diff --git a/.eslintignore b/.eslintignore
index f757ed9a1bf98c..66684fbcd52e6a 100644
--- a/.eslintignore
+++ b/.eslintignore
@@ -27,6 +27,7 @@ snapshots.js
 /x-pack/plugins/canvas/shareable_runtime/build
 /x-pack/plugins/canvas/storybook/build
 /x-pack/plugins/reporting/server/export_types/printable_pdf/server/lib/pdf/assets/**
+/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/server/lib/pdf/assets/**
 
 # package overrides
 /packages/elastic-eslint-config-kibana
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 95c11b05a97836..26616ab237660e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -107,6 +107,8 @@
 /x-pack/plugins/observability/public/components/shared/exploratory_view @elastic/uptime
 /x-pack/test/functional_with_es_ssl/apps/uptime  @elastic/uptime
 /x-pack/test/functional/apps/uptime @elastic/uptime
+/x-pack/test/functional/es_archives/uptime @elastic/uptime
+/x-pack/test/functional/services/uptime @elastic/uptime
 /x-pack/test/api_integration/apis/uptime @elastic/uptime
 
 # Client Side Monitoring / Uptime (lives in APM directories but owned by Uptime)
diff --git a/src/plugins/discover/public/application/apps/main/utils/fetch_chart.ts b/src/plugins/discover/public/application/apps/main/utils/fetch_chart.ts
index 25a2a964a778fd..67f34c7503c59c 100644
--- a/src/plugins/discover/public/application/apps/main/utils/fetch_chart.ts
+++ b/src/plugins/discover/public/application/apps/main/utils/fetch_chart.ts
@@ -50,6 +50,14 @@ export function fetchChart(
   sendLoadingMsg(charts$);
   sendLoadingMsg(totalHits$);
 
+  const executionContext = {
+    type: 'application',
+    name: 'discover',
+    description: 'fetch chart data and total hits',
+    url: window.location.pathname,
+    id: '',
+  };
+
   const fetch$ = searchSource
     .fetch$({
       abortSignal: abortController.signal,
@@ -64,6 +72,7 @@ export function fetchChart(
             'This request queries Elasticsearch to fetch the aggregation data for the chart.',
         }),
       },
+      executionContext,
     })
     .pipe(filter((res) => isCompleteResponse(res)));
 
diff --git a/src/plugins/discover/public/application/apps/main/utils/fetch_documents.ts b/src/plugins/discover/public/application/apps/main/utils/fetch_documents.ts
index edaf86cef6874b..2f06a9dbbb3db3 100644
--- a/src/plugins/discover/public/application/apps/main/utils/fetch_documents.ts
+++ b/src/plugins/discover/public/application/apps/main/utils/fetch_documents.ts
@@ -41,6 +41,14 @@ export const fetchDocuments = (
 
   sendLoadingMsg(documents$);
 
+  const executionContext = {
+    type: 'application',
+    name: 'discover',
+    description: 'fetch documents',
+    url: window.location.pathname,
+    id: '',
+  };
+
   const fetch$ = searchSource
     .fetch$({
       abortSignal: abortController.signal,
@@ -54,6 +62,7 @@ export const fetchDocuments = (
           defaultMessage: 'This request queries Elasticsearch to fetch the documents.',
         }),
       },
+      executionContext,
     })
     .pipe(filter((res) => isCompleteResponse(res)));
 
diff --git a/src/plugins/discover/public/application/apps/main/utils/fetch_total_hits.ts b/src/plugins/discover/public/application/apps/main/utils/fetch_total_hits.ts
index 4fb43652f28c33..9688f5ddd614d4 100644
--- a/src/plugins/discover/public/application/apps/main/utils/fetch_total_hits.ts
+++ b/src/plugins/discover/public/application/apps/main/utils/fetch_total_hits.ts
@@ -46,6 +46,14 @@ export function fetchTotalHits(
 
   sendLoadingMsg(totalHits$);
 
+  const executionContext = {
+    type: 'application',
+    name: 'discover',
+    description: 'fetch total hits',
+    url: window.location.pathname,
+    id: '',
+  };
+
   const fetch$ = searchSource
     .fetch$({
       inspector: {
@@ -59,6 +67,7 @@ export function fetchTotalHits(
       },
       abortSignal: abortController.signal,
       sessionId: searchSessionId,
+      executionContext,
     })
     .pipe(filter((res) => isCompleteResponse(res)));
 
diff --git a/src/plugins/discover/public/application/embeddable/saved_search_embeddable.tsx b/src/plugins/discover/public/application/embeddable/saved_search_embeddable.tsx
index 3fd7b2f50d319f..1981f0228d2c7c 100644
--- a/src/plugins/discover/public/application/embeddable/saved_search_embeddable.tsx
+++ b/src/plugins/discover/public/application/embeddable/saved_search_embeddable.tsx
@@ -170,6 +170,14 @@ export class SavedSearchEmbeddable
     this.searchProps!.isLoading = true;
 
     this.updateOutput({ loading: true, error: undefined });
+    const executionContext = {
+      type: this.type,
+      name: 'discover',
+      id: this.savedSearch.id,
+      description: this.output.title || this.output.defaultTitle || '',
+      url: this.output.editUrl,
+      parent: this.input.executionContext,
+    };
 
     try {
       // Make the request
@@ -187,6 +195,7 @@ export class SavedSearchEmbeddable
                 'This request queries Elasticsearch to fetch the data for the search.',
             }),
           },
+          executionContext,
         })
         .toPromise();
       this.updateOutput({ loading: false, error: undefined });
diff --git a/src/plugins/kibana_react/public/code_editor/__snapshots__/code_editor.test.tsx.snap b/src/plugins/kibana_react/public/code_editor/__snapshots__/code_editor.test.tsx.snap
index 230d31ac9e0b64..7b2729d2e1b682 100644
--- a/src/plugins/kibana_react/public/code_editor/__snapshots__/code_editor.test.tsx.snap
+++ b/src/plugins/kibana_react/public/code_editor/__snapshots__/code_editor.test.tsx.snap
@@ -1,52 +1,241 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`is rendered 1`] = `
-<Fragment>
-  <MonacoEditor
-    defaultValue=""
-    editorDidMount={[Function]}
-    editorWillMount={[Function]}
-    height={250}
-    language="loglang"
-    onChange={[Function]}
-    options={
-      Object {
-        "fontFamily": "Roboto Mono",
-        "fontSize": 12,
-        "lineHeight": 21,
-        "matchBrackets": "never",
-        "minimap": Object {
-          "enabled": false,
+exports[`<CodeEditor /> hint element should be tabable 1`] = `
+<div
+  aria-label="Code Editor"
+  class="kibanaCodeEditor__keyboardHint"
+  data-test-subj="codeEditorHint"
+  id="1234"
+  role="button"
+  tabindex="0"
+/>
+`;
+
+exports[`<CodeEditor /> is rendered 1`] = `
+<CodeEditor
+  height={250}
+  intl={
+    Object {
+      "defaultFormats": Object {},
+      "defaultLocale": "en",
+      "formatDate": [Function],
+      "formatHTMLMessage": [Function],
+      "formatMessage": [Function],
+      "formatNumber": [Function],
+      "formatPlural": [Function],
+      "formatRelative": [Function],
+      "formatTime": [Function],
+      "formats": Object {
+        "date": Object {
+          "full": Object {
+            "day": "numeric",
+            "month": "long",
+            "weekday": "long",
+            "year": "numeric",
+          },
+          "long": Object {
+            "day": "numeric",
+            "month": "long",
+            "year": "numeric",
+          },
+          "medium": Object {
+            "day": "numeric",
+            "month": "short",
+            "year": "numeric",
+          },
+          "short": Object {
+            "day": "numeric",
+            "month": "numeric",
+            "year": "2-digit",
+          },
         },
-        "renderLineHighlight": "none",
-        "scrollBeyondLastLine": false,
-        "scrollbar": Object {
-          "useShadows": false,
+        "number": Object {
+          "currency": Object {
+            "style": "currency",
+          },
+          "percent": Object {
+            "style": "percent",
+          },
         },
-        "wordBasedSuggestions": false,
-        "wordWrap": "on",
-        "wrappingIndent": "indent",
-      }
+        "relative": Object {
+          "days": Object {
+            "units": "day",
+          },
+          "hours": Object {
+            "units": "hour",
+          },
+          "minutes": Object {
+            "units": "minute",
+          },
+          "months": Object {
+            "units": "month",
+          },
+          "seconds": Object {
+            "units": "second",
+          },
+          "years": Object {
+            "units": "year",
+          },
+        },
+        "time": Object {
+          "full": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "long": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+            "timeZoneName": "short",
+          },
+          "medium": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+            "second": "numeric",
+          },
+          "short": Object {
+            "hour": "numeric",
+            "minute": "numeric",
+          },
+        },
+      },
+      "formatters": Object {
+        "getDateTimeFormat": [Function],
+        "getMessageFormat": [Function],
+        "getNumberFormat": [Function],
+        "getPluralFormat": [Function],
+        "getRelativeFormat": [Function],
+      },
+      "locale": "en",
+      "messages": Object {},
+      "now": [Function],
+      "onError": [Function],
+      "textComponent": Symbol(react.fragment),
+      "timeZone": null,
     }
-    overrideServices={Object {}}
-    theme="euiColors"
-    value="
+  }
+  languageId="loglang"
+  onChange={[Function]}
+  value="
+[Sun Mar 7 20:54:27 2004] [notice] [client xx.xx.xx.xx] This is a notice!
+[Sun Mar 7 20:58:27 2004] [info] [client xx.xx.xx.xx] (104)Connection reset by peer: client stopped connection before send body completed
+[Sun Mar 7 21:16:17 2004] [error] [client xx.xx.xx.xx] File does not exist: /home/httpd/twiki/view/Main/WebHome
+"
+>
+  <div
+    className="kibanaCodeEditor"
+  >
+    <EuiToolTip
+      content={
+        <React.Fragment>
+          <p>
+            <FormattedMessage
+              defaultMessage="Press {key} to start editing."
+              id="kibana-react.kibanaCodeEditor.startEditing"
+              values={
+                Object {
+                  "key": <strong>
+                    Enter
+                  </strong>,
+                }
+              }
+            />
+          </p>
+          <p>
+            <FormattedMessage
+              defaultMessage="Press {key} to stop editing."
+              id="kibana-react.kibanaCodeEditor.stopEditing"
+              values={
+                Object {
+                  "key": <strong>
+                    Esc
+                  </strong>,
+                }
+              }
+            />
+          </p>
+        </React.Fragment>
+      }
+      delay="regular"
+      display="block"
+      position="top"
+    >
+      <span
+        className="euiToolTipAnchor euiToolTipAnchor--displayBlock"
+        onKeyUp={[Function]}
+        onMouseOut={[Function]}
+        onMouseOver={[Function]}
+      >
+        <div
+          aria-label="Code Editor"
+          className="kibanaCodeEditor__keyboardHint"
+          data-test-subj="codeEditorHint"
+          id="1234"
+          onBlur={[Function]}
+          onClick={[Function]}
+          onFocus={[Function]}
+          onKeyDown={[Function]}
+          role="button"
+          tabIndex={0}
+        />
+      </span>
+    </EuiToolTip>
+    <mockMonacoEditor
+      editorDidMount={[Function]}
+      editorWillMount={[Function]}
+      height={250}
+      language="loglang"
+      onChange={[Function]}
+      options={
+        Object {
+          "fontFamily": "Roboto Mono",
+          "fontSize": 12,
+          "lineHeight": 21,
+          "matchBrackets": "never",
+          "minimap": Object {
+            "enabled": false,
+          },
+          "renderLineHighlight": "none",
+          "scrollBeyondLastLine": false,
+          "scrollbar": Object {
+            "useShadows": false,
+          },
+          "wordBasedSuggestions": false,
+          "wordWrap": "on",
+          "wrappingIndent": "indent",
+        }
+      }
+      theme="euiColors"
+      value="
 [Sun Mar 7 20:54:27 2004] [notice] [client xx.xx.xx.xx] This is a notice!
 [Sun Mar 7 20:58:27 2004] [info] [client xx.xx.xx.xx] (104)Connection reset by peer: client stopped connection before send body completed
 [Sun Mar 7 21:16:17 2004] [error] [client xx.xx.xx.xx] File does not exist: /home/httpd/twiki/view/Main/WebHome
 "
-    width="100%"
-  />
-  <ResizeDetector
-    handleHeight={true}
-    handleWidth={true}
-    nodeType="div"
-    onResize={[Function]}
-    querySelector={null}
-    refreshMode="debounce"
-    refreshRate={1000}
-    skipOnMount={false}
-    targetDomEl={null}
-  />
-</Fragment>
+    >
+      <div>
+        <textarea
+          data-test-subj="monacoEditorTextarea"
+          onKeyDown={[Function]}
+        />
+      </div>
+    </mockMonacoEditor>
+    <ResizeDetector
+      handleHeight={true}
+      handleWidth={true}
+      nodeType="div"
+      onResize={[Function]}
+      querySelector={null}
+      refreshMode="debounce"
+      refreshRate={1000}
+      skipOnMount={false}
+      targetDomEl={null}
+    >
+      <ChildWrapper>
+        <div />
+      </ChildWrapper>
+    </ResizeDetector>
+  </div>
+</CodeEditor>
 `;
diff --git a/src/plugins/kibana_react/public/code_editor/code_editor.test.helpers.tsx b/src/plugins/kibana_react/public/code_editor/code_editor.test.helpers.tsx
new file mode 100644
index 00000000000000..cee1ecad2196a4
--- /dev/null
+++ b/src/plugins/kibana_react/public/code_editor/code_editor.test.helpers.tsx
@@ -0,0 +1,105 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+import React, { useEffect, KeyboardEventHandler } from 'react';
+import { monaco } from '@kbn/monaco';
+
+function createEditorInstance() {
+  const keyDownListeners: any[] = [];
+  const didShowListeners: any[] = [];
+  const didHideListeners: any[] = [];
+  let areSuggestionsVisible = false;
+
+  const editorInstance = {
+    // Mock monaco editor API
+    getContribution: jest.fn((id: string) => {
+      if (id === 'editor.contrib.suggestController') {
+        return {
+          widget: {
+            value: {
+              onDidShow: jest.fn((listener) => {
+                didShowListeners.push(listener);
+              }),
+              onDidHide: jest.fn((listener) => {
+                didHideListeners.push(listener);
+              }),
+            },
+          },
+        };
+      }
+    }),
+    focus: jest.fn(),
+    onDidBlurEditorText: jest.fn(),
+    onKeyDown: jest.fn((listener) => {
+      keyDownListeners.push(listener);
+    }),
+    getDomNode: jest.fn(),
+    // Helpers for our tests
+    __helpers__: {
+      areSuggestionsVisible: () => areSuggestionsVisible,
+      onTextareaKeyDown: ((e) => {
+        // Let all our listener know that a key has been pressed on the textarea
+        keyDownListeners.forEach((listener) => listener(e));
+
+        // Close the suggestions when hitting the ESC key
+        if (e.keyCode === monaco.KeyCode.Escape && areSuggestionsVisible) {
+          editorInstance.__helpers__.hideSuggestions();
+        }
+      }) as KeyboardEventHandler,
+      showSuggestions: () => {
+        areSuggestionsVisible = true;
+        didShowListeners.forEach((listener) => listener());
+      },
+      hideSuggestions: () => {
+        areSuggestionsVisible = false;
+        didHideListeners.forEach((listener) => listener());
+      },
+    },
+  };
+
+  return editorInstance;
+}
+
+type MockedEditor = ReturnType<typeof createEditorInstance>;
+
+export const mockedEditorInstance: MockedEditor = createEditorInstance();
+
+// <MonacoEditor /> mock
+const mockMonacoEditor = ({ editorWillMount, editorDidMount }: any) => {
+  editorWillMount(monaco);
+
+  useEffect(() => {
+    editorDidMount(mockedEditorInstance, monaco);
+  }, [editorDidMount]);
+
+  return (
+    <div>
+      <textarea
+        onKeyDown={mockedEditorInstance?.__helpers__.onTextareaKeyDown}
+        data-test-subj="monacoEditorTextarea"
+      />
+    </div>
+  );
+};
+
+jest.mock('react-monaco-editor', () => {
+  return function JestMockEditor() {
+    return mockMonacoEditor;
+  };
+});
+
+// Mock the htmlIdGenerator to generate predictable ids for snapshot tests
+jest.mock('@elastic/eui', () => {
+  const original = jest.requireActual('@elastic/eui');
+
+  return {
+    ...original,
+    htmlIdGenerator: () => {
+      return () => '1234';
+    },
+  };
+});
diff --git a/src/plugins/kibana_react/public/code_editor/code_editor.test.tsx b/src/plugins/kibana_react/public/code_editor/code_editor.test.tsx
index 0f279e3bfea325..a15e21861aa2e1 100644
--- a/src/plugins/kibana_react/public/code_editor/code_editor.test.tsx
+++ b/src/plugins/kibana_react/public/code_editor/code_editor.test.tsx
@@ -7,9 +7,16 @@
  */
 
 import React from 'react';
-import { CodeEditor } from './code_editor';
+import { ReactWrapper } from 'enzyme';
+import { mountWithIntl, findTestSubject } from '@kbn/test/jest';
 import { monaco } from '@kbn/monaco';
-import { shallow } from 'enzyme';
+
+import { keys } from '@elastic/eui';
+
+// This import needs to come before './code_editor' below as it sets the jest.mocks
+import { mockedEditorInstance } from './code_editor.test.helpers';
+
+import { CodeEditor } from './code_editor';
 
 // disabled because this is a test, but also it seems we shouldn't need this?
 /* eslint-disable-next-line @kbn/eslint/module_migration */
@@ -36,64 +43,131 @@ const logs = `
 [Sun Mar 7 21:16:17 2004] [error] [client xx.xx.xx.xx] File does not exist: /home/httpd/twiki/view/Main/WebHome
 `;
 
-test('is rendered', () => {
-  const component = shallow(
-    <CodeEditor languageId="loglang" height={250} value={logs} onChange={() => {}} />
-  );
-
-  expect(component).toMatchSnapshot();
-});
+describe('<CodeEditor />', () => {
+  test('is rendered', () => {
+    const component = mountWithIntl(
+      <CodeEditor languageId="loglang" height={250} value={logs} onChange={() => {}} />
+    );
+
+    expect(component).toMatchSnapshot();
+  });
+
+  test('editor mount setup', () => {
+    const suggestionProvider = {
+      provideCompletionItems: (model: monaco.editor.ITextModel, position: monaco.Position) => ({
+        suggestions: [],
+      }),
+    };
+    const hoverProvider = {
+      provideHover: (model: monaco.editor.ITextModel, position: monaco.Position) => ({
+        contents: [],
+      }),
+    };
+
+    const editorWillMount = jest.fn();
+
+    monaco.languages.onLanguage = jest.fn((languageId, func) => {
+      expect(languageId).toBe('loglang');
+
+      // Call the function immediately so we can see our providers
+      // get setup without a monaco editor setting up completely
+      func();
+    }) as any;
+
+    monaco.languages.registerCompletionItemProvider = jest.fn();
+    monaco.languages.registerSignatureHelpProvider = jest.fn();
+    monaco.languages.registerHoverProvider = jest.fn();
+
+    monaco.editor.defineTheme = jest.fn();
+
+    mountWithIntl(
+      <CodeEditor
+        languageId="loglang"
+        value={logs}
+        onChange={() => {}}
+        editorWillMount={editorWillMount}
+        suggestionProvider={suggestionProvider}
+        hoverProvider={hoverProvider}
+      />
+    );
+
+    // Verify our mount callback will be called
+    expect(editorWillMount.mock.calls.length).toBe(1);
+
+    // Verify that both, default and transparent theme will be setup
+    expect((monaco.editor.defineTheme as jest.Mock).mock.calls.length).toBe(2);
+
+    // Verify our language features have been registered
+    expect((monaco.languages.onLanguage as jest.Mock).mock.calls.length).toBe(1);
+    expect((monaco.languages.registerCompletionItemProvider as jest.Mock).mock.calls.length).toBe(
+      1
+    );
+    expect((monaco.languages.registerHoverProvider as jest.Mock).mock.calls.length).toBe(1);
+  });
+
+  describe('hint element', () => {
+    let component: ReactWrapper;
+    const getHint = (): ReactWrapper => findTestSubject(component, 'codeEditorHint');
+
+    beforeEach(() => {
+      component = mountWithIntl(
+        <CodeEditor languageId="loglang" height={250} value={logs} onChange={() => {}} />
+      );
+    });
+
+    test('should be tabable', () => {
+      const DOMnode = getHint().getDOMNode();
+      expect(DOMnode.getAttribute('tabindex')).toBe('0');
+      expect(DOMnode).toMatchSnapshot();
+    });
+
+    test('should be disabled when the ui monaco editor gains focus', async () => {
+      // Initially it is visible and active
+      expect((getHint().props() as any).className).not.toContain('isInactive');
+
+      getHint().simulate('keydown', { key: keys.ENTER });
+
+      expect((getHint().props() as any).className).toContain('isInactive');
+    });
+
+    test('should be enabled when hitting the ESC key', () => {
+      getHint().simulate('keydown', { key: keys.ENTER });
+
+      expect((getHint().props() as any).className).toContain('isInactive');
+
+      findTestSubject(component, 'monacoEditorTextarea').simulate('keydown', {
+        keyCode: monaco.KeyCode.Escape,
+      });
+
+      expect((getHint().props() as any).className).not.toContain('isInactive');
+    });
+
+    test('should detect that the suggestion menu is open and not show the hint on ESC', async () => {
+      getHint().simulate('keydown', { key: keys.ENTER });
+
+      expect((getHint().props() as any).className).toContain('isInactive');
+      expect(mockedEditorInstance?.__helpers__.areSuggestionsVisible()).toBe(false);
+
+      // Show the suggestions in the editor
+      mockedEditorInstance?.__helpers__.showSuggestions();
+      expect(mockedEditorInstance?.__helpers__.areSuggestionsVisible()).toBe(true);
+
+      // Hitting the ESC key with the suggestions visible
+      findTestSubject(component, 'monacoEditorTextarea').simulate('keydown', {
+        keyCode: monaco.KeyCode.Escape,
+      });
+
+      expect(mockedEditorInstance?.__helpers__.areSuggestionsVisible()).toBe(false);
+
+      // The keyboard hint is still **not** active
+      expect((getHint().props() as any).className).toContain('isInactive');
 
-test('editor mount setup', () => {
-  const suggestionProvider = {
-    provideCompletionItems: (model: monaco.editor.ITextModel, position: monaco.Position) => ({
-      suggestions: [],
-    }),
-  };
-  const hoverProvider = {
-    provideHover: (model: monaco.editor.ITextModel, position: monaco.Position) => ({
-      contents: [],
-    }),
-  };
-
-  const editorWillMount = jest.fn();
-
-  monaco.languages.onLanguage = jest.fn((languageId, func) => {
-    expect(languageId).toBe('loglang');
-
-    // Call the function immediately so we can see our providers
-    // get setup without a monaco editor setting up completely
-    func();
-  }) as any;
-
-  monaco.languages.registerCompletionItemProvider = jest.fn();
-  monaco.languages.registerSignatureHelpProvider = jest.fn();
-  monaco.languages.registerHoverProvider = jest.fn();
-
-  monaco.editor.defineTheme = jest.fn();
-
-  const wrapper = shallow(
-    <CodeEditor
-      languageId="loglang"
-      value={logs}
-      onChange={() => {}}
-      editorWillMount={editorWillMount}
-      suggestionProvider={suggestionProvider}
-      hoverProvider={hoverProvider}
-    />
-  );
-
-  const instance = wrapper.instance() as CodeEditor;
-  instance._editorWillMount(monaco);
-
-  // Verify our mount callback will be called
-  expect(editorWillMount.mock.calls.length).toBe(1);
-
-  // Verify that both, default and transparent theme will be setup
-  expect((monaco.editor.defineTheme as jest.Mock).mock.calls.length).toBe(2);
-
-  // Verify our language features have been registered
-  expect((monaco.languages.onLanguage as jest.Mock).mock.calls.length).toBe(1);
-  expect((monaco.languages.registerCompletionItemProvider as jest.Mock).mock.calls.length).toBe(1);
-  expect((monaco.languages.registerHoverProvider as jest.Mock).mock.calls.length).toBe(1);
+      // Hitting a second time the ESC key should now show the hint
+      findTestSubject(component, 'monacoEditorTextarea').simulate('keydown', {
+        keyCode: monaco.KeyCode.Escape,
+      });
+
+      expect((getHint().props() as any).className).not.toContain('isInactive');
+    });
+  });
 });
diff --git a/src/plugins/kibana_react/public/code_editor/code_editor.tsx b/src/plugins/kibana_react/public/code_editor/code_editor.tsx
index e233b4468b0c6f..29b905c511d4cd 100644
--- a/src/plugins/kibana_react/public/code_editor/code_editor.tsx
+++ b/src/plugins/kibana_react/public/code_editor/code_editor.tsx
@@ -6,10 +6,14 @@
  * Side Public License, v 1.
  */
 
-import React from 'react';
+import React, { useState, useRef, useCallback, useMemo, useEffect } from 'react';
 import ReactResizeDetector from 'react-resize-detector';
-import MonacoEditor from 'react-monaco-editor';
+import ReactMonacoEditor from 'react-monaco-editor';
+import { htmlIdGenerator, EuiToolTip, keys } from '@elastic/eui';
 import { monaco } from '@kbn/monaco';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n/react';
+import classNames from 'classnames';
 
 import {
   DARK_THEME,
@@ -100,121 +104,316 @@ export interface Props {
    * Should the editor be rendered using the fullWidth EUI attribute
    */
   fullWidth?: boolean;
+  /**
+   * Accessible name for the editor. (Defaults to "Code editor")
+   */
+  'aria-label'?: string;
 }
 
-export class CodeEditor extends React.Component<Props, {}> {
-  _editor: monaco.editor.IStandaloneCodeEditor | null = null;
-
-  _editorWillMount = (__monaco: unknown) => {
-    if (__monaco !== monaco) {
-      throw new Error('react-monaco-editor is using a different version of monaco');
-    }
-
-    if (this.props.overrideEditorWillMount) {
-      this.props.overrideEditorWillMount();
-      return;
-    }
-
-    if (this.props.editorWillMount) {
-      this.props.editorWillMount();
-    }
-
-    monaco.languages.onLanguage(this.props.languageId, () => {
-      if (this.props.suggestionProvider) {
-        monaco.languages.registerCompletionItemProvider(
-          this.props.languageId,
-          this.props.suggestionProvider
-        );
+export const CodeEditor: React.FC<Props> = ({
+  languageId,
+  value,
+  onChange,
+  width,
+  height,
+  options,
+  overrideEditorWillMount,
+  editorDidMount,
+  editorWillMount,
+  useDarkTheme,
+  transparentBackground,
+  suggestionProvider,
+  signatureProvider,
+  hoverProvider,
+  languageConfiguration,
+  'aria-label': ariaLabel = i18n.translate('kibana-react.kibanaCodeEditor.ariaLabel', {
+    defaultMessage: 'Code Editor',
+  }),
+}) => {
+  // We need to be able to mock the MonacoEditor in our test in order to not test implementation
+  // detail and not have to call methods on the <CodeEditor /> component instance.
+  const MonacoEditor: typeof ReactMonacoEditor = useMemo(() => {
+    const isMockedComponent =
+      typeof ReactMonacoEditor === 'function' && ReactMonacoEditor.name === 'JestMockEditor';
+    return isMockedComponent ? (ReactMonacoEditor as any)() : ReactMonacoEditor;
+  }, []);
+
+  const isReadOnly = options?.readOnly ?? false;
+
+  const _editor = useRef<monaco.editor.IStandaloneCodeEditor | null>(null);
+  const isSuggestionMenuOpen = useRef(false);
+  const editorHint = useRef<HTMLDivElement>(null);
+  const textboxMutationObserver = useRef<MutationObserver | null>(null);
+
+  const [isHintActive, setIsHintActive] = useState(true);
+
+  /* eslint-disable @typescript-eslint/naming-convention */
+  const promptClasses = classNames('kibanaCodeEditor__keyboardHint', {
+    'kibanaCodeEditor__keyboardHint--isInactive': !isHintActive,
+  });
+  /* eslint-enable  @typescript-eslint/naming-convention */
+
+  const _updateDimensions = useCallback(() => {
+    _editor.current?.layout();
+  }, []);
+
+  const startEditing = useCallback(() => {
+    setIsHintActive(false);
+    _editor.current?.focus();
+  }, []);
+
+  const stopEditing = useCallback(() => {
+    setIsHintActive(true);
+  }, []);
+
+  const onKeyDownHint = useCallback(
+    (ev: React.KeyboardEvent) => {
+      if (ev.key === keys.ENTER) {
+        ev.preventDefault();
+        startEditing();
       }
-
-      if (this.props.signatureProvider) {
-        monaco.languages.registerSignatureHelpProvider(
-          this.props.languageId,
-          this.props.signatureProvider
-        );
-      }
-
-      if (this.props.hoverProvider) {
-        monaco.languages.registerHoverProvider(this.props.languageId, this.props.hoverProvider);
+    },
+    [startEditing]
+  );
+
+  const onKeydownMonaco = useCallback(
+    (ev: monaco.IKeyboardEvent) => {
+      if (ev.keyCode === monaco.KeyCode.Escape) {
+        // If the autocompletion context menu is open then we want to let ESCAPE close it but
+        // **not** exit out of editing mode.
+        if (!isSuggestionMenuOpen.current) {
+          ev.preventDefault();
+          ev.stopPropagation();
+          stopEditing();
+          editorHint.current?.focus();
+        }
       }
+    },
+    [stopEditing]
+  );
+
+  const onBlurMonaco = useCallback(() => {
+    stopEditing();
+  }, [stopEditing]);
+
+  const renderPrompt = useCallback(() => {
+    const enterKey = (
+      <strong>
+        {i18n.translate('kibana-react.kibanaCodeEditor.enterKeyLabel', {
+          defaultMessage: 'Enter',
+          description:
+            'The name used for the Enter key on keyword. Will be {key} in kibana-react.kibanaCodeEditor.startEditing(ReadOnly).',
+        })}
+      </strong>
+    );
 
-      if (this.props.languageConfiguration) {
-        monaco.languages.setLanguageConfiguration(
-          this.props.languageId,
-          this.props.languageConfiguration
-        );
-      }
-    });
+    const escapeKey = (
+      <strong>
+        {i18n.translate('kibana-react.kibanaCodeEditor.escapeKeyLabel', {
+          defaultMessage: 'Esc',
+          description:
+            'The label of the Escape key as printed on the keyboard. Will be {key} inside kibana-react.kibanaCodeEditor.stopEditing(ReadOnly).',
+        })}
+      </strong>
+    );
 
-    // Register themes
-    monaco.editor.defineTheme('euiColors', this.props.useDarkTheme ? DARK_THEME : LIGHT_THEME);
-    monaco.editor.defineTheme(
-      'euiColorsTransparent',
-      this.props.useDarkTheme ? DARK_THEME_TRANSPARENT : LIGHT_THEME_TRANSPARENT
+    return (
+      <EuiToolTip
+        display="block"
+        content={
+          <>
+            <p>
+              {isReadOnly ? (
+                <FormattedMessage
+                  id="kibana-react.kibanaCodeEditor.startEditingReadOnly"
+                  defaultMessage="Press {key} to start interacting with the code."
+                  values={{ key: enterKey }}
+                />
+              ) : (
+                <FormattedMessage
+                  id="kibana-react.kibanaCodeEditor.startEditing"
+                  defaultMessage="Press {key} to start editing."
+                  values={{ key: enterKey }}
+                />
+              )}
+            </p>
+            <p>
+              {isReadOnly ? (
+                <FormattedMessage
+                  id="kibana-react.kibanaCodeEditor.stopEditingReadOnly"
+                  defaultMessage="Press {key} to stop interacting with the code."
+                  values={{ key: escapeKey }}
+                />
+              ) : (
+                <FormattedMessage
+                  id="kibana-react.kibanaCodeEditor.stopEditing"
+                  defaultMessage="Press {key} to stop editing."
+                  values={{ key: escapeKey }}
+                />
+              )}
+            </p>
+          </>
+        }
+      >
+        <div
+          className={promptClasses}
+          id={htmlIdGenerator('codeEditor')()}
+          ref={editorHint}
+          tabIndex={0}
+          role="button"
+          onClick={startEditing}
+          onKeyDown={onKeyDownHint}
+          aria-label={ariaLabel}
+          data-test-subj="codeEditorHint"
+        />
+      </EuiToolTip>
     );
-  };
+  }, [onKeyDownHint, promptClasses, startEditing]);
 
-  _editorDidMount = (editor: monaco.editor.IStandaloneCodeEditor, __monaco: unknown) => {
-    if (__monaco !== monaco) {
-      throw new Error('react-monaco-editor is using a different version of monaco');
-    }
+  const _editorWillMount = useCallback(
+    (__monaco: unknown) => {
+      if (__monaco !== monaco) {
+        throw new Error('react-monaco-editor is using a different version of monaco');
+      }
 
-    this._editor = editor;
+      if (overrideEditorWillMount) {
+        overrideEditorWillMount();
+        return;
+      }
 
