elastic · colleenmcginnis · Feb 26, 2025 · Feb 26, 2025
@@ -8,7 +8,7 @@ mapped_pages:
 
 # Logstash plugins [k8s-logstash-plugins]
 
-The power of {{ls}} is in the plugins--[inputs](asciidocalypse://docs/logstash/docs/reference/input-plugins.md), [outputs](asciidocalypse://docs/logstash/docs/reference/output-plugins.md), [filters,]((asciidocalypse://docs/logstash/docs/reference/filter-plugins.md) and [codecs](asciidocalypse://docs/logstash/docs/reference/codec-plugins.md).
+The power of {{ls}} is in the plugins--[inputs](asciidocalypse://docs/logstash/docs/reference/input-plugins.md), [outputs](asciidocalypse://docs/logstash/docs/reference/output-plugins.md), [filters](asciidocalypse://docs/logstash/docs/reference/filter-plugins.md), and [codecs](asciidocalypse://docs/logstash/docs/reference/codec-plugins.md).
 
 In {{ls}} on ECK, you can use the same plugins that you use for other {{ls}} instances—including Elastic-supported, community-supported, and custom plugins. However, you may have other factors to consider, such as how you configure your {{k8s}} resources, how you specify additional resources, and how you scale your {{ls}} installation.
 

@@ -6,15 +6,15 @@ This section contains information on how to extend or contribute to our various
 
 You can contribute to various projects, including:
 
-- [Kibana](kibana://docs/extend/index.md): Enhance our data visualization platform by contributing to Kibana.
-- [Logstash](logstash://docs/extend/index.md): Help us improve the data processing pipeline with your contributions to Logstash.
-- [Beats](beats://docs/extend/index.md): Add new features or beats to our lightweight data shippers.
+- [Kibana](asciidocalypse://docs/extend/index.md): Enhance our data visualization platform by contributing to Kibana.
+- [Logstash](asciidocalypse://docs/extend/index.md): Help us improve the data processing pipeline with your contributions to Logstash.
+- [Beats](asciidocalypse://docs/extend/index.md): Add new features or beats to our lightweight data shippers.
 
 ## Creating Integrations
 
-Extend the capabilities of Elastic by creating integrations that connect Elastic products with other tools and systems. Visit our [Integrations Guide](integrations://docs/extend/index.md) to get started.
+Extend the capabilities of Elastic by creating integrations that connect Elastic products with other tools and systems. Visit our [Integrations Guide](asciidocalypse://docs/extend/index.md) to get started.
 
 ## Elasticsearch Plugins
 
-Develop custom plugins to add new functionalities to Elasticsearch. Check out our [Elasticsearch Plugins Development Guide](elasticsearch://docs/extend/index.md) for detailed instructions and best practices.
+Develop custom plugins to add new functionalities to Elasticsearch. Check out our [Elasticsearch Plugins Development Guide](asciidocalypse://docs/extend/index.md) for detailed instructions and best practices.
 
@@ -4,7 +4,7 @@
 
 This section contains reference information for data analysis features, including:
 
