elastic · dedemorton · May 30, 2024 · May 29, 2024 · May 30, 2024 · May 30, 2024
@@ -30,7 +30,8 @@ include::view-infrastructure-metrics.asciidoc[tag=add-metrics-tip]
 The **Hosts** page provides several ways to view host metrics:
 
 * Overview tiles show the number of hosts returned by your search plus
-averages of key metrics, including CPU usage, memory usage, and throughput.
+averages of key metrics, including CPU usage, normalized load, and memory usage.
+Max disk usage is also shown.
 * The Host limit controls the maximum number of hosts shown on the page. The
 default is 50, which means the page shows data for the top 50 hosts based on the
 most recent timestamps. You can increase the host limit to see data for more
@@ -39,7 +40,7 @@ hosts, but doing so may impact query performance.
 for any hosts with active alerts. You may need to page through the list
 or change the number of rows displayed on each page to see all of your hosts.
 * Each host name is an active link to a <<view-host-details, host details>> page,
-which includes metrics, host metadata, alerts, processes, logs, and anomalies.
+where you can explore enhanced metrics and other observability data related to the selected host.
 You can optionally open the host details in an overlay.
 * Table columns are sortable, but note that the sorting behavior is applied to
 the already returned data set.
@@ -85,35 +86,14 @@ To learn more about filtering data in {kib}, refer to
 [[analyze-hosts-inspect-data]]
 == View metrics
 
-On the **Metrics** tab, view metrics trending over time, including normalized load,
-CPU usage, memory usage, network inbound, network outbound, disk read IOPS, and
-disk write IOPS. Place your cursor over a line to view metrics at a specific
-point in time. From within each visualization, you can choose to inspect
-and download the metrics or open the visualization in Lens.
+On the **Metrics** tab, view metrics trending over time, including CPU usage,
+normalized load, memory usage, disk usage, and other metrics related to disk IOPs and throughput.
+Place your cursor over a line to view metrics at a specific
+point in time. From within each visualization, you can choose to open the visualization in Lens.
 
 To see metrics for a specific host, refer to <<view-host-details>>.
 
-[discrete]
-[[inspect-metrics]]
-=== Inspect and download metrics
-
-You can access a text-based view of the data underlying
-your metrics visualizations and optionally download the data to a
-comma-separated (CSV) file.
-
-Hover your cursor over a visualization, then in the upper-right corner, click
-the ellipsis icon to inspect the data.
-
-[role="screenshot"]
-image::images/hosts-inspect.png[Screenshot showing option to inspect data]
-
-In the flyout, click **Download CSV** to download formatted or raw data to a CSV
-file.
-
-Notice that you can change the view to **View: Requests** to explore the request
-used to fetch the data and the response returned from {es}. You can click links
-to further inspect and analyze the request in the **Dev Console** or
-**Search Profiler**.
+//TODO: Figure out if this section is required. The Inspect option no longer appears on the menu where expected. Remove this section if this is no longer an option.
 
 [discrete]
 [[analyze-hosts-open-in-lens]]
@@ -199,8 +179,7 @@ The host details overlay contains the following tabs:
 
 include::host-details-partial.asciidoc[]
 
-NOTE: These metrics are also available when viewing hosts on the **Inventory**
-page.
+NOTE: The metrics shown on the **Hosts** page are also available when viewing hosts on the **Inventory** page.
 
 [discrete]
 [[analyze-hosts-why-dashed-lines]]

@@ -3,42 +3,53 @@
 .*Overview*
 ====
 
-[role="screenshot"]
-image::images/metrics-overlay.png[Host metrics]
-
-The *Overview* tab displays metrics about the selected host, including CPU usage,
-normalized load, memory usage, disk usage, network traffic, and the log rate.
+The *Overview* tab displays key metrics about the selected host, such as CPU usage,
+normalized load, memory usage, and max disk usage.
 
 Change the time range to view metrics over a specific period of time.
 
+Expand each section to view more detail related to the selected host, such as metadata,
+active alerts, services detected on the host, and metrics.
+
 Hover over a specific time period on a chart to compare the various metrics at that given time.
 
-Expand the **Alerts** section to see alerts related to the selected host.
+Click **Show all** to drill down into related data.
 