-    if (this.props.editorDidMount) {
-      this.props.editorDidMount(editor);
-    }
-  };
+      editorWillMount?.();
+
+      monaco.languages.onLanguage(languageId, () => {
+        if (suggestionProvider) {
+          monaco.languages.registerCompletionItemProvider(languageId, suggestionProvider);
+        }
+
+        if (signatureProvider) {
+          monaco.languages.registerSignatureHelpProvider(languageId, signatureProvider);
+        }
+
+        if (hoverProvider) {
+          monaco.languages.registerHoverProvider(languageId, hoverProvider);
+        }
+
+        if (languageConfiguration) {
+          monaco.languages.setLanguageConfiguration(languageId, languageConfiguration);
+        }
+      });
+
+      // Register themes
+      monaco.editor.defineTheme('euiColors', useDarkTheme ? DARK_THEME : LIGHT_THEME);
+      monaco.editor.defineTheme(
+        'euiColorsTransparent',
+        useDarkTheme ? DARK_THEME_TRANSPARENT : LIGHT_THEME_TRANSPARENT
+      );
+    },
+    [
+      overrideEditorWillMount,
+      editorWillMount,
+      languageId,
+      useDarkTheme,
+      suggestionProvider,
+      signatureProvider,
+      hoverProvider,
+      languageConfiguration,
+    ]
+  );
+
+  const _editorDidMount = useCallback(
+    (editor: monaco.editor.IStandaloneCodeEditor, __monaco: unknown) => {
+      if (__monaco !== monaco) {
+        throw new Error('react-monaco-editor is using a different version of monaco');
+      }
 
-  render() {
-    const { languageId, value, onChange, width, height, options } = this.props;
+      _editor.current = editor;
+
+      const textbox = editor.getDomNode()?.getElementsByTagName('textarea')[0];
+      if (textbox) {
+        // Make sure the textarea is not directly accesible with TAB
+        textbox.tabIndex = -1;
+
+        // The Monaco editor seems to override the tabindex and set it back to "0"
+        // so we make sure that whenever the attributes change the tabindex stays at -1
+        textboxMutationObserver.current = new MutationObserver(function onTextboxAttributeChange() {
+          if (textbox.tabIndex >= 0) {
+            textbox.tabIndex = -1;
+          }
+        });
+        textboxMutationObserver.current.observe(textbox, { attributes: true });
+      }
 
-    return (
-      <>
-        <MonacoEditor
-          theme={this.props.transparentBackground ? 'euiColorsTransparent' : 'euiColors'}
-          language={languageId}
-          value={value}
-          onChange={onChange}
-          width={width}
-          height={height}
-          editorWillMount={this._editorWillMount}
-          editorDidMount={this._editorDidMount}
-          options={{
-            renderLineHighlight: 'none',
-            scrollBeyondLastLine: false,
-            minimap: {
-              enabled: false,
-            },
-            scrollbar: {
-              useShadows: false,
-            },
-            wordBasedSuggestions: false,
-            wordWrap: 'on',
-            wrappingIndent: 'indent',
-            matchBrackets: 'never',
-            fontFamily: 'Roboto Mono',
-            fontSize: 12,
-            lineHeight: 21,
-            ...options,
-          }}
-        />
-        <ReactResizeDetector
-          handleWidth
-          handleHeight
-          onResize={this._updateDimensions}
-          refreshMode="debounce"
-        />
-      </>
-    );
-  }
+      editor.onKeyDown(onKeydownMonaco);
+      editor.onDidBlurEditorText(onBlurMonaco);
+
+      // "widget" is not part of the TS interface but does exist
+      // @ts-expect-errors
+      const suggestionWidget = editor.getContribution('editor.contrib.suggestController')?.widget
+        ?.value;
+
+      // As I haven't found official documentation for "onDidShow" and "onDidHide"
+      // we guard from possible changes in the underlying lib
+      if (suggestionWidget && suggestionWidget.onDidShow && suggestionWidget.onDidHide) {
+        suggestionWidget.onDidShow(() => {
+          isSuggestionMenuOpen.current = true;
+        });
+        suggestionWidget.onDidHide(() => {
+          isSuggestionMenuOpen.current = false;
+        });
+      }
 
-  _updateDimensions = () => {
-    if (this._editor) {
-      this._editor.layout();
-    }
-  };
-}
+      editorDidMount?.(editor);
+    },
+    [editorDidMount]
+  );
+
+  useEffect(() => {
+    return () => {
+      textboxMutationObserver.current?.disconnect();
+    };
+  }, []);
+
+  return (
+    <div className="kibanaCodeEditor">
+      {renderPrompt()}
+
+      <MonacoEditor
+        theme={transparentBackground ? 'euiColorsTransparent' : 'euiColors'}
+        language={languageId}
+        value={value}
+        onChange={onChange}
+        width={width}
+        height={height}
+        editorWillMount={_editorWillMount}
+        editorDidMount={_editorDidMount}
+        options={{
+          renderLineHighlight: 'none',
+          scrollBeyondLastLine: false,
+          minimap: {
+            enabled: false,
+          },
+          scrollbar: {
+            useShadows: false,
+          },
+          wordBasedSuggestions: false,
+          wordWrap: 'on',
+          wrappingIndent: 'indent',
+          matchBrackets: 'never',
+          fontFamily: 'Roboto Mono',
+          fontSize: 12,
+          lineHeight: 21,
+          ...options,
+        }}
+      />
+      <ReactResizeDetector
+        handleWidth
+        handleHeight
+        onResize={_updateDimensions}
+        refreshMode="debounce"
+      />
+    </div>
+  );
+};
 
 // React.lazy requires default export
 // eslint-disable-next-line import/no-default-export
diff --git a/src/plugins/kibana_react/public/code_editor/editor.scss b/src/plugins/kibana_react/public/code_editor/editor.scss
index 23a3e3af7e656f..d35b8f3103df38 100644
--- a/src/plugins/kibana_react/public/code_editor/editor.scss
+++ b/src/plugins/kibana_react/public/code_editor/editor.scss
@@ -1,3 +1,24 @@
 .react-monaco-editor-container .monaco-editor .inputarea:focus {
   animation: none !important; // Removes textarea EUI blue underline animation from EUI
 }
+
+.kibanaCodeEditor {
+  position: relative;
+  height: 100%;
+
+  &__keyboardHint {
+    position: absolute;
+    top: 0;
+    bottom: 0;
+    right: 0;
+    left: 0;
+
+    &:focus {
+      z-index: $euiZLevel1;
+    }
+
+    &--isInactive {
+      display: none;
+    }
+  }
+}
diff --git a/src/plugins/screenshot_mode/server/types.ts b/src/plugins/screenshot_mode/server/types.ts
index 4347252e58fce7..566ae197194544 100644
--- a/src/plugins/screenshot_mode/server/types.ts
+++ b/src/plugins/screenshot_mode/server/types.ts
@@ -19,7 +19,8 @@ export interface ScreenshotModePluginSetup {
   isScreenshotMode: IsScreenshotMode;
 
   /**
-   * Set the current environment to screenshot mode. Intended to run in a browser-environment.
+   * Set the current environment to screenshot mode. Intended to run in a browser-environment, before any other scripts
+   * on the page have run to ensure that screenshot mode is detected as early as possible.
    */
   setScreenshotModeEnabled: () => void;
 }
diff --git a/src/plugins/share/public/mocks.ts b/src/plugins/share/public/mocks.ts
index 3333878676e20a..d72068afa285eb 100644
--- a/src/plugins/share/public/mocks.ts
+++ b/src/plugins/share/public/mocks.ts
@@ -27,6 +27,7 @@ const createSetupContract = (): Setup => {
       registerUrlGenerator: jest.fn(),
     },
     url,
+    navigate: jest.fn(),
   };
   return setupContract;
 };
@@ -38,6 +39,7 @@ const createStartContract = (): Start => {
       getUrlGenerator: jest.fn(),
     },
     toggleShareContextMenu: jest.fn(),
+    navigate: jest.fn(),
   };
   return startContract;
 };
diff --git a/src/plugins/share/public/plugin.ts b/src/plugins/share/public/plugin.ts
index adc28556d7a3cc..1382e1968192ce 100644
--- a/src/plugins/share/public/plugin.ts
+++ b/src/plugins/share/public/plugin.ts
@@ -19,7 +19,7 @@ import {
   UrlGeneratorsStart,
 } from './url_generators/url_generator_service';
 import { UrlService } from '../common/url_service';
-import { RedirectManager } from './url_service';
+import { RedirectManager, RedirectOptions } from './url_service';
 
 export interface ShareSetupDependencies {
   securityOss?: SecurityOssPluginSetup;
@@ -42,6 +42,12 @@ export type SharePluginSetup = ShareMenuRegistrySetup & {
    * Utilities to work with URL locators and short URLs.
    */
   url: UrlService;
+
+  /**
+   * Accepts serialized values for extracting a locator, migrating state from a provided version against
+   * the locator, then using the locator to navigate.
+   */
+  navigate(options: RedirectOptions): void;
 };
 
 /** @public */
@@ -57,12 +63,20 @@ export type SharePluginStart = ShareMenuManagerStart & {
    * Utilities to work with URL locators and short URLs.
    */
   url: UrlService;
+
+  /**
+   * Accepts serialized values for extracting a locator, migrating state from a provided version against
+   * the locator, then using the locator to navigate.
+   */
+  navigate(options: RedirectOptions): void;
 };
 
 export class SharePlugin implements Plugin<SharePluginSetup, SharePluginStart> {
   private readonly shareMenuRegistry = new ShareMenuRegistry();
   private readonly shareContextMenu = new ShareMenuManager();
   private readonly urlGeneratorsService = new UrlGeneratorsService();
+
+  private redirectManager?: RedirectManager;
   private url?: UrlService;
 
   public setup(core: CoreSetup, plugins: ShareSetupDependencies): SharePluginSetup {
@@ -87,15 +101,16 @@ export class SharePlugin implements Plugin<SharePluginSetup, SharePluginStart> {
       },
     });
 
-    const redirectManager = new RedirectManager({
+    this.redirectManager = new RedirectManager({
       url: this.url,
     });
-    redirectManager.registerRedirectApp(core);
+    this.redirectManager.registerRedirectApp(core);
 
     return {
       ...this.shareMenuRegistry.setup(),
       urlGenerators: this.urlGeneratorsService.setup(core),
       url: this.url,
+      navigate: (options: RedirectOptions) => this.redirectManager!.navigate(options),
     };
   }
 
@@ -108,6 +123,7 @@ export class SharePlugin implements Plugin<SharePluginSetup, SharePluginStart> {
       ),
       urlGenerators: this.urlGeneratorsService.start(core),
       url: this.url!,
+      navigate: (options: RedirectOptions) => this.redirectManager!.navigate(options),
     };
   }
 }
diff --git a/src/plugins/share/public/url_service/redirect/redirect_manager.ts b/src/plugins/share/public/url_service/redirect/redirect_manager.ts
index 494fb623a48af9..cc45e0d3126af9 100644
--- a/src/plugins/share/public/url_service/redirect/redirect_manager.ts
+++ b/src/plugins/share/public/url_service/redirect/redirect_manager.ts
@@ -52,6 +52,10 @@ export class RedirectManager {
 
   public onMount(urlLocationSearch: string) {
     const options = this.parseSearchParams(urlLocationSearch);
+    this.navigate(options);
+  }
+
+  public navigate(options: RedirectOptions) {
     const locator = this.deps.url.locators.get(options.id);
 
     if (!locator) {
diff --git a/src/plugins/vis_type_timelion/public/helpers/timelion_request_handler.ts b/src/plugins/vis_type_timelion/public/helpers/timelion_request_handler.ts
index fe5e9183976fa4..ffadfde6204de4 100644
--- a/src/plugins/vis_type_timelion/public/helpers/timelion_request_handler.ts
+++ b/src/plugins/vis_type_timelion/public/helpers/timelion_request_handler.ts
@@ -7,6 +7,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import type { KibanaExecutionContext } from 'kibana/public';
 import { KibanaContext, TimeRange, Filter, esQuery, Query } from '../../../data/public';
 import { TimelionVisDependencies } from '../plugin';
 import { getTimezone } from './get_timezone';
@@ -60,12 +61,14 @@ export function getTimelionRequestHandler({
     query,
     visParams,
     searchSessionId,
+    executionContext,
   }: {
     timeRange: TimeRange;
     filters: Filter[];
     query: Query;
     visParams: TimelionVisParams;
     searchSessionId?: string;
+    executionContext?: KibanaExecutionContext;
   }): Promise<TimelionSuccessResponse> {
     const dataSearch = getDataSearch();
     const expression = visParams.expression;
@@ -110,6 +113,7 @@ export function getTimelionRequestHandler({
             searchSession: searchSessionOptions,
           }),
         }),
+        context: executionContext,
       });
     } catch (e) {
       if (e && e.body) {
diff --git a/src/plugins/vis_type_timelion/public/timelion_vis_fn.ts b/src/plugins/vis_type_timelion/public/timelion_vis_fn.ts
index eb5942a9426e20..2f775728667b67 100644
--- a/src/plugins/vis_type_timelion/public/timelion_vis_fn.ts
+++ b/src/plugins/vis_type_timelion/public/timelion_vis_fn.ts
@@ -59,7 +59,7 @@ export const getTimelionVisualizationConfig = (
       help: '',
     },
   },
-  async fn(input, args, { getSearchSessionId }) {
+  async fn(input, args, { getSearchSessionId, getExecutionContext }) {
     const timelionRequestHandler = getTimelionRequestHandler(dependencies);
 
     const visParams = { expression: args.expression, interval: args.interval };
@@ -70,6 +70,7 @@ export const getTimelionVisualizationConfig = (
       filters: get(input, 'filters') as Filter[],
       visParams,
       searchSessionId: getSearchSessionId(),
+      executionContext: getExecutionContext(),
     });
 
     response.visType = TIMELION_VIS_NAME;
diff --git a/src/plugins/vis_type_vega/public/data_model/search_api.ts b/src/plugins/vis_type_vega/public/data_model/search_api.ts
index 7a468b7bfce186..efdbf96e54f058 100644
--- a/src/plugins/vis_type_vega/public/data_model/search_api.ts
+++ b/src/plugins/vis_type_vega/public/data_model/search_api.ts
@@ -8,7 +8,7 @@
 
 import { combineLatest, from } from 'rxjs';
 import { map, tap, switchMap } from 'rxjs/operators';
-import type { CoreStart, IUiSettingsClient } from 'kibana/public';
+import type { CoreStart, IUiSettingsClient, KibanaExecutionContext } from 'kibana/public';
 import {
   getSearchParamsFromRequest,
   SearchRequest,
@@ -56,7 +56,8 @@ export class SearchAPI {
     private readonly dependencies: SearchAPIDependencies,
     private readonly abortSignal?: AbortSignal,
     public readonly inspectorAdapters?: VegaInspectorAdapters,
-    private readonly searchSessionId?: string
+    private readonly searchSessionId?: string,
+    private readonly executionContext?: KibanaExecutionContext
   ) {}
 
   search(searchRequests: SearchRequest[]) {
@@ -87,7 +88,11 @@ export class SearchAPI {
             search
               .search(
                 { params },
-                { abortSignal: this.abortSignal, sessionId: this.searchSessionId }
+                {
+                  abortSignal: this.abortSignal,
+                  sessionId: this.searchSessionId,
+                  executionContext: this.executionContext,
+                }
               )
               .pipe(
                 tap((data) => this.inspectSearchResult(data, requestResponders[requestId])),
diff --git a/src/plugins/vis_type_vega/public/vega_fn.ts b/src/plugins/vis_type_vega/public/vega_fn.ts
index 76479cbcdf1ec9..775bd2623028b3 100644
--- a/src/plugins/vis_type_vega/public/vega_fn.ts
+++ b/src/plugins/vis_type_vega/public/vega_fn.ts
@@ -64,6 +64,7 @@ export const createVegaFn = (
       filters: get(input, 'filters') as any,
       visParams: { spec: args.spec },
       searchSessionId: context.getSearchSessionId(),
+      executionContext: context.getExecutionContext(),
     });
 
     return {
diff --git a/src/plugins/vis_type_vega/public/vega_request_handler.ts b/src/plugins/vis_type_vega/public/vega_request_handler.ts
index 4c523714a25303..4f07785f43c4fd 100644
--- a/src/plugins/vis_type_vega/public/vega_request_handler.ts
+++ b/src/plugins/vis_type_vega/public/vega_request_handler.ts
@@ -5,7 +5,7 @@
  * in compliance with, at your election, the Elastic License 2.0 or the Server
  * Side Public License, v 1.
  */
-
+import type { KibanaExecutionContext } from 'src/core/public';
 import { Filter, esQuery, TimeRange, Query } from '../../data/public';
 
 import { SearchAPI } from './data_model/search_api';
@@ -22,6 +22,7 @@ interface VegaRequestHandlerParams {
   timeRange: TimeRange;
   visParams: VisParams;
   searchSessionId?: string;
+  executionContext?: KibanaExecutionContext;
 }
 
 interface VegaRequestHandlerContext {
@@ -43,6 +44,7 @@ export function createVegaRequestHandler(
     query,
     visParams,
     searchSessionId,
+    executionContext,
   }: VegaRequestHandlerParams) {
     if (!searchAPI) {
       const { search, indexPatterns } = getData();
@@ -56,7 +58,8 @@ export function createVegaRequestHandler(
         },
         context.abortSignal,
         context.inspectorAdapters,
-        searchSessionId
+        searchSessionId,
+        executionContext
       );
     }
 
diff --git a/test/functional/page_objects/settings_page.ts b/test/functional/page_objects/settings_page.ts
index ab581beeb8b3b5..5c51a8e76dcadb 100644
--- a/test/functional/page_objects/settings_page.ts
+++ b/test/functional/page_objects/settings_page.ts
@@ -357,7 +357,12 @@ export class SettingsPageObject extends FtrService {
       }
 
       await this.header.waitUntilLoadingHasFinished();
-      await this.clickAddNewIndexPatternButton();
+      const flyOut = await this.testSubjects.exists('createAnyway');
+      if (flyOut) {
+        await this.testSubjects.click('createAnyway');
+      } else {
+        await this.clickAddNewIndexPatternButton();
+      }
       await this.header.waitUntilLoadingHasFinished();
       if (!isStandardIndexPattern) {
         await this.selectRollupIndexPatternType();
diff --git a/x-pack/examples/reporting_example/common/index.ts b/x-pack/examples/reporting_example/common/index.ts
index f01f2673eff569..ba2fcd21c8c707 100644
--- a/x-pack/examples/reporting_example/common/index.ts
+++ b/x-pack/examples/reporting_example/common/index.ts
@@ -7,3 +7,9 @@
 
 export const PLUGIN_ID = 'reportingExample';
 export const PLUGIN_NAME = 'reportingExample';
+
+export {
+  REPORTING_EXAMPLE_LOCATOR_ID,
+  ReportingExampleLocatorDefinition,
+  ReportingExampleLocatorParams,
+} from './locator';
diff --git a/x-pack/examples/reporting_example/common/locator.ts b/x-pack/examples/reporting_example/common/locator.ts
new file mode 100644
index 00000000000000..fc39ec1c526548
--- /dev/null
+++ b/x-pack/examples/reporting_example/common/locator.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SerializableRecord } from '@kbn/utility-types';
+import type { LocatorDefinition } from '../../../../src/plugins/share/public';
+import { PLUGIN_ID } from '../common';
+
+export const REPORTING_EXAMPLE_LOCATOR_ID = 'REPORTING_EXAMPLE_LOCATOR_ID';
+
+export type ReportingExampleLocatorParams = SerializableRecord;
+
+export class ReportingExampleLocatorDefinition implements LocatorDefinition<{}> {
+  public readonly id = REPORTING_EXAMPLE_LOCATOR_ID;
+
+  migrations = {
+    '1.0.0': (state: {}) => ({ ...state, migrated: true }),
+  };
+
+  public readonly getLocation = async (params: {}) => {
+    return {
+      app: PLUGIN_ID,
+      path: '/',
+      state: params,
+    };
+  };
+}
diff --git a/x-pack/examples/reporting_example/kibana.json b/x-pack/examples/reporting_example/kibana.json
index 64f0fcd62a2200..716c6ea29c2a03 100644
--- a/x-pack/examples/reporting_example/kibana.json
+++ b/x-pack/examples/reporting_example/kibana.json
@@ -10,5 +10,5 @@
   },
   "description": "Example integration code for applications to feature reports.",
   "optionalPlugins": [],
-  "requiredPlugins": ["reporting", "developerExamples", "navigation", "screenshotMode"]
+  "requiredPlugins": ["reporting", "developerExamples", "navigation", "screenshotMode", "share"]
 }
diff --git a/x-pack/examples/reporting_example/public/application.tsx b/x-pack/examples/reporting_example/public/application.tsx
index 5e72a9bd8fbbc1..d945048ecd73e8 100644
--- a/x-pack/examples/reporting_example/public/application.tsx
+++ b/x-pack/examples/reporting_example/public/application.tsx
@@ -9,14 +9,23 @@ import React from 'react';
 import ReactDOM from 'react-dom';
 import { AppMountParameters, CoreStart } from '../../../../src/core/public';
 import { ReportingExampleApp } from './components/app';
-import { SetupDeps, StartDeps } from './types';
+import { SetupDeps, StartDeps, MyForwardableState } from './types';
 
 export const renderApp = (
   coreStart: CoreStart,
   deps: Omit<StartDeps & SetupDeps, 'developerExamples'>,
-  { appBasePath, element }: AppMountParameters // FIXME: appBasePath is deprecated
+  { appBasePath, element }: AppMountParameters, // FIXME: appBasePath is deprecated
+  forwardedParams: MyForwardableState
 ) => {
-  ReactDOM.render(<ReportingExampleApp basename={appBasePath} {...coreStart} {...deps} />, element);
+  ReactDOM.render(
+    <ReportingExampleApp
+      basename={appBasePath}
+      {...coreStart}
+      {...deps}
+      forwardedParams={forwardedParams}
+    />,
+    element
+  );
 
   return () => ReactDOM.unmountComponentAtNode(element);
 };
diff --git a/x-pack/examples/reporting_example/public/components/app.tsx b/x-pack/examples/reporting_example/public/components/app.tsx
index a29c5d2e018d04..a34cd0ab518dee 100644
--- a/x-pack/examples/reporting_example/public/components/app.tsx
+++ b/x-pack/examples/reporting_example/public/components/app.tsx
@@ -21,7 +21,10 @@ import {
   EuiPopover,
   EuiText,
   EuiTitle,
+  EuiCodeBlock,
+  EuiSpacer,
 } from '@elastic/eui';
+import moment from 'moment';
 import { I18nProvider } from '@kbn/i18n/react';
 import React, { useEffect, useState } from 'react';
 import { BrowserRouter as Router } from 'react-router-dom';
@@ -29,11 +32,18 @@ import * as Rx from 'rxjs';
 import { takeWhile } from 'rxjs/operators';
 import { ScreenshotModePluginSetup } from 'src/plugins/screenshot_mode/public';
 import { constants, ReportingStart } from '../../../../../x-pack/plugins/reporting/public';
+import type { JobParamsPDFV2 } from '../../../../plugins/reporting/server/export_types/printable_pdf_v2/types';
+import type { JobParamsPNGV2 } from '../../../../plugins/reporting/server/export_types/png_v2/types';
+
+import { REPORTING_EXAMPLE_LOCATOR_ID } from '../../common';
+
+import { MyForwardableState } from '../types';
 
 interface ReportingExampleAppProps {
   basename: string;
   reporting: ReportingStart;
   screenshotMode: ScreenshotModePluginSetup;
+  forwardedParams?: MyForwardableState;
 }
 
 const sourceLogos = ['Beats', 'Cloud', 'Logging', 'Kibana'];
@@ -42,8 +52,12 @@ export const ReportingExampleApp = ({
   basename,
   reporting,
   screenshotMode,
+  forwardedParams,
 }: ReportingExampleAppProps) => {
-  const { getDefaultLayoutSelectors } = reporting;
+  useEffect(() => {
+    // eslint-disable-next-line no-console
+    console.log('forwardedParams', forwardedParams);
+  }, [forwardedParams]);
 
   // Context Menu
   const [isPopoverOpen, setPopover] = useState(false);
@@ -70,7 +84,6 @@ export const ReportingExampleApp = ({
     return {
       layout: {
         id: constants.LAYOUT_TYPES.PRESERVE_LAYOUT,
-        selectors: getDefaultLayoutSelectors(),
       },
       relativeUrls: ['/app/reportingExample#/intended-visualization'],
       objectType: 'develeloperExample',
@@ -78,20 +91,65 @@ export const ReportingExampleApp = ({
     };
   };
 
+  const getPDFJobParamsDefaultV2 = (): JobParamsPDFV2 => {
+    return {
+      version: '8.0.0',
+      layout: {
+        id: constants.LAYOUT_TYPES.PRESERVE_LAYOUT,
+      },
+      locatorParams: [
+        { id: REPORTING_EXAMPLE_LOCATOR_ID, version: '0.5.0', params: { myTestState: {} } },
+      ],
+      objectType: 'develeloperExample',
+      title: 'Reporting Developer Example',
+      browserTimezone: moment.tz.guess(),
+    };
+  };
+
+  const getPNGJobParamsDefaultV2 = (): JobParamsPNGV2 => {
+    return {
+      version: '8.0.0',
+      layout: {
+        id: constants.LAYOUT_TYPES.PRESERVE_LAYOUT,
+      },
+      locatorParams: {
+        id: REPORTING_EXAMPLE_LOCATOR_ID,
+        version: '0.5.0',
+        params: { myTestState: {} },
+      },
+      objectType: 'develeloperExample',
+      title: 'Reporting Developer Example',
+      browserTimezone: moment.tz.guess(),
+    };
+  };
+
   const panels = [
-    { id: 0, items: [{ name: 'PDF Reports', icon: 'document', panel: 1 }] },
+    {
+      id: 0,
+      items: [
+        { name: 'PDF Reports', icon: 'document', panel: 1 },
+        { name: 'PNG Reports', icon: 'document', panel: 7 },
+      ],
+    },
     {
       id: 1,
       initialFocusedItemIndex: 1,
       title: 'PDF Reports',
       items: [
-        { name: 'No Layout Option', icon: 'document', panel: 2 },
+        { name: 'Default layout', icon: 'document', panel: 2 },
+        { name: 'Default layout V2', icon: 'document', panel: 4 },
         { name: 'Canvas Layout Option', icon: 'canvasApp', panel: 3 },
       ],
     },
+    {
+      id: 7,
+      initialFocusedItemIndex: 0,
+      title: 'PNG Reports',
+      items: [{ name: 'Default layout V2', icon: 'document', panel: 5 }],
+    },
     {
       id: 2,
-      title: 'No Layout Option',
+      title: 'Default layout',
       content: (
         <reporting.components.ReportingPanelPDF
           getJobParams={getPDFJobParamsDefault}
@@ -110,6 +168,26 @@ export const ReportingExampleApp = ({
         />
       ),
     },
+    {
+      id: 4,
+      title: 'Default layout V2',
+      content: (
+        <reporting.components.ReportingPanelPDFV2
+          getJobParams={getPDFJobParamsDefaultV2}
+          onClose={closePopover}
+        />
+      ),
+    },
+    {
+      id: 5,
+      title: 'Default layout V2',
+      content: (
+        <reporting.components.ReportingPanelPNGV2
+          getJobParams={getPNGJobParamsDefaultV2}
+          onClose={closePopover}
+        />
+      ),
+    },
   ];
 
   return (
@@ -124,9 +202,11 @@ export const ReportingExampleApp = ({
             </EuiPageHeader>
             <EuiPageContent>
               <EuiPageContentBody>
+                <EuiTitle>
+                  <h2>Example of a Sharing menu using components from Reporting</h2>
+                </EuiTitle>
+                <EuiSpacer />
                 <EuiText>
-                  <p>Example of a Sharing menu using components from Reporting</p>
-
                   <EuiPopover
                     id="contextMenuExample"
                     button={<EuiButton onClick={onButtonClick}>Share</EuiButton>}
@@ -140,8 +220,29 @@ export const ReportingExampleApp = ({
 
                   <EuiHorizontalRule />
 
-                  <div data-shared-items-container data-shared-items-count="4">
+                  <div data-shared-items-container data-shared-items-count="5">
                     <EuiFlexGroup gutterSize="l">
+                      <EuiFlexItem data-shared-item>
+                        {forwardedParams ? (
+                          <>
+                            <EuiText>
+                              <p>
+                                <strong>Forwarded app state</strong>
+                              </p>
+                            </EuiText>
+                            <EuiCodeBlock>{JSON.stringify(forwardedParams)}</EuiCodeBlock>
+                          </>
+                        ) : (
+                          <>
+                            <EuiText>
+                              <p>
+                                <strong>No forwarded app state found</strong>
+                              </p>
+                            </EuiText>
+                            <EuiCodeBlock>{'{}'}</EuiCodeBlock>
+                          </>
+                        )}
+                      </EuiFlexItem>
                       {logos.map((item, index) => (
                         <EuiFlexItem key={index} data-shared-item>
                           <EuiCard
diff --git a/x-pack/examples/reporting_example/public/plugin.ts b/x-pack/examples/reporting_example/public/plugin.ts
index 644ac7cc8d8a80..6ee103fe8286e5 100644
--- a/x-pack/examples/reporting_example/public/plugin.ts
+++ b/x-pack/examples/reporting_example/public/plugin.ts
@@ -12,11 +12,11 @@ import {
   CoreStart,
   Plugin,
 } from '../../../../src/core/public';
-import { PLUGIN_ID, PLUGIN_NAME } from '../common';
-import { SetupDeps, StartDeps } from './types';
+import { PLUGIN_ID, PLUGIN_NAME, ReportingExampleLocatorDefinition } from '../common';
+import { SetupDeps, StartDeps, MyForwardableState } from './types';
 
 export class ReportingExamplePlugin implements Plugin<void, void, {}, {}> {
-  public setup(core: CoreSetup, { developerExamples, screenshotMode }: SetupDeps): void {
+  public setup(core: CoreSetup, { developerExamples, screenshotMode, share }: SetupDeps): void {
     core.application.register({
       id: PLUGIN_ID,
       title: PLUGIN_NAME,
@@ -30,7 +30,12 @@ export class ReportingExamplePlugin implements Plugin<void, void, {}, {}> {
           unknown
         ];
         // Render the application
-        return renderApp(coreStart, { ...depsStart, screenshotMode }, params);
+        return renderApp(
+          coreStart,
+          { ...depsStart, screenshotMode, share },
+          params,
+          params.history.location.state as MyForwardableState
+        );
       },
     });
 
@@ -40,6 +45,8 @@ export class ReportingExamplePlugin implements Plugin<void, void, {}, {}> {
       title: 'Reporting integration',
       description: 'Demonstrate how to put an Export button on a page and generate reports.',
     });
+
+    share.url.locators.create(new ReportingExampleLocatorDefinition());
   }
 
   public start() {}
diff --git a/x-pack/examples/reporting_example/public/types.ts b/x-pack/examples/reporting_example/public/types.ts
index 55a573285e24fd..fb28293ab63a3c 100644
--- a/x-pack/examples/reporting_example/public/types.ts
+++ b/x-pack/examples/reporting_example/public/types.ts
@@ -7,6 +7,7 @@
 
 import { NavigationPublicPluginStart } from 'src/plugins/navigation/public';
 import { ScreenshotModePluginSetup } from 'src/plugins/screenshot_mode/public';
+import { SharePluginSetup } from 'src/plugins/share/public';
 import { DeveloperExamplesSetup } from '../../../../examples/developer_examples/public';
 import { ReportingStart } from '../../../plugins/reporting/public';
 
@@ -17,9 +18,12 @@ export interface PluginStart {}
 
 export interface SetupDeps {
   developerExamples: DeveloperExamplesSetup;
+  share: SharePluginSetup;
   screenshotMode: ScreenshotModePluginSetup;
 }
 export interface StartDeps {
   navigation: NavigationPublicPluginStart;
   reporting: ReportingStart;
 }
+
+export type MyForwardableState = Record<string, unknown>;
diff --git a/x-pack/plugins/apm/ftr_e2e/README.md b/x-pack/plugins/apm/ftr_e2e/README.md
new file mode 100644
index 00000000000000..007200a6a549a0
--- /dev/null
+++ b/x-pack/plugins/apm/ftr_e2e/README.md
@@ -0,0 +1,26 @@
+# APM E2E
+
+APM uses [FTR](../../../../packages/kbn-test/README.md) (functional test runner) and [Cypress](https://www.cypress.io/) to run the e2e tests. The tests are located at `kibana/x-pack/plugins/apm/ftr_e2e/cypress/integration`.
+
+## Running tests
+
+**Run all tests**
+
+```sh
+//kibana directory
+node x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
+```
+
+**Run specific test**
+
+```sh
+//kibana directory
+node x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js --spec ./cypress/integration/read_only_user/home.spec.ts
+```
+
+## Opening tests
+
+```sh
+//kibana directory
+node x-pack/plugins/apm/scripts/ftr_e2e/cypress_open.js
+```
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts
index 76461d49ba0124..e7fe80a60e57ac 100644
--- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts
@@ -7,6 +7,7 @@
 
 import url from 'url';
 import archives_metadata from '../../fixtures/es_archiver/archives_metadata';
+import { esArchiverLoad, esArchiverUnload } from '../../tasks/es_archiver';
 
 const { start, end } = archives_metadata['apm_8.0.0'];
 
@@ -27,6 +28,12 @@ const apisToIntercept = [
 ];
 
 describe('Home page', () => {
+  before(() => {
+    esArchiverLoad('apm_8.0.0');
+  });
+  after(() => {
+    esArchiverUnload('apm_8.0.0');
+  });
   beforeEach(() => {
     cy.loginAsReadOnlyUser();
   });
@@ -39,8 +46,7 @@ describe('Home page', () => {
     );
   });
 