-* [Text analysis components](elasticsearch://docs/reference/data-analysis/text-analysis/index.md)
-* [Aggregations](elasticsearch://docs/reference/data-analysis/aggregations/index.md)
+* [Text analysis components](asciidocalypse://docs/reference/data-analysis/text-analysis/index.md)
+* [Aggregations](asciidocalypse://docs/reference/data-analysis/aggregations/index.md)
 * [Machine learning functions](/reference/data-analysis/machine-learning/machine-learning-functions.md)
 * [Canvas functions](/reference/data-analysis/kibana/canvas-functions.md)
@@ -64,7 +64,7 @@ For example, JSON data might contain the following transaction coordinates:
 }
 ```
 
-In {{es}}, location data is likely to be stored in `geo_point` fields. For more information, see [`geo_point` data type](elasticsearch://docs/reference/elasticsearch/mapping-reference/geo-point.md). This data type is supported natively in {{ml-features}}. Specifically, when pulling data from a `geo_point` field, a {{dfeed}} will transform the data into the appropriate `lat,lon` string format before sending to the {{anomaly-job}}.
+In {{es}}, location data is likely to be stored in `geo_point` fields. For more information, see [`geo_point` data type](asciidocalypse://docs/reference/elasticsearch/mapping-reference/geo-point.md). This data type is supported natively in {{ml-features}}. Specifically, when pulling data from a `geo_point` field, a {{dfeed}} will transform the data into the appropriate `lat,lon` string format before sending to the {{anomaly-job}}.
 
 For more information, see [Altering data in your {{dfeed}} with runtime fields](/explore-analyze/machine-learning/anomaly-detection/ml-configuring-transform.md).
 
@@ -5,7 +5,7 @@ mapped_pages:
 
 # {{auditbeat}} {{anomaly-detect}} configurations [ootb-ml-jobs-auditbeat]
 
-These {{anomaly-job}} wizards appear in {{kib}} if you use [{{auditbeat}}](beats://docs/reference/auditbeat/auditbeat.md) to audit process activity on your systems. For more details, see the {{dfeed}} and job definitions in GitHub.
+These {{anomaly-job}} wizards appear in {{kib}} if you use [{{auditbeat}}](asciidocalypse://docs/reference/auditbeat/auditbeat.md) to audit process activity on your systems. For more details, see the {{dfeed}} and job definitions in GitHub.
 
 
 ## Auditbeat docker processes [auditbeat-process-docker-ecs]

@@ -5,7 +5,7 @@ mapped_pages:
 
 # {{metricbeat}} {{anomaly-detect}} configurations [ootb-ml-jobs-metricbeat]
 
-These {{anomaly-job}} wizards appear in {{kib}} if you use the [{{metricbeat}} system module](beats://docs/reference/metricbeat/metricbeat-module-system.md) to monitor your servers. For more details, see the {{dfeed}} and job definitions in GitHub.
+These {{anomaly-job}} wizards appear in {{kib}} if you use the [{{metricbeat}} system module](asciidocalypse://docs/reference/metricbeat/metricbeat-module-system.md) to monitor your servers. For more details, see the {{dfeed}} and job definitions in GitHub.
 
 
 ## {{metricbeat}} system [metricbeat-system-ecs]

@@ -12,7 +12,7 @@ These {{anomaly-jobs}} automatically detect file system and network anomalies on
 
 Detect anomalous activity in your ECS-compatible authentication logs.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 By default, when you create these job in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json#L7) then select it in the job wizard.
 
@@ -31,7 +31,7 @@ By default, when you create these job in the {{security-app}}, it uses a {{data-
 
 Detect suspicious activity recorded in your CloudTrail logs.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_cloudtrail/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_cloudtrail/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 | Name | Description | Job (JSON) | Datafeed |
 | --- | --- | --- | --- |
@@ -46,7 +46,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
 
 Anomaly detection jobs for host-based threat hunting and detection.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Dashboards -> Host Traffic Anomalies`.
 
@@ -60,7 +60,7 @@ To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Da
 
 Anomaly detection jobs for Linux host-based threat hunting and detection.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 | Name | Description | Job (JSON) | Datafeed |
 | --- | --- | --- | --- |
@@ -84,7 +84,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
 
 Detect anomalous network activity in your ECS-compatible network logs.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 By default, when you create these jobs in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json#L7) then select it in the job wizard.
 
@@ -100,7 +100,7 @@ By default, when you create these jobs in the {{security-app}}, it uses a {{data
 
 Detect suspicious network activity in {{packetbeat}} data.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_packetbeat/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_packetbeat/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 | Name | Description | Job (JSON) | Datafeed |
 | --- | --- | --- | --- |
@@ -115,7 +115,7 @@ In the {{ml-app}} app, these configurations are available only when data exists
 
 Anomaly detection jobs for Windows host-based threat hunting and detection.
 
-In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
+In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](asciidocalypse://docs/reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query.
 
 If there are additional requirements such as installing the Windows System Monitor (Sysmon) or auditing process creation in the Windows security event log, they are listed for each job.
 
@@ -137,20 +137,20 @@ If there are additional requirements such as installing the Windows System Monit
 
 ## Security: Elastic Integrations [security-integrations-jobs]
 
-[Elastic Integrations](integration-docs://docs/reference/index.md) are a streamlined way to add Elastic assets to your environment, such as data ingestion, {{transforms}}, and in this case, {{ml}} capabilities for Security.
+[Elastic Integrations](asciidocalypse://docs/reference/index.md) are a streamlined way to add Elastic assets to your environment, such as data ingestion, {{transforms}}, and in this case, {{ml}} capabilities for Security.
 
 The following Integrations use {{ml}} to analyze patterns of user and entity behavior, and help detect and alert when there is related suspicious activity in your environment.
 
-* [Data Exfiltration Detection](integration-docs://docs/reference/ded.md)
-* [Domain Generation Algorithm Detection](integration-docs://docs/reference/dga.md)
-* [Lateral Movement Detection](integration-docs://docs/reference/lmd.md)
-* [Living off the Land Attack Detection](integration-docs://docs/reference/problemchild.md)
+* [Data Exfiltration Detection](asciidocalypse://docs/reference/ded.md)
+* [Domain Generation Algorithm Detection](asciidocalypse://docs/reference/dga.md)
+* [Lateral Movement Detection](asciidocalypse://docs/reference/lmd.md)
+* [Living off the Land Attack Detection](asciidocalypse://docs/reference/problemchild.md)
 
 **Domain Generation Algorithm (DGA) Detection**
 
 {{ml-cap}} solution package to detect domain generation algorithm (DGA) activity in your network data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
 
-To download, refer to the [documentation](integration-docs://docs/reference/dga.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/dga.md).
 
 | Name | Description |
 | --- | --- |
@@ -162,7 +162,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
 
 {{ml-cap}} solution package to detect Living off the Land (LotL) attacks in your environment. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. (Also known as ProblemChild).
 
-To download, refer to the [documentation](integration-docs://docs/reference/problemchild.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/problemchild.md).
 
 | Name | Description |
 | --- | --- |
@@ -179,7 +179,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
 
 {{ml-cap}} package to detect data exfiltration in your network and file data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
 
-To download, refer to the [documentation](integration-docs://docs/reference/ded.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/ded.md).
 
 | Name | Description |
 | --- | --- |
@@ -197,7 +197,7 @@ The job configurations and datafeeds can be found [here](https://github.com/elas
 
 {{ml-cap}} package to detect lateral movement based on file transfer activity and Windows RDP events. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription.
 
-To download, refer to the [documentation](integration-docs://docs/reference/lmd.md).
+To download, refer to the [documentation](asciidocalypse://docs/reference/lmd.md).
 
 | Name | Description |
 | --- | --- |

@@ -4,6 +4,6 @@ navigation_title: ECS
 # Elastic Common Schema
 
 Elastic Common Schema (ECS) defines a common set of fields for ingesting data into Elasticsearch.
-For field details and usage information, refer to [](ecs://docs/reference/index.md).
+For field details and usage information, refer to [](asciidocalypse://docs/reference/index.md).
 
-ECS loggers are plugins for your favorite logging libraries, which help you to format your logs into ECS-compatible JSON. Check out [](ecs-logging://docs/reference/intro.md).
+ECS loggers are plugins for your favorite logging libraries, which help you to format your logs into ECS-compatible JSON. Check out [](asciidocalypse://docs/reference/intro.md).