Elasticsearch and stack - self managed tutorial 1 complete refinement

[eedugon]

Summary

Major and hopefully final refinement of tutorial 1.

Addressed issues:

Structure and navigation

• Added Step 6: Consolidate {{es}} configuration to the table of contents.

Elasticsearch setup and configuration

• Added/clarified the Elasticsearch configuration consolidation step after nodes and cluster deployment.
• Added a clear “Install {{es}} with RPM” reference in the Step 1 intro.
• Replaced wget downloads with curl -L -O equivalents.
• Updated prerequisites to require curl (removed wget dependency).
• Refined networking configuration guidance: clarified transport.host, explained http.host from automatic setup, and aligned references to official networking settings docs.
• Added optional node.name guidance and mirrored it in the second-node flow.
• Clarified that enrollment tokens for joining nodes are generated from an existing cluster node.
• Improved IP-address step wording for clarity and portability.
• Refined systemd and bootstrap-check explanations around first-node startup.

Kibana setup and enrollment

• Added a Kibana intro link pattern aligned with Elasticsearch sections.
• Added xpack.encryptedSavedObjects.encryptionKey setup in kibana.yml.
• Added kibana-encryption-keys generate usage with explicit guidance on which key to use.
• Clarified that only xpack.encryptedSavedObjects.encryptionKey is needed for this tutorial path.
• Added production guidance to prefer Kibana keystore for sensitive settings.
• Added official references for saved objects encryption and key rotation.
• Improved the “Start and enroll {{kib}}” introduction and first-run purpose.
• Clarified enrollment-token generation flow and browser prompt wording.

Fleet Server and Elastic Agent flows

• Added Fleet server intro, aligned with official docs terminology.
• Explicitly documented that this tutorial uses Fleet Quick Start (self-signed cert path).
• Added official references for:
  • Quick Start vs Advanced Fleet Server setup
  • SSL/TLS configuration for self-managed Fleet Server
• Added architecture-awareness guidance (aarch64 vs x64) in Fleet Server and Agent install steps.
• Clarified command-handling flow: copy commands to editor first when edits are required.
• Added a concise explanation for why --insecure is required in this tutorial path.
• Added operational prerequisites for Fleet/Agent setup:
  • Fleet/Integrations Kibana privileges (conditional wording for non-elastic users)
  • Direct network connectivity (Agent ↔ Fleet Server ↔ Elasticsearch)
  • Kibana access to https://epr.elastic.co:443
• Added official limitation note: only one {{agent}} per host.
• Kept and refined the Settings verification step (Fleet Server hosts and Outputs URL validation).

Data validation and closing section

• Expanded Step 10 intro to explain multiple data access paths:
  • solution views in {{observability}}
  • integration-provided dashboards
• Added context note that System integration assets/dashboards are installed automatically.
• Added host-level validation path via Observability -> Infrastructure -> Hosts.
• Kept logs/metrics dashboard checks as concrete examples from System integration.
• Minor wording polish in closing and next-step transitions.

Generative AI disclosure

1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?

• Yes - Cursor in auto mode
• No

Closes https://github.com/elastic/docs-content-internal/issues/929

[github-actions]

🔍 Preview links for changed docs

• deploy-manage/deploy/self-managed/tutorial-self-managed-install.md

[github-actions]

✅ Vale Linting Results

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

[wajihaparvez]

Maybe this should be in a Tip or Important admonition so that it's more prominent

[wajihaparvez]

Suggested change

	1. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` superuser account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step.
	1. Copy the terminal output from the install command to a local file. In particular, you need the password for the built-in `elastic` user account. The output also contains the commands to enable {{es}} to run as a service, which you use in the next step.

Not sure if this is correct, but pointing this out since you changed "super user" to "user" in the prereqs

[wajihaparvez]

Same comment for other places on this page where "superuser" is mentioned

[eedugon]

Thanks! I'll review all occurrences, and I'll explain why I changed the first one but not the others :)

The pre-reqs talked about an operating system user, which with sudo privileges can become root (a.k.a the superuser OS account). That's why in the intro it's better to require a normal user account with sudo privileges (saying superuser account with sudo privileges feels redundant or unneeded, because if you are already a superuser you don't really need sudo :D ).

Here the sentence is about the Elasticsearch built-in user elastic, which has the superuser role and its known as a superuser (at Elasticsearch level).

Anyway elastic user or elastic superuser should both be fine. I was more worried about the prereqs, where superuser felt a bit out of place.

[wajihaparvez]

Suggested change

	1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later.
	1. Obtain your host IP address (for example, by running `ifconfig`). You will need this value later.

[eedugon]

I'm trying to remove all future tense occurrences in the tutorial on purpose (whenever is feasible), due to what I think our current guidance is.

Shouldn't this be the way to go @theletterf ?

IMO you need this value later feels also ok in a tutorial, without needing the will. Note that I have removed more than 30 future tense occurrences in these two tutorials already :-D

[wajihaparvez]

Suggested change

	1. Obtain your host IP address (for example, by running `ifconfig`). You need this value later.
	1. Obtain your host IP address (for example, by running `ifconfig`). You will need this value later.

[wajihaparvez]

You could link to the admonition in step 7 to make it clear exactly where they should stop

[eedugon]

Yeah, I have a bit of mixed feelings with this paragraph and the huge admonition you are also referring.

The next big PR I'm working with is for the second tutorial, which needs to be almost completely rewritten, so my expectation is that after that tutorial-2 is changes we might be able to provide a better path and better links do the exact steps on the second tutorial to apply the needed actions.

[wajihaparvez]

Suggested change

	1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You need this value later.
	1. Obtain the host IP address for your {{fleet-server}} host (for example, by running `ifconfig`). You will need this value later.

[wajihaparvez]

Suggested change

	* Want to protect your endpoints from security threats? Try [{{elastic-sec}}](/solutions/security.md). Adding endpoint protection is just another integration that you add to the agent policy.

@eedugon can you have a look at this last line? I don't know if "just another integration" is correct

[wajihaparvez]

Looks great @eedugon! ⭐️ Just some minor suggestions