Add missing images

deploy-manage/deploy/elastic-cloud/create-serverless-project.md

@@ -15,8 +15,8 @@ Choose the type of project that matches your needs and we’ll help you get star
 |     |     |
 | --- | --- |
 |  |  |
-| ![elasticsearch](https://www.elastic.co/docs/assets/images/serverless-elasticsearch.png "") | Elasticsearch<br> Build custom search applications with Elasticsearch.<br><br>[**View guide →**](../../../solutions/search.md)<br> |
-| ![observability](https://www.elastic.co/docs/assets/images/serverless-observability.png "") | Observability<br> Monitor applications and systems with Elastic Observability.<br><br>[**View guide →**](../../../solutions/observability.md)<br> |
-| ![security](https://www.elastic.co/docs/assets/images/serverless-security.png "") | Security<br> Detect, investigate, and respond to threats with Elastic Security.<br><br>[**View guide →**](../../../solutions/security/elastic-security-serverless.md)<br> |
+| ![elasticsearch](https://www.elastic.co/docs/assets/images/elasticsearch.png "") | Elasticsearch<br> Build custom search applications with Elasticsearch.<br><br>[**View guide →**](../../../solutions/search.md)<br> |
+| ![observability](https://www.elastic.co/docs/assets/images/observability.png "") | Observability<br> Monitor applications and systems with Elastic Observability.<br><br>[**View guide →**](../../../solutions/observability.md)<br> |
+| ![security](https://www.elastic.co/docs/assets/images/security.png "") | Security<br> Detect, investigate, and respond to threats with Elastic Security.<br><br>[**View guide →**](../../../solutions/security/elastic-security-serverless.md)<br> |
 |  |  |
 

deploy-manage/remote-clusters/ec-migrate-ccs.md

@@ -21,7 +21,7 @@ You can use a PUT request to update your deployment, changing both the deploymen
 
     You can also find the template in the [list of templates available for each region](https://www.elastic.co/guide/en/cloud/current/ec-regions-templates-instances.html).
 
-    :::{image} images/cloud-ec-migrate-deployment-template(2).png
+    :::{image} ../../images/cloud-ec-migrate-deployment-template(2).png
     :alt: Deployment Template ID
     :class: screenshot
     :::

explore-analyze/alerts-cases/alerts/rule-type-index-threshold.md

@@ -135,7 +135,7 @@ In this example, you will use the {{kib}} [sample weblog data set](https://www.e
 
         You can add one or more actions to your rule to generate notifications when its conditions are met and when they are no longer met. For each action, you must select a connector, set the action frequency, and compose the notification details. For example, add an action that uses a server log connector to write an entry to the Kibana server log:
 
-        :::{image} ../../../images/rule-types-index-threshold-example-action.png
+        :::{image} ../../../images/kibana-rule-types-index-threshold-example-action.png
         :alt: Add an action to the rule
         :class: screenshot
         :::