-  // Flaky
-  it.skip('includes services with only metric documents', () => {
+  it('includes services with only metric documents', () => {
     cy.visit(
       `${serviceInventoryHref}&kuery=not%2520(processor.event%2520%253A%2522transaction%2522%2520)`
     );
@@ -50,11 +56,7 @@ describe('Home page', () => {
   });
 
   describe('navigations', () => {
-    /*
-     This test is flaky, there's a problem with EuiBasicTable, that it blocks any action while loading is enabled.
-     So it might fail to click on the service link.
-    */
-    it.skip('navigates to service overview page with transaction type', () => {
+    it('navigates to service overview page with transaction type', () => {
       apisToIntercept.map(({ endpoint, name }) => {
         cy.intercept('GET', endpoint).as(name);
       });
@@ -63,9 +65,6 @@ describe('Home page', () => {
 
       cy.contains('Services');
 
-      cy.wait('@servicesMainStatistics', { responseTimeout: 10000 });
-      cy.wait('@servicesDetailedStatistics', { responseTimeout: 10000 });
-
       cy.get('[data-test-subj="serviceLink_rum-js"]').then((element) => {
         element[0].click();
       });
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts
index 40a08035f52135..9428f9b9e6bb62 100644
--- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts
+++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts
@@ -67,8 +67,7 @@ describe('Instances table', () => {
       cy.contains('opbeans-java');
       cy.contains(serviceNodeName);
     });
-    // For some reason the details panel is not opening after clicking on the button.
-    it.skip('shows instance details', () => {
+    it('shows instance details', () => {
       apisToIntercept.map(({ endpoint, name }) => {
         cy.intercept('GET', endpoint).as(name);
       });
@@ -88,8 +87,7 @@ describe('Instances table', () => {
         cy.contains('Service');
       });
     });
-    // For some reason the tooltip is not opening after clicking on the button.
-    it.skip('shows actions available', () => {
+    it('shows actions available', () => {
       apisToIntercept.map(({ endpoint, name }) => {
         cy.intercept('GET', endpoint).as(name);
       });
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_run.ts b/x-pack/plugins/apm/ftr_e2e/cypress_run.ts
index 0e9efb775fc7a3..eb319f4b30835e 100644
--- a/x-pack/plugins/apm/ftr_e2e/cypress_run.ts
+++ b/x-pack/plugins/apm/ftr_e2e/cypress_run.ts
@@ -4,15 +4,17 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
+import { argv } from 'yargs';
 import { FtrConfigProviderContext } from '@kbn/test';
 import { cypressRunTests } from './cypress_start';
 
+const spec = argv.grep as string;
+
 async function runE2ETests({ readConfigFile }: FtrConfigProviderContext) {
   const cypressConfig = await readConfigFile(require.resolve('./config.ts'));
   return {
     ...cypressConfig.getAll(),
-    testRunner: cypressRunTests,
+    testRunner: cypressRunTests(spec),
   };
 }
 
diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_start.ts b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts
index a6027367d7868c..7468a4473b3113 100644
--- a/x-pack/plugins/apm/ftr_e2e/cypress_start.ts
+++ b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts
@@ -11,17 +11,19 @@ import { FtrProviderContext } from './ftr_provider_context';
 import archives_metadata from './cypress/fixtures/es_archiver/archives_metadata';
 import { createKibanaUserRole } from '../scripts/kibana-security/create_kibana_user_role';
 
-export async function cypressRunTests({ getService }: FtrProviderContext) {
-  try {
-    const result = await cypressStart(getService, cypress.run);
+export function cypressRunTests(spec?: string) {
+  return async ({ getService }: FtrProviderContext) => {
+    try {
+      const result = await cypressStart(getService, cypress.run, spec);
 
-    if (result && (result.status === 'failed' || result.totalFailed > 0)) {
+      if (result && (result.status === 'failed' || result.totalFailed > 0)) {
+        process.exit(1);
+      }
+    } catch (error) {
+      console.error('errors: ', error);
       process.exit(1);
     }
-  } catch (error) {
-    console.error('errors: ', error);
-    process.exit(1);
-  }
+  };
 }
 
 export async function cypressOpenTests({ getService }: FtrProviderContext) {
@@ -30,7 +32,8 @@ export async function cypressOpenTests({ getService }: FtrProviderContext) {
 
 async function cypressStart(
   getService: FtrProviderContext['getService'],
-  cypressExecution: typeof cypress.run | typeof cypress.open
+  cypressExecution: typeof cypress.run | typeof cypress.open,
+  spec?: string
 ) {
   const config = getService('config');
 
@@ -56,6 +59,7 @@ async function cypressStart(
   });
 
   return cypressExecution({
+    ...(spec !== 'undefined' ? { spec } : {}),
     config: { baseUrl: kibanaUrl },
     env: {
       START_DATE: start,
diff --git a/x-pack/plugins/apm/public/components/app/service_inventory/index.tsx b/x-pack/plugins/apm/public/components/app/service_inventory/index.tsx
index 2a59a98ee31f7b..b807510106f016 100644
--- a/x-pack/plugins/apm/public/components/app/service_inventory/index.tsx
+++ b/x-pack/plugins/apm/public/components/app/service_inventory/index.tsx
@@ -82,7 +82,7 @@ function useServicesFetcher() {
 
   const { mainStatisticsData, requestId } = data;
 
-  const { data: comparisonData, status: comparisonStatus } = useFetcher(
+  const { data: comparisonData } = useFetcher(
     (callApmApi) => {
       if (start && end && mainStatisticsData.items.length) {
         return callApmApi({
@@ -146,12 +146,10 @@ function useServicesFetcher() {
   ]);
 
   return {
-    servicesData: mainStatisticsData,
-    servicesStatus: mainStatisticsStatus,
+    mainStatisticsData,
+    mainStatisticsStatus,
     comparisonData,
-    isLoading:
-      mainStatisticsStatus === FETCH_STATUS.LOADING ||
-      comparisonStatus === FETCH_STATUS.LOADING,
+    isLoading: mainStatisticsStatus === FETCH_STATUS.LOADING,
   };
 }
 
@@ -159,8 +157,8 @@ export function ServiceInventory() {
   const { core } = useApmPluginContext();
   const { fallbackToTransactions } = useFallbackToTransactionsFetcher();
   const {
-    servicesData,
-    servicesStatus,
+    mainStatisticsData,
+    mainStatisticsStatus,
     comparisonData,
     isLoading,
   } = useServicesFetcher();
@@ -200,13 +198,13 @@ export function ServiceInventory() {
         <EuiFlexItem>
           <ServiceList
             isLoading={isLoading}
-            items={servicesData.items}
+            items={mainStatisticsData.items}
             comparisonData={comparisonData}
             noItemsMessage={
               !isLoading && (
                 <NoServicesMessage
-                  historicalDataFound={servicesData.hasHistoricalData}
-                  status={servicesStatus}
+                  historicalDataFound={mainStatisticsData.hasHistoricalData}
+                  status={mainStatisticsStatus}
                 />
               )
             }
diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_errors_table/index.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_errors_table/index.tsx
index c8604be50ee15f..2aad045406f9f6 100644
--- a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_errors_table/index.tsx
+++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_errors_table/index.tsx
@@ -143,7 +143,6 @@ export function ServiceOverviewErrorsTable({ serviceName }: Props) {
 
   const {
     data: errorGroupDetailedStatistics = INITIAL_STATE_DETAILED_STATISTICS,
-    status: errorGroupDetailedStatisticsStatus,
   } = useFetcher(
     (callApmApi) => {
       if (requestId && items.length && start && end && transactionType) {
@@ -220,10 +219,7 @@ export function ServiceOverviewErrorsTable({ serviceName }: Props) {
                 pageSizeOptions: [PAGE_SIZE],
                 hidePerPageOptions: true,
               }}
-              loading={
-                status === FETCH_STATUS.LOADING ||
-                errorGroupDetailedStatisticsStatus === FETCH_STATUS.LOADING
-              }
+              loading={status === FETCH_STATUS.LOADING}
               onChange={(newTableOptions: {
                 page?: {
                   index: number;
diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx
index a6ef16fe85510a..7723e55043e422 100644
--- a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx
+++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx
@@ -166,7 +166,6 @@ export function ServiceOverviewInstancesChartAndTable({
 
   const {
     data: detailedStatsData = INITIAL_STATE_DETAILED_STATISTICS,
-    status: detailedStatsStatus,
   } = useFetcher(
     (callApmApi) => {
       if (
@@ -228,10 +227,7 @@ export function ServiceOverviewInstancesChartAndTable({
             detailedStatsData={detailedStatsData}
             serviceName={serviceName}
             tableOptions={tableOptions}
-            isLoading={
-              mainStatsStatus === FETCH_STATUS.LOADING ||
-              detailedStatsStatus === FETCH_STATUS.LOADING
-            }
+            isLoading={mainStatsStatus === FETCH_STATUS.LOADING}
             onChangeTableOptions={(newTableOptions) => {
               setTableOptions({
                 pageIndex: newTableOptions.page?.index ?? 0,
diff --git a/x-pack/plugins/apm/public/components/shared/transactions_table/index.tsx b/x-pack/plugins/apm/public/components/shared/transactions_table/index.tsx
index 7f1dc2cc150d72..945f259d6d8459 100644
--- a/x-pack/plugins/apm/public/components/shared/transactions_table/index.tsx
+++ b/x-pack/plugins/apm/public/components/shared/transactions_table/index.tsx
@@ -169,10 +169,7 @@ export function TransactionsTable({
     },
   } = data;
 
-  const {
-    data: transactionGroupDetailedStatistics,
-    status: transactionGroupDetailedStatisticsStatus,
-  } = useFetcher(
+  const { data: transactionGroupDetailedStatistics } = useFetcher(
     (callApmApi) => {
       if (
         transactionGroupsTotalItems &&
@@ -217,9 +214,7 @@ export function TransactionsTable({
     comparisonEnabled,
   });
 
-  const isLoading =
-    status === FETCH_STATUS.LOADING ||
-    transactionGroupDetailedStatisticsStatus === FETCH_STATUS.LOADING;
+  const isLoading = status === FETCH_STATUS.LOADING;
 
   const pagination = {
     pageIndex,
diff --git a/x-pack/plugins/apm/readme.md b/x-pack/plugins/apm/readme.md
index 9cfb6210e25415..ef3e1f018ded64 100644
--- a/x-pack/plugins/apm/readme.md
+++ b/x-pack/plugins/apm/readme.md
@@ -33,11 +33,7 @@ _Docker Compose is required_
 
 ### Cypress tests
 
-```sh
-node x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
-```
-
-_Starts Kibana (:5701), APM Server (:8201) and Elasticsearch (:9201). Ingests sample data into Elasticsearch via APM Server and runs the Cypress tests_
+See [ftr_e2e](./ftr_e2e)
 
 ### Jest tests
 
@@ -82,9 +78,10 @@ For debugging access Elasticsearch on http://localhost:9220` (elastic/changeme)
 
 ### API integration tests
 
-API tests are separated in two suites: 
- - a basic license test suite
- - a trial license test suite (the equivalent of gold+)
+API tests are separated in two suites:
+
+- a basic license test suite
+- a trial license test suite (the equivalent of gold+)
 
 This requires separate test servers and test runners.
 
@@ -112,10 +109,10 @@ node scripts/functional_test_runner --config x-pack/test/apm_api_integration/tri
 
 The API tests for "trial" are located in `x-pack/test/apm_api_integration/trial/tests`.
 
-
 **API Test tips**
- - For debugging access Elasticsearch on http://localhost:9220` (elastic/changeme)
- - To update snapshots append `--updateSnapshots` to the functional_test_runner command
+
+- For debugging access Elasticsearch on http://localhost:9220` (elastic/changeme)
+- To update snapshots append `--updateSnapshots` to the functional_test_runner command
 
 ## Linting
 
diff --git a/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
index 39548717aa2f4a..98469008e34122 100644
--- a/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
+++ b/x-pack/plugins/apm/scripts/ftr_e2e/cypress_run.js
@@ -5,12 +5,15 @@
  * 2.0.
  */
 
+const { argv } = require('yargs');
 const childProcess = require('child_process');
 const path = require('path');
 
+const { spec } = argv;
+
 const e2eDir = path.join(__dirname, '../../ftr_e2e');
 
 childProcess.execSync(
-  `node ../../../../scripts/functional_tests --config ./cypress_run.ts`,
+  `node ../../../../scripts/functional_tests --config ./cypress_run.ts --grep ${spec}`,
   { cwd: e2eDir, stdio: 'inherit' }
 );
diff --git a/x-pack/plugins/apm/server/lib/service_map/get_service_map.ts b/x-pack/plugins/apm/server/lib/service_map/get_service_map.ts
index 5fc022508d0a8f..d7c210da8b9996 100644
--- a/x-pack/plugins/apm/server/lib/service_map/get_service_map.ts
+++ b/x-pack/plugins/apm/server/lib/service_map/get_service_map.ts
@@ -67,8 +67,6 @@ async function getConnectionData({
           chunks.map((traceIdsChunk) =>
             getServiceMapFromTraceIds({
               setup,
-              serviceName,
-              environment,
               traceIds: traceIdsChunk,
             })
           )
diff --git a/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.test.ts b/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.test.ts
index 1e3f9df39aef9c..b6c9b90bc5d22e 100644
--- a/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.test.ts
+++ b/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.test.ts
@@ -7,7 +7,6 @@
 
 import { getConnections } from './get_service_map_from_trace_ids';
 import { Connection, ConnectionNode } from '../../../common/service_map';
-import { ENVIRONMENT_NOT_DEFINED } from '../../../common/environment_filter_values';
 
 function getConnectionsPairs(connections: Connection[]) {
   return connections
@@ -69,119 +68,26 @@ describe('getConnections', () => {
         },
       ],
     ] as ConnectionNode[][];
-    describe('if neither service name or environment is given', () => {
-      it('includes all connections', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: undefined,
-          environment: undefined,
-        });
 
-        const connectionsPairs = getConnectionsPairs(connections);
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-node:null',
-          'opbeans-node:null -> opbeans-go:production',
-          'opbeans-go:production -> opbeans-java:production',
-          'opbeans-java:production -> external',
-          'opbeans-ruby:testing -> opbeans-python:testing',
-          'opbeans-python:testing -> external',
-        ]);
-      });
-    });
-
-    describe('if service name and environment are given', () => {
-      it('shows all connections for opbeans-java and production', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: 'opbeans-java',
-          environment: 'production',
-        });
-
-        const connectionsPairs = getConnectionsPairs(connections);
-
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-node:null',
-          'opbeans-node:null -> opbeans-go:production',
-          'opbeans-go:production -> opbeans-java:production',
-          'opbeans-java:production -> external',
-        ]);
-      });
-
-      it('shows all connections for opbeans-python and testing', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: 'opbeans-python',
-          environment: 'testing',
-        });
-
-        const connectionsPairs = getConnectionsPairs(connections);
-
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-python:testing',
-          'opbeans-python:testing -> external',
-        ]);
-      });
-    });
-
-    describe('if service name is given', () => {
-      it('shows all connections for opbeans-node', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: 'opbeans-node',
-          environment: undefined,
-        });
-
-        const connectionsPairs = getConnectionsPairs(connections);
-
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-node:null',
-          'opbeans-node:null -> opbeans-go:production',
-          'opbeans-go:production -> opbeans-java:production',
-          'opbeans-java:production -> external',
-        ]);
-      });
-    });
-
-    describe('if environment is given', () => {
-      it('shows all connections for testing environment', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: undefined,
-          environment: 'testing',
-        });
-
-        const connectionsPairs = getConnectionsPairs(connections);
-
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-node:null',
-          'opbeans-node:null -> opbeans-go:production',
-          'opbeans-go:production -> opbeans-java:production',
-          'opbeans-java:production -> external',
-          'opbeans-ruby:testing -> opbeans-python:testing',
-          'opbeans-python:testing -> external',
-        ]);
+    it('includes all connections', () => {
+      const connections = getConnections({
+        paths,
       });
-      it('shows all connections for production environment', () => {
-        const connections = getConnections({
-          paths,
-          serviceName: undefined,
-          environment: 'production',
-        });
-
-        const connectionsPairs = getConnectionsPairs(connections);
 
-        expect(connectionsPairs).toEqual([
-          'opbeans-ruby:testing -> opbeans-node:null',
-          'opbeans-node:null -> opbeans-go:production',
-          'opbeans-go:production -> opbeans-java:production',
-          'opbeans-java:production -> external',
-        ]);
-      });
+      const connectionsPairs = getConnectionsPairs(connections);
+      expect(connectionsPairs).toEqual([
+        'opbeans-ruby:testing -> opbeans-node:null',
+        'opbeans-node:null -> opbeans-go:production',
+        'opbeans-go:production -> opbeans-java:production',
+        'opbeans-java:production -> external',
+        'opbeans-ruby:testing -> opbeans-python:testing',
+        'opbeans-python:testing -> external',
+      ]);
     });
   });
 
   describe('environment is "not defined"', () => {
-    it('shows all connections where environment is not set', () => {
+    it('includes all connections', () => {
       const environmentNotDefinedPaths = [
         [
           {
@@ -237,12 +143,12 @@ describe('getConnections', () => {
       ] as ConnectionNode[][];
       const connections = getConnections({
         paths: environmentNotDefinedPaths,
-        serviceName: undefined,
-        environment: ENVIRONMENT_NOT_DEFINED.value,
       });
 
       const connectionsPairs = getConnectionsPairs(connections);
       expect(connectionsPairs).toEqual([
+        'opbeans-go:production -> opbeans-java:production',
+        'opbeans-java:production -> external',
         'opbeans-go:null -> opbeans-java:null',
         'opbeans-java:null -> external',
         'opbeans-python:null -> opbeans-node:null',
diff --git a/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.ts b/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.ts
index 7e43c8f6843776..ed99f1909ab07c 100644
--- a/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.ts
+++ b/x-pack/plugins/apm/server/lib/service_map/get_service_map_from_trace_ids.ts
@@ -6,58 +6,19 @@
  */
 
 import { find, uniqBy } from 'lodash';
-import {
-  ENVIRONMENT_ALL,
-  ENVIRONMENT_NOT_DEFINED,
-} from '../../../common/environment_filter_values';
-import {
-  SERVICE_ENVIRONMENT,
-  SERVICE_NAME,
-} from '../../../common/elasticsearch_fieldnames';
 import { Connection, ConnectionNode } from '../../../common/service_map';
 import { Setup, SetupTimeRange } from '../helpers/setup_request';
 import { fetchServicePathsFromTraceIds } from './fetch_service_paths_from_trace_ids';
 
 export function getConnections({
   paths,
-  serviceName,
-  environment,
 }: {
   paths: ConnectionNode[][] | undefined;
-  serviceName: string | undefined;
-  environment: string | undefined;
 }) {
   if (!paths) {
     return [];
   }
 
-  if (serviceName || environment) {
-    paths = paths.filter((path) => {
-      return (
-        path
-          // Only apply the filter on node that contains service name, this filters out external nodes
-          .filter((node) => {
-            return node[SERVICE_NAME];
-          })
-          .some((node) => {
-            if (serviceName && node[SERVICE_NAME] !== serviceName) {
-              return false;
-            }
-
-            if (!environment || environment === ENVIRONMENT_ALL.value) {
-              return true;
-            }
-
-            if (environment === ENVIRONMENT_NOT_DEFINED.value) {
-              return !node[SERVICE_ENVIRONMENT];
-            }
-
-            return node[SERVICE_ENVIRONMENT] === environment;
-          })
-      );
-    });
-  }
-
   const connectionsArr = paths.flatMap((path) => {
     return path.reduce((conns, location, index) => {
       const prev = path[index - 1];
@@ -81,13 +42,9 @@ export function getConnections({
 export async function getServiceMapFromTraceIds({
   setup,
   traceIds,
-  serviceName,
-  environment,
 }: {
   setup: Setup & SetupTimeRange;
   traceIds: string[];
-  serviceName?: string;
-  environment?: string;
 }) {
   const serviceMapFromTraceIdsScriptResponse = await fetchServicePathsFromTraceIds(
     setup,
@@ -100,8 +57,6 @@ export async function getServiceMapFromTraceIds({
   return {
     connections: getConnections({
       paths: serviceMapScriptedAggValue?.paths,
-      serviceName,
-      environment,
     }),
     discoveredServices: serviceMapScriptedAggValue?.discoveredServices ?? [],
   };
diff --git a/x-pack/plugins/apm/server/lib/service_map/get_trace_sample_ids.ts b/x-pack/plugins/apm/server/lib/service_map/get_trace_sample_ids.ts
index c97bfc1cfacc84..5845ba6f5f1a51 100644
--- a/x-pack/plugins/apm/server/lib/service_map/get_trace_sample_ids.ts
+++ b/x-pack/plugins/apm/server/lib/service_map/get_trace_sample_ids.ts
@@ -8,7 +8,6 @@
 import Boom from '@hapi/boom';
 import { sortBy, take, uniq } from 'lodash';
 import { asMutableArray } from '../../../common/utils/as_mutable_array';
-import { ESFilter } from '../../../../../../src/core/types/elasticsearch';
 import {
   SERVICE_ENVIRONMENT,
   SERVICE_NAME,
@@ -36,19 +35,22 @@ export async function getTraceSampleIds({
 
   const query = {
     bool: {
-      filter: [
-        {
-          exists: {
-            field: SPAN_DESTINATION_SERVICE_RESOURCE,
-          },
-        },
-        ...rangeQuery(start, end),
-      ] as ESFilter[],
+      filter: [...rangeQuery(start, end)],
     },
-  } as { bool: { filter: ESFilter[]; must_not?: ESFilter[] | ESFilter } };
+  };
+
+  let events: ProcessorEvent[];
 
   if (serviceName) {
     query.bool.filter.push({ term: { [SERVICE_NAME]: serviceName } });
+    events = [ProcessorEvent.span, ProcessorEvent.transaction];
+  } else {
+    events = [ProcessorEvent.span];
+    query.bool.filter.push({
+      exists: {
+        field: SPAN_DESTINATION_SERVICE_RESOURCE,
+      },
+    });
   }
 
   query.bool.filter.push(...environmentQuery(environment));
@@ -65,7 +67,7 @@ export async function getTraceSampleIds({
 
   const params = {
     apm: {
-      events: [ProcessorEvent.span],
+      events,
     },
     body: {
       size: 0,
@@ -78,6 +80,7 @@ export async function getTraceSampleIds({
                 [SPAN_DESTINATION_SERVICE_RESOURCE]: {
                   terms: {
                     field: SPAN_DESTINATION_SERVICE_RESOURCE,
+                    missing_bucket: true,
                   },
                 },
               },
diff --git a/x-pack/plugins/apm/server/lib/services/get_services/get_services_items.ts b/x-pack/plugins/apm/server/lib/services/get_services/get_services_items.ts
index 3b9792519d261c..5c7579c779eaf9 100644
--- a/x-pack/plugins/apm/server/lib/services/get_services/get_services_items.ts
+++ b/x-pack/plugins/apm/server/lib/services/get_services/get_services_items.ts
@@ -6,13 +6,12 @@
  */
 
 import { Logger } from '@kbn/logging';
-import { asMutableArray } from '../../../../common/utils/as_mutable_array';
-import { joinByKey } from '../../../../common/utils/join_by_key';
 import { withApmSpan } from '../../../utils/with_apm_span';
 import { Setup, SetupTimeRange } from '../../helpers/setup_request';
 import { getHealthStatuses } from './get_health_statuses';
 import { getServicesFromMetricDocuments } from './get_services_from_metric_documents';
 import { getServiceTransactionStats } from './get_service_transaction_stats';
+import { mergeServiceStats } from './merge_service_stats';
 
 export type ServicesItemsSetup = Setup & SetupTimeRange;
 
@@ -53,31 +52,10 @@ export async function getServicesItems({
       }),
     ]);
 
