diff --git a/docs/images/monitoring-dashboard.png b/docs/images/monitoring-dashboard.png
index ef72d171e54d5..0ad5192df7678 100644
Binary files a/docs/images/monitoring-dashboard.png and b/docs/images/monitoring-dashboard.png differ
diff --git a/docs/index.asciidoc b/docs/index.asciidoc
index 5ecc93fd4668a..57bec8db894fa 100644
--- a/docs/index.asciidoc
+++ b/docs/index.asciidoc
@@ -24,7 +24,7 @@ include::introduction.asciidoc[]
include::setup.asciidoc[]
-include::monitoring/monitoring-kibana.asciidoc[]
+include::monitoring/configuring-monitoring.asciidoc[]
include::security/securing-kibana.asciidoc[]
diff --git a/docs/monitoring/beats-details.asciidoc b/docs/monitoring/beats-details.asciidoc
index 4c9bc5aa31494..bc0cbfe6aaf06 100644
--- a/docs/monitoring/beats-details.asciidoc
+++ b/docs/monitoring/beats-details.asciidoc
@@ -1,6 +1,6 @@
[role="xpack"]
[[beats-page]]
-=== Beats Monitoring Metrics
+== Beats Monitoring Metrics
++++
Beats Metrics
++++
diff --git a/docs/monitoring/cluster-alerts.asciidoc b/docs/monitoring/cluster-alerts.asciidoc
index fce76965dd9ae..fb7d0c31c5189 100644
--- a/docs/monitoring/cluster-alerts.asciidoc
+++ b/docs/monitoring/cluster-alerts.asciidoc
@@ -1,6 +1,6 @@
[role="xpack"]
[[cluster-alerts]]
-=== Cluster Alerts
+== Cluster Alerts
The *Monitoring > Clusters* page in {kib} summarizes the status of your Elastic
stack. You can drill down into the metrics to view more information about your
diff --git a/docs/monitoring/configuring-monitoring.asciidoc b/docs/monitoring/configuring-monitoring.asciidoc
new file mode 100644
index 0000000000000..9c35affc24ce6
--- /dev/null
+++ b/docs/monitoring/configuring-monitoring.asciidoc
@@ -0,0 +1,26 @@
+[role="xpack"]
+[[configuring-monitoring]]
+== Configuring monitoring in {kib}
+++++
+Configuring monitoring
+++++
+
+If you enable the Elastic {monitor-features} in your cluster, you can
+optionally collect metrics about {kib}:
+
+* <>
+* <>
+
+
+You can also use {kib} to visualize
+monitoring data from across the {stack}:
+
+* <>
+
+To learn about monitoring in general, see
+{stack-ov}/xpack-monitoring.html[Monitoring the {stack}].
+
+include::monitoring-kibana.asciidoc[]
+include::monitoring-metricbeat.asciidoc[]
+include::viewing-metrics.asciidoc[]
+include::{kib-repo-dir}/settings/monitoring-settings.asciidoc[]
\ No newline at end of file
diff --git a/docs/monitoring/elasticsearch-details.asciidoc b/docs/monitoring/elasticsearch-details.asciidoc
index 98e85be601d40..025fc8f2887cb 100644
--- a/docs/monitoring/elasticsearch-details.asciidoc
+++ b/docs/monitoring/elasticsearch-details.asciidoc
@@ -1,6 +1,6 @@
[role="xpack"]
[[elasticsearch-metrics]]
-=== {es} Monitoring Metrics
+== {es} Monitoring Metrics
++++
{es} Metrics
++++
diff --git a/docs/monitoring/index.asciidoc b/docs/monitoring/index.asciidoc
index 078b9eeaf85ac..f60bb5c36f028 100644
--- a/docs/monitoring/index.asciidoc
+++ b/docs/monitoring/index.asciidoc
@@ -5,24 +5,28 @@
[partintro]
--
-{monitoring} in {kib} serves two separate purposes:
+The {kib} {monitor-features} serve two separate purposes:
-. To visualize monitoring data from across the Elastic Stack. You can view
-health and performance data for {es}, Logstash, and Beats in real time, as well
-as analyze past performance. For more information, see {xpack-ref}/xpack-monitoring.html[Monitoring the Elastic Stack].