explore-analyze/alerts-cases/watcher/actions-slack.md

@@ -152,7 +152,7 @@ To configure a Slack account, at a minimum you need to specify the account name
 bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url
 ```
 
-::::{warning} 
+::::{warning}
 You can no longer configure Slack accounts using `elasticsearch.yml` settings. Please use {{es}}'s secure [keystore](../../../deploy-manage/security/secure-settings.md) method instead.
 
 ::::
@@ -167,7 +167,7 @@ xpack.notification.slack:
       message_defaults:
         from: x-pack
         to: notifications
-        icon: http://example.com/images/elasticsearch-reference-watcher-icon.jpg
+        icon: http://example.com/images/watcher-icon.jpg
         attachment:
           fallback: "X-Pack Notification"
           color: "#36a64f"

explore-analyze/dashboards/add-controls.md

@@ -45,7 +45,7 @@ To add interactive Options list and Range slider controls, create the controls,
 1. Open or create a new dashboard.
 2. In **Edit** mode, select **Controls** > **Add control** in the dashboard toolbar.
 
-    :::{image} images/dashboard-add-control-8.15.0.png
+    :::{image} ../../images/kibana-dashboard-add-control-8.15.0.png
     :alt: Controls button in the toolbar with the Add Control option selected
     :class: screenshot
     :::
@@ -95,7 +95,7 @@ You can add one interactive time slider control to a dashboard.
 1. Open or create a new dashboard.
 2. In **Edit** mode, select **Controls** > **Add time slider control**.
 
-    :::{image} images/dashboard-add-time-slider-control-8.15.0.png
+    :::{image} ../../images/kibana-dashboard-add-time-slider-control-8.15.0.png
     :alt: Controls button in the toolbar with the Add a time slider option selected
     :class: screenshot
     :::
@@ -110,7 +110,7 @@ Several settings that apply to all controls of the same dashboard are available.
 
 1. In **Edit** mode, select **Controls** > **Settings**.
 
-    :::{image} images/dashboard-controls-settings-8.15.0.png
+    :::{image} ../../images/kibana-dashboard-controls-settings-8.15.0.png
     :alt: Controls button in the toolbar with the Settings option selected
     :class: screenshot
     :::

explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md

@@ -64,14 +64,14 @@ The only number function that you can use with **clientip** is **Unique count**,
 
 1. Open the **Visualization type** dropdown, then select **Metric**.
 
-    :::{image} images/visualization-type-dropdown-8.16.0.png
+    :::{image} ../../images/kibana-visualization-type-dropdown-8.16.0.png
     :alt: Visualization type dropdown
     :class: screenshot
     :::
 
 2. From the **Available fields** list, drag **clientip** to the workspace or layer pane.
 
-    :::{image} images/tutorial-unique-count-of-client-ip-8.16.0.png
+    :::{image} ../../images/kibana-tutorial-unique-count-of-client-ip-8.16.0.png
     :alt: Metric visualization of the clientip field
     :class: screenshot
     :::
@@ -123,14 +123,14 @@ To save space on the dashboard, hide the axis labels.
 
 1. Open the **Left axis** menu, then select **None** from the **Axis title** dropdown.
 
-    :::{image} images/line-chart-left-axis-8.16.0.png
+    :::{image} ../../images/kibana-line-chart-left-axis-8.16.0.png
     :alt: Left axis menu
     :class: screenshot
     :::
 
 2. Open the **Bottom axis** menu, then select **None** from the **Axis title** dropdown.
 
-    :::{image} images/line-chart-bottom-axis-8.16.0.png
+    :::{image} ../../images/kibana-line-chart-bottom-axis-8.16.0.png
     :alt: Bottom axis menu
     :class: screenshot
     :::
@@ -162,7 +162,7 @@ The **Top values** function ranks the unique values of a field by another functi
 
 3. Drag **request.keyword** to the workspace.
 
-    :::{image} images/tutorial-top-values-of-field-8.16.0.png
+    :::{image} ../../images/kibana-tutorial-top-values-of-field-8.16.0.png
     :alt: Vertical bar chart with top values of request.keyword by most unique visitors
     :class: screenshot
     :::
@@ -174,7 +174,7 @@ The chart labels are unable to display because the **request.keyword** field con
 
 1. Open the **Visualization type** dropdown, then select **Table**.
 
-    :::{image} images/table-with-request-keyword-and-client-ip-8.16.0.png
+    :::{image} ../../images/kibana-table-with-request-keyword-and-client-ip-8.16.0.png
     :alt: Table with top values of request.keyword by most unique visitors
     :class: screenshot
     :::

explore-analyze/dashboards/create-dashboard.md

@@ -17,7 +17,7 @@ mapped_pages:
     * **Add from library**. Select existing content that has already been configured and saved to the **Visualize Library**.
     * [**Controls**](add-controls.md). Add controls to help filter the content of your dashboard.
 
-        :::{image} images/add_content_to_dashboard_8.15.0.png
+        :::{image} ../../images/kibana-add_content_to_dashboard_8.15.0.png
         :alt: Options to add content to your dashboard
         :class: screenshot
         :::

explore-analyze/scripting/dissect.md

@@ -16,7 +16,7 @@ Dissect patterns are comprised of *variables* and *separators*. Anything defined
 For example, let’s say you have log data with a `message` field that looks like this:
 