+[role="screenshot"]
+image::images/overview-overlay.png[Host overview]
 ====
 
 [%collapsible]
 .*Metadata*
 ====
 
-[role="screenshot"]
-image::images/metadata-overlay.png[Host metadata]
-
 The *Metadata* tab lists all the meta information relating to the host:
 
 * Host information
 * Cloud information
 * Agent information
 
 All of this information can help when investigating events—for example, filtering by operating system or architecture.
+
+[role="screenshot"]
+image::images/metadata-overlay.png[Host metadata]
 ====
 
 [%collapsible]
-.*Processes*
+.*Metrics*
 ====
 
+//TODO: Confirm that this tab also appears in the Infrastructure view. If it doesn't this section will need to be wrapped in a conditional block.
+
+The *Metrics* tab shows host metrics organized by type and is more complete than the view available in the *Overview* tab.
+
 [role="screenshot"]
-image::images/processes-overlay.png[Host processes]
+image::images/metrics-overlay.png[Metrics]
+====
+
+[%collapsible]
+.*Processes*
+====
 
 The *Processes* tab lists the total number of processes (`system.process.summary.total`) running on the host,
 along with the total number of processes in these various states:
@@ -66,15 +77,15 @@ The number of top processes is controlled by `process.include_top_n.by_cpu` and
 `idle`, `zombie`, and `unknown`.
 
 |===
+
+[role="screenshot"]
+image::images/processes-overlay.png[Host processes]
 ====
 
 [%collapsible]
 .*Universal Profiling*
 ====
 
-[role="screenshot"]
-image::images/universal-profiling-overlay.png[Host Universal Profiling]
-
 The *Universal Profiling* tab shows CPU usage down to the application code level.
 From here, you can find the sources of resource usage, and identify code that can be optimized to reduce infrastructure costs.
 The Universal Profiling tab has the following views.
@@ -89,15 +100,15 @@ The Universal Profiling tab has the following views.
 
 For more on Universal Profiling, refer to the <<universal-profiling, Universal Profiling>> docs.
 
+[role="screenshot"]
+image::images/universal-profiling-overlay.png[Host Universal Profiling]
+
 ====
 
 [%collapsible]
 .*Logs*
 ====
 
-[role="screenshot"]
-image::images/logs-overlay.png[Host logs]
-
 The *Logs* tab displays logs relating to the host that you have selected. By default, the logs tab displays the following columns.
 
 |===
@@ -114,16 +125,16 @@ base field, `message`, is used.
 You can customize the logs view by adding a column for an arbitrary field you would like
 to filter by. For more information, refer to <<customize-stream-page,Customize Stream>>.
 To view the logs in the {logs-app} for a detailed analysis, click *Open in Logs*.
+
+[role="screenshot"]
+image::images/logs-overlay.png[Host logs]
 ====
 
 [%collapsible]
 .*Anomalies*
 ====
 
-[role="screenshot"]
-image::images/anomalies-overlay.png[Anomalies]
-
-The *Anomalies* table displays a list of each single metric {anomaly-detect} job for the specific host. By default, anomaly
+The *Anomalies* tab displays a list of each single metric {anomaly-detect} job for the specific host. By default, anomaly
 jobs are sorted by time, showing the most recent jobs first.
 
 Along with the name of each anomaly job, detected anomalies with a severity score equal to 50, or higher, are listed. These
@@ -133,6 +144,9 @@ the actual value and the expected ("typical") value of the host metric in the an
 To drill down and analyze the metric anomaly, select *Actions -> Open in Anomaly Explorer* to view the
 {ml-docs}/ml-gs-results.html[Anomaly Explorer in {ml-app}]. You can also select *Actions -> Show in Inventory* to view the host
 Inventory page, filtered by the specific metric.
+
+[role="screenshot"]
+image::images/anomalies-overlay.png[Anomalies]
 ====
 
 [%collapsible]
@@ -146,9 +160,6 @@ that includes the {integrations-docs}/osquery_manager.html[Osquery Manager]
 integration and have Osquery {kibana-ref}/kibana-privileges.html[{kib} privileges] as a user.
 =====
 
-[role="screenshot"]
-image::images/osquery-overlay.png[Osquery]
-
 The *Osquery* tab allows you to build SQL statements to query your host data.
 You can create and run live or saved queries against
 the {agent}. Osquery results are stored in {es}
@@ -172,4 +183,7 @@ Other options include:
 * View the results in full screen mode.
 * Add, remove, reorder, and resize columns.
 * Sort field names in ascending or descending order.
+
+[role="screenshot"]
+image::images/osquery-overlay.png[Osquery]
 ====