+. To visualize monitoring data from across the {stack}. You can view health and
+performance data for {es}, {ls}, and Beats in real time, as well as analyze past
+performance. For more information, see
+{stack-ov}/xpack-monitoring.html[Monitoring the {stack}].
. To monitor {kib} itself and route that data to the monitoring cluster.
-If you enable {monitoring} across the Elastic Stack, a monitoring agent runs on
-each {es} node, Logstash node, {kib} instance, and Beat to collect and index
-metrics. Each node and instance is considered unique based on its persistent
+If you enable monitoring across the {stack}, each {es} node, {ls} node, {kib}
+instance, and Beat is considered unique based on its persistent
UUID, which is written to the <> directory when the node
-or instance starts.
+or instance starts.
-* <>
-* <>
+NOTE: Watcher must be enabled to view cluster alerts. If you have a Basic
+license, Top Cluster Alerts are not displayed.
--
-include::viewing-metrics.asciidoc[]
+include::beats-details.asciidoc[]
+include::cluster-alerts.asciidoc[]
+include::elasticsearch-details.asciidoc[]
+include::kibana-details.asciidoc[]
+include::logstash-details.asciidoc[]
include::monitoring-troubleshooting.asciidoc[]
diff --git a/docs/monitoring/kibana-details.asciidoc b/docs/monitoring/kibana-details.asciidoc
index 3f107b3ba43bf..ac5daec87d92e 100644
--- a/docs/monitoring/kibana-details.asciidoc
+++ b/docs/monitoring/kibana-details.asciidoc
@@ -1,6 +1,6 @@
[role="xpack"]
[[kibana-page]]
-=== {kib} Monitoring Metrics
+== {kib} Monitoring Metrics
++++
{kib} Metrics
++++
diff --git a/docs/monitoring/logstash-details.asciidoc b/docs/monitoring/logstash-details.asciidoc
index 42453e627f19e..65f7407e0575e 100644
--- a/docs/monitoring/logstash-details.asciidoc
+++ b/docs/monitoring/logstash-details.asciidoc
@@ -1,6 +1,6 @@
[role="xpack"]
[[logstash-page]]
-=== Logstash Monitoring Metrics
+== Logstash Monitoring Metrics
++++
Logstash Metrics
++++
diff --git a/docs/monitoring/monitoring-kibana.asciidoc b/docs/monitoring/monitoring-kibana.asciidoc
index c7e8ddc9c31cc..4f2cfc92f874f 100644
--- a/docs/monitoring/monitoring-kibana.asciidoc
+++ b/docs/monitoring/monitoring-kibana.asciidoc
@@ -1,11 +1,11 @@
[role="xpack"]
[[monitoring-kibana]]
-== Configuring monitoring in {kib}
+=== Collecting {kib} monitoring data
++++
-Configuring monitoring
+Collecting monitoring data
++++
-If you enable the collection of monitoring data in your cluster, you can
+If you enable the Elastic {monitor-features} in your cluster, you can
optionally collect metrics about {kib}.
The following method involves sending the metrics to the production cluster,
@@ -15,10 +15,34 @@ method, see <>.
To learn about monitoring in general, see
{stack-ov}/xpack-monitoring.html[Monitoring the {stack}].
-. Enable the collection of monitoring data in {stack}. Set
-`xpack.monitoring.collection.enabled` to `true` on the production cluster. +
+. Set the `xpack.monitoring.collection.enabled` setting to `true` on each
+node in the production cluster. By default, it is is disabled (`false`).
+
--
+NOTE: You can specify this setting in either the `elasticsearch.yml` on each
+node or across the cluster as a dynamic cluster setting. If {es}
+{security-features} are enabled, you must have `monitor` cluster privileges to
+view the cluster settings and `manage` cluster privileges to change them.
+
+--
+
+** To update the cluster settings in {kib}:
+
+... Open {kib} in your web browser.
++
+--
+By default, if you are running {kib} locally, go to `http://localhost:5601/`.
+
+If {es} {security-features} are enabled, log in.
+--
+
+... In the side navigation, click *Monitoring*. If data collection is disabled,
+you are prompted to turn it on.