-    const foundServiceNames = transactionStats.map(
-      ({ serviceName }) => serviceName
-    );
-
-    const servicesWithOnlyMetricDocuments = servicesFromMetricDocuments.filter(
-      ({ serviceName }) => !foundServiceNames.includes(serviceName)
-    );
-
-    const allServiceNames = foundServiceNames.concat(
-      servicesWithOnlyMetricDocuments.map(({ serviceName }) => serviceName)
-    );
-
-    // make sure to exclude health statuses from services
-    // that are not found in APM data
-    const matchedHealthStatuses = healthStatuses.filter(({ serviceName }) =>
-      allServiceNames.includes(serviceName)
-    );
-
-    return joinByKey(
-      asMutableArray([
-        ...transactionStats,
-        ...servicesWithOnlyMetricDocuments,
-        ...matchedHealthStatuses,
-      ] as const),
-      'serviceName'
-    );
+    return mergeServiceStats({
+      transactionStats,
+      servicesFromMetricDocuments,
+      healthStatuses,
+    });
   });
 }
diff --git a/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.test.ts b/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.test.ts
new file mode 100644
index 00000000000000..9fa077ee67c462
--- /dev/null
+++ b/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.test.ts
@@ -0,0 +1,183 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { ServiceHealthStatus } from '../../../../common/service_health_status';
+import { PromiseReturnType } from '../../../../../observability/typings/common';
+import { getServiceTransactionStats } from './get_service_transaction_stats';
+import { mergeServiceStats } from './merge_service_stats';
+
+type ServiceTransactionStat = PromiseReturnType<
+  typeof getServiceTransactionStats
+>[number];
+
+function stat(values: Partial<ServiceTransactionStat>): ServiceTransactionStat {
+  return {
+    serviceName: 'opbeans-java',
+    environments: ['production'],
+    latency: 1,
+    throughput: 2,
+    transactionErrorRate: 3,
+    transactionType: 'request',
+    agentName: 'java',
+    ...values,
+  };
+}
+
+describe('mergeServiceStats', () => {
+  it('joins stats by service name', () => {
+    expect(
+      mergeServiceStats({
+        transactionStats: [
+          stat({
+            serviceName: 'opbeans-java',
+            environments: ['production'],
+          }),
+          stat({
+            serviceName: 'opbeans-java-2',
+            environments: ['staging'],
+            throughput: 4,
+          }),
+        ],
+        servicesFromMetricDocuments: [
+          {
+            environments: ['production'],
+            serviceName: 'opbeans-java',
+            agentName: 'java',
+          },
+        ],
+        healthStatuses: [
+          {
+            healthStatus: ServiceHealthStatus.healthy,
+            serviceName: 'opbeans-java',
+          },
+        ],
+      })
+    ).toEqual([
+      {
+        agentName: 'java',
+        environments: ['staging'],
+        serviceName: 'opbeans-java-2',
+        latency: 1,
+        throughput: 4,
+        transactionErrorRate: 3,
+        transactionType: 'request',
+      },
+      {
+        agentName: 'java',
+        environments: ['production'],
+        healthStatus: ServiceHealthStatus.healthy,
+        serviceName: 'opbeans-java',
+        latency: 1,
+        throughput: 2,
+        transactionErrorRate: 3,
+        transactionType: 'request',
+      },
+    ]);
+  });
+
+  it('shows services that only have metric documents', () => {
+    expect(
+      mergeServiceStats({
+        transactionStats: [
+          stat({
+            serviceName: 'opbeans-java-2',
+            environments: ['staging'],
+          }),
+        ],
+        servicesFromMetricDocuments: [
+          {
+            environments: ['production'],
+            serviceName: 'opbeans-java',
+            agentName: 'java',
+          },
+        ],
+        healthStatuses: [
+          {
+            healthStatus: ServiceHealthStatus.healthy,
+            serviceName: 'opbeans-java',
+          },
+        ],
+      })
+    ).toEqual([
+      {
+        agentName: 'java',
+        environments: ['staging'],
+        serviceName: 'opbeans-java-2',
+        latency: 1,
+        throughput: 2,
+        transactionErrorRate: 3,
+        transactionType: 'request',
+      },
+      {
+        agentName: 'java',
+        environments: ['production'],
+        healthStatus: ServiceHealthStatus.healthy,
+        serviceName: 'opbeans-java',
+      },
+    ]);
+  });
+
+  it('does not show services that only have ML data', () => {
+    expect(
+      mergeServiceStats({
+        transactionStats: [
+          stat({
+            serviceName: 'opbeans-java-2',
+            environments: ['staging'],
+          }),
+        ],
+        servicesFromMetricDocuments: [],
+        healthStatuses: [
+          {
+            healthStatus: ServiceHealthStatus.healthy,
+            serviceName: 'opbeans-java',
+          },
+        ],
+      })
+    ).toEqual([
+      {
+        agentName: 'java',
+        environments: ['staging'],
+        serviceName: 'opbeans-java-2',
+        latency: 1,
+        throughput: 2,
+        transactionErrorRate: 3,
+        transactionType: 'request',
+      },
+    ]);
+  });
+
+  it('concatenates environments from metric/transaction data', () => {
+    expect(
+      mergeServiceStats({
+        transactionStats: [
+          stat({
+            serviceName: 'opbeans-java',
+            environments: ['staging'],
+          }),
+        ],
+        servicesFromMetricDocuments: [
+          {
+            environments: ['production'],
+            serviceName: 'opbeans-java',
+            agentName: 'java',
+          },
+        ],
+        healthStatuses: [],
+      })
+    ).toEqual([
+      {
+        agentName: 'java',
+        environments: ['staging', 'production'],
+        serviceName: 'opbeans-java',
+        latency: 1,
+        throughput: 2,
+        transactionErrorRate: 3,
+        transactionType: 'request',
+      },
+    ]);
+  });
+});
diff --git a/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.ts b/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.ts
new file mode 100644
index 00000000000000..00aaa6fd7066dc
--- /dev/null
+++ b/x-pack/plugins/apm/server/lib/services/get_services/merge_service_stats.ts
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { uniq } from 'lodash';
+import { asMutableArray } from '../../../../common/utils/as_mutable_array';
+import { joinByKey } from '../../../../common/utils/join_by_key';
+import { PromiseReturnType } from '../../../../../observability/typings/common';
+import { getHealthStatuses } from './get_health_statuses';
+import { getServicesFromMetricDocuments } from './get_services_from_metric_documents';
+import { getServiceTransactionStats } from './get_service_transaction_stats';
+
+export function mergeServiceStats({
+  transactionStats,
+  servicesFromMetricDocuments,
+  healthStatuses,
+}: {
+  transactionStats: PromiseReturnType<typeof getServiceTransactionStats>;
+  servicesFromMetricDocuments: PromiseReturnType<
+    typeof getServicesFromMetricDocuments
+  >;
+  healthStatuses: PromiseReturnType<typeof getHealthStatuses>;
+}) {
+  const foundServiceNames = transactionStats.map(
+    ({ serviceName }) => serviceName
+  );
+
+  const servicesWithOnlyMetricDocuments = servicesFromMetricDocuments.filter(
+    ({ serviceName }) => !foundServiceNames.includes(serviceName)
+  );
+
+  const allServiceNames = foundServiceNames.concat(
+    servicesWithOnlyMetricDocuments.map(({ serviceName }) => serviceName)
+  );
+
+  // make sure to exclude health statuses from services
+  // that are not found in APM data
+  const matchedHealthStatuses = healthStatuses.filter(({ serviceName }) =>
+    allServiceNames.includes(serviceName)
+  );
+
+  return joinByKey(
+    asMutableArray([
+      ...transactionStats,
+      ...servicesFromMetricDocuments,
+      ...matchedHealthStatuses,
+    ] as const),
+    'serviceName',
+    function merge(a, b) {
+      const aEnvs = 'environments' in a ? a.environments : [];
+      const bEnvs = 'environments' in b ? b.environments : [];
+
+      return {
+        ...a,
+        ...b,
+        environments: uniq(aEnvs.concat(bEnvs)),
+      };
+    }
+  );
+}
diff --git a/x-pack/plugins/canvas/public/components/expression_input/__stories__/__snapshots__/expression_input.stories.storyshot b/x-pack/plugins/canvas/public/components/expression_input/__stories__/__snapshots__/expression_input.stories.storyshot
index 99d5dc3c115be1..fdf14191ece4c6 100644
--- a/x-pack/plugins/canvas/public/components/expression_input/__stories__/__snapshots__/expression_input.stories.storyshot
+++ b/x-pack/plugins/canvas/public/components/expression_input/__stories__/__snapshots__/expression_input.stories.storyshot
@@ -18,15 +18,38 @@ exports[`Storyshots components/ExpressionInput default 1`] = `
         onFocus={[Function]}
       >
         <div
-          className="react-monaco-editor-container"
-          style={
-            Object {
-              "height": "100%",
-              "width": "100%",
+          className="kibanaCodeEditor"
+        >
+          <span
+            className="euiToolTipAnchor euiToolTipAnchor--displayBlock"
+            onKeyUp={[Function]}
+            onMouseOut={[Function]}
+            onMouseOver={[Function]}
+          >
+            <div
+              aria-label="Code Editor"
+              className="kibanaCodeEditor__keyboardHint"
+              data-test-subj="codeEditorHint"
+              id="generated-id"
+              onBlur={[Function]}
+              onClick={[Function]}
+              onFocus={[Function]}
+              onKeyDown={[Function]}
+              role="button"
+              tabIndex={0}
+            />
+          </span>
+          <div
+            className="react-monaco-editor-container"
+            style={
+              Object {
+                "height": "100%",
+                "width": "100%",
+              }
             }
-          }
-        />
-        <div />
+          />
+          <div />
+        </div>
       </div>
     </div>
   </div>
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.test.tsx
new file mode 100644
index 00000000000000..09f1523f8e3be9
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.test.tsx
@@ -0,0 +1,119 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { shallow } from 'enzyme';
+
+import { EuiFieldText } from '@elastic/eui';
+
+import { GenericEndpointInlineEditableTable } from '../../../../shared/tables/generic_endpoint_inline_editable_table';
+
+import { mountWithIntl } from '../../../../test_helpers';
+
+import { EntryPointsTable } from './entry_points_table';
+
+describe('EntryPointsTable', () => {
+  const engineName = 'my-engine';
+  const entryPoints = [
+    { id: '1', value: '/whatever' },
+    { id: '2', value: '/foo' },
+  ];
+  const domain = {
+    createdOn: '2018-01-01T00:00:00.000Z',
+    documentCount: 10,
+    id: '6113e1407a2f2e6f42489794',
+    url: 'https://www.elastic.co',
+    crawlRules: [],
+    entryPoints,
+    sitemaps: [],
+  };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders', () => {
+    const wrapper = shallow(
+      <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+    );
+
+    expect(wrapper.find(GenericEndpointInlineEditableTable).exists()).toBe(true);
+  });
+
+  describe('the first and only column in the table', () => {
+    it('shows the value of an entry point', () => {
+      const entryPoint = { id: '1', value: '/whatever' };
+
+      const wrapper = shallow(
+        <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+      );
+
+      const columns = wrapper.find(GenericEndpointInlineEditableTable).prop('columns');
+      const column = shallow(<div>{columns[0].render(entryPoint)}</div>);
+      expect(column.html()).toContain('/whatever');
+    });
+
+    it('can show the value of an entry point as editable', () => {
+      const entryPoint = { id: '1', value: '/whatever' };
+      const onChange = jest.fn();
+
+      const wrapper = shallow(
+        <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+      );
+
+      const columns = wrapper.find(GenericEndpointInlineEditableTable).prop('columns');
+      const column = shallow(
+        <div>
+          {columns[0].editingRender(entryPoint, onChange, { isInvalid: false, isLoading: false })}
+        </div>
+      );
+
+      const textField = column.find(EuiFieldText);
+      expect(textField.props()).toEqual(
+        expect.objectContaining({
+          value: '/whatever',
+          disabled: false, // It would be disabled if isLoading is true
+          isInvalid: false,
+          prepend: 'https://www.elastic.co',
+        })
+      );
+
+      textField.simulate('change', { target: { value: '/foo' } });
+      expect(onChange).toHaveBeenCalledWith('/foo');
+    });
+  });
+
+  describe('routes', () => {
+    it('can calculate an update and delete route correctly', () => {
+      const wrapper = shallow(
+        <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+      );
+
+      const table = wrapper.find(GenericEndpointInlineEditableTable);
+
+      const entryPoint = { id: '1', value: '/whatever' };
+      expect(table.prop('deleteRoute')(entryPoint)).toEqual(
+        '/api/app_search/engines/my-engine/crawler/domains/6113e1407a2f2e6f42489794/entry_points/1'
+      );
+      expect(table.prop('updateRoute')(entryPoint)).toEqual(
+        '/api/app_search/engines/my-engine/crawler/domains/6113e1407a2f2e6f42489794/entry_points/1'
+      );
+    });
+  });
+
+  it('shows a no items message whem there are no entry points to show', () => {
+    const wrapper = shallow(
+      <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+    );
+
+    const editNewItems = jest.fn();
+    const table = wrapper.find(GenericEndpointInlineEditableTable);
+    const message = mountWithIntl(<div>{table.prop('noItemsMessage')!(editNewItems)}</div>);
+    expect(message.html()).toContain('There are no existing entry points.');
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.tsx
new file mode 100644
index 00000000000000..7657a23ce47891
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table.tsx
@@ -0,0 +1,150 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { useActions } from 'kea';
+
+import { EuiFieldText, EuiLink, EuiSpacer, EuiText, EuiTitle } from '@elastic/eui';
+
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n/react';
+
+import { GenericEndpointInlineEditableTable } from '../../../../shared/tables/generic_endpoint_inline_editable_table';
+import { InlineEditableTableColumn } from '../../../../shared/tables/inline_editable_table/types';
+import { ItemWithAnID } from '../../../../shared/tables/types';
+import { DOCS_PREFIX } from '../../../routes';
+import { CrawlerDomain, EntryPoint } from '../types';
+
+import { EntryPointsTableLogic } from './entry_points_table_logic';
+
+interface EntryPointsTableProps {
+  domain: CrawlerDomain;
+  engineName: string;
+  items: EntryPoint[];
+}
+
+export const EntryPointsTable: React.FC<EntryPointsTableProps> = ({
+  domain,
+  engineName,
+  items,
+}) => {
+  const { onAdd, onDelete, onUpdate } = useActions(EntryPointsTableLogic);
+  const field = 'value';
+
+  const columns: Array<InlineEditableTableColumn<ItemWithAnID>> = [
+    {
+      editingRender: (entryPoint, onChange, { isInvalid, isLoading }) => (
+        <EuiFieldText
+          fullWidth
+          value={(entryPoint as EntryPoint)[field]}
+          onChange={(e) => onChange(e.target.value)}
+          disabled={isLoading}
+          isInvalid={isInvalid}
+          prepend={domain.url}
+        />
+      ),
+      render: (entryPoint) => (
+        <EuiText size="s">
+          {domain.url}
+          {(entryPoint as EntryPoint)[field]}
+        </EuiText>
+      ),
+      name: i18n.translate(
+        'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.urlTableHead',
+        { defaultMessage: 'URL' }
+      ),
+      field,
+    },
+  ];
+
+  const entryPointsRoute = `/api/app_search/engines/${engineName}/crawler/domains/${domain.id}/entry_points`;
+
+  const getEntryPointRoute = (entryPoint: EntryPoint) =>
+    `/api/app_search/engines/${engineName}/crawler/domains/${domain.id}/entry_points/${entryPoint.id}`;
+
+  return (
+    <GenericEndpointInlineEditableTable
+      addButtonText={i18n.translate(
+        'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.addButtonLabel',
+        { defaultMessage: 'Add entry point' }
+      )}
+      columns={columns}
+      description={
+        <p>
+          {i18n.translate('xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.description', {
+            defaultMessage:
+              'Include the most important URLs for your website here. Entry point URLs will be the first pages to be indexed and processed for links to other pages.',
+          })}{' '}
+          <EuiLink
+            href={`${DOCS_PREFIX}/crawl-web-content.html#crawl-web-content-manage-entry-points`}
+            target="_blank"
+            external
+          >
+            {i18n.translate(
+              'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.learnMoreLinkText',
+              { defaultMessage: 'Learn more about entry points.' }
+            )}
+          </EuiLink>
+        </p>
+      }
+      instanceId="EntryPointsTable"
+      items={items}
+      lastItemWarning={i18n.translate(
+        'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.lastItemMessage',
+        { defaultMessage: 'The crawler requires at least one entry point.' }
+      )}
+      // Since canRemoveLastItem is false, the only time noItemsMessage would be displayed is if the last entry point was deleted via the API.
+      noItemsMessage={(editNewItem) => (
+        <>
+          <EuiSpacer />
+          <EuiTitle size="m">
+            <h4>
+              {i18n.translate(
+                'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.emptyMessageTitle',
+                {
+                  defaultMessage: 'There are no existing entry points.',
+                }
+              )}
+            </h4>
+          </EuiTitle>
+          <EuiSpacer />
+          <EuiText>
+            <FormattedMessage
+              id="xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.emptyMessageDescription"
+              defaultMessage="{link} to specify an entry point
+              for the crawler"
+              values={{
+                link: (
+                  <EuiLink onClick={editNewItem}>
+                    {i18n.translate(
+                      'xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.emptyMessageLinkText',
+                      { defaultMessage: 'Add an entry point' }
+                    )}
+                  </EuiLink>
+                ),
+              }}
+            />
+          </EuiText>
+          <EuiSpacer />
+        </>
+      )}
+      addRoute={entryPointsRoute}
+      canRemoveLastItem={false}
+      deleteRoute={getEntryPointRoute}
+      updateRoute={getEntryPointRoute}
+      dataProperty="entry_points"
+      onAdd={onAdd}
+      onDelete={onDelete}
+      onUpdate={onUpdate}
+      title={i18n.translate('xpack.enterpriseSearch.appSearch.crawler.entryPointsTable.title', {
+        defaultMessage: 'Entry points',
+      })}
+      disableReordering
+    />
+  );
+};
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.test.ts
new file mode 100644
index 00000000000000..7d6704b9abdb3c
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.test.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+jest.mock('../crawler_single_domain_logic', () => ({
+  CrawlerSingleDomainLogic: {
+    actions: {
+      updateEntryPoints: jest.fn(),
+    },
+  },
+}));
+
+import { LogicMounter, mockFlashMessageHelpers } from '../../../../__mocks__/kea_logic';
+
+import { CrawlerSingleDomainLogic } from '../crawler_single_domain_logic';
+
+import { EntryPointsTableLogic } from './entry_points_table_logic';
+
+describe('EntryPointsTableLogic', () => {
+  const { mount } = new LogicMounter(EntryPointsTableLogic);
+  const { clearFlashMessages, flashSuccessToast } = mockFlashMessageHelpers;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('listeners', () => {
+    describe('onAdd', () => {
+      it('should update the entry points for the current domain, and clear flash messages', () => {
+        const entryThatWasAdded = { id: '2', value: 'bar' };
+        const updatedEntries = [
+          { id: '1', value: 'foo' },
+          { id: '2', value: 'bar' },
+        ];
+        mount();
+        EntryPointsTableLogic.actions.onAdd(entryThatWasAdded, updatedEntries);
+        expect(CrawlerSingleDomainLogic.actions.updateEntryPoints).toHaveBeenCalledWith(
+          updatedEntries
+        );
+        expect(clearFlashMessages).toHaveBeenCalled();
+      });
+    });
+
+    describe('onDelete', () => {
+      it('should update the entry points for the current domain, clear flash messages, and show a success toast', () => {
+        const entryThatWasDeleted = { id: '2', value: 'bar' };
+        const updatedEntries = [{ id: '1', value: 'foo' }];
+        mount();
+        EntryPointsTableLogic.actions.onDelete(entryThatWasDeleted, updatedEntries);
+        expect(CrawlerSingleDomainLogic.actions.updateEntryPoints).toHaveBeenCalledWith(
+          updatedEntries
+        );
+        expect(clearFlashMessages).toHaveBeenCalled();
+        expect(flashSuccessToast).toHaveBeenCalled();
+      });
+    });
+
+    describe('onUpdate', () => {
+      it('should update the entry points for the current domain, clear flash messages, and show a success toast', () => {
+        const entryThatWasUpdated = { id: '2', value: 'baz' };
+        const updatedEntries = [
+          { id: '1', value: 'foo' },
+          { id: '2', value: 'baz' },
+        ];
+        mount();
+        EntryPointsTableLogic.actions.onUpdate(entryThatWasUpdated, updatedEntries);
+        expect(CrawlerSingleDomainLogic.actions.updateEntryPoints).toHaveBeenCalledWith(
+          updatedEntries
+        );
+        expect(clearFlashMessages).toHaveBeenCalled();
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.ts
new file mode 100644
index 00000000000000..2332a24ea8b748
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/entry_points_table_logic.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { kea, MakeLogicType } from 'kea';
+
+import { clearFlashMessages, flashSuccessToast } from '../../../../shared/flash_messages';
+
+import { CrawlerSingleDomainLogic } from '../crawler_single_domain_logic';
+
+import { EntryPoint } from '../types';
+
+interface EntryPointsTableValues {
+  dataLoading: boolean;
+}
+
+interface EntryPointsTableActions {
+  onAdd(
+    entryPoint: EntryPoint,
+    entryPoints: EntryPoint[]
+  ): { entryPoint: EntryPoint; entryPoints: EntryPoint[] };
+  onDelete(
+    entryPoint: EntryPoint,
+    entryPoints: EntryPoint[]
+  ): { entryPoint: EntryPoint; entryPoints: EntryPoint[] };
+  onUpdate(
+    entryPoint: EntryPoint,
+    entryPoints: EntryPoint[]
+  ): { entryPoint: EntryPoint; entryPoints: EntryPoint[] };
+}
+
+export const EntryPointsTableLogic = kea<
+  MakeLogicType<EntryPointsTableValues, EntryPointsTableActions>
+>({
+  path: ['enterprise_search', 'app_search', 'crawler', 'entry_points_table'],
+  actions: () => ({
+    onAdd: (entryPoint, entryPoints) => ({ entryPoint, entryPoints }),
+    onDelete: (entryPoint, entryPoints) => ({ entryPoint, entryPoints }),
+    onUpdate: (entryPoint, entryPoints) => ({ entryPoint, entryPoints }),
+  }),
+  listeners: () => ({
+    onAdd: ({ entryPoints }) => {
+      CrawlerSingleDomainLogic.actions.updateEntryPoints(entryPoints);
+      clearFlashMessages();
+    },
+    onDelete: ({ entryPoint, entryPoints }) => {
+      CrawlerSingleDomainLogic.actions.updateEntryPoints(entryPoints);
+      clearFlashMessages();
+      flashSuccessToast(`Entry point "${entryPoint.value}" was removed.`);
+    },
+    onUpdate: ({ entryPoints }) => {
+      CrawlerSingleDomainLogic.actions.updateEntryPoints(entryPoints);
+      clearFlashMessages();
+    },
+  }),
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain.tsx
index 6419c31cc16ca9..da910ebc307260 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain.tsx
@@ -11,22 +11,24 @@ import { useParams } from 'react-router-dom';
 
 import { useActions, useValues } from 'kea';
 
-import { EuiCode, EuiSpacer, EuiTitle } from '@elastic/eui';
+import { EuiCode, EuiPanel, EuiSpacer, EuiTitle } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
 
-import { getEngineBreadcrumbs } from '../engine';
+import { EngineLogic, getEngineBreadcrumbs } from '../engine';
 import { AppSearchPageTemplate } from '../layout';
 
 import { CrawlerStatusBanner } from './components/crawler_status_banner';
 import { CrawlerStatusIndicator } from './components/crawler_status_indicator/crawler_status_indicator';
 import { DeleteDomainPanel } from './components/delete_domain_panel';
+import { EntryPointsTable } from './components/entry_points_table';
 import { ManageCrawlsPopover } from './components/manage_crawls_popover/manage_crawls_popover';
 import { CRAWLER_TITLE } from './constants';
 import { CrawlerSingleDomainLogic } from './crawler_single_domain_logic';
 
 export const CrawlerSingleDomain: React.FC = () => {
   const { domainId } = useParams() as { domainId: string };
+  const { engineName } = EngineLogic.values;
 
   const { dataLoading, domain } = useValues(CrawlerSingleDomainLogic);
 
@@ -51,6 +53,14 @@ export const CrawlerSingleDomain: React.FC = () => {
     >
       <CrawlerStatusBanner />
       <EuiSpacer size="l" />
+      {domain && (
+        <>
+          <EuiPanel paddingSize="l" hasBorder>
+            <EntryPointsTable domain={domain} engineName={engineName} items={domain.entryPoints} />
+          </EuiPanel>
+          <EuiSpacer size="xl" />
+        </>
+      )}
       <EuiTitle size="s">
         <h2>
           {i18n.translate(
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.test.ts
index f6c3b2c87ab8c4..ead0c0ad91cedd 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.test.ts
@@ -51,6 +51,36 @@ describe('CrawlerSingleDomainLogic', () => {
         expect(CrawlerSingleDomainLogic.values.domain).toEqual(domain);
       });
     });
+
+    describe('updateEntryPoints', () => {
+      beforeEach(() => {
+        mount({
+          domain: {
+            id: '507f1f77bcf86cd799439011',
+            entryPoints: [],
+          },
+        });
+
+        CrawlerSingleDomainLogic.actions.updateEntryPoints([
+          {
+            id: '1234',
+            value: '/',
+          },
+        ]);
+      });
+
+      it('should update the entry points on the domain', () => {
+        expect(CrawlerSingleDomainLogic.values.domain).toEqual({
+          id: '507f1f77bcf86cd799439011',
+          entryPoints: [
+            {
+              id: '1234',
+              value: '/',
+            },
+          ],
+        });
+      });
+    });
   });
 
   describe('listeners', () => {
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.ts
index 7b5ba6984f106f..780cab45564bba 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/crawler_single_domain_logic.ts
@@ -14,7 +14,7 @@ import { KibanaLogic } from '../../../shared/kibana';
 import { ENGINE_CRAWLER_PATH } from '../../routes';
 import { EngineLogic, generateEnginePath } from '../engine';
 
-import { CrawlerDomain } from './types';
+import { CrawlerDomain, EntryPoint } from './types';
 import { crawlerDomainServerToClient, getDeleteDomainSuccessMessage } from './utils';
 
 export interface CrawlerSingleDomainValues {
@@ -26,6 +26,7 @@ interface CrawlerSingleDomainActions {
   deleteDomain(domain: CrawlerDomain): { domain: CrawlerDomain };
   fetchDomainData(domainId: string): { domainId: string };
   onReceiveDomainData(domain: CrawlerDomain): { domain: CrawlerDomain };
+  updateEntryPoints(entryPoints: EntryPoint[]): { entryPoints: EntryPoint[] };
 }
 
 export const CrawlerSingleDomainLogic = kea<
@@ -36,6 +37,7 @@ export const CrawlerSingleDomainLogic = kea<
     deleteDomain: (domain) => ({ domain }),
     fetchDomainData: (domainId) => ({ domainId }),
     onReceiveDomainData: (domain) => ({ domain }),
+    updateEntryPoints: (entryPoints) => ({ entryPoints }),
   },
   reducers: {
     dataLoading: [
@@ -48,6 +50,8 @@ export const CrawlerSingleDomainLogic = kea<
       null,
       {
         onReceiveDomainData: (_, { domain }) => domain,
+        updateEntryPoints: (currentDomain, { entryPoints }) =>
+          ({ ...currentDomain, entryPoints } as CrawlerDomain),
       },
     ],
   },
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/generic_endpoint_inline_editable_table.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/generic_endpoint_inline_editable_table.tsx
index 63b3d4b407667a..4db5e81653a9a1 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/generic_endpoint_inline_editable_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/generic_endpoint_inline_editable_table.tsx
@@ -32,6 +32,7 @@ export interface GenericEndpointInlineEditableTableProps
   onDelete(item: ItemWithAnID, items: ItemWithAnID[]): void;
   onUpdate(item: ItemWithAnID, items: ItemWithAnID[]): void;
   onReorder?(items: ItemWithAnID[]): void;
+  disableReordering?: boolean;
 }
 
 export const GenericEndpointInlineEditableTable = ({
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/index.ts b/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/index.ts
new file mode 100644
index 00000000000000..ce766171a85c6b
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/tables/generic_endpoint_inline_editable_table/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { GenericEndpointInlineEditableTable } from './generic_endpoint_inline_editable_table';
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/tables/inline_editable_table/inline_editable_table.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/tables/inline_editable_table/inline_editable_table.tsx
index 3e351f5826abc3..093692dfde3351 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/tables/inline_editable_table/inline_editable_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/tables/inline_editable_table/inline_editable_table.tsx
@@ -33,6 +33,7 @@ export interface InlineEditableTableProps<Item extends ItemWithAnID> {
   canRemoveLastItem?: boolean;
   className?: string;
   description?: React.ReactNode;
+  disableReordering?: boolean;
   isLoading?: boolean;
   lastItemWarning?: string;
   noItemsMessage?: (editNewItem: () => void) => React.ReactNode;
@@ -170,6 +171,7 @@ export const InlineEditableTableContents = <Item extends ItemWithAnID>({
         noItemsMessage={noItemsMessage(editNewItem)}
         onReorder={reorderItems}
         disableDragging={isEditing}
+        {...rest}
       />
     </>
   );
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/tables/types.ts b/x-pack/plugins/enterprise_search/public/applications/shared/tables/types.ts
index f2a2531726b337..8407a14eae207b 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/tables/types.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/tables/types.ts
@@ -6,6 +6,6 @@
  */
 
 export type ItemWithAnID = {
-  id: number | null;
+  id: number | string | null;
   created_at?: string;
 } & object;
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.test.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.test.ts
new file mode 100644
index 00000000000000..cdfb397b47c7e7
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.test.ts
@@ -0,0 +1,134 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { mockDependencies, mockRequestHandler, MockRouter } from '../../__mocks__';
+
+import { registerCrawlerEntryPointRoutes } from './crawler_entry_points';
+
+describe('crawler entry point routes', () => {
+  describe('POST /api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({
+        method: 'post',
+        path: '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points',
+      });
+
+      registerCrawlerEntryPointRoutes({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    it('creates a request to enterprise search', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points',
+        params: {
+          respond_with: 'index',
+        },
+      });
+    });
+
+    it('validates correctly with required params', () => {
+      const request = {
+        params: { engineName: 'some-engine', domainId: '1234' },
+        body: {
+          value: 'test',
+        },
+      };
+      mockRouter.shouldValidate(request);
+    });
+
+    it('fails otherwise', () => {
+      const request = { params: {}, body: {} };
+      mockRouter.shouldThrow(request);
+    });
+  });
+
+  describe('PUT /api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({
+        method: 'put',
+        path:
+          '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}',
+      });
+
+      registerCrawlerEntryPointRoutes({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    it('creates a request to enterprise search', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points/:entryPointId',
+        params: {
+          respond_with: 'index',
+        },
+      });
+    });
+
+    it('validates correctly with required params', () => {
+      const request = {
+        params: { engineName: 'some-engine', domainId: '1234', entryPointId: '5678' },
+        body: {
+          value: 'test',
+        },
+      };
+      mockRouter.shouldValidate(request);
+    });
+
+    it('fails otherwise', () => {
+      const request = { params: {}, body: {} };
+      mockRouter.shouldThrow(request);
+    });
+  });
+
+  describe('DELETE /api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({
+        method: 'delete',
+        path:
+          '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}',
+      });
+
+      registerCrawlerEntryPointRoutes({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    it('creates a request to enterprise search', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points/:entryPointId',
+        params: {
+          respond_with: 'index',
+        },
+      });
+    });
+
+    it('validates correctly with required params', () => {
+      const request = {
+        params: { engineName: 'some-engine', domainId: '1234', entryPointId: '5678' },
+      };
+      mockRouter.shouldValidate(request);
+    });
+
+    it('fails otherwise', () => {
+      const request = { params: {} };
+      mockRouter.shouldThrow(request);
+    });
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.ts
new file mode 100644
index 00000000000000..88cb58f70953c9
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/server/routes/app_search/crawler_entry_points.ts
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+import { RouteDependencies } from '../../plugin';
+
+export function registerCrawlerEntryPointRoutes({
+  router,
+  enterpriseSearchRequestHandler,
+}: RouteDependencies) {
+  router.post(
+    {
+      path: '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points',
+      validate: {
+        params: schema.object({
+          engineName: schema.string(),
+          domainId: schema.string(),
+        }),
+        body: schema.object({
+          value: schema.string(),
+        }),
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points',
+      params: {
+        respond_with: 'index',
+      },
+    })
+  );
+
+  router.put(
+    {
+      path:
+        '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}',
+      validate: {
+        params: schema.object({
+          engineName: schema.string(),
+          domainId: schema.string(),
+          entryPointId: schema.string(),
+        }),
+        body: schema.object({
+          value: schema.string(),
+        }),
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points/:entryPointId',
+      params: {
+        respond_with: 'index',
+      },
+    })
+  );
+
+  router.delete(
+    {
+      path:
+        '/api/app_search/engines/{engineName}/crawler/domains/{domainId}/entry_points/{entryPointId}',
+      validate: {
+        params: schema.object({
+          engineName: schema.string(),
+          domainId: schema.string(),
+          entryPointId: schema.string(),
+        }),
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/api/as/v0/engines/:engineName/crawler/domains/:domainId/entry_points/:entryPointId',
+      params: {
+        respond_with: 'index',
+      },
+    })
+  );
+}
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts
index 2442b61c632c1a..af5cc78f01e78e 100644
--- a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts
@@ -10,6 +10,7 @@ import { RouteDependencies } from '../../plugin';
 import { registerAnalyticsRoutes } from './analytics';
 import { registerApiLogsRoutes } from './api_logs';
 import { registerCrawlerRoutes } from './crawler';
+import { registerCrawlerEntryPointRoutes } from './crawler_entry_points';
 import { registerCredentialsRoutes } from './credentials';
 import { registerCurationsRoutes } from './curations';
 import { registerDocumentsRoutes, registerDocumentRoutes } from './documents';
@@ -44,4 +45,5 @@ export const registerAppSearchRoutes = (dependencies: RouteDependencies) => {
   registerApiLogsRoutes(dependencies);
   registerOnboardingRoutes(dependencies);
   registerCrawlerRoutes(dependencies);
+  registerCrawlerEntryPointRoutes(dependencies);
 };
diff --git a/x-pack/plugins/infra/common/alerting/metrics/types.ts b/x-pack/plugins/infra/common/alerting/metrics/types.ts
index 94ec40dd2847e8..2e8ad1de3413cf 100644
--- a/x-pack/plugins/infra/common/alerting/metrics/types.ts
+++ b/x-pack/plugins/infra/common/alerting/metrics/types.ts
@@ -6,7 +6,6 @@
  */
 import * as rt from 'io-ts';
 import { ANOMALY_THRESHOLD } from '../../infra_ml';
-import { ItemTypeRT } from '../../inventory_models/types';
 