 ```js
-"message" : "247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/elasticsearch-reference-hm_nbg.jpg HTTP/1.0\" 304 0"
+"message" : "247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/hm_nbg.jpg HTTP/1.0\" 304 0"
 ```
 
 You assign variables to each part of the data to construct a successful dissect pattern. Remember, tell dissect *exactly* what you want you want to match on.
@@ -157,7 +157,7 @@ After mapping the fields you want to retrieve, index a few records from your log
 ```console
 POST /my-index/_bulk?refresh=true
 {"index":{}}
-{"timestamp":"2020-04-30T14:30:17-05:00","message":"40.135.0.0 - - [30/Apr/2020:14:30:17 -0500] \"GET /images/elasticsearch-reference-hm_bg.jpg HTTP/1.0\" 200 24736"}
+{"timestamp":"2020-04-30T14:30:17-05:00","message":"40.135.0.0 - - [30/Apr/2020:14:30:17 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:30:53-05:00","message":"232.0.0.0 - - [30/Apr/2020:14:30:53 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}

explore-analyze/scripting/grok.md

@@ -52,7 +52,7 @@ New features and enhancements will be added to the ECS-compliant files. The lega
 
 You can incorporate predefined grok patterns into Painless scripts to extract data. To test your script, use either the [field contexts](https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-execute-api.html#painless-execute-runtime-field-context) of the Painless execute API or create a runtime field that includes the script. Runtime fields offer greater flexibility and accept multiple documents, but the Painless execute API is a great option if you don’t have write access on a cluster where you’re testing a script.
 
-::::{tip} 
+::::{tip}
 If you need help building grok patterns to match your data, use the [Grok Debugger](../query-filter/tools/grok-debugger.md) tool in {{kib}}.
 ::::
 
@@ -61,7 +61,7 @@ For example, if you’re working with Apache log data, you can use the `%{{COMMO
 
 ```js
 "timestamp":"2020-04-30T14:30:17-05:00","message":"40.135.0.0 - -
-[30/Apr/2020:14:30:17 -0500] \"GET /images/elasticsearch-reference-hm_bg.jpg HTTP/1.0\" 200 24736"
+[30/Apr/2020:14:30:17 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"
 ```
 
 To extract the IP address from the `message` field, you can write a Painless script that incorporates the `%{{COMMONAPACHELOG}}` syntax. You can test this script using the [`ip` field context](https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-execute-api.html#painless-runtime-ip) of the Painless execute API, but let’s use a runtime field instead.
@@ -98,7 +98,7 @@ POST /my-index/_bulk?refresh
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:19-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:19 -0500] \"GET /french/splash_inet.html HTTP/1.0\" 200 3781"}
 {"index":{}}
-{"timestamp":"2020-04-30T14:31:22-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/elasticsearch-reference-hm_nbg.jpg HTTP/1.0\" 304 0"}
+{"timestamp":"2020-04-30T14:31:22-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/hm_nbg.jpg HTTP/1.0\" 304 0"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:27-05:00","message":"252.0.0.0 - - [30/Apr/2020:14:31:27 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}

explore-analyze/scripting/scripting-field-extraction.md

@@ -36,23 +36,23 @@ After mapping the fields you want to retrieve, index a few records from your log
 ```console
 POST /my-index/_bulk?refresh
 {"index":{}}
-{"timestamp":"2020-04-30T14:30:17-05:00","message":"40.135.0.0 - - [30/Apr/2020:14:30:17 -0500] \"GET /images/elasticsearch-reference-hm_bg.jpg HTTP/1.0\" 200 24736"}
+{"timestamp":"2020-04-30T14:30:17-05:00","message":"40.135.0.0 - - [30/Apr/2020:14:30:17 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:30:53-05:00","message":"232.0.0.0 - - [30/Apr/2020:14:30:53 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:12-05:00","message":"26.1.0.0 - - [30/Apr/2020:14:31:12 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:19-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:19 -0500] \"GET /french/splash_inet.html HTTP/1.0\" 200 3781"}
 {"index":{}}
-{"timestamp":"2020-04-30T14:31:22-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/elasticsearch-reference-hm_nbg.jpg HTTP/1.0\" 304 0"}
+{"timestamp":"2020-04-30T14:31:22-05:00","message":"247.37.0.0 - - [30/Apr/2020:14:31:22 -0500] \"GET /images/hm_nbg.jpg HTTP/1.0\" 304 0"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:27-05:00","message":"252.0.0.0 - - [30/Apr/2020:14:31:27 -0500] \"GET /images/hm_bg.jpg HTTP/1.0\" 200 24736"}
 {"index":{}}
 {"timestamp":"2020-04-30T14:31:28-05:00","message":"not a valid apache log"}
 ```
 