+
+** From the Console or command line, set `xpack.monitoring.collection.enabled`
+to `true` on the production cluster. +
++
+--
For example, you can use the following APIs to review and change this setting:
[source,js]
@@ -62,7 +86,7 @@ as `https://:9200` in this setting.
--
-. If {security} is enabled on the production cluster:
+. If the Elastic {security-features} are enabled on the production cluster:
.. Verify that there is a
valid user ID and password in the `elasticsearch.username` and
@@ -95,6 +119,3 @@ For more information, see <>.
. <>.
. <>.
-
-include::monitoring-metricbeat.asciidoc[]
-include::{kib-repo-dir}/settings/monitoring-settings.asciidoc[]
diff --git a/docs/monitoring/monitoring-metricbeat.asciidoc b/docs/monitoring/monitoring-metricbeat.asciidoc
index 89fe5da9d0d67..5bd581d5d0718 100644
--- a/docs/monitoring/monitoring-metricbeat.asciidoc
+++ b/docs/monitoring/monitoring-metricbeat.asciidoc
@@ -1,8 +1,13 @@
[role="xpack"]
[[monitoring-metricbeat]]
-=== Monitoring {kib} with {metricbeat}
+=== Collecting {kib} monitoring data with {metricbeat}
+++++
+Collecting monitoring data with {metricbeat}
+++++
-beta[] In 6.4 and later, you can use {metricbeat} to collect data about {kib}
+beta[]
+
+In 6.4 and later, you can use {metricbeat} to collect data about {kib}
and ship it to the monitoring cluster, rather than routing it through the
production cluster as described in <>.
@@ -11,9 +16,51 @@ image::monitoring/images/metricbeat.png[Example monitoring architecture]
To learn about monitoring in general, see
{stack-ov}/xpack-monitoring.html[Monitoring the {stack}].
-. Enable the collection of monitoring data. Set
-`xpack.monitoring.collection.enabled` to `true` on the production cluster. +
-+
+. Disable the default collection of {kib} monitoring metrics. +
++
+--
+Add the following setting in the {kib} configuration file (`kibana.yml`):
+
+[source,yaml]
+----------------------------------
+xpack.monitoring.kibana.collection.enabled: false
+----------------------------------
+
+Leave the `xpack.monitoring.enabled` set to its default value (`true`).
+
+For more information, see
+<>.
+--
+
+. <>.
+
+. Set the `xpack.monitoring.collection.enabled` setting to `true` on
+each node in the production cluster. By default, it is disabled (`false`).
++
+--
+NOTE: You can specify this setting in either the `elasticsearch.yml` on each
+node or across the cluster as a dynamic cluster setting. If {es}
+{security-features} are enabled, you must have `monitor` cluster privileges to
+view the cluster settings and `manage` cluster privileges to change them.
+
+--
+
+** In {kib}:
+
+... Open {kib} in your web browser.
++
+--
+If you are running {kib} locally, go to `http://localhost:5601/`.
+
+If the Elastic {security-features} are enabled, log in.
+--
+
+... In the side navigation, click *Monitoring*. If data collection is disabled,
+you are prompted to turn it on.
+
+** From the Console or command line, set `xpack.monitoring.collection.enabled`
+to `true` on the production cluster. +
++
--
For example, you can use the following APIs to review and change this setting:
@@ -33,22 +80,6 @@ For more information, see {ref}/monitoring-settings.html[Monitoring settings in
and {ref}/cluster-update-settings.html[Cluster update settings].
--
-. Disable the default collection of {kib} monitoring metrics. +
-+
---
-Add the following setting in the {kib} configuration file (`kibana.yml`):
-
-[source,yaml]
-----------------------------------
-xpack.monitoring.kibana.collection.enabled: false
-----------------------------------
-
-Leave the `xpack.monitoring.enabled` set to its default value (`true`).
-
-For more information, see
-<>.
---
-
. {metricbeat-ref}/metricbeat-installation.html[Install {metricbeat}] on the
same server as {kib}.
@@ -80,25 +111,21 @@ You must specify the following settings in the `modules.d/kibana.yml` file:
- stats
period: 10s
hosts: ["http://localhost:5601"] <1>
- xpack.enabled: true
+ xpack.enabled: true <2>
----------------------------------
-<1> This setting identifies the host and port number that are used to access {kib}.