 // TODO: Have threshold and inventory alerts import these types from this file instead of from their
 // local directories
@@ -55,95 +54,3 @@ export interface MetricAnomalyParams {
   threshold: Exclude<ANOMALY_THRESHOLD, ANOMALY_THRESHOLD.LOW>;
   influencerFilter: rt.TypeOf<typeof metricAnomalyInfluencerFilterRT> | undefined;
 }
-
-// Alert Preview API
-const baseAlertRequestParamsRT = rt.intersection([
-  rt.partial({
-    filterQuery: rt.union([rt.string, rt.undefined]),
-    sourceId: rt.string,
-  }),
-  rt.type({
-    lookback: rt.union([
-      rt.literal('ms'),
-      rt.literal('s'),
-      rt.literal('m'),
-      rt.literal('h'),
-      rt.literal('d'),
-      rt.literal('w'),
-      rt.literal('M'),
-      rt.literal('y'),
-    ]),
-    alertInterval: rt.string,
-    alertThrottle: rt.string,
-    alertOnNoData: rt.boolean,
-    alertNotifyWhen: rt.string,
-  }),
-]);
-
-const metricThresholdAlertPreviewRequestParamsRT = rt.intersection([
-  baseAlertRequestParamsRT,
-  rt.partial({
-    groupBy: rt.union([rt.string, rt.array(rt.string), rt.undefined]),
-  }),
-  rt.type({
-    alertType: rt.literal(METRIC_THRESHOLD_ALERT_TYPE_ID),
-    criteria: rt.array(rt.any),
-  }),
-]);
-export type MetricThresholdAlertPreviewRequestParams = rt.TypeOf<
-  typeof metricThresholdAlertPreviewRequestParamsRT
->;
-
-const inventoryAlertPreviewRequestParamsRT = rt.intersection([
-  baseAlertRequestParamsRT,
-  rt.type({
-    nodeType: ItemTypeRT,
-    alertType: rt.literal(METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID),
-    criteria: rt.array(rt.any),
-  }),
-]);
-export type InventoryAlertPreviewRequestParams = rt.TypeOf<
-  typeof inventoryAlertPreviewRequestParamsRT
->;
-
-const metricAnomalyAlertPreviewRequestParamsRT = rt.intersection([
-  baseAlertRequestParamsRT,
-  rt.type({
-    nodeType: metricAnomalyNodeTypeRT,
-    metric: metricAnomalyMetricRT,
-    threshold: rt.number,
-    alertType: rt.literal(METRIC_ANOMALY_ALERT_TYPE_ID),
-    spaceId: rt.string,
-  }),
-  rt.partial({
-    influencerFilter: metricAnomalyInfluencerFilterRT,
-  }),
-]);
-export type MetricAnomalyAlertPreviewRequestParams = rt.TypeOf<
-  typeof metricAnomalyAlertPreviewRequestParamsRT
->;
-
-export const alertPreviewRequestParamsRT = rt.union([
-  metricThresholdAlertPreviewRequestParamsRT,
-  inventoryAlertPreviewRequestParamsRT,
-  metricAnomalyAlertPreviewRequestParamsRT,
-]);
-export type AlertPreviewRequestParams = rt.TypeOf<typeof alertPreviewRequestParamsRT>;
-
-export const alertPreviewSuccessResponsePayloadRT = rt.type({
-  numberOfGroups: rt.number,
-  resultTotals: rt.intersection([
-    rt.type({
-      fired: rt.number,
-      noData: rt.number,
-      error: rt.number,
-      notifications: rt.number,
-    }),
-    rt.partial({
-      warning: rt.number,
-    }),
-  ]),
-});
-export type AlertPreviewSuccessResponsePayload = rt.TypeOf<
-  typeof alertPreviewSuccessResponsePayloadRT
->;
diff --git a/x-pack/plugins/infra/public/alerting/common/components/alert_preview.tsx b/x-pack/plugins/infra/public/alerting/common/components/alert_preview.tsx
deleted file mode 100644
index 7d7b0004fa068c..00000000000000
--- a/x-pack/plugins/infra/public/alerting/common/components/alert_preview.tsx
+++ /dev/null
@@ -1,530 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { omit } from 'lodash';
-import React, { useCallback, useMemo, useState } from 'react';
-import {
-  EuiSpacer,
-  EuiFormRow,
-  EuiButton,
-  EuiSelect,
-  EuiFlexGroup,
-  EuiFlexItem,
-  EuiCallOut,
-  EuiAccordion,
-  EuiCodeBlock,
-  EuiText,
-} from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n/react';
-import { i18n } from '@kbn/i18n';
-import { AlertNotifyWhenType } from '../../../../../alerting/common';
-import { useKibana } from '../../../../../../../src/plugins/kibana_react/public';
-import { FORMATTERS } from '../../../../common/formatters';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { ValidationResult } from '../../../../../triggers_actions_ui/public/types';
-import {
-  AlertPreviewSuccessResponsePayload,
-  AlertPreviewRequestParams,
-} from '../../../../common/alerting/metrics';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { getIntervalInSeconds } from '../../../../server/utils/get_interval_in_seconds';
-import { getAlertPreview, PreviewableAlertTypes } from './get_alert_preview';
-
-interface Props {
-  alertInterval: string;
-  alertThrottle: string;
-  alertNotifyWhen: AlertNotifyWhenType;
-  alertType: PreviewableAlertTypes;
-  alertParams: { criteria?: any[]; sourceId: string } & Record<string, any>;
-  validate: (params: any) => ValidationResult;
-  showNoDataResults?: boolean;
-  groupByDisplayName?: string;
-}
-
-export const AlertPreview: React.FC<Props> = (props) => {
-  const {
-    alertParams,
-    alertInterval,
-    alertThrottle,
-    alertNotifyWhen,
-    alertType,
-    validate,
-    showNoDataResults,
-    groupByDisplayName,
-  } = props;
-  const { http } = useKibana().services;
-
-  const [previewLookbackInterval, setPreviewLookbackInterval] = useState<string>('h');
-  const [isPreviewLoading, setIsPreviewLoading] = useState<boolean>(false);
-  const [previewError, setPreviewError] = useState<any | false>(false);
-  const [previewResult, setPreviewResult] = useState<
-    (AlertPreviewSuccessResponsePayload & Record<string, any>) | null
-  >(null);
-
-  const onSelectPreviewLookbackInterval = useCallback((e) => {
-    setPreviewLookbackInterval(e.target.value);
-  }, []);
-
-  const onClickPreview = useCallback(async () => {
-    setIsPreviewLoading(true);
-    setPreviewResult(null);
-    setPreviewError(false);
-    try {
-      const result = await getAlertPreview({
-        fetch: http!.fetch,
-        params: {
-          ...alertParams,
-          lookback: previewLookbackInterval as 'h' | 'd' | 'w' | 'M',
-          alertInterval,
-          alertThrottle,
-          alertNotifyWhen,
-          alertOnNoData: showNoDataResults ?? false,
-        } as AlertPreviewRequestParams,
-        alertType,
-      });
-      setPreviewResult({ ...result, groupByDisplayName, previewLookbackInterval, alertThrottle });
-    } catch (e) {
-      setPreviewError(e);
-    } finally {
-      setIsPreviewLoading(false);
-    }
-  }, [
-    alertParams,
-    alertInterval,
-    alertType,
-    alertNotifyWhen,
-    groupByDisplayName,
-    previewLookbackInterval,
-    alertThrottle,
-    showNoDataResults,
-    http,
-  ]);
-
-  const previewIntervalError = useMemo(() => {
-    const intervalInSeconds = getIntervalInSeconds(alertInterval);
-    const lookbackInSeconds = getIntervalInSeconds(`1${previewLookbackInterval}`);
-    if (intervalInSeconds >= lookbackInSeconds) {
-      return true;
-    }
-    return false;
-  }, [previewLookbackInterval, alertInterval]);
-
-  const isPreviewDisabled = useMemo(() => {
-    if (!alertParams.criteria) return false;
-    const validationResult = validate({ criteria: alertParams.criteria } as any);
-    const hasValidationErrors = Object.values(validationResult.errors).some((result) =>
-      Object.values(result).some((arr) => Array.isArray(arr) && arr.length)
-    );
-    return hasValidationErrors || previewIntervalError;
-  }, [alertParams.criteria, previewIntervalError, validate]);
-
-  const showNumberOfNotifications = useMemo(() => {
-    if (!previewResult) return false;
-    if (alertNotifyWhen === 'onActiveAlert') return false;
-    const { notifications, fired, noData, error } = previewResult.resultTotals;
-    const unthrottledNotifications = fired + (showNoDataResults ? noData + error : 0);
-    return unthrottledNotifications > notifications;
-  }, [previewResult, showNoDataResults, alertNotifyWhen]);
-
-  const hasWarningThreshold = useMemo(
-    () => alertParams.criteria?.some((c) => Reflect.has(c, 'warningThreshold')) ?? false,
-    [alertParams]
-  );
-
-  return (
-    <EuiFormRow
-      label={i18n.translate('xpack.infra.metrics.alertFlyout.previewLabel', {
-        defaultMessage: 'Preview',
-      })}
-      fullWidth
-      display="rowCompressed"
-    >
-      <>
-        <EuiFlexGroup>
-          <EuiFlexItem>
-            <EuiSelect
-              id="selectPreviewLookbackInterval"
-              value={previewLookbackInterval}
-              onChange={onSelectPreviewLookbackInterval}
-              options={previewDOMOptions}
-            />
-          </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiButton
-              isLoading={isPreviewLoading}
-              isDisabled={isPreviewDisabled}
-              onClick={onClickPreview}
-            >
-              {i18n.translate('xpack.infra.metrics.alertFlyout.testAlertCondition', {
-                defaultMessage: 'Test alert condition',
-              })}
-            </EuiButton>
-          </EuiFlexItem>
-          <EuiSpacer size={'s'} />
-        </EuiFlexGroup>
-        {previewResult && !previewIntervalError && (
-          <>
-            <EuiSpacer size={'s'} />
-            <EuiCallOut
-              size="s"
-              title={
-                <PreviewTextString
-                  previewResult={previewResult}
-                  hasWarningThreshold={Boolean(hasWarningThreshold)}
-                />
-              }
-            >
-              {showNoDataResults && previewResult.resultTotals.noData ? (
-                <FormattedMessage
-                  id="xpack.infra.metrics.alertFlyout.alertPreviewNoDataResult"
-                  defaultMessage="There {wereWas} {boldedResultsNumber} of no data."
-                  values={{
-                    wereWas: (
-                      <FormattedMessage
-                        id="xpack.infra.metrics.alertFlyout.wereWas"
-                        defaultMessage="{plurality, plural, one {was} other {were}}"
-                        values={{
-                          plurality: previewResult.resultTotals.noData,
-                        }}
-                      />
-                    ),
-                    boldedResultsNumber: (
-                      <strong>
-                        {i18n.translate(
-                          'xpack.infra.metrics.alertFlyout.alertPreviewNoDataResultNumber',
-                          {
-                            defaultMessage: '{noData, plural, one {# result} other {# results}}',
-                            values: {
-                              noData: previewResult.resultTotals.noData,
-                            },
-                          }
-                        )}
-                      </strong>
-                    ),
-                  }}
-                />
-              ) : null}{' '}
-              {previewResult.resultTotals.error ? (
-                <FormattedMessage
-                  id="xpack.infra.metrics.alertFlyout.alertPreviewErrorResult"
-                  defaultMessage="An error occurred when trying to evaluate some of the data."
-                />
-              ) : null}
-              {showNumberOfNotifications ? (
-                <>
-                  <EuiSpacer size={'s'} />
-                  <FormattedMessage
-                    id="xpack.infra.metrics.alertFlyout.alertPreviewTotalNotifications"
-                    defaultMessage='As a result, this alert would have sent {notifications} based on the selected "notify" setting of "{alertThrottle}."'
-                    values={{
-                      alertThrottle:
-                        alertNotifyWhen === 'onThrottleInterval'
-                          ? previewResult.alertThrottle
-                          : i18n.translate(
-                              'xpack.infra.metrics.alertFlyout.alertPreviewOnlyOnStatusChange',
-                              {
-                                defaultMessage: 'Only on status change',
-                              }
-                            ),
-                      notifications: (
-                        <strong>
-                          {i18n.translate(
-                            'xpack.infra.metrics.alertFlyout.alertPreviewTotalNotificationsNumber',
-                            {
-                              defaultMessage:
-                                '{notifs, plural, one {# notification} other {# notifications}}',
-                              values: {
-                                notifs: previewResult.resultTotals.notifications,
-                              },
-                            }
-                          )}
-                        </strong>
-                      ),
-                    }}
-                  />
-                </>
-              ) : null}{' '}
-            </EuiCallOut>
-          </>
-        )}
-        {previewIntervalError && (
-          <>
-            <EuiSpacer size={'s'} />
-            <EuiCallOut
-              size="s"
-              title={
-                <FormattedMessage
-                  id="xpack.infra.metrics.alertFlyout.previewIntervalTooShortTitle"
-                  defaultMessage="Not enough data"
-                />
-              }
-              color="warning"
-              iconType="help"
-            >
-              <FormattedMessage
-                id="xpack.infra.metrics.alertFlyout.previewIntervalTooShortDescription"
-                defaultMessage="Try selecting a longer preview length, or increase the amount of time in the {checkEvery} field."
-                values={{
-                  checkEvery: <strong>check every</strong>,
-                }}
-              />
-            </EuiCallOut>
-          </>
-        )}
-        {previewError && (
-          <>
-            <EuiSpacer size={'s'} />
-            {previewError.body?.statusCode === 508 ? (
-              <EuiCallOut
-                size="s"
-                title={
-                  <FormattedMessage
-                    id="xpack.infra.metrics.alertFlyout.tooManyBucketsErrorTitle"
-                    defaultMessage="Too much data (>{maxBuckets} results)"
-                    values={{
-                      maxBuckets: FORMATTERS.number(previewError.body.message),
-                    }}
-                  />
-                }
-                color="warning"
-                iconType="help"
-              >
-                <FormattedMessage
-                  id="xpack.infra.metrics.alertFlyout.tooManyBucketsErrorDescription"
-                  defaultMessage="Try selecting a shorter preview length, or increase the amount of time in the {forTheLast} field."
-                  values={{
-                    forTheLast: <strong>FOR THE LAST</strong>,
-                  }}
-                />
-              </EuiCallOut>
-            ) : (
-              <EuiCallOut
-                size="s"
-                title={
-                  <FormattedMessage
-                    id="xpack.infra.metrics.alertFlyout.alertPreviewError"
-                    defaultMessage="An error occurred when trying to preview this alert condition"
-                  />
-                }
-                color="danger"
-                iconType="alert"
-              >
-                {previewError.body && (
-                  <>
-                    <FormattedMessage
-                      id="xpack.infra.metrics.alertFlyout.alertPreviewErrorDesc"
-                      defaultMessage="Please try again later or see details for more information."
-                    />
-                    <EuiSpacer size={'s'} />
-                    <EuiAccordion
-                      id="alertErrorDetailsAccordion"
-                      buttonContent={
-                        <>
-                          <EuiText size="s">
-                            <FormattedMessage
-                              id="xpack.infra.metrics.alertFlyout.errorDetails"
-                              defaultMessage="Details"
-                            />
-                          </EuiText>
-                        </>
-                      }
-                    >
-                      <EuiSpacer size={'s'} />
-                      <EuiCodeBlock>{previewError.body.message}</EuiCodeBlock>
-                    </EuiAccordion>
-                  </>
-                )}
-              </EuiCallOut>
-            )}
-          </>
-        )}
-      </>
-    </EuiFormRow>
-  );
-};
-
-const PreviewTextString = ({
-  previewResult,
-  hasWarningThreshold,
-}: {
-  previewResult: AlertPreviewSuccessResponsePayload & Record<string, any>;
-  hasWarningThreshold: boolean;
-}) => {
-  const instanceCount = hasWarningThreshold ? (
-    <FormattedMessage
-      id="xpack.infra.metrics.alertFlyout.alertPreviewResultWithSeverityLevels"
-      defaultMessage="There {wereWas} {criticalInstances} that satisfied the {boldCritical} conditions, and {warningInstances} that satisfied the {boldWarning} conditions of this alert"
-      values={{
-        wereWas: (
-          <FormattedMessage
-            id="xpack.infra.metrics.alertFlyout.wereWas"
-            defaultMessage="{plurality, plural, one {was} other {were}}"
-            values={{
-              plurality: previewResult.resultTotals.fired,
-            }}
-          />
-        ),
-        criticalInstances: (
-          <strong>
-            <FormattedMessage
-              id="xpack.infra.metrics.alertFlyout.firedTimes"
-              defaultMessage="{fired, plural, one {# instance} other {# instances}}"
-              values={{
-                fired: previewResult.resultTotals.fired,
-              }}
-            />
-          </strong>
-        ),
-        warningInstances: (
-          <strong>
-            <FormattedMessage
-              id="xpack.infra.metrics.alertFlyout.firedTimes"
-              defaultMessage="{fired, plural, one {# instance} other {# instances}}"
-              values={{
-                fired: previewResult.resultTotals.warning,
-              }}
-            />
-          </strong>
-        ),
-        boldCritical: (
-          <strong>
-            <FormattedMessage
-              id="xpack.infra.metrics.alertFlyout.boldCritical"
-              defaultMessage="critical"
-            />
-          </strong>
-        ),
-        boldWarning: (
-          <strong>
-            <FormattedMessage
-              id="xpack.infra.metrics.alertFlyout.boldWarning"
-              defaultMessage="warning"
-            />
-          </strong>
-        ),
-      }}
-    />
-  ) : (
-    <FormattedMessage
-      id="xpack.infra.metrics.alertFlyout.alertPreviewResultInstances"
-      defaultMessage="There {wereWas} {firedTimes} that satisfied the conditions of this alert"
-      values={{
-        wereWas: (
-          <FormattedMessage
-            id="xpack.infra.metrics.alertFlyout.wereWas"
-            defaultMessage="{plurality, plural, one {was} other {were}}"
-            values={{
-              plurality: previewResult.resultTotals.fired,
-            }}
-          />
-        ),
-        firedTimes: (
-          <strong>
-            <FormattedMessage
-              id="xpack.infra.metrics.alertFlyout.firedTimes"
-              defaultMessage="{fired, plural, one {# instance} other {# instances}}"
-              values={{
-                fired: previewResult.resultTotals.fired,
-              }}
-            />
-          </strong>
-        ),
-      }}
-    />
-  );
-
-  const groupByText = previewResult.groupByDisplayName ? (
-    <>
-      <FormattedMessage
-        id="xpack.infra.metrics.alertFlyout.alertPreviewGroupBy"
-        defaultMessage="across {groups}"
-        values={{
-          groups: (
-            <strong>
-              <FormattedMessage
-                id="xpack.infra.metrics.alertFlyout.alertPreviewGroups"
-                defaultMessage="{numberOfGroups, plural, one {# {groupName}} other {# {groupName}s}}"
-                values={{
-                  numberOfGroups: previewResult.numberOfGroups,
-                  groupName: previewResult.groupByDisplayName,
-                }}
-              />
-            </strong>
-          ),
-        }}
-      />{' '}
-    </>
-  ) : (
-    <></>
-  );
-
-  const lookbackText = (
-    <FormattedMessage
-      id="xpack.infra.metrics.alertFlyout.alertPreviewLookback"
-      defaultMessage="in the last {lookback}"
-      values={{
-        lookback: previewOptions.find((e) => e.value === previewResult.previewLookbackInterval)
-          ?.shortText,
-      }}
-    />
-  );
-
-  return (
-    <FormattedMessage
-      id="xpack.infra.metrics.alertFlyout.alertPreviewResultText"
-      defaultMessage="{instanceCount} {groupByWithConditionalTrailingSpace}{lookbackText}."
-      values={{
-        instanceCount,
-        groupByWithConditionalTrailingSpace: groupByText,
-        lookbackText,
-      }}
-    />
-  );
-};
-
-const previewOptions = [
-  {
-    value: 'h',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastHourLabel', {
-      defaultMessage: 'Last hour',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.hourLabel', {
-      defaultMessage: 'hour',
-    }),
-  },
-  {
-    value: 'd',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastDayLabel', {
-      defaultMessage: 'Last day',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.dayLabel', {
-      defaultMessage: 'day',
-    }),
-  },
-  {
-    value: 'w',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastWeekLabel', {
-      defaultMessage: 'Last week',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.weekLabel', {
-      defaultMessage: 'week',
-    }),
-  },
-  {
-    value: 'M',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastMonthLabel', {
-      defaultMessage: 'Last month',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.monthLabel', {
-      defaultMessage: 'month',
-    }),
-  },
-];
-
-const previewDOMOptions: Array<{ text: string; value: string }> = previewOptions.map((o) =>
-  omit(o, 'shortText')
-);
diff --git a/x-pack/plugins/infra/public/alerting/common/components/get_alert_preview.ts b/x-pack/plugins/infra/public/alerting/common/components/get_alert_preview.ts
deleted file mode 100644
index 2bb98e83cbe70b..00000000000000
--- a/x-pack/plugins/infra/public/alerting/common/components/get_alert_preview.ts
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { HttpHandler } from 'src/core/public';
-import {
-  INFRA_ALERT_PREVIEW_PATH,
-  METRIC_THRESHOLD_ALERT_TYPE_ID,
-  METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID,
-  METRIC_ANOMALY_ALERT_TYPE_ID,
-  AlertPreviewRequestParams,
-  AlertPreviewSuccessResponsePayload,
-} from '../../../../common/alerting/metrics';
-
-export type PreviewableAlertTypes =
-  | typeof METRIC_THRESHOLD_ALERT_TYPE_ID
-  | typeof METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID
-  | typeof METRIC_ANOMALY_ALERT_TYPE_ID;
-
-export async function getAlertPreview({
-  fetch,
-  params,
-  alertType,
-}: {
-  fetch: HttpHandler;
-  params: AlertPreviewRequestParams;
-  alertType: PreviewableAlertTypes;
-}): Promise<AlertPreviewSuccessResponsePayload> {
-  return await fetch(`${INFRA_ALERT_PREVIEW_PATH}`, {
-    method: 'POST',
-    body: JSON.stringify({
-      ...params,
-      alertType,
-    }),
-  });
-}
diff --git a/x-pack/plugins/infra/public/alerting/common/index.ts b/x-pack/plugins/infra/public/alerting/common/index.ts
deleted file mode 100644
index 3dc508e9b21f67..00000000000000
--- a/x-pack/plugins/infra/public/alerting/common/index.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { i18n } from '@kbn/i18n';
-export { AlertPreview } from './components/alert_preview';
-
-export const previewOptions = [
-  {
-    value: 'h',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastHourLabel', {
-      defaultMessage: 'Last hour',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.hourLabel', {
-      defaultMessage: 'hour',
-    }),
-  },
-  {
-    value: 'd',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastDayLabel', {
-      defaultMessage: 'Last day',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.dayLabel', {
-      defaultMessage: 'day',
-    }),
-  },
-  {
-    value: 'w',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastWeekLabel', {
-      defaultMessage: 'Last week',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.weekLabel', {
-      defaultMessage: 'week',
-    }),
-  },
-  {
-    value: 'M',
-    text: i18n.translate('xpack.infra.metrics.alertFlyout.lastMonthLabel', {
-      defaultMessage: 'Last month',
-    }),
-    shortText: i18n.translate('xpack.infra.metrics.alertFlyout.monthLabel', {
-      defaultMessage: 'month',
-    }),
-  },
-];
diff --git a/x-pack/plugins/infra/public/alerting/inventory/components/expression.tsx b/x-pack/plugins/infra/public/alerting/inventory/components/expression.tsx
index c4f8b5a615b0f1..78005d9d87cf90 100644
--- a/x-pack/plugins/infra/public/alerting/inventory/components/expression.tsx
+++ b/x-pack/plugins/infra/public/alerting/inventory/components/expression.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { debounce, pick, omit } from 'lodash';
+import { debounce, omit } from 'lodash';
 import { Unit } from '@elastic/datemath';
 import React, { useCallback, useMemo, useEffect, useState, ChangeEvent } from 'react';
 import { IFieldType } from 'src/plugins/data/public';
@@ -26,8 +26,6 @@ import {
 import { FormattedMessage } from '@kbn/i18n/react';
 import { i18n } from '@kbn/i18n';
 import { toMetricOpt } from '../../../../common/snapshot_metric_i18n';
-import { AlertPreview } from '../../common';
-import { METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID } from '../../../../common/alerting/metrics';
 import {
   Comparator,
   // eslint-disable-next-line @kbn/eslint/no-restricted-paths
@@ -68,7 +66,6 @@ import {
   SnapshotCustomMetricInputRT,
 } from '../../../../common/http_api/snapshot_api';
 
-import { validateMetricThreshold } from './validation';
 import { useKibanaContextForPlugin } from '../../../hooks/use_kibana';
 
 import { ExpressionChart } from './expression_chart';
@@ -113,15 +110,7 @@ export const defaultExpression = {
 
 export const Expressions: React.FC<Props> = (props) => {
   const { http, notifications } = useKibanaContextForPlugin().services;
-  const {
-    setAlertParams,
-    alertParams,
-    errors,
-    alertInterval,
-    alertThrottle,
-    metadata,
-    alertNotifyWhen,
-  } = props;
+  const { setAlertParams, alertParams, errors, metadata } = props;
   const { source, createDerivedIndexPattern } = useSourceViaHttp({
     sourceId: 'default',
     fetch: http.fetch,
@@ -403,17 +392,6 @@ export const Expressions: React.FC<Props> = (props) => {
       </EuiFormRow>
 
       <EuiSpacer size={'m'} />
-      <AlertPreview
-        alertInterval={alertInterval}
-        alertThrottle={alertThrottle}
-        alertNotifyWhen={alertNotifyWhen}
-        alertType={METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID}
-        alertParams={pick(alertParams, 'criteria', 'nodeType', 'sourceId', 'filterQuery')}
-        validate={validateMetricThreshold}
-        groupByDisplayName={alertParams.nodeType}
-        showNoDataResults={alertParams.alertOnNoData}
-      />
-      <EuiSpacer size={'m'} />
     </>
   );
 };
diff --git a/x-pack/plugins/infra/public/alerting/metric_anomaly/components/expression.tsx b/x-pack/plugins/infra/public/alerting/metric_anomaly/components/expression.tsx
index e44a747aa07e71..9f5c47554ac56f 100644
--- a/x-pack/plugins/infra/public/alerting/metric_anomaly/components/expression.tsx
+++ b/x-pack/plugins/infra/public/alerting/metric_anomaly/components/expression.tsx
@@ -5,18 +5,13 @@
  * 2.0.
  */
 
-import { pick } from 'lodash';
 import React, { useCallback, useState, useMemo, useEffect } from 'react';
 import { EuiFlexGroup, EuiSpacer, EuiText, EuiLoadingContent } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
 import { i18n } from '@kbn/i18n';
 import { useInfraMLCapabilities } from '../../../containers/ml/infra_ml_capabilities';
 import { SubscriptionSplashPrompt } from '../../../components/subscription_splash_content';
-import { AlertPreview } from '../../common';
-import {
-  METRIC_ANOMALY_ALERT_TYPE_ID,
-  MetricAnomalyParams,
-} from '../../../../common/alerting/metrics';
+import { MetricAnomalyParams } from '../../../../common/alerting/metrics';
 import { euiStyled, EuiThemeProvider } from '../../../../../../../src/plugins/kibana_react/common';
 import {
   WhenExpression,
@@ -35,7 +30,6 @@ import { SeverityThresholdExpression } from './severity_threshold';
 import { InfraWaffleMapOptions } from '../../../lib/lib';
 import { ANOMALY_THRESHOLD } from '../../../../common/infra_ml';
 
-import { validateMetricAnomaly } from './validation';
 import { InfluencerFilter } from './influencer_filter';
 import { useKibanaContextForPlugin } from '../../../hooks/use_kibana';
 import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space';
@@ -65,14 +59,7 @@ export const Expression: React.FC<Props> = (props) => {
   const { http, notifications } = useKibanaContextForPlugin().services;
   const { space } = useActiveKibanaSpace();
 
-  const {
-    setAlertParams,
-    alertParams,
-    alertInterval,
-    alertThrottle,
-    alertNotifyWhen,
-    metadata,
-  } = props;
+  const { setAlertParams, alertParams, alertInterval, metadata } = props;
   const { source, createDerivedIndexPattern } = useSourceViaHttp({
     sourceId: 'default',
     fetch: http.fetch,
@@ -258,23 +245,6 @@ export const Expression: React.FC<Props> = (props) => {
         onChangeFieldValue={updateInfluencerFieldValue}
       />
       <EuiSpacer size={'m'} />
-      <AlertPreview
-        alertInterval={alertInterval}
-        alertThrottle={alertThrottle}
-        alertNotifyWhen={alertNotifyWhen}
-        alertType={METRIC_ANOMALY_ALERT_TYPE_ID}
-        alertParams={pick(
-          alertParams,
-          'metric',
-          'threshold',
-          'nodeType',
-          'sourceId',
-          'spaceId',
-          'influencerFilter'
-        )}
-        validate={validateMetricAnomaly}
-      />
-      <EuiSpacer size={'m'} />
     </EuiThemeProvider>
   );
 };
diff --git a/x-pack/plugins/infra/public/alerting/metric_threshold/components/expression.tsx b/x-pack/plugins/infra/public/alerting/metric_threshold/components/expression.tsx
index be0ecbb1dab657..58bc476f151bdc 100644
--- a/x-pack/plugins/infra/public/alerting/metric_threshold/components/expression.tsx
+++ b/x-pack/plugins/infra/public/alerting/metric_threshold/components/expression.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { debounce, pick } from 'lodash';
+import { debounce } from 'lodash';
 import { Unit } from '@elastic/datemath';
 import React, { ChangeEvent, useCallback, useMemo, useEffect, useState } from 'react';
 import {
@@ -22,12 +22,7 @@ import {
 } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
 import { i18n } from '@kbn/i18n';
-import { AlertPreview } from '../../common';
-import {
-  Comparator,
-  Aggregators,
-  METRIC_THRESHOLD_ALERT_TYPE_ID,
-} from '../../../../common/alerting/metrics';
+import { Comparator, Aggregators } from '../../../../common/alerting/metrics';
 import { ForLastExpression } from '../../../../../triggers_actions_ui/public';
 import {
   IErrorObject,
@@ -43,7 +38,6 @@ import { convertKueryToElasticSearchQuery } from '../../../utils/kuery';
 import { ExpressionRow } from './expression_row';
 import { MetricExpression, AlertParams, AlertContextMeta } from '../types';
 import { ExpressionChart } from './expression_chart';
-import { validateMetricThreshold } from './validation';
 import { useKibanaContextForPlugin } from '../../../hooks/use_kibana';
 
 const FILTER_TYPING_DEBOUNCE_MS = 500;
@@ -63,15 +57,7 @@ const defaultExpression = {
 export { defaultExpression };
 
 export const Expressions: React.FC<Props> = (props) => {
-  const {
-    setAlertParams,
-    alertParams,
-    errors,
-    alertInterval,
-    alertThrottle,
-    metadata,
-    alertNotifyWhen,
-  } = props;
+  const { setAlertParams, alertParams, errors, metadata } = props;
   const { http, notifications } = useKibanaContextForPlugin().services;
   const { source, createDerivedIndexPattern } = useSourceViaHttp({
     sourceId: 'default',
@@ -256,11 +242,6 @@ export const Expressions: React.FC<Props> = (props) => {
     [onFilterChange]
   );
 
-  const groupByPreviewDisplayName = useMemo(() => {
-    if (Array.isArray(alertParams.groupBy)) return alertParams.groupBy.join(', ');
-    return alertParams.groupBy;
-  }, [alertParams.groupBy]);
-
   const areAllAggsRate = useMemo(
     () => alertParams.criteria?.every((c) => c.aggType === Aggregators.RATE),
     [alertParams.criteria]
@@ -435,24 +416,6 @@ export const Expressions: React.FC<Props> = (props) => {
       </EuiFormRow>
 
       <EuiSpacer size={'m'} />
-      <AlertPreview
-        alertInterval={alertInterval}
-        alertThrottle={alertThrottle}
-        alertNotifyWhen={alertNotifyWhen}
-        alertType={METRIC_THRESHOLD_ALERT_TYPE_ID}
-        alertParams={pick(
-          alertParams,
-          'criteria',
-          'groupBy',
-          'filterQuery',
-          'sourceId',
-          'shouldDropPartialBuckets'
-        )}
-        showNoDataResults={alertParams.alertOnNoData}
-        validate={validateMetricThreshold}
-        groupByDisplayName={groupByPreviewDisplayName}
-      />
-      <EuiSpacer size={'m'} />
     </>
   );
 };
diff --git a/x-pack/plugins/infra/public/components/saved_views/toolbar_control.tsx b/x-pack/plugins/infra/public/components/saved_views/toolbar_control.tsx
index ed46f0e555b99e..9ed4047e45bd36 100644
--- a/x-pack/plugins/infra/public/components/saved_views/toolbar_control.tsx
+++ b/x-pack/plugins/infra/public/components/saved_views/toolbar_control.tsx
@@ -5,18 +5,9 @@
  * 2.0.
  */
 
-import { EuiFlexGroup } from '@elastic/eui';
 import React, { useCallback, useState, useEffect } from 'react';
 import { i18n } from '@kbn/i18n';
-import { FormattedMessage } from '@kbn/i18n/react';
-import {
-  EuiDescriptionList,
-  EuiDescriptionListTitle,
-  EuiDescriptionListDescription,
-} from '@elastic/eui';
-import { EuiPopover, EuiLink } from '@elastic/eui';
-import { EuiListGroup, EuiListGroupItem } from '@elastic/eui';
-import { EuiFlexItem } from '@elastic/eui';
+import { EuiButton, EuiPopover, EuiListGroup, EuiListGroupItem } from '@elastic/eui';
 import { SavedViewCreateModal } from './create_modal';
 import { SavedViewUpdateModal } from './update_modal';
 import { SavedViewManageViewsFlyout } from './manage_views_flyout';
@@ -147,80 +138,65 @@ export function SavedViewsToolbarControls<ViewState>(props: Props<ViewState>) {
 
   return (
     <>
-      <EuiFlexGroup>
-        <EuiPopover
-          data-test-subj="savedViews-popover"
-          button={
-            <EuiFlexGroup gutterSize={'s'} alignItems="center">
-              <EuiFlexItem>
-                <EuiDescriptionList
-                  style={{ cursor: 'pointer' }}
-                  compressed={true}
-                  onClick={showSavedViewMenu}
-                >
-                  <EuiDescriptionListTitle>
-                    <FormattedMessage
-                      defaultMessage="Current view"
-                      id="xpack.infra.savedView.currentView"
-                    />
-                  </EuiDescriptionListTitle>
-                  <EuiLink data-test-subj="savedViews-openPopover">
-                    <EuiDescriptionListDescription data-test-subj="savedViews-currentViewName">
-                      {currentView
-                        ? currentView.name
-                        : i18n.translate('xpack.infra.savedView.unknownView', {
-                            defaultMessage: 'No view selected',
-                          })}
-                    </EuiDescriptionListDescription>
-                  </EuiLink>
-                </EuiDescriptionList>
-              </EuiFlexItem>
-            </EuiFlexGroup>
-          }
-          isOpen={isSavedViewMenuOpen}
-          closePopover={hideSavedViewMenu}
-          anchorPosition="upCenter"
-        >
-          <EuiListGroup flush={true}>
-            <EuiListGroupItem
-              data-test-subj="savedViews-manageViews"
-              iconType={'indexSettings'}
-              onClick={loadViews}
-              label={i18n.translate('xpack.infra.savedView.manageViews', {
-                defaultMessage: 'Manage views',
-              })}
-            />
+      <EuiPopover
+        data-test-subj="savedViews-popover"
+        button={
+          <EuiButton
+            onClick={showSavedViewMenu}
+            data-test-subj="savedViews-openPopover"
+            iconType="arrowDown"
+            iconSide="right"
+          >
+            {currentView
+              ? currentView.name
+              : i18n.translate('xpack.infra.savedView.unknownView', {
+                  defaultMessage: 'No view selected',
+                })}
+          </EuiButton>
+        }
+        isOpen={isSavedViewMenuOpen}
+        closePopover={hideSavedViewMenu}
+        anchorPosition="leftCenter"
+      >
+        <EuiListGroup flush={true}>
+          <EuiListGroupItem
+            data-test-subj="savedViews-manageViews"
+            iconType={'indexSettings'}
+            onClick={loadViews}
+            label={i18n.translate('xpack.infra.savedView.manageViews', {
+              defaultMessage: 'Manage views',
+            })}
+          />
 
-            <EuiListGroupItem
-              data-test-subj="savedViews-updateView"
-              iconType={'refresh'}
-              onClick={openUpdateModal}
-              disabled={!currentView || currentView.id === '0'}
-              label={i18n.translate('xpack.infra.savedView.updateView', {
-                defaultMessage: 'Update view',
-              })}
-            />
+          <EuiListGroupItem
+            data-test-subj="savedViews-updateView"
+            iconType={'refresh'}
+            onClick={openUpdateModal}
+            disabled={!currentView || currentView.id === '0'}
+            label={i18n.translate('xpack.infra.savedView.updateView', {
+              defaultMessage: 'Update view',
+            })}
+          />
 
-            <EuiListGroupItem
-              data-test-subj="savedViews-loadView"
-              iconType={'importAction'}
-              onClick={openViewListModal}
-              label={i18n.translate('xpack.infra.savedView.loadView', {
-                defaultMessage: 'Load view',
-              })}
-            />
+          <EuiListGroupItem
+            data-test-subj="savedViews-loadView"
+            iconType={'importAction'}
+            onClick={openViewListModal}
+            label={i18n.translate('xpack.infra.savedView.loadView', {
+              defaultMessage: 'Load view',
+            })}
+          />
 
-            <EuiListGroupItem
-              data-test-subj="savedViews-saveNewView"
-              iconType={'save'}
-              onClick={openSaveModal}
-              label={i18n.translate('xpack.infra.savedView.saveNewView', {
-                defaultMessage: 'Save new view',
-              })}
-            />
-          </EuiListGroup>
-        </EuiPopover>
-      </EuiFlexGroup>
+          <EuiListGroupItem
+            data-test-subj="savedViews-saveNewView"
+            iconType={'save'}
+            onClick={openSaveModal}
+            label={i18n.translate('xpack.infra.savedView.saveNewView', {
+              defaultMessage: 'Save new view',
+            })}
+          />
+        </EuiListGroup>
+      </EuiPopover>
 
       {createModalOpen && (
         <SavedViewCreateModal isInvalid={isInvalid} close={closeCreateModal} save={save} />
diff --git a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/layout.tsx b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/layout.tsx
index 833b532a943d16..f241f5d1181476 100644
--- a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/layout.tsx
+++ b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/layout.tsx
@@ -8,7 +8,7 @@
 import React, { useCallback, useEffect, useState } from 'react';
 import useInterval from 'react-use/lib/useInterval';
 
-import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { SavedView } from '../../../../containers/saved_view/saved_view';
 import { AutoSizer } from '../../../../components/auto_sizer';
 import { convertIntervalToString } from '../../../../utils/convert_interval_to_string';
@@ -28,7 +28,6 @@ import { IntervalLabel } from './waffle/interval_label';
 import { createInventoryMetricFormatter } from '../lib/create_inventory_metric_formatter';
 import { createLegend } from '../lib/create_legend';
 import { useWaffleViewState } from '../hooks/use_waffle_view_state';
-import { SavedViewsToolbarControls } from '../../../../components/saved_views/toolbar_control';
 import { BottomDrawer } from './bottom_drawer';
 import { Legend } from './waffle/legend';
 
@@ -97,7 +96,7 @@ export const Layout = React.memo(
     const bounds = autoBounds ? dataBounds : boundsOverride;
     /* eslint-disable-next-line react-hooks/exhaustive-deps */
     const formatter = useCallback(createInventoryMetricFormatter(options.metric), [options.metric]);
-    const { viewState, onViewChange } = useWaffleViewState();
+    const { onViewChange } = useWaffleViewState();
 
     useEffect(() => {
       if (currentView) {
@@ -159,10 +158,6 @@ export const Layout = React.memo(
                             <ViewSwitcher view={view} onChange={changeView} />
                           </EuiFlexItem>
                         </EuiFlexGroup>
-                        <EuiSpacer />
-                        <SavedViewContainer>
-                          <SavedViewsToolbarControls viewState={viewState} />
-                        </SavedViewContainer>
                       </TopActionContainer>
                       <AutoSizer bounds>
                         {({ measureRef, bounds: { height = 0 } }) => (
@@ -221,9 +216,3 @@ const MainContainer = euiStyled.div`
 const TopActionContainer = euiStyled.div`
   padding: ${(props) => `12px ${props.theme.eui.paddingSizes.m}`};
 `;
-
-const SavedViewContainer = euiStyled.div`
-  position: relative;
-  z-index: 1;
-  padding-left: ${(props) => props.theme.eui.paddingSizes.m};
-`;
diff --git a/x-pack/plugins/infra/public/pages/metrics/inventory_view/index.tsx b/x-pack/plugins/infra/public/pages/metrics/inventory_view/index.tsx
index 9671699dadbad9..353997d5fe3ff9 100644
--- a/x-pack/plugins/infra/public/pages/metrics/inventory_view/index.tsx
+++ b/x-pack/plugins/infra/public/pages/metrics/inventory_view/index.tsx
@@ -29,6 +29,7 @@ import { MetricsPageTemplate } from '../page_template';
 import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common';
 import { APP_WRAPPER_CLASS } from '../../../../../../../src/core/public';
 import { inventoryTitle } from '../../../translations';
+import { SavedViews } from './components/saved_views';
 
 export const SnapshotPage = () => {
   const uiCapabilities = useKibana().services.application?.capabilities;
@@ -72,23 +73,24 @@ export const SnapshotPage = () => {
       ) : metricIndicesExist ? (
         <>
           <InventoryPageWrapper className={APP_WRAPPER_CLASS}>
-            <MetricsPageTemplate
-              pageHeader={{
-                pageTitle: inventoryTitle,
-              }}
-              pageBodyProps={{
-                paddingSize: 'none',
-              }}
+            <SavedViewProvider
+              shouldLoadDefault={optionsSource === 'default'}
+              viewType={'inventory-view'}
+              defaultViewState={DEFAULT_WAFFLE_VIEW_STATE}
             >
-              <FilterBar />
-              <SavedViewProvider
-                shouldLoadDefault={optionsSource === 'default'}
-                viewType={'inventory-view'}
-                defaultViewState={DEFAULT_WAFFLE_VIEW_STATE}
+              <MetricsPageTemplate
+                pageHeader={{
+                  pageTitle: inventoryTitle,
+                  rightSideItems: [<SavedViews />],
+                }}
+                pageBodyProps={{
+                  paddingSize: 'none',
+                }}
               >
+                <FilterBar />
                 <LayoutView />
-              </SavedViewProvider>
-            </MetricsPageTemplate>
+              </MetricsPageTemplate>
+            </SavedViewProvider>
           </InventoryPageWrapper>
         </>
       ) : hasFailedLoadingSource ? (
diff --git a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/components/toolbar.tsx b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/components/toolbar.tsx
index 1b33546d3b68f0..64da554dee6901 100644
--- a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/components/toolbar.tsx
+++ b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/components/toolbar.tsx
@@ -23,7 +23,6 @@ import { MetricsExplorerMetrics } from './metrics';
 import { MetricsExplorerGroupBy } from './group_by';
 import { MetricsExplorerAggregationPicker } from './aggregation';
 import { MetricsExplorerChartOptions as MetricsExplorerChartOptionsComponent } from './chart_options';
-import { SavedViewsToolbarControls } from '../../../../components/saved_views/toolbar_control';
 import { useKibanaUiSetting } from '../../../../utils/use_kibana_ui_setting';
 import { mapKibanaQuickRangesToDatePickerRanges } from '../../../../utils/map_timepicker_quickranges_to_datepicker_ranges';
 
