[7.10] Move observability content (#79978)

docs/management/alerting/alert-management.asciidoc

@@ -4,7 +4,7 @@
 
 beta[]
 
-The *Alerts* tab provides a cross-app view of alerting. Different {kib} apps like <<xpack-infra, Metrics>>, <<xpack-apm, APM>>, <<xpack-uptime, Uptime>>, and <<xpack-siem, SIEM>> can offer their own alerts, and the *Alerts* tab provides a central place to:
+The *Alerts* tab provides a cross-app view of alerting. Different {kib} apps like <<metrics-app,Metrics>>, <<xpack-apm,APM>>, <<uptime-app,Uptime>>, and <<xpack-siem,SIEM>> can offer their own alerts, and the *Alerts* tab provides a central place to:
 
 * <<create-edit-alerts, Create and edit>> alerts
 * <<controlling-alerts, Control alerts>> including enabling/disabling, muting/unmuting, and deleting
@@ -39,7 +39,7 @@ image::images/alerts-filter-by-action-type.png[Filtering the alert list by type
 [[create-edit-alerts]]
 ==== Creating and editing alerts
 
-Many alerts must be created within the context of a {kib} app like <<xpack-infra, Metrics>>, <<xpack-apm, APM>>, or <<xpack-uptime, Uptime>>, but others are generic. Generic alert types can be created in the *Alerts* management UI by clicking the *Create* button. This will launch a flyout that guides you through selecting an alert type and configuring it's properties. Refer to <<alert-types>> for details on what types of alerts are available and how to configure them.
+Many alerts must be created within the context of a {kib} app like <<metrics-app, Metrics>>, <<xpack-apm, APM>>, or <<uptime-app, Uptime>>, but others are generic. Generic alert types can be created in the *Alerts* management UI by clicking the *Create* button. This will launch a flyout that guides you through selecting an alert type and configuring it's properties. Refer to <<alert-types>> for details on what types of alerts are available and how to configure them.
 
 After an alert is created, you can re-open the flyout and change an alerts properties by clicking the *Edit* button shown on each row of the alert listing.
 

docs/observability/index.asciidoc

@@ -13,12 +13,69 @@ With *Observability*, you have:
 * *View in app* options to drill down and analyze data in the Logs, Metrics, Uptime, and APM apps.
 * An alerts chart to keep you informed of any issues that you may need to resolve quickly.
 
+{kib} provides step-by-step instructions to help you add and configure your data
+sources. The {observability-guide}/index.html[Observability Guide] is a good source for more detailed information
+and instructions.
+
 [role="screenshot"]
 image::observability/images/observability-overview.png[Observability Overview in {kib}]
 
 [float]
-== Get started
+[[logs-app]]
+== Logs
 
-{kib} provides step-by-step instructions to help you add and configure your data
-sources. The {observability-guide}/index.html[Observability Guide] is a good source for more detailed information
-and instructions.
+The {logs-app} in {kib} enables you to search, filter, and tail all your logs
+ingested into {es}. Instead of having to log into different servers, change
+directories, and tail individual files, all your logs are available in the {logs-app}.
+
+There is live streaming of logs, filtering using auto-complete, and a logs histogram
+for quick navigation. You can also use machine learning to detect specific log
+anomalies automatically and categorize log messages to quickly identify patterns in your
+log events.
+
+To get started with the {logs-app}, see {observability-guide}/ingest-logs.html[Ingest logs].
+
+[role="screenshot"]
+image::observability/images/logs-app.png[Logs app in {kib}]
+
+[float]
+[[metrics-app]]
+== Metrics
+
+The {metrics-app} in {kib} enables you to visualize infrastructure metrics
+to help diagnose problematic spikes, identify high resource utilization,
+automatically discover and track pods, and unify your metrics 
+with logs and APM data in {es}. 
+
+To get started with the {metrics-app}, see {observability-guide}/ingest-metrics.html[Ingest metrics].
+
+[role="screenshot"]
+image::observability/images/metrics-app.png[Metrics app in {kib}]
+
+[float]
+[[uptime-app]]
+== Uptime
+
+The {uptime-app} in {kib} enables you to monitor the availability and response times
+of applications and services in real time, and detect problems before they affect users.
+You can monitor the status of network endpoints via HTTP/S, TCP, and ICMP, explore
+endpoint status over time, drill down into specific monitors, and view a high-level
+snapshot of your environment at any point in time.
+
+To get started with the {uptime-app}, see {observability-guide}/ingest-uptime.html[Ingest uptime data].
+
+[role="screenshot"]
+image::observability/images/uptime-app.png[Uptime app in {kib}]
+
+[float]
+[[apm-app]]
+== APM
+
+The APM app in {kib} enables you to monitors software services and applications in real time,
+collect unhandled errors and exceptions, and automatically pick up basic host-level metrics
+and agent specific metrics.
+
+To get started with the APM app, see <<apm-ui,Set up the APM app>>.
+
+[role="screenshot"]
+image::observability/images/apm-app.png[APM app in {kib}]