 
-## Extract an IP address from a log message (Grok) [field-extraction-ip] 
+## Extract an IP address from a log message (Grok) [field-extraction-ip]
 
 If you want to retrieve results that include `clientip`, you can add that field as a runtime field in the mapping. The following runtime script defines a grok pattern that extracts structured fields out of the `message` field.
 
@@ -121,7 +121,7 @@ The response includes documents where the value for `http.clientip` matches `40.
 ```
 
 
-## Parse a string to extract part of a field (Dissect) [field-extraction-parse] 
+## Parse a string to extract part of a field (Dissect) [field-extraction-parse]
 
 Instead of matching on a log pattern like in the [previous example](#field-extraction-ip), you can just define a dissect pattern to include the parts of the string that you want to discard.
 
@@ -193,7 +193,7 @@ The response includes a single document where the HTTP response is `304`:
 ```
 
 
-## Split values in a field by a separator (Dissect) [field-extraction-split] 
+## Split values in a field by a separator (Dissect) [field-extraction-split]
 
 Let’s say you want to extract part of a field like in the previous example, but you want to split on specific values. You can use a dissect pattern to extract only the information that you want, and also return that data in a specific format.
 

explore-analyze/visualize/maps/maps-getting-started.md

@@ -137,7 +137,7 @@ You’ll create a layer for [aggregated data](../../aggregations.md) and make it
 
     Your map will look like this between zoom levels 0 and 9:
 
-    :::{image} ../../../images/sample_data_web_logs.png
+    :::{image} ../../../images/kibana-sample_data_web_logs.png
     :alt: Map showing what zoom level 3 looks like
     :class: screenshot
     :::

manage-data/data-store/index-types/set-up-data-stream.md

@@ -15,7 +15,7 @@ To set up a data stream, follow these steps:
 
 You can also [convert an index alias to a data stream](#convert-index-alias-to-data-stream).
 
-::::{important} 
+::::{important}
 If you use {{fleet}}, {{agent}}, or {{ls}}, skip this tutorial. They all set up data streams for you.
 
 For {{fleet}} and {{agent}}, check out this [data streams documentation](https://www.elastic.co/guide/en/fleet/current/data-streams.html). For {{ls}}, check out the [data streams settings](https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-data_stream) for the `elasticsearch output` plugin.
@@ -24,7 +24,7 @@ For {{fleet}} and {{agent}}, check out this [data streams documentation](https:/
 
 
 
-## Create an index lifecycle policy [create-index-lifecycle-policy] 
+## Create an index lifecycle policy [create-index-lifecycle-policy]
 
 While optional, we recommend using {{ilm-init}} to automate the management of your data stream’s backing indices. {{ilm-init}} requires an index lifecycle policy.
 