@@ -114,16 +113,6 @@ export const MetricsExplorerToolbar = ({
             chartOptions={chartOptions}
           />
         </EuiFlexItem>
-
-        <EuiFlexItem grow={false}>
-          <SavedViewsToolbarControls
-            viewState={{
-              options,
-              chartOptions,
-              currentTimerange: timeRange,
-            }}
-          />
-        </EuiFlexItem>
         <EuiFlexItem grow={false} style={{ marginRight: 5 }}>
           <EuiSuperDatePicker
             start={timeRange.from}
diff --git a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/index.tsx b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/index.tsx
index 28e56c8337bf86..2e2232b09d7f14 100644
--- a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/index.tsx
+++ b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/index.tsx
@@ -21,6 +21,7 @@ import { useMetricsExplorerState } from './hooks/use_metric_explorer_state';
 import { useSavedViewContext } from '../../../containers/saved_view/saved_view';
 import { MetricsPageTemplate } from '../page_template';
 import { metricsExplorerTitle } from '../../../translations';
+import { SavedViewsToolbarControls } from '../../../components/saved_views/toolbar_control';
 
 interface MetricsExplorerPageProps {
   source: MetricsSourceConfigurationProperties;
@@ -86,6 +87,15 @@ export const MetricsExplorerPage = ({ source, derivedIndexPattern }: MetricsExpl
       <MetricsPageTemplate
         pageHeader={{
           pageTitle: metricsExplorerTitle,
+          rightSideItems: [
+            <SavedViewsToolbarControls
+              viewState={{
+                options,
+                chartOptions,
+                currentTimerange,
+              }}
+            />,
+          ],
         }}
       >
         <MetricsExplorerToolbar
diff --git a/x-pack/plugins/infra/server/infra_server.ts b/x-pack/plugins/infra/server/infra_server.ts
index f42207e0ad142e..d289cf339851d5 100644
--- a/x-pack/plugins/infra/server/infra_server.ts
+++ b/x-pack/plugins/infra/server/infra_server.ts
@@ -34,7 +34,6 @@ import { initInventoryMetaRoute } from './routes/inventory_metadata';
 import { initLogSourceConfigurationRoutes, initLogSourceStatusRoutes } from './routes/log_sources';
 import { initMetricsSourceConfigurationRoutes } from './routes/metrics_sources';
 import { initOverviewRoute } from './routes/overview';
-import { initAlertPreviewRoute } from './routes/alerting';
 import { initGetLogAlertsChartPreviewDataRoute } from './routes/log_alerts';
 import { initProcessListRoute } from './routes/process_list';
 
@@ -63,7 +62,6 @@ export const initInfraServer = (libs: InfraBackendLibs) => {
   initInventoryMetaRoute(libs);
   initLogSourceConfigurationRoutes(libs);
   initLogSourceStatusRoutes(libs);
-  initAlertPreviewRoute(libs);
   initGetLogAlertsChartPreviewDataRoute(libs);
   initProcessListRoute(libs);
   initOverviewRoute(libs);
diff --git a/x-pack/plugins/infra/server/lib/alerting/common/types.ts b/x-pack/plugins/infra/server/lib/alerting/common/types.ts
index 0b809429de0d26..1d038cace14fe1 100644
--- a/x-pack/plugins/infra/server/lib/alerting/common/types.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/common/types.ts
@@ -33,11 +33,3 @@ export enum AlertStates {
   NO_DATA,
   ERROR,
 }
-
-export interface PreviewResult {
-  fired: number;
-  warning: number;
-  noData: number;
-  error: number;
-  notifications: number;
-}
diff --git a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/preview_inventory_metric_threshold_alert.ts b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/preview_inventory_metric_threshold_alert.ts
deleted file mode 100644
index 00d01b15750d11..00000000000000
--- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/preview_inventory_metric_threshold_alert.ts
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { Unit } from '@elastic/datemath';
-import { first } from 'lodash';
-import { PreviewResult } from '../common/types';
-import { InventoryMetricConditions } from './types';
-import {
-  TOO_MANY_BUCKETS_PREVIEW_EXCEPTION,
-  isTooManyBucketsPreviewException,
-} from '../../../../common/alerting/metrics';
-import { ElasticsearchClient } from '../../../../../../../src/core/server';
-import { InfraSource } from '../../../../common/source_configuration/source_configuration';
-import { getIntervalInSeconds } from '../../../utils/get_interval_in_seconds';
-import { InventoryItemType } from '../../../../common/inventory_models/types';
-import { evaluateCondition } from './evaluate_condition';
-import { LogQueryFields } from '../../../services/log_queries/get_log_query_fields';
-
-interface InventoryMetricThresholdParams {
-  criteria: InventoryMetricConditions[];
-  filterQuery: string | undefined;
-  nodeType: InventoryItemType;
-  sourceId?: string;
-}
-
-interface PreviewInventoryMetricThresholdAlertParams {
-  esClient: ElasticsearchClient;
-  params: InventoryMetricThresholdParams;
-  source: InfraSource;
-  logQueryFields: LogQueryFields;
-  compositeSize: number;
-  lookback: Unit;
-  alertInterval: string;
-  alertThrottle: string;
-  alertOnNoData: boolean;
-  alertNotifyWhen: string;
-}
-
-export const previewInventoryMetricThresholdAlert: (
-  params: PreviewInventoryMetricThresholdAlertParams
-) => Promise<PreviewResult[]> = async ({
-  esClient,
-  params,
-  source,
-  logQueryFields,
-  compositeSize,
-  lookback,
-  alertInterval,
-  alertThrottle,
-  alertOnNoData,
-  alertNotifyWhen,
-}: PreviewInventoryMetricThresholdAlertParams) => {
-  const { criteria, filterQuery, nodeType } = params as InventoryMetricThresholdParams;
-
-  if (criteria.length === 0) throw new Error('Cannot execute an alert with 0 conditions');
-
-  const { timeSize, timeUnit } = criteria[0];
-  const bucketInterval = `${timeSize}${timeUnit}`;
-  const bucketIntervalInSeconds = getIntervalInSeconds(bucketInterval);
-
-  const lookbackInterval = `1${lookback}`;
-  const lookbackIntervalInSeconds = getIntervalInSeconds(lookbackInterval);
-  const lookbackSize = Math.ceil(lookbackIntervalInSeconds / bucketIntervalInSeconds);
-
-  const alertIntervalInSeconds = getIntervalInSeconds(alertInterval);
-  const alertResultsPerExecution = alertIntervalInSeconds / bucketIntervalInSeconds;
-  const throttleIntervalInSeconds = getIntervalInSeconds(alertThrottle);
-
-  try {
-    const results = await Promise.all(
-      criteria.map((condition) =>
-        evaluateCondition({
-          condition,
-          nodeType,
-          source,
-          logQueryFields,
-          esClient,
-          compositeSize,
-          filterQuery,
-          lookbackSize,
-        })
-      )
-    );
-
-    const inventoryItems = Object.keys(first(results)!);
-    const previewResults = inventoryItems.map((item) => {
-      const numberOfResultBuckets = lookbackSize;
-      const numberOfExecutionBuckets = Math.floor(numberOfResultBuckets / alertResultsPerExecution);
-      let numberOfTimesFired = 0;
-      let numberOfTimesWarned = 0;
-      let numberOfNoDataResults = 0;
-      let numberOfErrors = 0;
-      let numberOfNotifications = 0;
-      let throttleTracker = 0;
-      let previousActionGroup: string | null = null;
-      const notifyWithThrottle = (actionGroup: string) => {
-        if (alertNotifyWhen === 'onActionGroupChange') {
-          if (previousActionGroup !== actionGroup) numberOfNotifications++;
-        } else if (alertNotifyWhen === 'onThrottleInterval') {
-          if (throttleTracker === 0) numberOfNotifications++;
-          throttleTracker += alertIntervalInSeconds;
-        } else {
-          numberOfNotifications++;
-        }
-        previousActionGroup = actionGroup;
-      };
-      for (let i = 0; i < numberOfExecutionBuckets; i++) {
-        const mappedBucketIndex = Math.floor(i * alertResultsPerExecution);
-        const allConditionsFiredInMappedBucket = results.every((result) => {
-          const shouldFire = result[item].shouldFire as boolean[];
-          return shouldFire[mappedBucketIndex];
-        });
-        const allConditionsWarnInMappedBucket =
-          !allConditionsFiredInMappedBucket &&
-          results.every((result) => result[item].shouldWarn[mappedBucketIndex]);
-        const someConditionsNoDataInMappedBucket = results.some((result) => {
-          const hasNoData = result[item].isNoData as boolean[];
-          return hasNoData[mappedBucketIndex];
-        });
-        const someConditionsErrorInMappedBucket = results.some((result) => {
-          return result[item].isError;
-        });
-        if (someConditionsErrorInMappedBucket) {
-          numberOfErrors++;
-          if (alertOnNoData) {
-            notifyWithThrottle('fired'); // TODO: Update this when No Data alerts move to an action group
-          }
-        } else if (someConditionsNoDataInMappedBucket) {
-          numberOfNoDataResults++;
-          if (alertOnNoData) {
-            notifyWithThrottle('fired'); // TODO: Update this when No Data alerts move to an action group
-          }
-        } else if (allConditionsFiredInMappedBucket) {
-          numberOfTimesFired++;
-          notifyWithThrottle('fired');
-        } else if (allConditionsWarnInMappedBucket) {
-          numberOfTimesWarned++;
-          notifyWithThrottle('warning');
-        } else {
-          previousActionGroup = 'recovered';
-          if (throttleTracker > 0) {
-            throttleTracker += alertIntervalInSeconds;
-          }
-        }
-        if (throttleTracker >= throttleIntervalInSeconds) {
-          throttleTracker = 0;
-        }
-      }
-      return {
-        fired: numberOfTimesFired,
-        warning: numberOfTimesWarned,
-        noData: numberOfNoDataResults,
-        error: numberOfErrors,
-        notifications: numberOfNotifications,
-      };
-    });
-
-    return previewResults;
-  } catch (e) {
-    if (!isTooManyBucketsPreviewException(e)) throw e;
-    const { maxBuckets } = e;
-    throw new Error(`${TOO_MANY_BUCKETS_PREVIEW_EXCEPTION}:${maxBuckets}`);
-  }
-};
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.test.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.test.ts
deleted file mode 100644
index e03b475191dff1..00000000000000
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.test.ts
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import * as mocks from './test_mocks';
-import { Comparator, Aggregators, MetricExpressionParams } from './types';
-import { alertsMock, AlertServicesMock } from '../../../../../alerting/server/mocks';
-import { previewMetricThresholdAlert } from './preview_metric_threshold_alert';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks';
-
-describe('Previewing the metric threshold alert type', () => {
-  describe('querying the entire infrastructure', () => {
-    test('returns the expected results using a bucket interval equal to the alert interval', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        lookback: 'h',
-        alertInterval: '1m',
-        alertThrottle: '1m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(30);
-      expect(noData).toBe(0);
-      expect(error).toBe(0);
-      expect(notifications).toBe(30);
-    });
-
-    test('returns the expected results using a bucket interval shorter than the alert interval', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        lookback: 'h',
-        alertInterval: '3m',
-        alertThrottle: '3m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(10);
-      expect(noData).toBe(0);
-      expect(error).toBe(0);
-      expect(notifications).toBe(10);
-    });
-    test('returns the expected results using a bucket interval longer than the alert interval', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        lookback: 'h',
-        alertInterval: '30s',
-        alertThrottle: '30s',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(60);
-      expect(noData).toBe(0);
-      expect(error).toBe(0);
-      expect(notifications).toBe(60);
-    });
-    test('returns the expected results using a throttle interval longer than the alert interval', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        lookback: 'h',
-        alertInterval: '1m',
-        alertThrottle: '3m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(30);
-      expect(noData).toBe(0);
-      expect(error).toBe(0);
-      expect(notifications).toBe(15);
-    });
-    test('returns the expected results using a notify setting of Only on Status Change', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        params: {
-          ...baseParams.params,
-          criteria: [
-            {
-              ...baseCriterion,
-              metric: 'test.metric.3',
-            } as MetricExpressionParams,
-          ],
-        },
-        lookback: 'h',
-        alertInterval: '1m',
-        alertThrottle: '1m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onActionGroupChange',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(20);
-      expect(noData).toBe(0);
-      expect(error).toBe(0);
-      expect(notifications).toBe(20);
-    });
-  });
-  describe('querying with a groupBy parameter', () => {
-    test('returns the expected results', async () => {
-      const [resultA, resultB] = await previewMetricThresholdAlert({
-        ...baseParams,
-        params: {
-          ...baseParams.params,
-          groupBy: ['something'],
-        },
-        lookback: 'h',
-        alertInterval: '1m',
-        alertThrottle: '1m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const {
-        fired: firedA,
-        noData: noDataA,
-        error: errorA,
-        notifications: notificationsA,
-      } = resultA;
-      expect(firedA).toBe(30);
-      expect(noDataA).toBe(0);
-      expect(errorA).toBe(0);
-      expect(notificationsA).toBe(30);
-      const {
-        fired: firedB,
-        noData: noDataB,
-        error: errorB,
-        notifications: notificationsB,
-      } = resultB;
-      expect(firedB).toBe(60);
-      expect(noDataB).toBe(0);
-      expect(errorB).toBe(0);
-      expect(notificationsB).toBe(60);
-    });
-  });
-  describe('querying a data set with a period of No Data', () => {
-    test('returns the expected results', async () => {
-      const [ungroupedResult] = await previewMetricThresholdAlert({
-        ...baseParams,
-        params: {
-          ...baseParams.params,
-          criteria: [
-            {
-              ...baseCriterion,
-              metric: 'test.metric.2',
-            } as MetricExpressionParams,
-          ],
-        },
-        lookback: 'h',
-        alertInterval: '1m',
-        alertThrottle: '1m',
-        alertOnNoData: true,
-        alertNotifyWhen: 'onThrottleInterval',
-      });
-      const { fired, noData, error, notifications } = ungroupedResult;
-      expect(fired).toBe(25);
-      expect(noData).toBe(10);
-      expect(error).toBe(0);
-      expect(notifications).toBe(35);
-    });
-  });
-});
-
-const services: AlertServicesMock = alertsMock.createAlertServices();
-
-services.scopedClusterClient.asCurrentUser.search.mockImplementation((params?: any): any => {
-  const from = params?.body.query.bool.filter[0]?.range['@timestamp'].gte;
-  const metric = params?.body.query.bool.filter[1]?.exists.field;
-  if (params?.body.aggs.groupings) {
-    if (params?.body.aggs.groupings.composite.after) {
-      return elasticsearchClientMock.createSuccessTransportRequestPromise(
-        mocks.compositeEndResponse
-      );
-    }
-    return elasticsearchClientMock.createSuccessTransportRequestPromise(
-      mocks.basicCompositePreviewResponse(from)
-    );
-  }
-  if (metric === 'test.metric.2') {
-    return elasticsearchClientMock.createSuccessTransportRequestPromise(
-      mocks.alternateMetricPreviewResponse(from)
-    );
-  }
-  if (metric === 'test.metric.3') {
-    return elasticsearchClientMock.createSuccessTransportRequestPromise(
-      mocks.repeatingMetricPreviewResponse(from)
-    );
-  }
-  return elasticsearchClientMock.createSuccessTransportRequestPromise(
-    mocks.basicMetricPreviewResponse(from)
-  );
-});
-
-const baseCriterion = {
-  aggType: Aggregators.AVERAGE,
-  metric: 'test.metric.1',
-  timeSize: 1,
-  timeUnit: 'm',
-  comparator: Comparator.GT,
-  threshold: [0.75],
-} as MetricExpressionParams;
-
-const config = {
-  metricAlias: 'metricbeat-*',
-  fields: {
-    timefield: '@timestamp',
-  },
-} as any;
-
-const baseParams = {
-  esClient: services.scopedClusterClient.asCurrentUser,
-  params: {
-    criteria: [baseCriterion],
-    groupBy: undefined,
-    filterQuery: undefined,
-  },
-  config,
-};
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.ts
deleted file mode 100644
index 931b830875cdfa..00000000000000
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/preview_metric_threshold_alert.ts
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { first, zip } from 'lodash';
-import { Unit } from '@elastic/datemath';
-import {
-  TOO_MANY_BUCKETS_PREVIEW_EXCEPTION,
-  isTooManyBucketsPreviewException,
-} from '../../../../common/alerting/metrics';
-import { ElasticsearchClient } from '../../../../../../../src/core/server';
-import { InfraSource } from '../../../../common/source_configuration/source_configuration';
-import { getIntervalInSeconds } from '../../../utils/get_interval_in_seconds';
-import { PreviewResult } from '../common/types';
-import { MetricExpressionParams } from './types';
-import { evaluateAlert } from './lib/evaluate_alert';
-
-const MAX_ITERATIONS = 50;
-
-interface PreviewMetricThresholdAlertParams {
-  esClient: ElasticsearchClient;
-  params: {
-    criteria: MetricExpressionParams[];
-    groupBy: string | undefined | string[];
-    filterQuery: string | undefined;
-    shouldDropPartialBuckets?: boolean;
-  };
-  config: InfraSource['configuration'];
-  lookback: Unit;
-  alertInterval: string;
-  alertThrottle: string;
-  alertNotifyWhen: string;
-  alertOnNoData: boolean;
-  end?: number;
-  overrideLookbackIntervalInSeconds?: number;
-}
-
-export const previewMetricThresholdAlert: (
-  params: PreviewMetricThresholdAlertParams,
-  iterations?: number,
-  precalculatedNumberOfGroups?: number
-) => Promise<PreviewResult[]> = async (
-  {
-    esClient,
-    params,
-    config,
-    lookback,
-    alertInterval,
-    alertThrottle,
-    alertNotifyWhen,
-    alertOnNoData,
-    end = Date.now(),
-    overrideLookbackIntervalInSeconds,
-  },
-  iterations = 0,
-  precalculatedNumberOfGroups
-) => {
-  if (params.criteria.length === 0) throw new Error('Cannot execute an alert with 0 conditions');
-
-  // There are three different "intervals" we're dealing with here, so to disambiguate:
-  // - The lookback interval, which is how long of a period of time we want to examine to count
-  //   how many times the alert fired
-  // - The interval in the alert params, which we'll call the bucket interval; this is how large of
-  //   a time bucket the alert uses to evaluate its result
-  // - The alert interval, which is how often the alert fires
-
-  const { timeSize, timeUnit } = params.criteria[0];
-  const bucketInterval = `${timeSize}${timeUnit}`;
-  const bucketIntervalInSeconds = getIntervalInSeconds(bucketInterval);
-
-  const lookbackInterval = `1${lookback}`;
-  const lookbackIntervalInSeconds =
-    overrideLookbackIntervalInSeconds ?? getIntervalInSeconds(lookbackInterval);
-
-  const start = end - lookbackIntervalInSeconds * 1000;
-  const timeframe = { start, end };
-
-  // Get a date histogram using the bucket interval and the lookback interval
-  try {
-    const alertResults = await evaluateAlert(esClient, params, config, timeframe);
-    const groups = Object.keys(first(alertResults)!);
-
-    // Now determine how to interpolate this histogram based on the alert interval
-    const alertIntervalInSeconds = getIntervalInSeconds(alertInterval);
-    const alertResultsPerExecution = alertIntervalInSeconds / bucketIntervalInSeconds;
-    const throttleIntervalInSeconds = Math.max(
-      getIntervalInSeconds(alertThrottle),
-      alertIntervalInSeconds
-    );
-
-    const previewResults = await Promise.all(
-      groups.map(async (group) => {
-        // Interpolate the buckets returned by evaluateAlert and return a count of how many of these
-        // buckets would have fired the alert. If the alert interval and bucket interval are the same,
-        // this will be a 1:1 evaluation of the alert results. If these are different, the interpolation
-        // will skip some buckets or read some buckets more than once, depending on the differential
-        const numberOfResultBuckets = first(alertResults)![group].shouldFire.length;
-        const numberOfExecutionBuckets = Math.floor(
-          numberOfResultBuckets / alertResultsPerExecution
-        );
-        let numberOfTimesFired = 0;
-        let numberOfTimesWarned = 0;
-        let numberOfNoDataResults = 0;
-        let numberOfErrors = 0;
-        let numberOfNotifications = 0;
-        let throttleTracker = 0;
-        let previousActionGroup: string | null = null;
-        const notifyWithThrottle = (actionGroup: string) => {
-          if (alertNotifyWhen === 'onActionGroupChange') {
-            if (previousActionGroup !== actionGroup) numberOfNotifications++;
-            previousActionGroup = actionGroup;
-          } else if (alertNotifyWhen === 'onThrottleInterval') {
-            if (throttleTracker === 0) numberOfNotifications++;
-            throttleTracker += alertIntervalInSeconds;
-          } else {
-            numberOfNotifications++;
-          }
-        };
-        for (let i = 0; i < numberOfExecutionBuckets; i++) {
-          const mappedBucketIndex = Math.floor(i * alertResultsPerExecution);
-          const allConditionsFiredInMappedBucket = alertResults.every(
-            (alertResult) => alertResult[group].shouldFire[mappedBucketIndex]
-          );
-          const allConditionsWarnInMappedBucket =
-            !allConditionsFiredInMappedBucket &&
-            alertResults.every((alertResult) => alertResult[group].shouldWarn[mappedBucketIndex]);
-          const someConditionsNoDataInMappedBucket = alertResults.some((alertResult) => {
-            const hasNoData = alertResult[group].isNoData as boolean[];
-            return hasNoData[mappedBucketIndex];
-          });
-          const someConditionsErrorInMappedBucket = alertResults.some((alertResult) => {
-            return alertResult[group].isError;
-          });
-          if (someConditionsErrorInMappedBucket) {
-            numberOfErrors++;
-            if (alertOnNoData) {
-              notifyWithThrottle('fired'); // TODO: Update this when No Data alerts move to an action group
-            }
-          } else if (someConditionsNoDataInMappedBucket) {
-            numberOfNoDataResults++;
-            if (alertOnNoData) {
-              notifyWithThrottle('fired'); // TODO: Update this when No Data alerts move to an action group
-            }
-          } else if (allConditionsFiredInMappedBucket) {
-            numberOfTimesFired++;
-            notifyWithThrottle('fired');
-          } else if (allConditionsWarnInMappedBucket) {
-            numberOfTimesWarned++;
-            notifyWithThrottle('warning');
-          } else {
-            previousActionGroup = 'recovered';
-            if (throttleTracker > 0) {
-              throttleTracker += alertIntervalInSeconds;
-            }
-          }
-          if (throttleTracker >= throttleIntervalInSeconds) {
-            throttleTracker = 0;
-          }
-        }
-        return {
-          fired: numberOfTimesFired,
-          warning: numberOfTimesWarned,
-          noData: numberOfNoDataResults,
-          error: numberOfErrors,
-          notifications: numberOfNotifications,
-        };
-      })
-    );
-    return previewResults;
-  } catch (e) {
-    if (isTooManyBucketsPreviewException(e)) {
-      // If there's too much data on the first request, recursively slice the lookback interval
-      // until all the data can be retrieved
-      const basePreviewParams = {
-        esClient,
-        params,
-        config,
-        lookback,
-        alertInterval,
-        alertThrottle,
-        alertOnNoData,
-        alertNotifyWhen,
-      };
-      const { maxBuckets } = e;
-      // If this is still the first iteration, try to get the number of groups in order to
-      // calculate max buckets. If this fails, just estimate based on 1 group
-      const currentAlertResults = !precalculatedNumberOfGroups
-        ? await evaluateAlert(esClient, params, config)
-        : [];
-      const numberOfGroups =
-        precalculatedNumberOfGroups ?? Math.max(Object.keys(first(currentAlertResults)!).length, 1);
-      const estimatedTotalBuckets =
-        (lookbackIntervalInSeconds / bucketIntervalInSeconds) * numberOfGroups;
-      // The minimum number of slices is 2. In case we underestimate the total number of buckets
-      // in the first iteration, we can bisect the remaining buckets on further recursions to get
-      // all the data needed
-      const slices = Math.max(Math.ceil(estimatedTotalBuckets / maxBuckets), 2);
-      const slicedLookback = Math.floor(lookbackIntervalInSeconds / slices);
-
-      // Bail out if it looks like this is going to take too long
-      if (slicedLookback <= 0 || iterations > MAX_ITERATIONS || slices > MAX_ITERATIONS) {
-        throw new Error(`${TOO_MANY_BUCKETS_PREVIEW_EXCEPTION}:${maxBuckets * MAX_ITERATIONS}`);
-      }
-
-      const slicedRequests = [...Array(slices)].map((_, i) => {
-        return previewMetricThresholdAlert(
-          {
-            ...basePreviewParams,
-            end: Math.min(end, start + slicedLookback * (i + 1) * 1000),
-            overrideLookbackIntervalInSeconds: slicedLookback,
-          },
-          iterations + slices,
-          numberOfGroups
-        );
-      });
-      const results = await Promise.all(slicedRequests);
-      const zippedResult = zip(...results).map((result) =>
-        result
-          // `undefined` values occur if there is no data at all in a certain slice, and that slice
-          // returns an empty array. This is different from an error or no data state,
-          // so filter these results out entirely and only regard the resultA portion
-          .filter(
-            <Value>(value: Value): value is NonNullable<Value> => typeof value !== 'undefined'
-          )
-          .reduce((a, b) => {
-            if (!a) return b;
-            if (!b) return a;
-            const res = { ...a };
-            const entries = (Object.entries(b) as unknown) as Array<[keyof PreviewResult, number]>;
-            for (const [key, value] of entries) {
-              res[key] += value;
-            }
-            return res;
-          })
-      );
-      return zippedResult;
-    } else throw e;
-  }
-};
diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
index 5af14b3fbd17d6..409a4329aa65c5 100644
--- a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/test_mocks.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { range } from 'lodash';
 const bucketsA = (from: number) => [
   {
     doc_count: null,
@@ -104,61 +103,6 @@ const bucketsC = (from: number) => [
   },
 ];
 
-const previewBucketsA = (from: number) =>
-  range(from, from + 3600000, 60000).map((timestamp, i) => {
-    return {
-      doc_count: i % 2 ? 3 : 2,
-      aggregatedValue: { value: i % 2 ? 16 : 0.5 },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  });
-
-const previewBucketsB = (from: number) =>
-  range(from, from + 3600000, 60000).map((timestamp, i) => {
-    const value = i % 2 ? 3.5 : 2.5;
-    return {
-      doc_count: i % 2 ? 3 : 2,
-      aggregatedValue: { value, values: [{ key: 99.0, value }] },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  });
-
-const previewBucketsWithNulls = (from: number) => [
-  // 25 Fired
-  ...range(from, from + 1500000, 60000).map((timestamp) => {
-    return {
-      doc_count: 2,
-      aggregatedValue: { value: 1, values: [{ key: 95.0, value: 1 }] },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  }),
-  // 25 OK
-  ...range(from + 2100000, from + 2940000, 60000).map((timestamp) => {
-    return {
-      doc_count: 2,
-      aggregatedValue: { value: 0.5, values: [{ key: 95.0, value: 0.5 }] },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  }),
-  // 10 No Data
-  ...range(from + 3000000, from + 3600000, 60000).map((timestamp) => {
-    return {
-      doc_count: 0,
-      aggregatedValue: { value: null, values: [{ key: 95.0, value: null }] },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  }),
-];
-
-const previewBucketsRepeat = (from: number) =>
-  range(from, from + 3600000, 60000).map((timestamp, i) => {
-    return {
-      doc_count: i % 3 ? 3 : 2,
-      aggregatedValue: { value: i % 3 ? 0.5 : 16 },
-      from_as_string: new Date(timestamp).toISOString(),
-    };
-  });
-
 export const basicMetricResponse = (from: number) => ({
   aggregations: {
     aggregatedIntervals: {
@@ -271,58 +215,3 @@ export const changedSourceIdResponse = (from: number) => ({
     },
   },
 });
-
-export const basicMetricPreviewResponse = (from: number) => ({
-  aggregations: {
-    aggregatedIntervals: {
-      buckets: previewBucketsA(from),
-    },
-  },
-});
-
-export const alternateMetricPreviewResponse = (from: number) => ({
-  aggregations: {
-    aggregatedIntervals: {
-      buckets: previewBucketsWithNulls(from),
-    },
-  },
-});
-
-export const repeatingMetricPreviewResponse = (from: number) => ({
-  aggregations: {
-    aggregatedIntervals: {
-      buckets: previewBucketsRepeat(from),
-    },
-  },
-});
-
-export const basicCompositePreviewResponse = (from: number) => ({
-  aggregations: {
-    groupings: {
-      after_key: { groupBy0: 'foo' },
-      buckets: [
-        {
-          key: {
-            groupBy0: 'a',
-          },
-          aggregatedIntervals: {
-            buckets: previewBucketsA(from),
-          },
-        },
-        {
-          key: {
-            groupBy0: 'b',
-          },
-          aggregatedIntervals: {
-            buckets: previewBucketsB(from),
-          },
-        },
-      ],
-    },
-  },
-  hits: {
-    total: {
-      value: 2,
-    },
-  },
-});
diff --git a/x-pack/plugins/infra/server/routes/alerting/preview.ts b/x-pack/plugins/infra/server/routes/alerting/preview.ts
deleted file mode 100644
index 4cafc743b1ecbc..00000000000000
--- a/x-pack/plugins/infra/server/routes/alerting/preview.ts
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { PreviewResult } from '../../lib/alerting/common/types';
-import {
-  METRIC_THRESHOLD_ALERT_TYPE_ID,
-  METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID,
-  METRIC_ANOMALY_ALERT_TYPE_ID,
-  INFRA_ALERT_PREVIEW_PATH,
-  TOO_MANY_BUCKETS_PREVIEW_EXCEPTION,
-  alertPreviewRequestParamsRT,
-  alertPreviewSuccessResponsePayloadRT,
-  MetricThresholdAlertPreviewRequestParams,
-  InventoryAlertPreviewRequestParams,
-  MetricAnomalyAlertPreviewRequestParams,
-} from '../../../common/alerting/metrics';
-import { createValidationFunction } from '../../../common/runtime_types';
-import { previewInventoryMetricThresholdAlert } from '../../lib/alerting/inventory_metric_threshold/preview_inventory_metric_threshold_alert';
-import { previewMetricThresholdAlert } from '../../lib/alerting/metric_threshold/preview_metric_threshold_alert';
-import { previewMetricAnomalyAlert } from '../../lib/alerting/metric_anomaly/preview_metric_anomaly_alert';
-import { InfraBackendLibs } from '../../lib/infra_types';
-import { assertHasInfraMlPlugins } from '../../utils/request_context';
-
-export const initAlertPreviewRoute = ({
-  framework,
-  sources,
-  getLogQueryFields,
-  configuration,
-}: InfraBackendLibs) => {
-  framework.registerRoute(
-    {
-      method: 'post',
-      path: INFRA_ALERT_PREVIEW_PATH,
-      validate: {
-        body: createValidationFunction(alertPreviewRequestParamsRT),
-      },
-    },
-    framework.router.handleLegacyErrors(async (requestContext, request, response) => {
-      const {
-        lookback,
-        sourceId,
-        alertType,
-        alertInterval,
-        alertThrottle,
-        alertOnNoData,
-        alertNotifyWhen,
-      } = request.body;
-
-      const esClient = requestContext.core.elasticsearch.client.asCurrentUser;
-
-      const source = await sources.getSourceConfiguration(
-        requestContext.core.savedObjects.client,
-        sourceId || 'default'
-      );
-
-      const compositeSize = configuration.inventory.compositeSize;
-
-      try {
-        switch (alertType) {
-          case METRIC_THRESHOLD_ALERT_TYPE_ID: {
-            const {
-              groupBy,
-              criteria,
-              filterQuery,
-            } = request.body as MetricThresholdAlertPreviewRequestParams;
-            const previewResult = await previewMetricThresholdAlert({
-              esClient,
-              params: { criteria, filterQuery, groupBy },
-              lookback,
-              config: source.configuration,
-              alertInterval,
-              alertThrottle,
-              alertNotifyWhen,
-              alertOnNoData,
-            });
-
-            const payload = processPreviewResults(previewResult);
-            return response.ok({
-              body: alertPreviewSuccessResponsePayloadRT.encode(payload),
-            });
-          }
-          case METRIC_INVENTORY_THRESHOLD_ALERT_TYPE_ID: {
-            const logQueryFields = await getLogQueryFields(
-              sourceId || 'default',
-              requestContext.core.savedObjects.client,
-              requestContext.core.elasticsearch.client.asCurrentUser
-            );
-            const {
-              nodeType,
-              criteria,
-              filterQuery,
-            } = request.body as InventoryAlertPreviewRequestParams;
-            const previewResult = await previewInventoryMetricThresholdAlert({
-              esClient,
-              params: { criteria, filterQuery, nodeType },
-              lookback,
-              source,
-              logQueryFields,
-              compositeSize,
-              alertInterval,
-              alertThrottle,
-              alertNotifyWhen,
-              alertOnNoData,
-            });
-
-            const payload = processPreviewResults(previewResult);
-
-            return response.ok({
-              body: alertPreviewSuccessResponsePayloadRT.encode(payload),
-            });
-          }
-          case METRIC_ANOMALY_ALERT_TYPE_ID: {
-            assertHasInfraMlPlugins(requestContext);
-            const {
-              nodeType,
-              metric,
-              threshold,
-              influencerFilter,
-            } = request.body as MetricAnomalyAlertPreviewRequestParams;
-            const { mlAnomalyDetectors, mlSystem, spaceId } = requestContext.infra;
-
-            const previewResult = await previewMetricAnomalyAlert({
-              mlAnomalyDetectors,
-              mlSystem,
-              spaceId,
-              params: { nodeType, metric, threshold, influencerFilter },
-              lookback,
-              sourceId: source.id,
-              alertInterval,
-              alertThrottle,
-              alertOnNoData,
-              alertNotifyWhen,
-            });
-
-            return response.ok({
-              body: alertPreviewSuccessResponsePayloadRT.encode({
-                numberOfGroups: 1,
-                resultTotals: {
-                  ...previewResult,
-                  error: 0,
-                  noData: 0,
-                },
-              }),
-            });
-          }
-          default:
-            throw new Error('Unknown alert type');
-        }
-      } catch (error) {
-        if (error.message.includes(TOO_MANY_BUCKETS_PREVIEW_EXCEPTION)) {
-          return response.customError({
-            statusCode: 508,
-            body: {
-              message: error.message.split(':')[1], // Extract the max buckets from the error message
-            },
-          });
-        }
-        return response.customError({
-          statusCode: error.statusCode ?? 500,
-          body: {
-            message: error.message ?? 'An unexpected error occurred',
-          },
-        });
-      }
-    })
-  );
-};
-
-const processPreviewResults = (previewResult: PreviewResult[]) => {
-  const numberOfGroups = previewResult.length;
-  const resultTotals = previewResult.reduce(
-    (totals, { fired, warning, noData, error, notifications }) => {
-      return {
-        ...totals,
-        fired: totals.fired + fired,
-        warning: totals.warning + warning,
-        noData: totals.noData + noData,
-        error: totals.error + error,
-        notifications: totals.notifications + notifications,
-      };
-    },
-    {
-      fired: 0,
-      warning: 0,
-      noData: 0,
-      error: 0,
-      notifications: 0,
-    }
-  );
-  return { numberOfGroups, resultTotals };
-};
diff --git a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
index 20e426ac379975..669a81ffd6248e 100644
--- a/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
+++ b/x-pack/plugins/ml/public/application/components/anomalies_table/anomaly_details.js
@@ -26,6 +26,7 @@ import {
   EuiSpacer,
   EuiTabbedContent,
   EuiText,
+  EuiToolTip,
 } from '@elastic/eui';
 import { formatHumanReadableDateTimeSeconds } from '../../../../common/util/date_utils';
 
