[docs] Fix various syntax and rendering errors

docs/docset.yml

@@ -26,3 +26,4 @@ subs:
   ilm-init:   "ILM"
   dlm:   "data lifecycle management"
   dlm-init:   "DLM"
+  ess-leadin: "You can run Elasticsearch on your own hardware or use our hosted Elasticsearch Service that is available on AWS, GCP, and Azure. Try the Elasticsearch Service for free: https://cloud.elastic.co/registration."

docs/lsr/plugins-codecs-cef.md

@@ -83,12 +83,12 @@ The following is a mapping between these fields.
 | CEF Field Name (optional CEF Key) | ECS Field |
 | --- | --- |
 | `agentAddress` (`agt`) | `[agent][ip]` |
-| `agentDnsDomain` | `[cef][agent][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `agentDnsDomain` | `[cef][agent][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
 | `agentHostName` (`ahost`) | `[agent][name]` |
 | `agentId` (`aid`) | `[agent][id]` |
 | `agentMacAddress` (`amac`) | `[agent][mac]` |
-| `agentNtDomain` | `[cef][agent][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
-| `agentReceiptTime` (`art`) | `[event][created]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `agentNtDomain` | `[cef][agent][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `agentReceiptTime` (`art`) | `[event][created]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `agentTimeZone` (`atz`) | `[cef][agent][timezone]` |
 | `agentTranslatedAddress` | `[cef][agent][nat][ip]` |
 | `agentTranslatedZoneExternalID` | `[cef][agent][translated_zone][external_id]` |
@@ -105,12 +105,12 @@ The following is a mapping between these fields.
 | `customerExternalID` | `[organization][id]` |
 | `customerURI` | `[organization][name]` |
 | `destinationAddress` (`dst`) | `[destination][ip]` |
-| `destinationDnsDomain` | `[destination][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `destinationDnsDomain` | `[destination][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
 | `destinationGeoLatitude` (`dlat`) | `[destination][geo][location][lat]` |
 | `destinationGeoLongitude` (`dlong`) | `[destination][geo][location][lon]` |
 | `destinationHostName` (`dhost`) | `[destination][domain]` |
 | `destinationMacAddress` (`dmac`) | `[destination][mac]` |
-| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `destinationNtDomain` (`dntdom`) | `[destination][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
 | `destinationPort` (`dpt`) | `[destination][port]` |
 | `destinationProcessId` (`dpid`) | `[destination][process][pid]` |
 | `destinationProcessName` (`dproc`) | `[destination][process][name]` |
@@ -125,8 +125,7 @@ The following is a mapping between these fields.
 | `destinationZoneExternalID` | `[cef][destination][zone][external_id]` |
 | `destinationZoneURI` | `[cef][destination][zone][uri]` |
 | `deviceAction` (`act`) | `[event][action]` |
-| `deviceAddress` (`dvc`) | `[observer][ip]`<br>                                                 When plugin configured with `device => observer` |
-| `[host][ip]`<br>                                                 When plugin configured with `device => host` |
+| `deviceAddress` (`dvc`) | `[observer][ip]`<br>When plugin configured with `device => observer`<br><br>`[host][ip]`<br>When plugin configured with `device => host` |
 | `deviceCustomFloatingPoint1` (`cfp1`) | `[cef][device_custom_floating_point_1][value]` |
 | `deviceCustomFloatingPoint1Label` (`cfp1Label`) | `[cef][device_custom_floating_point_1][label]` |
 | `deviceCustomFloatingPoint2` (`cfp2`) | `[cef][device_custom_floating_point_2][value]` |
@@ -248,49 +247,45 @@ The following is a mapping between these fields.
 | `deviceCustomString15` (`cs15`) | `[cef][device_custom_string_15][value]` |
 | `deviceCustomString15Label` (`cs15Label`) | `[cef][device_custom_string_15][label]` |
 | `deviceDirection` | `[network][direction]` |
-| `deviceDnsDomain` | `[observer][registered_domain]`<br>                                                 When plugin configured with `device => observer`. |
-| `[host][registered_domain]`<br>                                                 When plugin configured with `device => host`. |
+| `deviceDnsDomain` | `[observer][registered_domain]`<br>When plugin configured with `device => observer`.<br><br>`[host][registered_domain]`<br>When plugin configured with `device => host`. |
 | `deviceEventCategory` (`cat`) | `[cef][category]` |
-| `deviceExternalId` | `[observer][name]`<br>                                                 When plugin configured with `device => observer`. |
-| `[host][id]`<br>                                                 When plugin configured with `device => host`. |
+| `deviceExternalId` | `[observer][name]`<br>When plugin configured with `device => observer`.<br><br>`[host][id]`<br>When plugin configured with `device => host`. |
 | `deviceFacility` | `[log][syslog][facility][code]` |
-| `deviceHostName` (`dvchost`) | `[observer][hostname]`<br>                                                 When plugin configured with `device => observer`. |
-| `[host][name]`<br>                                                 When plugin configured with `device => host`. |