docs/user/alerting/alert-types.asciidoc

@@ -2,7 +2,7 @@
 [[alert-types]]
 == Alert types
 
-{kib} supplies alerts types in two ways: some are built into {kib}, while domain-specific alert types are registered by {kib} apps such as <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, and <<xpack-uptime,*Uptime*>>.
+{kib} supplies alerts types in two ways: some are built into {kib}, while domain-specific alert types are registered by {kib} apps such as <<xpack-apm,*APM*>>, <<metrics-app,*Metrics*>>, and <<uptime-app,*Uptime*>>.
 
 This section covers built-in alert types. For domain-specific alert types, refer to the documentation for that app. 
 

docs/user/alerting/alerting-getting-started.asciidoc

@@ -6,7 +6,7 @@ beta[]
 
 --
 
-Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, <<xpack-uptime,*Uptime*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> for you to use.
+Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with <<xpack-apm,*APM*>>, <<metrics-app,*Metrics*>>, <<xpack-siem,*Security*>>, <<uptime-app,*Uptime*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> for you to use.
 
 image::images/alerting-overview.png[Alerts and actions UI]
 
@@ -148,7 +148,7 @@ Functionally, {kib} alerting differs in that:
 * {kib} alerts tracks and persists the state of each detected condition through *alert instances*. This makes it possible to mute and throttle individual instances, and detect changes in state such as resolution. 
 * Actions are linked to *alert instances* in {kib} alerting. Actions are fired for each occurrence of a detected condition, rather than for the entire alert. 
 
-At a higher level, {kib} alerts allow rich integrations across use cases like <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, and <<xpack-uptime,*Uptime*>>.
+At a higher level, {kib} alerts allow rich integrations across use cases like <<xpack-apm,*APM*>>, <<metrics-app,*Metrics*>>, <<xpack-siem,*Security*>>, and <<uptime-app,*Uptime*>>.
 Pre-packaged *alert types* simplify setup, hide the details complex domain-specific detections, while providing a consistent interface across {kib}.
 
 [float]
@@ -170,9 +170,9 @@ If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-w
 To access alerting in a space, a user must have access to one of the following features:
 
 * <<xpack-apm,*APM*>>
-* <<xpack-infra,*Metrics*>>
+* <<metrics-app,*Metrics*>>
 * <<xpack-siem,*Security*>>
-* <<xpack-uptime,*Uptime*>>
+* <<uptime-app,*Uptime*>>
 
 See <<kibana-feature-privileges, feature privileges>> for more information on configuring roles that provide access to these features. 
 

docs/user/alerting/defining-alerts.asciidoc

@@ -2,7 +2,7 @@
 [[defining-alerts]]
 == Defining alerts
 
-{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, <<xpack-uptime,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.
+{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<metrics-app,*Metrics*>>, <<xpack-siem,*Security*>>, <<uptime-app,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.
 
 [float]
 === Alert flyout

docs/user/index.asciidoc

@@ -27,14 +27,8 @@ include::graph/index.asciidoc[]
 
 include::{kib-repo-dir}/observability/index.asciidoc[]
 
-include::{kib-repo-dir}/logs/index.asciidoc[]
-
-include::{kib-repo-dir}/infrastructure/index.asciidoc[]
-
 include::{kib-repo-dir}/apm/index.asciidoc[]
 
-include::{kib-repo-dir}/uptime/index.asciidoc[]
-
 include::{kib-repo-dir}/siem/index.asciidoc[]
 
 include::dev-tools.asciidoc[]