Elasticsearch and stack - self managed tutorial 1 complete refinement

[eedugon]

Summary

Major and hopefully final refinement of tutorial 1.

Addressed issues:

Structure and navigation

• Added Step 6: Consolidate {{es}} configuration to the table of contents.

Elasticsearch setup and configuration

• Added/clarified the Elasticsearch configuration consolidation step after nodes and cluster deployment.
• Added a clear “Install {{es}} with RPM” reference in the Step 1 intro.
• Replaced wget downloads with curl -L -O equivalents.
• Updated prerequisites to require curl (removed wget dependency).
• Refined networking configuration guidance: clarified transport.host, explained http.host from automatic setup, and aligned references to official networking settings docs.
• Added optional node.name guidance and mirrored it in the second-node flow.
• Clarified that enrollment tokens for joining nodes are generated from an existing cluster node.
• Improved IP-address step wording for clarity and portability.
• Refined systemd and bootstrap-check explanations around first-node startup.

Kibana setup and enrollment

• Added a Kibana intro link pattern aligned with Elasticsearch sections.
• Added xpack.encryptedSavedObjects.encryptionKey setup in kibana.yml.
• Added kibana-encryption-keys generate usage with explicit guidance on which key to use.
• Clarified that only xpack.encryptedSavedObjects.encryptionKey is needed for this tutorial path.
• Added production guidance to prefer Kibana keystore for sensitive settings.
• Added official references for saved objects encryption and key rotation.
• Improved the “Start and enroll {{kib}}” introduction and first-run purpose.
• Clarified enrollment-token generation flow and browser prompt wording.

Fleet Server and Elastic Agent flows

• Added Fleet server intro, aligned with official docs terminology.
• Explicitly documented that this tutorial uses Fleet Quick Start (self-signed cert path).
• Added official references for:
  • Quick Start vs Advanced Fleet Server setup
  • SSL/TLS configuration for self-managed Fleet Server
• Added architecture-awareness guidance (aarch64 vs x64) in Fleet Server and Agent install steps.
• Clarified command-handling flow: copy commands to editor first when edits are required.
• Added a concise explanation for why --insecure is required in this tutorial path.
• Added operational prerequisites for Fleet/Agent setup:
  • Fleet/Integrations Kibana privileges (conditional wording for non-elastic users)
  • Direct network connectivity (Agent ↔ Fleet Server ↔ Elasticsearch)
  • Kibana access to https://epr.elastic.co:443
• Added official limitation note: only one {{agent}} per host.
• Kept and refined the Settings verification step (Fleet Server hosts and Outputs URL validation).

Data validation and closing section

• Expanded Step 10 intro to explain multiple data access paths:
  • solution views in {{observability}}
  • integration-provided dashboards
• Added context note that System integration assets/dashboards are installed automatically.
• Added host-level validation path via Observability -> Infrastructure -> Hosts.
• Kept logs/metrics dashboard checks as concrete examples from System integration.
• Minor wording polish in closing and next-step transitions.

Generative AI disclosure

1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?

• Yes - Cursor in auto mode
• No

Closes https://github.com/elastic/docs-content-internal/issues/929

[github-actions]

🔍 Preview links for changed docs

• deploy-manage/deploy/self-managed/tutorial-self-managed-install.md

[github-actions]

✅ Vale Linting Results

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

[wajihaparvez]

Suggested change

	* Want to protect your endpoints from security threats? Try [{{elastic-sec}}](/solutions/security.md). Adding endpoint protection is just another integration that you add to the agent policy.

@eedugon can you have a look at this last line? I don't know if "just another integration" is correct

[wajihaparvez]

Looks great @eedugon! ⭐️ Just some minor suggestions

[shainaraskas]

thanks for bringing this back up to date. the one thing I suggest you fix is the variables in the response examples. everything else is prob nitty

[shainaraskas]

can we also link to the other install method guides?
https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/5636/deploy-manage/deploy/self-managed/installing-elasticsearch

[shainaraskas]

I think this snippet used to use variables. we should prob edit it at least ot use the stack version and the common build type, and we can just use the most recent lucene version and not be picky about it bumping

[eedugon]

I've cleaned it up, thanks for the tip!

I've also made it shorter, like:

    {
      "name" : "instance-2",
      "cluster_name" : "elasticsearch-demo",
      "cluster_uuid" : "<cluster-uuid>",
      "version" : {
        "number" : "{{version.stack}}",
        "build_flavor" : "default",
        "build_type" : "rpm",
        "build_snapshot" : false
      },
      "tagline" : "You Know, for Search"
    }

[shainaraskas]

is shorter representative of what users might see?

[eedugon]

Yes, exactly, complete response is:

{
  "name" : "eedugon1",
  "cluster_name" : "elasticsearch-demo",
  "cluster_uuid" : "Yd4DGkUHQTu2ukwtiO0gQg",
  "version" : {
    "number" : "9.3.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "43a703737aab6baefa748bc7b69e4054926f2b2c",
    "build_date" : "2026-03-16T13:12:56.143057855Z",
    "build_snapshot" : false,
    "lucene_version" : "10.3.2",
    "minimum_wire_compatibility_version" : "8.19.0",
    "minimum_index_compatibility_version" : "8.0.0"
  },
  "tagline" : "You Know, for Search"
}

I've omitted some of the fields... I don't believe they are relevant at all for the scope of the test, which is to just check if GET / works and returns something.

[eedugon]

we can add some ... to be clearer.

[shainaraskas]

link here would be nice

[eedugon]

Fixed in a slightly different way.