+| `deviceHostName` (`dvchost`) | `[observer][hostname]`<br>When plugin configured with `device => observer`.<br><br>`[host][name]`<br>When plugin configured with `device => host`. |
 | `deviceInboundInterface` | `[observer][ingress][interface][name]` |
-| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`<br>                                                 When plugin configured with `device => observer`. |
-| `[host][mac]`<br>                                                 When plugin configured with `device => host`. |
+| `deviceMacAddress` (`dvcmac`) | `[observer][mac]`<br>When plugin configured with `device => observer`.<br><br>`[host][mac]`<br>When plugin configured with `device => host`. |
 | `deviceNtDomain` | `[cef][nt_domain]` |
 | `deviceOutboundInterface` | `[observer][egress][interface][name]` |
 | `devicePayloadId` | `[cef][payload_id]` |
 | `deviceProcessId` (`dvcpid`) | `[process][pid]` |
 | `deviceProcessName` | `[process][name]` |
-| `deviceReceiptTime` (`rt`) | `@timestamp`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `deviceReceiptTime` (`rt`) | `@timestamp`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `deviceTimeZone` (`dtz`) | `[event][timezone]` |
 | `deviceTranslatedAddress` | `[host][nat][ip]` |
 | `deviceTranslatedZoneExternalID` | `[cef][translated_zone][external_id]` |
 | `deviceTranslatedZoneURI` | `[cef][translated_zone][uri]` |
 | `deviceVersion` | `[observer][version]` |
 | `deviceZoneExternalID` | `[cef][zone][external_id]` |
 | `deviceZoneURI` | `[cef][zone][uri]` |
-| `endTime` (`end`) | `[event][end]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `endTime` (`end`) | `[event][end]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `eventId` | `[event][id]` |
 | `eventOutcome` (`outcome`) | `[event][outcome]` |
 | `externalId` | `[cef][external_id]` |
 | `fileCreateTime` | `[file][created]` |
 | `fileHash` | `[file][hash]` |
 | `fileId` | `[file][inode]` |
-| `fileModificationTime` | `[file][mtime]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `fileModificationTime` | `[file][mtime]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `fileName` (`fname`) | `[file][name]` |
 | `filePath` | `[file][path]` |
 | `filePermission` | `[file][group]` |
 | `fileSize` (`fsize`) | `[file][size]` |
 | `fileType` | `[file][extension]` |
-| `managerReceiptTime` (`mrt`) | `[event][ingested]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `managerReceiptTime` (`mrt`) | `[event][ingested]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `message` (`msg`) | `[message]` |
-| `oldFileCreateTime` | `[cef][old_file][created]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileCreateTime` | `[cef][old_file][created]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `oldFileHash` | `[cef][old_file][hash]` |
 | `oldFileId` | `[cef][old_file][inode]` |
-| `oldFileModificationTime` | `[cef][old_file][mtime]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `oldFileModificationTime` | `[cef][old_file][mtime]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `oldFileName` | `[cef][old_file][name]` |
 | `oldFilePath` | `[cef][old_file][path]` |
 | `oldFilePermission` | `[cef][old_file][group]` |
@@ -304,12 +299,12 @@ The following is a mapping between these fields.
 | `requestMethod` | `[http][request][method]` |
 | `requestUrl` (`request`) | `[url][original]` |
 | `sourceAddress` (`src`) | `[source][ip]` |
-| `sourceDnsDomain` | `[source][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
+| `sourceDnsDomain` | `[source][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *higher* priority. |
 | `sourceGeoLatitude` (`slat`) | `[source][geo][location][lat]` |
 | `sourceGeoLongitude` (`slong`) | `[source][geo][location][lon]` |
 | `sourceHostName` (`shost`) | `[source][domain]` |
 | `sourceMacAddress` (`smac`) | `[source][mac]` |
-| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`<br>                                                 Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
+| `sourceNtDomain` (`sntdom`) | `[source][registered_domain]`<br>Multiple possible CEF fields map to this ECS Field. When decoding, the last entry encountered wins. When encoding, this field has *lower* priority. |
 | `sourcePort` (`spt`) | `[source][port]` |
 | `sourceProcessId` (`spid`) | `[source][process][pid]` |
 | `sourceProcessName` (`sproc`) | `[source][process][name]` |
@@ -323,7 +318,7 @@ The following is a mapping between these fields.
 | `sourceUserPrivileges` (`spriv`) | `[source][user][group][name]` |
 | `sourceZoneExternalID` | `[cef][source][zone][external_id]` |
 | `sourceZoneURI` | `[cef][source][zone][uri]` |
-| `startTime` (`start`) | `[event][start]`<br>                                                 This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
+| `startTime` (`start`) | `[event][start]`<br>This field contains a timestamp. In ECS Compatibility Mode, it is parsed to a specific point in time. |
 | `transportProtocol` (`proto`) | `[network][transport]` |
 | `type` | `[cef][type]` |
 
@@ -372,7 +367,7 @@ When parsing timestamp fields in ECS mode and encountering timestamps that do no
 
 If your input puts a delimiter between each CEF event, you’ll want to set this to be that delimiter.
 