@@ -83,7 +83,7 @@ PUT _ilm/policy/my-lifecycle-policy
 ```
 
 
-## Create component templates [create-component-templates] 
+## Create component templates [create-component-templates]
 
 A data stream requires a matching index template. In most cases, you compose this index template using one or more component templates. You typically use separate component templates for mappings and index settings. This lets you reuse the component templates in multiple index templates.
 
@@ -92,7 +92,7 @@ When creating your component templates, include:
 * A [`date`](https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html) or [`date_nanos`](https://www.elastic.co/guide/en/elasticsearch/reference/current/date_nanos.html) mapping for the `@timestamp` field. If you don’t specify a mapping, {{es}} maps `@timestamp` as a `date` field with default options.
 * Your lifecycle policy in the `index.lifecycle.name` index setting.
 
-::::{tip} 
+::::{tip}
 Use the [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/{{ecs_version}}) when mapping your fields. ECS fields integrate with several {{stack}} features by default.
 
 If you’re unsure how to map your fields, use [runtime fields](../mapping/define-runtime-fields-in-search-request.md) to extract fields from [unstructured content](https://www.elastic.co/guide/en/elasticsearch/reference/current/keyword.html#mapping-unstructured-content) at search time. For example, you can index a log message to a `wildcard` field and later extract IP addresses and other data from this field during a search.
@@ -143,7 +143,7 @@ PUT _component_template/my-settings
 ```
 
 
-## Create an index template [create-index-template] 
+## Create an index template [create-index-template]
 
 Use your component templates to create an index template. Specify:
 
@@ -171,7 +171,7 @@ PUT _index_template/my-index-template
 ```
 
 
-## Create the data stream [create-data-stream] 
+## Create the data stream [create-data-stream]
 
 [Indexing requests](use-data-stream.md#add-documents-to-a-data-stream) add documents to a data stream. These requests must use an `op_type` of `create`. Documents must include a `@timestamp` field.
 
@@ -180,7 +180,7 @@ To automatically create your data stream, submit an indexing request that target
 ```console
 PUT my-data-stream/_bulk
 { "create":{ } }
-{ "@timestamp": "2099-05-06T16:21:15.000Z", "message": "192.0.2.42 - - [06/May/2099:16:21:15 +0000] \"GET /images/elasticsearch-reference-bg.jpg HTTP/1.0\" 200 24736" }
+{ "@timestamp": "2099-05-06T16:21:15.000Z", "message": "192.0.2.42 - - [06/May/2099:16:21:15 +0000] \"GET /images/bg.jpg HTTP/1.0\" 200 24736" }
 { "create":{ } }
 { "@timestamp": "2099-05-06T16:25:42.000Z", "message": "192.0.2.255 - - [06/May/2099:16:25:42 +0000] \"GET /favicon.ico HTTP/1.0\" 200 3638" }
 
@@ -198,14 +198,14 @@ PUT _data_stream/my-data-stream
 ```
 
 
-## Secure the data stream [secure-data-stream] 
+## Secure the data stream [secure-data-stream]
 
 Use [index privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md#privileges-list-indices) to control access to a data stream. Granting privileges on a data stream grants the same privileges on its backing indices.
 
 For an example, see [Data stream privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/granting-privileges-for-data-streams-aliases.md#data-stream-privileges).
 
 
-## Convert an index alias to a data stream [convert-index-alias-to-data-stream] 
+## Convert an index alias to a data stream [convert-index-alias-to-data-stream]
 
 Prior to {{es}} 7.9, you’d typically use an [index alias with a write index](../../lifecycle/index-lifecycle-management/tutorial-automate-rollover.md#manage-time-series-data-without-data-streams) to manage time series data. Data streams replace this functionality, require less maintenance, and automatically integrate with [data tiers](../../lifecycle/data-tiers.md).
 
@@ -216,7 +216,7 @@ POST _data_stream/_migrate/my-time-series-data
 ```
 
 
-## Get information about a data stream [get-info-about-data-stream] 
+## Get information about a data stream [get-info-about-data-stream]
 
 To get information about a data stream in {{kib}}, open the main menu and go to **Stack Management > Index Management**. In the **Data Streams** view, click the data stream’s name.
 
@@ -227,7 +227,7 @@ GET _data_stream/my-data-stream
 ```
 
 
-## Delete a data stream [delete-data-stream] 
+## Delete a data stream [delete-data-stream]
 
 To delete a data stream and its backing indices in {{kib}}, open the main menu and go to **Stack Management > Index Management**. In the **Data Streams** view, click the trash icon. The icon only displays if you have the `delete_index` [security privilege](../../../deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md) for the data stream.