elastic · lcawl · Jul 27, 2018 · Jun 21, 2018 · Jun 22, 2018 · Jun 25, 2018
diff --git a/docs/en/stack/getting-started/get-started-stack.asciidoc b/docs/en/stack/getting-started/get-started-stack.asciidoc
@@ -198,7 +198,7 @@ and maps.
 To get started, we recommend that you install {kib} on the same server as {es},
 but it is not required. If you install the products on different servers, you'll
 need to change the URL (IP:PORT) of the {es} server in the {kib} configuration
-file, `config/kibana.yml`, before starting {kib}.
+file, `kibana.yml`, before starting {kib}.
 
 To download and install {kib}, open a terminal window and use the commands that
 work with your system:
@@ -483,6 +483,7 @@ The `setup` command loads the {kib} dashboards. If the dashboards are already
 set up, omit this command. The `-e` flag is optional and sends output to
 standard error instead of syslog.
 
+[[gs-start-metricbeat]]
 . Start {metricbeat}:
 +
 *deb and rpm:*
@@ -675,6 +676,7 @@ through {ls}, where you have full access to {ls} capabilities for collecting,
 enriching, and transforming data. 
 
 [float]
+[[gs-start-logstash]]
 ==== Start {ls}
 
 Use the command that works with your system. If you installed {ls} as a deb or

diff --git a/docs/en/stack/security/get-started-builtin-users.asciidoc b/docs/en/stack/security/get-started-builtin-users.asciidoc
@@ -0,0 +1,26 @@
+There are built-in users that you can use for specific administrative purposes:
+`elastic`, `kibana`, `logstash_system`, and `beats_system`. 
+
+Before you can use them, you must set their passwords:
+
+. Restart {es}. For example, if you installed {es} with a `.tar.gz` package, run 
+the following command from the {es} directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch
+----------------------------------------------------------------------
+
+See {ref}/starting-elasticsearch.html[Starting {es}].
+--
+
+. Set the built-in users' passwords. Run the following command from the {es} 
+directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch-setup-passwords interactive
+----------------------------------------------------------------------
+--
diff --git a/docs/en/stack/security/get-started-enable-security.asciidoc b/docs/en/stack/security/get-started-enable-security.asciidoc
@@ -0,0 +1,39 @@
+When you use the trial license, {security} is disabled by default. To enable it:
+
+. Stop {kib}. The method for starting and stopping {kib} varies depending on 
+how you installed it. For example, if you installed {kib} from an archive 
+distribution (`.tar.gz` or `.zip`), stop it by entering `Ctrl-C` on the command 
+line. See {kibana-ref}/start-stop.html[Starting and stopping {kib}]. 
+
+. Stop {es}. For example, if you installed {es} from an archive distribution, 
+enter `Ctrl-C` on the command line. See 
+{ref}/stopping-elasticsearch.html[Stopping {es}].
+
+. Add the `xpack.security.enabled` setting to the 
+`ES_PATH_CONF/elasticsearch.yml` file. 
++
+--
+TIP: The `ES_PATH_CONF` environment variable contains the path for the {es} 
+configuration files. If you installed {es} using archive distributions (`zip` or 
+`tar.gz`), it defaults to `ES_HOME/config`. If you used package distributions 
+(Debian or RPM), it defaults to `/etc/elasticsearch`. For more information, see 
+{ref}/settings.html[Configuring {es}].  
+
+For example, add the following setting:
+
+[source,yaml]
+----
+xpack.security.enabled: true
+----
+
+TIP: If you have a basic or trial license, the default value for this setting is 
+`false`. If you have a gold or higher license, the default value is `true`. 
+Therefore, it is a good idea to explicitly add this setting to avoid confusion 
+about whether {security} is enabled.  
+
+--
+
+When you enable {security}, basic authentication is enabled by default. To 
+communicate with the cluster, you must specify a username and password.
+Unless you <<anonymous-access,enable anonymous access>>, all requests that don't 
+include a user name and password are rejected.
diff --git a/docs/en/stack/security/get-started-kibana-users.asciidoc b/docs/en/stack/security/get-started-kibana-users.asciidoc
@@ -0,0 +1,60 @@
+When {security} is enabled, users must log in to {kib} with a valid user ID and 
+password. 
+
+{kib} also performs some tasks under the covers that require use of the 
+built-in `kibana` user. 
+
+. Configure {kib} to use the built-in `kibana` user and the password that you 
+created:
+
+** If you don't mind having passwords visible in your configuration file, 
+uncomment and update the following settings in the `kibana.yml` file in your 
+{kib} directory:
++
+--
+TIP: If you installed {kib} using archive distributions (`zip` or 
+`tar.gz`), the `kibana.yml` configuration file is in `KIBANA_HOME/config`. If 
+you used package distributions (Debian or RPM), it's in `/etc/kibana`. For more 
+information, see {kibana-ref}/settings.html[Configuring {kib}].  
+
+For example, add the following settings:
+
+[source,yaml]
+----
+elasticsearch.username: "kibana"
+elasticsearch.password: "your_password"
+----
+
+Specify the password that you set with the `elasticsearch-setup-passwords` 
+command then save your changes to the file. 
+--
+
+** If you prefer not to put your user ID and password in the `kibana.yml` file, 
+store them in a keystore instead. Run the following commands to create the {kib} 
+keystore and add the secure settings:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/kibana-keystore create
+./bin/kibana-keystore add elasticsearch.username
+./bin/kibana-keystore add elasticsearch.password
+----------------------------------------------------------------------
+
+When prompted, specify the `kibana` built-in user and its password for these 
+setting values.  The settings are automatically applied when you start {kib}.   
+To learn more, see {kibana-ref}/secure-settings.html[Secure settings].
+--
+
+. Restart {kib}. For example, if you installed 
+{kib} with a `.tar.gz` package, run the following command from the {kib} 
+directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/kibana
+----------------------------------------------------------------------
+
+See {kibana-ref}/start-stop.html[Starting and stopping {kib}]. 
+--