@@ -47,7 +48,7 @@ function getFilterEntity(entityName, entityValue, filter) {
   return <EntityCell entityName={entityName} entityValue={entityValue} filter={filter} />;
 }
 
-function getDetailsItems(anomaly, examples, filter) {
+function getDetailsItems(anomaly, filter) {
   const source = anomaly.source;
 
   // TODO - when multivariate analyses are more common,
@@ -183,11 +184,55 @@ function getDetailsItems(anomaly, examples, filter) {
     });
   }
 
+  items.push({
+    title: (
+      <EuiToolTip
+        position="left"
+        content={i18n.translate('xpack.ml.anomaliesTable.anomalyDetails.recordScoreTooltip', {
+          defaultMessage:
+            'A normalized score between 0-100, which indicates the relative significance of the anomaly record result. This value might change as new data is analyzed.',
+        })}
+      >
+        <span>
+          {i18n.translate('xpack.ml.anomaliesTable.anomalyDetails.recordScoreTitle', {
+            defaultMessage: 'Record score',
+          })}
+          <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignTop" />
+        </span>
+      </EuiToolTip>
+    ),
+    description: Math.floor(1000 * source.record_score) / 1000,
+  });
+
+  items.push({
+    title: (
+      <EuiToolTip
+        position="left"
+        content={i18n.translate(
+          'xpack.ml.anomaliesTable.anomalyDetails.initialRecordScoreTooltip',
+          {
+            defaultMessage:
+              'A normalized score between 0-100, which indicates the relative significance of the anomaly record when the bucket was initially processed.',
+          }
+        )}
+      >
+        <span>
+          {i18n.translate('xpack.ml.anomaliesTable.anomalyDetails.initialRecordScoreTitle', {
+            defaultMessage: 'Initial record score',
+          })}
+          <EuiIcon size="s" color="subdued" type="questionInCircle" className="eui-alignTop" />
+        </span>
+      </EuiToolTip>
+    ),
+    description: Math.floor(1000 * source.initial_record_score) / 1000,
+  });
+
   items.push({
     title: i18n.translate('xpack.ml.anomaliesTable.anomalyDetails.probabilityTitle', {
       defaultMessage: 'Probability',
     }),
-    description: source.probability,
+    description:
+      source.probability !== undefined ? Number.parseFloat(source.probability).toPrecision(3) : '',
   });
 
   // If there was only one cause, the actual, typical and by_field
@@ -469,7 +514,7 @@ export class AnomalyDetails extends Component {
   }
 
   renderDetails() {
-    const detailItems = getDetailsItems(this.props.anomaly, this.props.examples, this.props.filter);
+    const detailItems = getDetailsItems(this.props.anomaly, this.props.filter);
     const isInterimResult = get(this.props.anomaly, 'source.is_interim', false);
     return (
       <React.Fragment>
diff --git a/x-pack/plugins/ml/public/application/components/rule_editor/scope_section.js b/x-pack/plugins/ml/public/application/components/rule_editor/scope_section.js
index 99683e90898f1b..8cdfa4f6466aac 100644
--- a/x-pack/plugins/ml/public/application/components/rule_editor/scope_section.js
+++ b/x-pack/plugins/ml/public/application/components/rule_editor/scope_section.js
@@ -19,13 +19,13 @@ import { checkPermission } from '../../capabilities/check_capabilities';
 import { getScopeFieldDefaults } from './utils';
 import { FormattedMessage } from '@kbn/i18n/react';
 import { ML_PAGES } from '../../../../common/constants/locator';
-import { useMlUrlGenerator, useNavigateToPath } from '../../contexts/kibana';
+import { useMlLocator, useNavigateToPath } from '../../contexts/kibana';
 
 function NoFilterListsCallOut() {
-  const mlUrlGenerator = useMlUrlGenerator();
+  const mlLocator = useMlLocator();
   const navigateToPath = useNavigateToPath();
   const redirectToFilterManagementPage = async () => {
-    const path = await mlUrlGenerator.createUrl({
+    const path = await mlLocator.getUrl({
       page: ML_PAGES.FILTER_LISTS_MANAGE,
     });
     await navigateToPath(path, true);
diff --git a/x-pack/plugins/ml/public/application/routing/use_resolver.test.ts b/x-pack/plugins/ml/public/application/routing/use_resolver.test.ts
index 1d31e252b616c4..4c5c8c7b21ddd9 100644
--- a/x-pack/plugins/ml/public/application/routing/use_resolver.test.ts
+++ b/x-pack/plugins/ml/public/application/routing/use_resolver.test.ts
@@ -22,9 +22,6 @@ jest.mock('../contexts/kibana/use_create_url', () => {
 
 jest.mock('../contexts/kibana', () => {
   return {
-    useMlUrlGenerator: () => ({
-      createUrl: jest.fn(),
-    }),
     useNavigateToPath: () => jest.fn(),
     useNotifications: jest.fn(),
   };
diff --git a/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.test.tsx b/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.test.tsx
index 14d0a64be52413..d08ad48a326af0 100644
--- a/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.test.tsx
+++ b/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.test.tsx
@@ -27,14 +27,14 @@ describe('TimestampTooltip', () => {
 
   afterAll(() => moment.tz.setDefault(''));
 
-  it('should render component with relative time in body and absolute time in tooltip', () => {
+  it('should render component with absolute time in body and absolute time in tooltip', () => {
     expect(shallow(<TimestampTooltip time={timestamp} />)).toMatchInlineSnapshot(`
       <EuiToolTip
         content="Oct 10, 2019, 08:06:40.123 (UTC-7)"
         delay="regular"
         position="top"
       >
-        5 hours ago
+        Oct 10, 2019, 08:06:40.123 (UTC-7)
       </EuiToolTip>
     `);
   });
diff --git a/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.tsx b/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.tsx
index 784507fbfbcd81..7b82455ad59327 100644
--- a/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.tsx
+++ b/x-pack/plugins/observability/public/components/shared/timestamp_tooltip/index.tsx
@@ -7,7 +7,6 @@
 
 import React from 'react';
 import { EuiToolTip } from '@elastic/eui';
-import moment from 'moment-timezone';
 import { asAbsoluteDateTime, TimeUnit } from '../../../../common/utils/formatters/datetime';
 
 interface Props {
@@ -19,13 +18,11 @@ interface Props {
 }
 
 export function TimestampTooltip({ time, timeUnit = 'milliseconds' }: Props) {
-  const momentTime = moment(time);
-  const relativeTimeLabel = momentTime.fromNow();
   const absoluteTimeLabel = asAbsoluteDateTime(time, timeUnit);
 
   return (
     <EuiToolTip content={absoluteTimeLabel}>
-      <>{relativeTimeLabel}</>
+      <>{absoluteTimeLabel}</>
     </EuiToolTip>
   );
 }
diff --git a/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx b/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx
index 27a415f1b314cf..57c8225a01d264 100644
--- a/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx
+++ b/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx
@@ -5,27 +5,33 @@
  * 2.0.
  */
 
+/**
+ * We need to produce types and code transpilation at different folders during the build of the package.
+ * We have types and code at different imports because we don't want to import the whole package in the resulting webpack bundle for the plugin.
+ * This way plugins can do targeted imports to reduce the final code bundle
+ */
 import type {
   AlertConsumers as AlertConsumersTyped,
   ALERT_DURATION as ALERT_DURATION_TYPED,
   ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
   ALERT_STATUS as ALERT_STATUS_TYPED,
-  ALERT_START as ALERT_START_TYPED,
   ALERT_RULE_NAME as ALERT_RULE_NAME_TYPED,
 } from '@kbn/rule-data-utils';
 import {
-  AlertConsumers as AlertConsumersNonTyped,
   ALERT_DURATION as ALERT_DURATION_NON_TYPED,
   ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
   ALERT_STATUS as ALERT_STATUS_NON_TYPED,
-  ALERT_START as ALERT_START_NON_TYPED,
   ALERT_RULE_NAME as ALERT_RULE_NAME_NON_TYPED,
-  // @ts-expect-error
-} from '@kbn/rule-data-utils/target_node/alerts_as_data_rbac';
+  TIMESTAMP,
+  // @ts-expect-error importing from a place other than root because we want to limit what we import from this package
+} from '@kbn/rule-data-utils/target_node/technical_field_names';
+
+// @ts-expect-error importing from a place other than root because we want to limit what we import from this package
+import { AlertConsumers as AlertConsumersNonTyped } from '@kbn/rule-data-utils/target_node/alerts_as_data_rbac';
+
 import { EuiButtonIcon, EuiDataGridColumn } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import styled from 'styled-components';
-
 import React, { Suspense, useMemo, useState } from 'react';
 
 import type { TimelinesUIStart } from '../../../../timelines/public';
@@ -48,7 +54,6 @@ const AlertConsumers: typeof AlertConsumersTyped = AlertConsumersNonTyped;
 const ALERT_DURATION: typeof ALERT_DURATION_TYPED = ALERT_DURATION_NON_TYPED;
 const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
 const ALERT_STATUS: typeof ALERT_STATUS_TYPED = ALERT_STATUS_NON_TYPED;
-const ALERT_START: typeof ALERT_START_TYPED = ALERT_START_NON_TYPED;
 const ALERT_RULE_NAME: typeof ALERT_RULE_NAME_TYPED = ALERT_RULE_NAME_NON_TYPED;
 
 interface AlertsTableTGridProps {
@@ -96,11 +101,11 @@ export const columns: Array<
   },
   {
     columnHeaderType: 'not-filtered',
-    displayAsText: i18n.translate('xpack.observability.alertsTGrid.triggeredColumnDescription', {
-      defaultMessage: 'Triggered',
+    displayAsText: i18n.translate('xpack.observability.alertsTGrid.lastUpdatedColumnDescription', {
+      defaultMessage: 'Last updated',
     }),
-    id: ALERT_START,
-    initialWidth: 176,
+    id: TIMESTAMP,
+    initialWidth: 230,
   },
   {
     columnHeaderType: 'not-filtered',
diff --git a/x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx b/x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx
index 28bd59d18cb18b..f6e1d41c2a6f93 100644
--- a/x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx
+++ b/x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx
@@ -7,20 +7,24 @@
 import { EuiIconTip, EuiLink } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import React, { useEffect } from 'react';
+/**
+ * We need to produce types and code transpilation at different folders during the build of the package.
+ * We have types and code at different imports because we don't want to import the whole package in the resulting webpack bundle for the plugin.
+ * This way plugins can do targeted imports to reduce the final code bundle
+ */
 import type {
   ALERT_DURATION as ALERT_DURATION_TYPED,
   ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
-  ALERT_START as ALERT_START_TYPED,
   ALERT_STATUS as ALERT_STATUS_TYPED,
   ALERT_RULE_NAME as ALERT_RULE_NAME_TYPED,
 } from '@kbn/rule-data-utils';
 import {
   ALERT_DURATION as ALERT_DURATION_NON_TYPED,
   ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
-  ALERT_START as ALERT_START_NON_TYPED,
   ALERT_STATUS as ALERT_STATUS_NON_TYPED,
   ALERT_RULE_NAME as ALERT_RULE_NAME_NON_TYPED,
-  // @ts-expect-error
+  TIMESTAMP,
+  // @ts-expect-error importing from a place other than root because we want to limit what we import from this package
 } from '@kbn/rule-data-utils/target_node/technical_field_names';
 
 import type { CellValueElementProps, TimelineNonEcsData } from '../../../../timelines/common';
@@ -33,7 +37,6 @@ import { usePluginContext } from '../../hooks/use_plugin_context';
 
 const ALERT_DURATION: typeof ALERT_DURATION_TYPED = ALERT_DURATION_NON_TYPED;
 const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
-const ALERT_START: typeof ALERT_START_TYPED = ALERT_START_NON_TYPED;
 const ALERT_STATUS: typeof ALERT_STATUS_TYPED = ALERT_STATUS_NON_TYPED;
 const ALERT_RULE_NAME: typeof ALERT_RULE_NAME_TYPED = ALERT_RULE_NAME_NON_TYPED;
 
@@ -101,7 +104,7 @@ export const getRenderCellValue = ({
             type="check"
           />
         );
-      case ALERT_START:
+      case TIMESTAMP:
         return <TimestampTooltip time={new Date(value ?? '').getTime()} timeUnit="milliseconds" />;
       case ALERT_DURATION:
         return asDuration(Number(value));
diff --git a/x-pack/plugins/reporting/common/constants.ts b/x-pack/plugins/reporting/common/constants.ts
index be543b3908b688..4ba406a14bafcb 100644
--- a/x-pack/plugins/reporting/common/constants.ts
+++ b/x-pack/plugins/reporting/common/constants.ts
@@ -61,10 +61,14 @@ export const CSV_REPORT_TYPE = 'CSV';
 export const CSV_JOB_TYPE = 'csv_searchsource';
 
 export const PDF_REPORT_TYPE = 'printablePdf';
+export const PDF_REPORT_TYPE_V2 = 'printablePdfV2';
 export const PDF_JOB_TYPE = 'printable_pdf';
+export const PDF_JOB_TYPE_V2 = 'printable_pdf_v2';
 
 export const PNG_REPORT_TYPE = 'PNG';
+export const PNG_REPORT_TYPE_V2 = 'pngV2';
 export const PNG_JOB_TYPE = 'PNG';
+export const PNG_JOB_TYPE_V2 = 'PNGV2';
 
 export const CSV_SEARCHSOURCE_IMMEDIATE_TYPE = 'csv_searchsource_immediate';
 
@@ -98,6 +102,20 @@ export const ILM_POLICY_NAME = 'kibana-reporting';
 // Management UI route
 export const REPORTING_MANAGEMENT_HOME = '/app/management/insightsAndAlerting/reporting';
 
+export const REPORTING_REDIRECT_LOCATOR_STORE_KEY = '__REPORTING_REDIRECT_LOCATOR_STORE_KEY__';
+
+/**
+ * A way to get the client side route for the reporting redirect app.
+ *
+ * This route currently expects a job ID and a locator that to use from that job so that it can redirect to the
+ * correct page.
+ *
+ * TODO: Accommodate 'forceNow' value that some visualizations may rely on
+ */
+export const getRedirectAppPathHome = () => {
+  return '/app/management/insightsAndAlerting/reporting/r';
+};
+
 // Statuses
 export enum JOB_STATUSES {
   PENDING = 'pending',
diff --git a/x-pack/plugins/reporting/common/job_utils.ts b/x-pack/plugins/reporting/common/job_utils.ts
new file mode 100644
index 00000000000000..1a8699eeca0258
--- /dev/null
+++ b/x-pack/plugins/reporting/common/job_utils.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// TODO: Remove this code once everyone is using the new PDF format, then we can also remove the legacy
+// export type entirely
+export const isJobV2Params = ({ sharingData }: { sharingData: Record<string, unknown> }): boolean =>
+  Array.isArray(sharingData.locatorParams);
diff --git a/x-pack/plugins/reporting/common/types.ts b/x-pack/plugins/reporting/common/types.ts
index 7bcf69b564b3c7..42e8e9c52719c2 100644
--- a/x-pack/plugins/reporting/common/types.ts
+++ b/x-pack/plugins/reporting/common/types.ts
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+import type { SerializableRecord } from '@kbn/utility-types';
+
 export interface PageSizeParams {
   pageMarginTop: number;
   pageMarginBottom: number;
@@ -64,6 +66,11 @@ export interface ReportSource {
   created_by: string | false; // username or `false` if security is disabled. Used for ensuring users can only access the reports they've created.
   payload: {
     headers: string; // encrypted headers
+    /**
+     * PDF V2 reports will contain locators parameters (see {@link LocatorPublic}) that will be converted to {@link KibanaLocation}s when
+     * generating a report
+     */
+    locatorParams?: LocatorParams[];
     isDeprecated?: boolean; // set to true when the export type is being phased out
   } & BaseParams;
   meta: { objectType: string; layout?: string }; // for telemetry
@@ -167,8 +174,21 @@ export type DownloadReportFn = (jobId: JobId) => DownloadLink;
 type ManagementLink = string;
 export type ManagementLinkFn = () => ManagementLink;
 
+export interface LocatorParams<
+  P extends SerializableRecord = SerializableRecord & { forceNow?: string }
+> {
+  id: string;
+  version: string;
+  params: P;
+}
+
 export type IlmPolicyMigrationStatus = 'policy-not-found' | 'indices-not-managed-by-policy' | 'ok';
 
 export interface IlmPolicyStatusResponse {
   status: IlmPolicyMigrationStatus;
 }
+
+type Url = string;
+type UrlLocatorTuple = [url: Url, locatorParams: LocatorParams];
+
+export type UrlOrUrlLocatorTuple = Url | UrlLocatorTuple;
diff --git a/x-pack/plugins/infra/server/routes/alerting/index.ts b/x-pack/plugins/reporting/public/constants.ts
similarity index 83%
rename from x-pack/plugins/infra/server/routes/alerting/index.ts
rename to x-pack/plugins/reporting/public/constants.ts
index 91092dac7a0da3..c7e77fd44a7804 100644
--- a/x-pack/plugins/infra/server/routes/alerting/index.ts
+++ b/x-pack/plugins/reporting/public/constants.ts
@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export * from './preview';
+export const REACT_ROUTER_REDIRECT_APP_PATH = '/r';
diff --git a/x-pack/plugins/reporting/public/lib/reporting_api_client/context.tsx b/x-pack/plugins/reporting/public/lib/reporting_api_client/context.tsx
index 4070f0d6d388d0..d53c69ae22e7f8 100644
--- a/x-pack/plugins/reporting/public/lib/reporting_api_client/context.tsx
+++ b/x-pack/plugins/reporting/public/lib/reporting_api_client/context.tsx
@@ -19,7 +19,7 @@ interface ContextValue {
 
 const InternalApiClientContext = createContext<undefined | ContextValue>(undefined);
 
-export const InternalApiClientClientProvider: FunctionComponent<{
+export const InternalApiClientProvider: FunctionComponent<{
   apiClient: ReportingAPIClient;
 }> = ({ apiClient, children }) => {
   const {
diff --git a/x-pack/plugins/reporting/public/lib/reporting_api_client/index.ts b/x-pack/plugins/reporting/public/lib/reporting_api_client/index.ts
index b32d675a1d209c..7439bf8bca9002 100644
--- a/x-pack/plugins/reporting/public/lib/reporting_api_client/index.ts
+++ b/x-pack/plugins/reporting/public/lib/reporting_api_client/index.ts
@@ -9,4 +9,4 @@ export * from './reporting_api_client';
 
 export * from './hooks';
 
-export { InternalApiClientClientProvider, useInternalApiClient } from './context';
+export { InternalApiClientProvider, useInternalApiClient } from './context';
diff --git a/x-pack/plugins/reporting/public/management/mount_management_section.tsx b/x-pack/plugins/reporting/public/management/mount_management_section.tsx
index 0f0c06f8302059..56ede79086a049 100644
--- a/x-pack/plugins/reporting/public/management/mount_management_section.tsx
+++ b/x-pack/plugins/reporting/public/management/mount_management_section.tsx
@@ -11,7 +11,7 @@ import { render, unmountComponentAtNode } from 'react-dom';
 import { Observable } from 'rxjs';
 import { CoreSetup, CoreStart } from 'src/core/public';
 import { ILicense } from '../../../licensing/public';
-import { ReportingAPIClient, InternalApiClientClientProvider } from '../lib/reporting_api_client';
+import { ReportingAPIClient, InternalApiClientProvider } from '../lib/reporting_api_client';
 import { IlmPolicyStatusContextProvider } from '../lib/ilm_policy_status_context';
 import { ClientConfigType } from '../plugin';
 import type { ManagementAppMountParams, SharePluginSetup } from '../shared_imports';
@@ -32,7 +32,7 @@ export async function mountManagementSection(
       <KibanaContextProvider
         services={{ http: coreSetup.http, application: coreStart.application }}
       >
-        <InternalApiClientClientProvider apiClient={apiClient}>
+        <InternalApiClientProvider apiClient={apiClient}>
           <IlmPolicyStatusContextProvider>
             <ReportListing
               toasts={coreSetup.notifications.toasts}
@@ -43,7 +43,7 @@ export async function mountManagementSection(
               urlService={urlService}
             />
           </IlmPolicyStatusContextProvider>
-        </InternalApiClientClientProvider>
+        </InternalApiClientProvider>
       </KibanaContextProvider>
     </I18nProvider>,
     params.element
diff --git a/x-pack/plugins/reporting/public/management/report_listing.test.tsx b/x-pack/plugins/reporting/public/management/report_listing.test.tsx
index dd8b60801066fb..bae396901dc440 100644
--- a/x-pack/plugins/reporting/public/management/report_listing.test.tsx
+++ b/x-pack/plugins/reporting/public/management/report_listing.test.tsx
@@ -21,7 +21,7 @@ import type { ILicense } from '../../../licensing/public';
 import { IlmPolicyMigrationStatus, ReportApiJSON } from '../../common/types';
 import { IlmPolicyStatusContextProvider } from '../lib/ilm_policy_status_context';
 import { Job } from '../lib/job';
-import { InternalApiClientClientProvider, ReportingAPIClient } from '../lib/reporting_api_client';
+import { InternalApiClientProvider, ReportingAPIClient } from '../lib/reporting_api_client';
 import { KibanaContextProvider } from '../shared_imports';
 import { ListingProps as Props, ReportListing } from '.';
 
@@ -84,7 +84,7 @@ describe('ReportListing', () => {
   const createTestBed = registerTestBed(
     (props?: Partial<Props>) => (
       <KibanaContextProvider services={{ http: httpService, application: applicationService }}>
-        <InternalApiClientClientProvider apiClient={reportingAPIClient as ReportingAPIClient}>
+        <InternalApiClientProvider apiClient={reportingAPIClient as ReportingAPIClient}>
           <IlmPolicyStatusContextProvider>
             <ReportListing
               license$={license$}
@@ -96,7 +96,7 @@ describe('ReportListing', () => {
               {...props}
             />
           </IlmPolicyStatusContextProvider>
-        </InternalApiClientClientProvider>
+        </InternalApiClientProvider>
       </KibanaContextProvider>
     ),
     { memoryRouter: { wrapComponent: false } }
diff --git a/x-pack/plugins/reporting/public/plugin.ts b/x-pack/plugins/reporting/public/plugin.ts
index 757f226532d952..2529681a6901fe 100644
--- a/x-pack/plugins/reporting/public/plugin.ts
+++ b/x-pack/plugins/reporting/public/plugin.ts
@@ -42,6 +42,7 @@ import type {
 } from './shared_imports';
 import { ReportingCsvShareProvider } from './share_context_menu/register_csv_reporting';
 import { reportingScreenshotShareProvider } from './share_context_menu/register_pdf_png_reporting';
+import { isRedirectAppPath } from './utils';
 
 export interface ClientConfigType {
   poll: { jobsRefresh: { interval: number; intervalErrorMultiplier: number } };
@@ -167,6 +168,15 @@ export class ReportingPublicPlugin
       title: this.title,
       order: 1,
       mount: async (params) => {
+        // The redirect app will be mounted if reporting is opened on a specific path. The redirect app expects a
+        // specific environment to be present so that it can navigate to a specific application. This is used by
+        // report generation to navigate to the correct place with full app state.
+        if (isRedirectAppPath(params.history.location.pathname)) {
+          const { mountRedirectApp } = await import('./redirect');
+          return mountRedirectApp({ ...params, share, apiClient });
+        }
+
+        // Otherwise load the reporting management UI.
         params.setBreadcrumbs([{ text: this.breadcrumbText }]);
         const [[start], { mountManagementSection }] = await Promise.all([
           getStartServices(),
diff --git a/x-pack/plugins/reporting/public/redirect/index.ts b/x-pack/plugins/reporting/public/redirect/index.ts
new file mode 100644
index 00000000000000..2cf2f0c2d11a11
--- /dev/null
+++ b/x-pack/plugins/reporting/public/redirect/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { mountRedirectApp } from './mount_redirect_app';
diff --git a/x-pack/plugins/reporting/public/redirect/mount_redirect_app.tsx b/x-pack/plugins/reporting/public/redirect/mount_redirect_app.tsx
new file mode 100644
index 00000000000000..4bf6d40acb1704
--- /dev/null
+++ b/x-pack/plugins/reporting/public/redirect/mount_redirect_app.tsx
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, unmountComponentAtNode } from 'react-dom';
+import React from 'react';
+import { EuiErrorBoundary } from '@elastic/eui';
+
+import type { ManagementAppMountParams, SharePluginSetup } from '../shared_imports';
+import type { ReportingAPIClient } from '../lib/reporting_api_client';
+
+import { RedirectApp } from './redirect_app';
+
+interface MountParams extends ManagementAppMountParams {
+  apiClient: ReportingAPIClient;
+  share: SharePluginSetup;
+}
+
+export const mountRedirectApp = ({ element, apiClient, history, share }: MountParams) => {
+  render(
+    <EuiErrorBoundary>
+      <RedirectApp apiClient={apiClient} history={history} share={share} />
+    </EuiErrorBoundary>,
+    element
+  );
+
+  return () => {
+    unmountComponentAtNode(element);
+  };
+};
diff --git a/x-pack/plugins/reporting/public/redirect/redirect_app.tsx b/x-pack/plugins/reporting/public/redirect/redirect_app.tsx
new file mode 100644
index 00000000000000..60b51c0f07895c
--- /dev/null
+++ b/x-pack/plugins/reporting/public/redirect/redirect_app.tsx
@@ -0,0 +1,74 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useEffect, useState } from 'react';
+import type { FunctionComponent } from 'react';
+import { i18n } from '@kbn/i18n';
+import { EuiTitle, EuiCallOut, EuiCodeBlock } from '@elastic/eui';
+
+import type { ScopedHistory } from 'src/core/public';
+
+import { REPORTING_REDIRECT_LOCATOR_STORE_KEY } from '../../common/constants';
+import { LocatorParams } from '../../common/types';
+
+import { ReportingAPIClient } from '../lib/reporting_api_client';
+import type { SharePluginSetup } from '../shared_imports';
+
+interface Props {
+  apiClient: ReportingAPIClient;
+  history: ScopedHistory;
+  share: SharePluginSetup;
+}
+
+const i18nTexts = {
+  errorTitle: i18n.translate('xpack.reporting.redirectApp.errorTitle', {
+    defaultMessage: 'Redirect error',
+  }),
+  redirectingTitle: i18n.translate('xpack.reporting.redirectApp.redirectingMessage', {
+    defaultMessage: 'Redirecting...',
+  }),
+  consoleMessagePrefix: i18n.translate(
+    'xpack.reporting.redirectApp.redirectConsoleErrorPrefixLabel',
+    {
+      defaultMessage: 'Redirect page error:',
+    }
+  ),
+};
+
+export const RedirectApp: FunctionComponent<Props> = ({ share }) => {
+  const [error, setError] = useState<undefined | Error>();
+
+  useEffect(() => {
+    try {
+      const locatorParams = ((window as unknown) as Record<string, LocatorParams>)[
+        REPORTING_REDIRECT_LOCATOR_STORE_KEY
+      ];
+
+      if (!locatorParams) {
+        throw new Error('Could not find locator for report');
+      }
+
+      share.navigate(locatorParams);
+    } catch (e) {
+      setError(e);
+      // eslint-disable-next-line no-console
+      console.error(i18nTexts.consoleMessagePrefix, e.message);
+      throw e;
+    }
+  }, [share]);
+
+  return error ? (
+    <EuiCallOut title={i18nTexts.errorTitle} color="danger">
+      <p>{error.message}</p>
+      {error.stack && <EuiCodeBlock>{error.stack}</EuiCodeBlock>}
+    </EuiCallOut>
+  ) : (
+    <EuiTitle>
+      <h1>{i18nTexts.redirectingTitle}</h1>
+    </EuiTitle>
+  );
+};
diff --git a/x-pack/plugins/reporting/public/share_context_menu/index.ts b/x-pack/plugins/reporting/public/share_context_menu/index.ts
index 090a80d323725e..b0d6f2e6a2b52a 100644
--- a/x-pack/plugins/reporting/public/share_context_menu/index.ts
+++ b/x-pack/plugins/reporting/public/share_context_menu/index.ts
@@ -24,6 +24,7 @@ export interface ExportPanelShareOpts {
 export interface ReportingSharingData {
   title: string;
   layout: LayoutParams;
+  [key: string]: unknown;
 }
 
 export interface JobParamsProviderOptions {
diff --git a/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx b/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
index b37e31578be6d8..811d5803895dbc 100644
--- a/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
+++ b/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
@@ -9,6 +9,7 @@ import { i18n } from '@kbn/i18n';
 import React from 'react';
 import { ShareContext } from 'src/plugins/share/public';
 import { ExportPanelShareOpts, JobParamsProviderOptions, ReportingSharingData } from '.';
+import { isJobV2Params } from '../../common/job_utils';
 import { checkLicense } from '../lib/license_check';
 import { ReportingAPIClient } from '../lib/reporting_api_client';
 import { ScreenCapturePanelContent } from './screen_capture_panel_content_lazy';
@@ -16,11 +17,11 @@ import { ScreenCapturePanelContent } from './screen_capture_panel_content_lazy';
 const getJobParams = (
   apiClient: ReportingAPIClient,
   opts: JobParamsProviderOptions,
-  type: 'pdf' | 'png'
+  type: 'png' | 'pngV2' | 'printablePdf' | 'printablePdfV2'
 ) => () => {
   const {
     objectType,
-    sharingData: { title, layout },
+    sharingData: { title, layout, locatorParams },
   } = opts;
 
   const baseParams = {
@@ -29,6 +30,14 @@ const getJobParams = (
     title,
   };
 
