses {ref}/esql.html[Elasticsearch Query Language ({esql})] to find events and aggregate search results. + -preview::[] +preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] * *{ml-cap} rules*: Creates an alert when a {ml} job discovers an anomaly above the defined threshold (see <>). diff --git a/docs/detections/rules-ui-create.asciidoc b/docs/detections/rules-ui-create.asciidoc index 3d2e429274..85ed3c7d39 100644 --- a/docs/detections/rules-ui-create.asciidoc +++ b/docs/detections/rules-ui-create.asciidoc @@ -274,7 +274,7 @@ For example, if a rule has an interval of 5 minutes, no additional look-back tim [[create-esql-rule]] === Create an {esql} rule -preview::[] +preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] Use {ref}/esql.html[{esql}] to query your source events and aggregate event data. Query results are returned in a table with rows and columns. Each row becomes an alert. diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc index ed781d43f2..c3d6226b95 100644 --- a/docs/events/timeline-ui-overview.asciidoc +++ b/docs/events/timeline-ui-overview.asciidoc @@ -196,7 +196,7 @@ From the *Correlation* tab, you can also do the following: [[esql-in-timeline]] == Use {esql} to investigate events -preview::[] +preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] The {ref}/esql.html[Elasticsearch Query Language ({esql})] provides a powerful way to filter, transform, and analyze event data stored in {es}. {esql} queries use "pipes" to manipulate and transform data in a step-by-step fashion. This approach allows you to compose a series of operations, where the output of one operation becomes the input for the next, enabling complex data transformations and analysis.