-
+<1> This setting identifies the host and port number that are used to access {kib}.
+<2> This setting ensures that {kib} can read the monitoring data successfully.
+That is to say, it's stored in the same location and format as monitoring data
+that is sent by {ref}/es-monitoring-exporters.html[exporters].
--
-. If {security} is enabled, you must also provide a user ID and password so that
-{metricbeat} can collect metrics successfully.
-
-.. Create or identify a user that you want to use to collect the metrics.
-+
---
-TIP: There is a `remote_monitoring_user` built-in user that grants the privileges
-necessary for {metricbeat} to monitor {stack} products. See
-{stack-ov}/built-in-users.html[Built-in users].
+. If the Elastic {security-features} are enabled, you must also provide a user
+ID and password so that {metricbeat} can collect metrics successfully.
-Alternatively, you can choose a different user and give them the
+... Create a user on the production cluster that has the
`remote_monitoring_collector` {stack-ov}/built-in-roles.html[built-in role].
---
+Alternatively, use the `remote_monitoring_user`
+{stack-ov}/built-in-users.html[built-in user].
.. Add the `username` and `password` settings to the {kib} module configuration
file.
@@ -144,19 +171,14 @@ For more information about these configuration options, see
--
-. If {security} is enabled on the monitoring cluster, you must provide a valid
-user ID and password so that {metricbeat} can send metrics successfully.
-
-.. Create or identify a user that you want to use to send the metrics.
-+
---
-TIP: There is a `remote_monitoring_user` built-in user that grants the privileges
-necessary for {metricbeat} to monitor {stack} products. See
-{stack-ov}/built-in-users.html[Built-in users].
+. If the {es} {security-features} are enabled on the monitoring cluster, you
+must provide a valid user ID and password so that {metricbeat} can send metrics
+successfully.
-Alternatively, you can choose a different user and give them the
+... Create a user on the monitoring cluster that has the
`remote_monitoring_agent` {stack-ov}/built-in-roles.html[built-in role].
---
+Alternatively, use the `remote_monitoring_user`
+{stack-ov}/built-in-users.html[built-in user].
.. Add the `username` and `password` settings to the {es} output information in
the {metricbeat} configuration file (`metricbeat.yml`):
@@ -176,8 +198,6 @@ output.elasticsearch:
HTTPS. For example, use a `hosts` setting like `https://es-mon-1:9200` in the
`metricbeat.yml` file.
-. <>.
-
. {metricbeat-ref}/metricbeat-starting.html[Start {metricbeat}].
. <>.
diff --git a/docs/monitoring/viewing-metrics.asciidoc b/docs/monitoring/viewing-metrics.asciidoc
index 13bcfc4be0751..f2f1b7b971711 100644
--- a/docs/monitoring/viewing-metrics.asciidoc
+++ b/docs/monitoring/viewing-metrics.asciidoc
@@ -1,120 +1,105 @@
[role="xpack"]
[[monitoring-data]]
-== Viewing monitoring data in {kib}
+=== Viewing monitoring data in {kib}
++++
Viewing monitoring data
++++
-You can use {kib} to monitor the health and performance of {es}, {ls}, {kib},
-and Beats.
+After you collect monitoring data for one or more products in the {stack}, you
+can configure {kib} to retrieve that information and display it in on the
+*Monitoring* page.
-TIP: If you have a dedicated monitoring cluster, the information is accessible
-even if the {es} cluster you're monitoring is not. You can send data from
-multiple clusters to the same monitoring cluster and view them all through the
-same instance of {kib}. To learn more about typical monitoring architectures
-with separate production and monitoring clusters, see
-{xpack-ref}/how-monitoring-works.html[How monitoring works].
+. Identify where to retrieve monitoring data from.
++
+--
+The cluster that contains the monitoring data is referred to
+as the _monitoring cluster_.
+
+TIP: If the monitoring data is stored on a *dedicated* monitoring cluster, it is
+accessible even when the cluster you're monitoring is not. If you have at least
+a gold license, you can send data from multiple clusters to the same monitoring
+cluster and view them all through the same instance of {kib}.