-::::{note} 
+::::{note}
 Byte stream inputs such as TCP require delimiter to be specified. Otherwise input can be truncated or incorrectly split.
 ::::
 

docs/lsr/plugins-filters-elastic_integration.md

@@ -28,7 +28,7 @@ Use of this plugin requires an active Elastic Enterprise [subscription](https://
 
 Use this filter to process Elastic integrations powered by {{es}} Ingest Node in {{ls}}.
 
-::::{admonition} Extending Elastic integrations with {ls}
+::::{admonition} Extending Elastic integrations with {{ls}}
 This plugin can help you take advantage of the extensive, built-in capabilities of [Elastic {{integrations}}](https://docs.elastic.co/en/integrations)—​such as managing data collection, transformation, and visualization—​and then use {{ls}} for additional data processing and output options. For more info about extending Elastic integrations with {{ls}}, check out [Using {{ls}} with Elastic Integrations](logstash://reference/using-logstash-with-elastic-integrations.md).
 
 ::::
@@ -38,7 +38,7 @@ When you configure this filter to point to an {{es}} cluster, it detects which i
 
 It then loads that pipeline’s definition from {{es}} and run that pipeline inside Logstash without transmitting the event to {{es}}. Events that are successfully handled by their ingest pipeline will have `[@metadata][target_ingest_pipeline]` set to `_none` so that any downstream {{es}} output in the Logstash pipeline will avoid running the event’s default pipeline *again* in {{es}}.
 
-::::{note} 
+::::{note}
 Some multi-pipeline configurations such as logstash-to-logstash over http(s) do not maintain the state of `[@metadata]` fields. In these setups, you may need to explicitly configure your downstream pipeline’s {{es}} output with `pipeline => "_none"` to avoid re-running the default pipeline.
 ::::
 
@@ -50,7 +50,7 @@ Events that *fail* ingest pipeline processing will be tagged with `_ingest_pipel
 * This plugin requires Java 17 minimum with {{ls}} `8.x` versions and Java 21 minimum with {{ls}} `9.x` versions.
 * When you upgrade the {{stack}}, upgrade {{ls}} (or this plugin specifically) *before* you upgrade {{kib}}. (Note that this requirement is a departure from the typical {{stack}} [installation order](https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.md#install-order-elastic-stack).)
 
-    The {{es}}-{ls}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
+    The {{es}}-{{ls}}-{{kib}} installation order ensures the best experience with {{agent}}-managed pipelines, and embeds functionality from a version of {{es}} Ingest Node that is compatible with the plugin version (`major`.`minor`).
 
 
 
@@ -119,7 +119,7 @@ You can configure this plugin to present authentication credentials to {{es}} in
 * Cloud Auth: (see [`cloud_auth`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-cloud_auth))
 * HTTP Basic Auth: (see [`username`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-username) and [`password`](plugins-filters-elastic_integration.md#plugins-filters-elastic_integration-password))
 
-::::{note} 
+::::{note}
 Your request credentials are only as secure as the connection they are being passed over. They provide neither privacy nor secrecy on their own, and can easily be recovered by an adversary when SSL is disabled.
 ::::
 
@@ -136,7 +136,7 @@ This plugin communicates with Elasticsearch to resolve events into pipeline defi
 | `read_pipeline` | A read-only get and simulate access to ingest pipeline. It is required when plugin reads {{es}} ingest pipeline definitions. |
 | `manage_index_templates` | All operations on index templates privilege. It is required when plugin resolves default pipeline based on event data stream name. |
 
-::::{note} 
+::::{note}
 This plugin cannot determine if an anonymous user has the required privileges when it connects to an {{es}} cluster that has security features disabled or when the user does not provide credentials. The plugin starts in an unsafe mode with a runtime error indicating that API permissions are insufficient, and prevents events from being processed by the ingest pipeline.
 
 To avoid these issues, set up user authentication and ensure that security in {{es}} is enabled (default).
@@ -308,7 +308,7 @@ This plugin will discover all regular files with the `.mmdb` suffix in the provi
 * `Enterprise`
 * `Isp`
 
-::::{note} 
+::::{note}
 Most integrations rely on databases being present named *exactly*:
 
 * `GeoLite2-ASN.mmdb`,
@@ -601,7 +601,7 @@ Add a unique `ID` to the plugin configuration. If no ID is specified, Logstash w
     }
 ```
 
-::::{note} 
+::::{note}
 Variable substitution in the `id` field only supports environment variables and does not support the use of values from the secret store.
 ::::