-. Optional: {ref}/configuring-monitoring.html[Configure monitoring in {es}]. If you want
-to use a separate monitoring cluster, see
-{xpack-ref}/monitoring-production.html[Monitoring in a production environment].
+By default, data is retrieved from the cluster specified in the
+`elasticsearch.url` value in the `kibana.yml` file. If you want to retrieve it
+from a different cluster, set `xpack.monitoring.elasticsearch.url`.
-. Optional: <>.
+To learn more about typical monitoring architectures,
+see {stack-ov}/how-monitoring-works.html[How monitoring works] and
+{stack-ov}/monitoring-production.html[Monitoring in a production environment].
+--
+
+. Verify that `xpack.monitoring.ui.enabled` is set to `true`, which is the
+default value, in the `kibana.yml` file. For more information, see
+<>.
-. Optional: {logstash-ref}/configuring-logstash.html[Configure monitoring in Logstash].
+. If the Elastic {security-features} are enabled on the monitoring cluster, you
+must provide a user ID and password so {kib} can retrieve the data.
-. Optional: Configure monitoring in {auditbeat-ref}/monitoring.html[Auditbeat],
-{filebeat-ref}/monitoring.html[Filebeat],
-{heartbeat-ref}/monitoring.html[Heartbeat],
-{metricbeat-ref}/monitoring.html[Metricbeat],
-{packetbeat-ref}/monitoring.html[Packetbeat], and
-{winlogbeat-ref}/monitoring.html[Winlogbeat].
+.. Create a user that has the `monitoring_user`
+{stack-ov}/built-in-roles.html[built-in role] on the monitoring cluster.
-. Configure {kib} to visualize monitoring data:
+.. Add the `xpack.monitoring.elasticsearch.username` and
+`xpack.monitoring.elasticsearch.password` settings in the `kibana.yml` file.
+If these settings are omitted, {kib} uses the `elasticsearch.username` and
+`elasticsearch.password` setting values. For more
+information, see {kibana-ref}/using-kibana-with-security.html[Configuring security in {kib}].
-.. Verify that `xpack.monitoring.ui.enabled` is set to `true`, which is the
-default value. For more information, see <>.
+. (Optional) Configure {kib} to encrypt communications between the {kib} server
+and the monitoring cluster. See <>.
-.. Identify where to retrieve monitoring data from. If you want to use a
-separate _monitoring cluster_, set `xpack.monitoring.elasticsearch.url` in the
-`kibana.yml` file. Otherwise, the monitoring data is stored in the production
-cluster.
+. If the Elastic {security-features} are enabled on the {kib} server, only users
+that have the authority to access {kib} indices and to read the monitoring indices
+can use the monitoring dashboards.
+
--
-TIP: If {security} is enabled on the monitoring cluster, use an HTTPS URL such
-as `https://:9200` in this setting.
+NOTE: These users must exist on the monitoring cluster. If you are accessing a
+remote monitoring cluster, you must use credentials that are valid on both the
+{kib} server and the monitoring cluster.
--
-.. If {security} is enabled on the monitoring cluster, identify a user ID and
-password that {kib} can use to retrieve monitoring data. Specify these values in
-the `xpack.monitoring.elasticsearch.username` and
-`xpack.monitoring.elasticsearch.password` settings in the `kibana.yml` file.
-If these settings are omitted, {kib} uses the `elasticsearch.username` and
-`elasticsearch.password` setting values.
+.. Create users that have the `monitoring_user` and `kibana_user`
+{stack-ov}/built-in-roles.html[built-in roles].
-.. If {security} is enabled on the monitoring cluster, configure {kib} to
-encrypt communications between the {kib} server and the monitoring cluster.
-Specify the `xpack.monitoring.elasticsearch.ssl.*` settings in the `kibana.yml`
-file on the {kib} server.
+. Open {kib} in your web browser.
+
--
-For example, if you are using your own certificate authority to sign
-certificates, specify the location of the PEM file in the `kibana.yml` file:
-
-[source,yaml]
---------------------------------------------------------------------------------
-xpack.monitoring.elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
---------------------------------------------------------------------------------
+By default, if you are running {kib} locally, go to `http://localhost:5601/`.
+If the Elastic {security-features} are enabled, log in.
--
-. Open {kib} in your web browser and log in.
+. In the side navigation, click *Monitoring*.
+
--
-If you are running {kib} locally, go to `http://localhost:5601/`.
+If data collection is disabled, you are prompted to turn on data collection.
+If {es} {security-features} are enabled, you must have `manage` cluster
+privileges to turn on data collection.
-If {security} is enabled on the {kib} server, to access {kib} and view the
-monitoring dashboards, you must log in as a user who has the `kibana_user` and
-`monitoring_user` roles. These roles have the necessary privileges to view the
-monitoring dashboards. For more information, see
-{stack-ov}/built-in-roles.html[Built-in roles].
+NOTE: If you are using a separate monitoring cluster, you do not need to turn on
+data collection. The dashboards appear when there is data in the monitoring
+cluster.
-If you are accessing a remote monitoring cluster, you must log in to {kib}
-with credentials that are valid on both the {kib} server and the monitoring
-cluster.
--
-. In the side navigation, click *Monitoring*. The first time you open {kib}
-monitoring, data collection is
-disabled. You will be prompted to turn on data collection.
-+
-If you have permission to turn on data collection and there is data in the cluster,
-{kib} displays the monitoring dashboards. You'll see cluster alerts
+You'll see cluster alerts
that require your attention and a summary of the available monitoring metrics
for {es}, Logstash, {kib}, and Beats. To view additional information, click the
-Overview, Nodes, Indices, or Instances links.
-+
+Overview, Nodes, Indices, or Instances links. See <>.
+
[role="screenshot"]
image::images/monitoring-dashboard.png[Monitoring dashboard]
-+
+
If {kib} can't activate monitoring, here are some things to do:
-+
+
* If you don't have permission to activate monitoring,
contact your system administrator.
-+
+
* If {kib} can't find monitoring data, set the time filter to
“Last 1 hour”. When monitoring data appears in your cluster, the page
automatically refreshes with the monitoring summary.
-+
+
* Check your `xpack.monitoring.elasticsearch.url` setting.
See <>.
-
-
-include::cluster-alerts-license.asciidoc[]
-include::beats-details.asciidoc[]
-include::cluster-alerts.asciidoc[]
-include::elasticsearch-details.asciidoc[]
-include::kibana-details.asciidoc[]
-include::logstash-details.asciidoc[]
diff --git a/docs/security/securing-communications/index.asciidoc b/docs/security/securing-communications/index.asciidoc
index e6b3987b36014..9e52c42b3c3c9 100644
--- a/docs/security/securing-communications/index.asciidoc
+++ b/docs/security/securing-communications/index.asciidoc
@@ -58,7 +58,7 @@ For more information, see <>.
+
--
NOTE: To perform this step, you must
-{ref}/configuring-security.html[enable the {security} feature in {es}] or you
+{ref}/configuring-security.html[enable the {es} {security-features}] or you
must have a proxy that provides an HTTPS endpoint for {es}.
--
@@ -89,3 +89,36 @@ Setting the `certificateAuthorities` property lets you use the default
For more information, see <>.
--
+
+. (Optional) If the Elastic {monitor-features} are enabled, configure {kib} to
+connect to the {es} monitoring cluster via HTTPS:
++
+--
+NOTE: To perform this step, you must
+{ref}/configuring-security.html[enable the {es} {security-features}] or you
+must have a proxy that provides an HTTPS endpoint for {es}.
+
+--
+
+.. Specify the HTTPS URL in the `xpack.monitoring.elasticsearch.url` setting in
+the {kib} configuration file, `kibana.yml`
++
+--
+[source,yaml]
+--------------------------------------------------------------------------------
+xpack.monitoring.elasticsearch.url: "https://:9200"
+--------------------------------------------------------------------------------
+--
+
+.. Specify the `xpack.monitoring.elasticsearch.ssl.*` settings in the
+`kibana.yml` file.
++
+--
+For example, if you are using your own certificate authority to sign
+certificates, specify the location of the PEM file in the `kibana.yml` file:
+
+[source,yaml]
+--------------------------------------------------------------------------------
+xpack.monitoring.elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
+--------------------------------------------------------------------------------
+--