+  if (type === 'printablePdfV2') {
+    // multi locator for PDF V2
+    return { ...baseParams, locatorParams: [locatorParams] };
+  } else if (type === 'pngV2') {
+    // single locator for PNG V2
+    return { ...baseParams, locatorParams };
+  }
+
   // Relative URL must have URL prefix (Spaces ID prefix), but not server basePath
   // Replace hashes with original RISON values.
   const relativeUrl = opts.shareableUrl.replace(
@@ -36,7 +45,7 @@ const getJobParams = (
     ''
   );
 
-  if (type === 'pdf') {
+  if (type === 'printablePdf') {
     // multi URL for PDF
     return { ...baseParams, relativeUrls: [relativeUrl] };
   }
@@ -111,6 +120,16 @@ export const reportingScreenshotShareProvider = ({
       defaultMessage: 'PNG Reports',
     });
 
+    const jobProviderOptions: JobParamsProviderOptions = {
+      shareableUrl,
+      objectType,
+      sharingData,
+    };
+
+    const isV2Job = isJobV2Params(jobProviderOptions);
+
+    const pngReportType = isV2Job ? 'pngV2' : 'png';
+
     const panelPng = {
       shareMenuItem: {
         name: pngPanelTitle,
@@ -128,10 +147,10 @@ export const reportingScreenshotShareProvider = ({
             apiClient={apiClient}
             toasts={toasts}
             uiSettings={uiSettings}
-            reportType="png"
+            reportType={pngReportType}
             objectId={objectId}
             requiresSavedState={true}
-            getJobParams={getJobParams(apiClient, { shareableUrl, objectType, sharingData }, 'png')}
+            getJobParams={getJobParams(apiClient, jobProviderOptions, pngReportType)}
             isDirty={isDirty}
             onClose={onClose}
           />
@@ -143,6 +162,8 @@ export const reportingScreenshotShareProvider = ({
       defaultMessage: 'PDF Reports',
     });
 
+    const pdfReportType = isV2Job ? 'printablePdfV2' : 'printablePdf';
+
     const panelPdf = {
       shareMenuItem: {
         name: pdfPanelTitle,
@@ -160,11 +181,11 @@ export const reportingScreenshotShareProvider = ({
             apiClient={apiClient}
             toasts={toasts}
             uiSettings={uiSettings}
-            reportType="printablePdf"
+            reportType={pdfReportType}
             objectId={objectId}
             requiresSavedState={true}
             layoutOption={objectType === 'dashboard' ? 'print' : undefined}
-            getJobParams={getJobParams(apiClient, { shareableUrl, objectType, sharingData }, 'pdf')}
+            getJobParams={getJobParams(apiClient, jobProviderOptions, pdfReportType)}
             isDirty={isDirty}
             onClose={onClose}
           />
diff --git a/x-pack/plugins/reporting/public/share_context_menu/reporting_panel_content.tsx b/x-pack/plugins/reporting/public/share_context_menu/reporting_panel_content.tsx
index af6cd0010de09b..11169dd2d2fb75 100644
--- a/x-pack/plugins/reporting/public/share_context_menu/reporting_panel_content.tsx
+++ b/x-pack/plugins/reporting/public/share_context_menu/reporting_panel_content.tsx
@@ -21,7 +21,13 @@ import React, { Component, ReactElement } from 'react';
 import { ToastsSetup, IUiSettingsClient } from 'src/core/public';
 import url from 'url';
 import { toMountPoint } from '../../../../../src/plugins/kibana_react/public';
-import { CSV_REPORT_TYPE, PDF_REPORT_TYPE, PNG_REPORT_TYPE } from '../../common/constants';
+import {
+  CSV_REPORT_TYPE,
+  PDF_REPORT_TYPE,
+  PDF_REPORT_TYPE_V2,
+  PNG_REPORT_TYPE,
+  PNG_REPORT_TYPE_V2,
+} from '../../common/constants';
 import { BaseParams } from '../../common/types';
 import { ReportingAPIClient } from '../lib/reporting_api_client';
 
@@ -200,10 +206,12 @@ class ReportingPanelContentUi extends Component<Props, State> {
   private prettyPrintReportingType = () => {
     switch (this.props.reportType) {
       case PDF_REPORT_TYPE:
+      case PDF_REPORT_TYPE_V2:
         return 'PDF';
       case 'csv_searchsource':
         return CSV_REPORT_TYPE;
       case 'png':
+      case PNG_REPORT_TYPE_V2:
         return PNG_REPORT_TYPE;
       default:
         return this.props.reportType;
diff --git a/x-pack/plugins/reporting/public/shared/get_shared_components.tsx b/x-pack/plugins/reporting/public/shared/get_shared_components.tsx
index 659eaf26781648..623e06dd744623 100644
--- a/x-pack/plugins/reporting/public/shared/get_shared_components.tsx
+++ b/x-pack/plugins/reporting/public/shared/get_shared_components.tsx
@@ -8,7 +8,7 @@
 import { CoreSetup } from 'kibana/public';
 import React from 'react';
 import { ReportingAPIClient } from '../';
-import { PDF_REPORT_TYPE } from '../../common/constants';
+import { PDF_REPORT_TYPE, PDF_REPORT_TYPE_V2, PNG_REPORT_TYPE_V2 } from '../../common/constants';
 import type { Props as PanelPropsScreenCapture } from '../share_context_menu/screen_capture_panel_content';
 import { ScreenCapturePanelContent } from '../share_context_menu/screen_capture_panel_content_lazy';
 
@@ -16,7 +16,7 @@ interface IncludeOnCloseFn {
   onClose: () => void;
 }
 
-type PropsPDF = Pick<PanelPropsScreenCapture, 'getJobParams' | 'layoutOption'> & IncludeOnCloseFn;
+type Props = Pick<PanelPropsScreenCapture, 'getJobParams' | 'layoutOption'> & IncludeOnCloseFn;
 
 /*
  * As of 7.14, the only shared component is a PDF report that is suited for Canvas integration.
@@ -25,7 +25,7 @@ type PropsPDF = Pick<PanelPropsScreenCapture, 'getJobParams' | 'layoutOption'> &
  */
 export function getSharedComponents(core: CoreSetup, apiClient: ReportingAPIClient) {
   return {
-    ReportingPanelPDF(props: PropsPDF) {
+    ReportingPanelPDF(props: Props) {
       return (
         <ScreenCapturePanelContent
           layoutOption={props.layoutOption}
@@ -38,5 +38,31 @@ export function getSharedComponents(core: CoreSetup, apiClient: ReportingAPIClie
         />
       );
     },
+    ReportingPanelPDFV2(props: Props) {
+      return (
+        <ScreenCapturePanelContent
+          layoutOption={props.layoutOption}
+          requiresSavedState={false}
+          reportType={PDF_REPORT_TYPE_V2}
+          apiClient={apiClient}
+          toasts={core.notifications.toasts}
+          uiSettings={core.uiSettings}
+          {...props}
+        />
+      );
+    },
+    ReportingPanelPNGV2(props: Props) {
+      return (
+        <ScreenCapturePanelContent
+          layoutOption={props.layoutOption}
+          requiresSavedState={false}
+          reportType={PNG_REPORT_TYPE_V2}
+          apiClient={apiClient}
+          toasts={core.notifications.toasts}
+          uiSettings={core.uiSettings}
+          {...props}
+        />
+      );
+    },
   };
 }
diff --git a/x-pack/plugins/reporting/public/utils.ts b/x-pack/plugins/reporting/public/utils.ts
new file mode 100644
index 00000000000000..f39c7ef2174ef6
--- /dev/null
+++ b/x-pack/plugins/reporting/public/utils.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { REACT_ROUTER_REDIRECT_APP_PATH } from './constants';
+
+export const isRedirectAppPath = (pathname: string) => {
+  return pathname.startsWith(REACT_ROUTER_REDIRECT_APP_PATH);
+};
diff --git a/x-pack/plugins/reporting/server/browsers/chromium/driver/chromium_driver.ts b/x-pack/plugins/reporting/server/browsers/chromium/driver/chromium_driver.ts
index 30b351ff90b6ff..823ccc3906e493 100644
--- a/x-pack/plugins/reporting/server/browsers/chromium/driver/chromium_driver.ts
+++ b/x-pack/plugins/reporting/server/browsers/chromium/driver/chromium_driver.ts
@@ -10,6 +10,8 @@ import { map, truncate } from 'lodash';
 import open from 'opn';
 import puppeteer, { ElementHandle, EvaluateFn, SerializableOrJSHandle } from 'puppeteer';
 import { parse as parseUrl } from 'url';
+import type { LocatorParams } from '../../../../common/types';
+import { REPORTING_REDIRECT_LOCATOR_STORE_KEY } from '../../../../common/constants';
 import { getDisallowedOutgoingUrlError } from '../';
 import { ReportingCore } from '../../..';
 import { KBN_SCREENSHOT_MODE_HEADER } from '../../../../../../../src/plugins/screenshot_mode/server';
@@ -94,10 +96,12 @@ export class HeadlessChromiumDriver {
       conditionalHeaders,
       waitForSelector: pageLoadSelector,
       timeout,
+      locator,
     }: {
       conditionalHeaders: ConditionalHeaders;
       waitForSelector: string;
       timeout: number;
+      locator?: LocatorParams;
     },
     logger: LevelLogger
   ): Promise<void> {
@@ -106,8 +110,27 @@ export class HeadlessChromiumDriver {
     // Reset intercepted request count
     this.interceptedCount = 0;
 
-    const enableScreenshotMode = this.core.getEnableScreenshotMode();
-    await this.page.evaluateOnNewDocument(enableScreenshotMode);
+    /**
+     * Integrate with the screenshot mode plugin contract by calling this function before any other
+     * scripts have run on the browser page.
+     */
+    await this.page.evaluateOnNewDocument(this.core.getEnableScreenshotMode());
+
+    if (locator) {
+      await this.page.evaluateOnNewDocument(
+        (key: string, value: unknown) => {
+          Object.defineProperty(window, key, {
+            configurable: false,
+            writable: false,
+            enumerable: true,
+            value,
+          });
+        },
+        REPORTING_REDIRECT_LOCATOR_STORE_KEY,
+        locator
+      );
+    }
+
     await this.page.setRequestInterception(true);
 
     this.registerListeners(conditionalHeaders, logger);
diff --git a/x-pack/plugins/reporting/server/export_types/png/lib/generate_png.ts b/x-pack/plugins/reporting/server/export_types/common/generate_png.ts
similarity index 85%
rename from x-pack/plugins/reporting/server/export_types/png/lib/generate_png.ts
rename to x-pack/plugins/reporting/server/export_types/common/generate_png.ts
index 2af56ed9881ae8..1f186010eb8bbf 100644
--- a/x-pack/plugins/reporting/server/export_types/png/lib/generate_png.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/generate_png.ts
@@ -8,11 +8,12 @@
 import apm from 'elastic-apm-node';
 import * as Rx from 'rxjs';
 import { finalize, map, tap } from 'rxjs/operators';
-import { ReportingCore } from '../../../';
-import { LevelLogger } from '../../../lib';
-import { LayoutParams, PreserveLayout } from '../../../lib/layouts';
-import { getScreenshots$, ScreenshotResults } from '../../../lib/screenshots';
-import { ConditionalHeaders } from '../../common';
+import { ReportingCore } from '../../';
+import { UrlOrUrlLocatorTuple } from '../../../common/types';
+import { LevelLogger } from '../../lib';
+import { LayoutParams, PreserveLayout } from '../../lib/layouts';
+import { getScreenshots$, ScreenshotResults } from '../../lib/screenshots';
+import { ConditionalHeaders } from '../common';
 
 function getBase64DecodedSize(value: string) {
   // @see https://en.wikipedia.org/wiki/Base64#Output_padding
@@ -30,7 +31,7 @@ export async function generatePngObservableFactory(reporting: ReportingCore) {
 
   return function generatePngObservable(
     logger: LevelLogger,
-    url: string,
+    urlOrUrlLocatorTuple: UrlOrUrlLocatorTuple,
     browserTimezone: string | undefined,
     conditionalHeaders: ConditionalHeaders,
     layoutParams: LayoutParams
@@ -47,7 +48,7 @@ export async function generatePngObservableFactory(reporting: ReportingCore) {
     let apmBuffer: typeof apm.currentSpan;
     const screenshots$ = getScreenshots$(captureConfig, browserDriverFactory, {
       logger,
-      urls: [url],
+      urlsOrUrlLocatorTuples: [urlOrUrlLocatorTuple],
       conditionalHeaders,
       layout,
       browserTimezone,
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.test.ts b/x-pack/plugins/reporting/server/export_types/common/get_custom_logo.test.ts
similarity index 91%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.test.ts
rename to x-pack/plugins/reporting/server/export_types/common/get_custom_logo.test.ts
index ebdceda0820b96..e21b7404f5ed57 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.test.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/get_custom_logo.test.ts
@@ -5,14 +5,14 @@
  * 2.0.
  */
 
-import { ReportingCore } from '../../../';
+import { ReportingCore } from '../..';
 import {
   createMockConfig,
   createMockConfigSchema,
   createMockLevelLogger,
   createMockReportingCore,
-} from '../../../test_helpers';
-import { getConditionalHeaders } from '../../common';
+} from '../../test_helpers';
+import { getConditionalHeaders } from '.';
 import { getCustomLogo } from './get_custom_logo';
 
 let mockReportingPlugin: ReportingCore;
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.ts b/x-pack/plugins/reporting/server/export_types/common/get_custom_logo.ts
similarity index 78%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.ts
rename to x-pack/plugins/reporting/server/export_types/common/get_custom_logo.ts
index d829c3483c4662..983f6f41af8d9f 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/get_custom_logo.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/get_custom_logo.ts
@@ -5,10 +5,10 @@
  * 2.0.
  */
 
-import { ReportingCore } from '../../../';
-import { UI_SETTINGS_CUSTOM_PDF_LOGO } from '../../../../common/constants';
-import { LevelLogger } from '../../../lib';
-import { ConditionalHeaders } from '../../common';
+import { ReportingCore } from '../../';
+import { UI_SETTINGS_CUSTOM_PDF_LOGO } from '../../../common/constants';
+import { LevelLogger } from '../../lib';
+import { ConditionalHeaders } from '../common';
 
 export const getCustomLogo = async (
   reporting: ReportingCore,
diff --git a/x-pack/plugins/reporting/server/export_types/common/index.ts b/x-pack/plugins/reporting/server/export_types/common/index.ts
index 8832577281bb2f..09d3236fa7b54d 100644
--- a/x-pack/plugins/reporting/server/export_types/common/index.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/index.ts
@@ -10,6 +10,9 @@ export { getConditionalHeaders } from './get_conditional_headers';
 export { getFullUrls } from './get_full_urls';
 export { omitBlockedHeaders } from './omit_blocked_headers';
 export { validateUrls } from './validate_urls';
+export { generatePngObservableFactory } from './generate_png';
+export { getCustomLogo } from './get_custom_logo';
+export { setForceNow } from './set_force_now';
 
 export interface TimeRangeParams {
   min?: Date | string | number | null;
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_doc_options.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/get_doc_options.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_doc_options.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/get_doc_options.ts
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_font.test.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/get_font.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_font.test.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/get_font.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_font.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/get_font.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_font.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/get_font.ts
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_template.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/get_template.ts
similarity index 98%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_template.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/get_template.ts
index 7813584f26e3c4..58ddeb51e7a4f3 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/get_template.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/pdf/get_template.ts
@@ -13,7 +13,7 @@ import {
   StyleDictionary,
   TDocumentDefinitions,
 } from 'pdfmake/interfaces';
-import { LayoutInstance } from '../../../../lib/layouts';
+import { LayoutInstance } from '../../../lib/layouts';
 import { REPORTING_TABLE_LAYOUT } from './get_doc_options';
 import { getFont } from './get_font';
 
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.test.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/index.test.ts
similarity index 97%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.test.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/index.test.ts
index 090ca995a15fc3..e4c0285d2ce4f3 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.test.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/pdf/index.test.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { PreserveLayout, PrintLayout } from '../../../../lib/layouts';
-import { createMockConfig, createMockConfigSchema } from '../../../../test_helpers';
+import { PreserveLayout, PrintLayout } from '../../../lib/layouts';
+import { createMockConfig, createMockConfigSchema } from '../../../test_helpers';
 import { PdfMaker } from './';
 
 const imageBase64 = `iVBORw0KGgoAAAANSUhEUgAAAOEAAADhCAMAAAAJbSJIAAAAGFBMVEXy8vJpaWn7+/vY2Nj39/cAAACcnJzx8fFvt0oZAAAAi0lEQVR4nO3SSQoDIBBFwR7U3P/GQXKEIIJULXr9H3TMrHhX5Yysvj3jjM8+XRnVa9wec8QuHKv3h74Z+PNyGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/xu3Bxy026rXu4ljdUVW395xUFfGzLo946DK+QW+bgCTFcecSAAAAABJRU5ErkJggg==`;
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.ts b/x-pack/plugins/reporting/server/export_types/common/pdf/index.ts
similarity index 96%
rename from x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.ts
rename to x-pack/plugins/reporting/server/export_types/common/pdf/index.ts
index 4056de6cbb111c..3338b83321cec4 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/pdf/index.ts
+++ b/x-pack/plugins/reporting/server/export_types/common/pdf/index.ts
@@ -12,12 +12,12 @@ import _ from 'lodash';
 import path from 'path';
 import Printer from 'pdfmake';
 import { Content, ContentImage, ContentText } from 'pdfmake/interfaces';
-import { LayoutInstance } from '../../../../lib/layouts';
+import { LayoutInstance } from '../../../lib/layouts';
 import { getDocOptions, REPORTING_TABLE_LAYOUT } from './get_doc_options';
 import { getFont } from './get_font';
 import { getTemplate } from './get_template';
 
-const assetPath = path.resolve(__dirname, '..', '..', '..', 'common', 'assets');
+const assetPath = path.resolve(__dirname, '..', '..', 'common', 'assets');
 const tableBorderWidth = 1;
 
 export class PdfMaker {
diff --git a/x-pack/plugins/reporting/server/export_types/common/set_force_now.ts b/x-pack/plugins/reporting/server/export_types/common/set_force_now.ts
new file mode 100644
index 00000000000000..ee7d613f1b8e1e
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/common/set_force_now.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { LocatorParams } from '../../../common/types';
+
+/**
+ * Add `forceNow` to {@link LocatorParams['params']} to enable clients to set the time appropriately when
+ * reporting navigates to the page in Chromium.
+ */
+export const setForceNow = (forceNow: string) => (locator: LocatorParams): LocatorParams => {
+  return {
+    ...locator,
+    params: {
+      ...locator.params,
+      forceNow,
+    },
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/common/v2/get_full_urls.ts b/x-pack/plugins/reporting/server/export_types/common/v2/get_full_urls.ts
new file mode 100644
index 00000000000000..bcfb06784a6dc2
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/common/v2/get_full_urls.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { parse as urlParse, UrlWithStringQuery } from 'url';
+import { ReportingConfig } from '../../../';
+import { getAbsoluteUrlFactory } from '../get_absolute_url';
+import { validateUrls } from '../validate_urls';
+
+export function getFullUrls(config: ReportingConfig, relativeUrls: string[]) {
+  const [basePath, protocol, hostname, port] = [
+    config.kbnConfig.get('server', 'basePath'),
+    config.get('kibanaServer', 'protocol'),
+    config.get('kibanaServer', 'hostname'),
+    config.get('kibanaServer', 'port'),
+  ] as string[];
+  const getAbsoluteUrl = getAbsoluteUrlFactory({ basePath, protocol, hostname, port });
+
+  validateUrls(relativeUrls);
+
+  const urls = relativeUrls.map((relativeUrl) => {
+    const parsedRelative: UrlWithStringQuery = urlParse(relativeUrl);
+    return getAbsoluteUrl({
+      path: parsedRelative.pathname === null ? undefined : parsedRelative.pathname,
+      hash: parsedRelative.hash === null ? undefined : parsedRelative.hash,
+      search: parsedRelative.search === null ? undefined : parsedRelative.search,
+    });
+  });
+
+  return urls;
+}
diff --git a/x-pack/plugins/reporting/server/export_types/png/execute_job/index.test.ts b/x-pack/plugins/reporting/server/export_types/png/execute_job/index.test.ts
index 34cfa66ddd5e10..61a987a8a85780 100644
--- a/x-pack/plugins/reporting/server/export_types/png/execute_job/index.test.ts
+++ b/x-pack/plugins/reporting/server/export_types/png/execute_job/index.test.ts
@@ -15,11 +15,11 @@ import {
   createMockConfigSchema,
   createMockReportingCore,
 } from '../../../test_helpers';
-import { generatePngObservableFactory } from '../lib/generate_png';
+import { generatePngObservableFactory } from '../../common';
 import { TaskPayloadPNG } from '../types';
 import { runTaskFnFactory } from './';
 
-jest.mock('../lib/generate_png', () => ({ generatePngObservableFactory: jest.fn() }));
+jest.mock('../../common/generate_png', () => ({ generatePngObservableFactory: jest.fn() }));
 
 let content: string;
 let mockReporting: ReportingCore;
diff --git a/x-pack/plugins/reporting/server/export_types/png/execute_job/index.ts b/x-pack/plugins/reporting/server/export_types/png/execute_job/index.ts
index 1027e895b2cd02..c602db61bbbc87 100644
--- a/x-pack/plugins/reporting/server/export_types/png/execute_job/index.ts
+++ b/x-pack/plugins/reporting/server/export_types/png/execute_job/index.ts
@@ -16,8 +16,8 @@ import {
   getConditionalHeaders,
   getFullUrls,
   omitBlockedHeaders,
+  generatePngObservableFactory,
 } from '../../common';
-import { generatePngObservableFactory } from '../lib/generate_png';
 import { TaskPayloadPNG } from '../types';
 
 export const runTaskFnFactory: RunTaskFnFactory<
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/create_job.ts b/x-pack/plugins/reporting/server/export_types/png_v2/create_job.ts
new file mode 100644
index 00000000000000..d04a5307f22e2c
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/create_job.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { cryptoFactory } from '../../lib';
+import { CreateJobFn, CreateJobFnFactory } from '../../types';
+import { JobParamsPNGV2, TaskPayloadPNGV2 } from './types';
+
+export const createJobFnFactory: CreateJobFnFactory<
+  CreateJobFn<JobParamsPNGV2, TaskPayloadPNGV2>
+> = function createJobFactoryFn(reporting, logger) {
+  const config = reporting.getConfig();
+  const crypto = cryptoFactory(config.get('encryptionKey'));
+
+  return async function createJob({ locatorParams, ...jobParams }, context, req) {
+    const serializedEncryptedHeaders = await crypto.encrypt(req.headers);
+
+    return {
+      ...jobParams,
+      headers: serializedEncryptedHeaders,
+      spaceId: reporting.getSpaceId(req, logger),
+      locatorParams: [locatorParams],
+      forceNow: new Date().toISOString(),
+    };
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.test.ts b/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.test.ts
new file mode 100644
index 00000000000000..2fe0aff58069ca
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.test.ts
@@ -0,0 +1,167 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import * as Rx from 'rxjs';
+import { Writable } from 'stream';
+import { ReportingCore } from '../../';
+import { CancellationToken } from '../../../common';
+import { LocatorParams } from '../../../common/types';
+import { cryptoFactory, LevelLogger } from '../../lib';
+import {
+  createMockConfig,
+  createMockConfigSchema,
+  createMockReportingCore,
+} from '../../test_helpers';
+import { generatePngObservableFactory } from '../common';
+import { runTaskFnFactory } from './execute_job';
+import { TaskPayloadPNGV2 } from './types';
+
+jest.mock('../common/generate_png', () => ({ generatePngObservableFactory: jest.fn() }));
+
+let content: string;
+let mockReporting: ReportingCore;
+let stream: jest.Mocked<Writable>;
+
+const cancellationToken = ({
+  on: jest.fn(),
+} as unknown) as CancellationToken;
+
+const mockLoggerFactory = {
+  get: jest.fn().mockImplementation(() => ({
+    error: jest.fn(),
+    debug: jest.fn(),
+    warn: jest.fn(),
+  })),
+};
+const getMockLogger = () => new LevelLogger(mockLoggerFactory);
+
+const mockEncryptionKey = 'abcabcsecuresecret';
+const encryptHeaders = async (headers: Record<string, string>) => {
+  const crypto = cryptoFactory(mockEncryptionKey);
+  return await crypto.encrypt(headers);
+};
+
+const getBasePayload = (baseObj: unknown) => baseObj as TaskPayloadPNGV2;
+
+beforeEach(async () => {
+  content = '';
+  stream = ({ write: jest.fn((chunk) => (content += chunk)) } as unknown) as typeof stream;
+
+  const mockReportingConfig = createMockConfigSchema({
+    index: '.reporting-2018.10.10',
+    encryptionKey: mockEncryptionKey,
+    queue: {
+      indexInterval: 'daily',
+      timeout: Infinity,
+    },
+  });
+
+  mockReporting = await createMockReportingCore(mockReportingConfig);
+  mockReporting.setConfig(createMockConfig(mockReportingConfig));
+
+  (generatePngObservableFactory as jest.Mock).mockReturnValue(jest.fn());
+});
+
+afterEach(() => (generatePngObservableFactory as jest.Mock).mockReset());
+
+test(`passes browserTimezone to generatePng`, async () => {
+  const encryptedHeaders = await encryptHeaders({});
+  const generatePngObservable = (await generatePngObservableFactory(mockReporting)) as jest.Mock;
+  generatePngObservable.mockReturnValue(Rx.of(Buffer.from('')));
+
+  const runTask = await runTaskFnFactory(mockReporting, getMockLogger());
+  const browserTimezone = 'UTC';
+  await runTask(
+    'pngJobId',
+    getBasePayload({
+      forceNow: 'test',
+      locatorParams: [{ version: 'test', id: 'test', params: {} }] as LocatorParams[],
+      browserTimezone,
+      headers: encryptedHeaders,
+    }),
+    cancellationToken,
+    stream
+  );
+
+  expect(generatePngObservable.mock.calls).toMatchInlineSnapshot(`
+    Array [
+      Array [
+        LevelLogger {
+          "_logger": Object {
+            "get": [MockFunction],
+          },
+          "_tags": Array [
+            "PNGV2",
+            "execute",
+            "pngJobId",
+          ],
+          "warning": [Function],
+        },
+        Array [
+          "localhost:80undefined/app/management/insightsAndAlerting/reporting/r",
+          Object {
+            "id": "test",
+            "params": Object {
+              "forceNow": "test",
+            },
+            "version": "test",
+          },
+        ],
+        "UTC",
+        Object {
+          "conditions": Object {
+            "basePath": undefined,
+            "hostname": "localhost",
+            "port": 80,
+            "protocol": undefined,
+          },
+          "headers": Object {},
+        },
+        undefined,
+      ],
+    ]
+  `);
+});
+
+test(`returns content_type of application/png`, async () => {
+  const runTask = await runTaskFnFactory(mockReporting, getMockLogger());
+  const encryptedHeaders = await encryptHeaders({});
+
+  const generatePngObservable = await generatePngObservableFactory(mockReporting);
+  (generatePngObservable as jest.Mock).mockReturnValue(Rx.of('foo'));
+
+  const { content_type: contentType } = await runTask(
+    'pngJobId',
+    getBasePayload({
+      locatorParams: [{ version: 'test', id: 'test' }] as LocatorParams[],
+      headers: encryptedHeaders,
+    }),
+    cancellationToken,
+    stream
+  );
+  expect(contentType).toBe('image/png');
+});
+
+test(`returns content of generatePng getBuffer base64 encoded`, async () => {
+  const testContent = 'raw string from get_screenhots';
+  const generatePngObservable = await generatePngObservableFactory(mockReporting);
+  (generatePngObservable as jest.Mock).mockReturnValue(Rx.of({ base64: testContent }));
+
+  const runTask = await runTaskFnFactory(mockReporting, getMockLogger());
+  const encryptedHeaders = await encryptHeaders({});
+  await runTask(
+    'pngJobId',
+    getBasePayload({
+      locatorParams: [{ version: 'test', id: 'test' }] as LocatorParams[],
+      headers: encryptedHeaders,
+    }),
+    cancellationToken,
+    stream
+  );
+
+  expect(content).toEqual(testContent);
+});
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.ts b/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.ts
new file mode 100644
index 00000000000000..66e13679498aaa
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/execute_job.ts
@@ -0,0 +1,74 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import apm from 'elastic-apm-node';
+import * as Rx from 'rxjs';
+import { catchError, finalize, map, mergeMap, takeUntil, tap } from 'rxjs/operators';
+import { PNG_JOB_TYPE_V2, getRedirectAppPathHome } from '../../../common/constants';
+import { TaskRunResult } from '../../lib/tasks';
+import { RunTaskFn, RunTaskFnFactory } from '../../types';
+import {
+  decryptJobHeaders,
+  getConditionalHeaders,
+  omitBlockedHeaders,
+  generatePngObservableFactory,
+  setForceNow,
+} from '../common';
+import { getFullUrls } from '../common/v2/get_full_urls';
+import { TaskPayloadPNGV2 } from './types';
+
+export const runTaskFnFactory: RunTaskFnFactory<
+  RunTaskFn<TaskPayloadPNGV2>
+> = function executeJobFactoryFn(reporting, parentLogger) {
+  const config = reporting.getConfig();
+  const encryptionKey = config.get('encryptionKey');
+
+  return async function runTask(jobId, job, cancellationToken, stream) {
+    const apmTrans = apm.startTransaction('reporting execute_job pngV2', 'reporting');
+    const apmGetAssets = apmTrans?.startSpan('get_assets', 'setup');
+    let apmGeneratePng: { end: () => void } | null | undefined;
+
+    const generatePngObservable = await generatePngObservableFactory(reporting);
+    const jobLogger = parentLogger.clone([PNG_JOB_TYPE_V2, 'execute', jobId]);
+    const process$: Rx.Observable<TaskRunResult> = Rx.of(1).pipe(
+      mergeMap(() => decryptJobHeaders(encryptionKey, job.headers, jobLogger)),
+      map((decryptedHeaders) => omitBlockedHeaders(decryptedHeaders)),
+      map((filteredHeaders) => getConditionalHeaders(config, filteredHeaders)),
+      mergeMap((conditionalHeaders) => {
+        const relativeUrl = getRedirectAppPathHome();
+        const [url] = getFullUrls(config, [relativeUrl]);
+        const [locatorParams] = job.locatorParams.map(setForceNow(job.forceNow));
+
+        apmGetAssets?.end();
+
+        apmGeneratePng = apmTrans?.startSpan('generate_png_pipeline', 'execute');
+        return generatePngObservable(
+          jobLogger,
+          [url, locatorParams],
+          job.browserTimezone,
+          conditionalHeaders,
+          job.layout
+        );
+      }),
+      tap(({ base64 }) => stream.write(base64)),
+      map(({ base64, warnings }) => ({
+        content_type: 'image/png',
+        content: base64,
+        size: (base64 && base64.length) || 0,
+        warnings,
+      })),
+      catchError((err) => {
+        jobLogger.error(err);
+        return Rx.throwError(err);
+      }),
+      finalize(() => apmGeneratePng?.end())
+    );
+
+    const stop$ = Rx.fromEventPattern(cancellationToken.on);
+    return process$.pipe(takeUntil(stop$)).toPromise();
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/index.ts b/x-pack/plugins/reporting/server/export_types/png_v2/index.ts
new file mode 100644
index 00000000000000..a2262be6b750b3
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/index.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  LICENSE_TYPE_ENTERPRISE,
+  LICENSE_TYPE_GOLD,
+  LICENSE_TYPE_PLATINUM,
+  LICENSE_TYPE_STANDARD,
+  LICENSE_TYPE_TRIAL,
+  PNG_JOB_TYPE_V2 as jobType,
+} from '../../../common/constants';
+import { CreateJobFn, ExportTypeDefinition, RunTaskFn } from '../../types';
+import { createJobFnFactory } from './create_job';
+import { runTaskFnFactory } from './execute_job';
+import { metadata } from './metadata';
+import { JobParamsPNGV2, TaskPayloadPNGV2 } from './types';
+
+export const getExportType = (): ExportTypeDefinition<
+  CreateJobFn<JobParamsPNGV2>,
+  RunTaskFn<TaskPayloadPNGV2>
+> => ({
+  ...metadata,
+  jobType,
+  jobContentEncoding: 'base64',
+  jobContentExtension: 'PNG',
+  createJobFnFactory,
+  runTaskFnFactory,
+  validLicenses: [
+    LICENSE_TYPE_TRIAL,
+    LICENSE_TYPE_STANDARD,
+    LICENSE_TYPE_GOLD,
+    LICENSE_TYPE_PLATINUM,
+    LICENSE_TYPE_ENTERPRISE,
+  ],
+});
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/metadata.ts b/x-pack/plugins/reporting/server/export_types/png_v2/metadata.ts
new file mode 100644
index 00000000000000..56e18b96f663ab
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/metadata.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PNG_REPORT_TYPE_V2 } from '../../../common/constants';
+
+export const metadata = {
+  id: PNG_REPORT_TYPE_V2,
+  name: 'PNG',
+};
diff --git a/x-pack/plugins/reporting/server/export_types/png_v2/types.d.ts b/x-pack/plugins/reporting/server/export_types/png_v2/types.d.ts
new file mode 100644
index 00000000000000..50c857b66934b2
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/png_v2/types.d.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { LocatorParams } from '../../../common/types';
+import type { LayoutParams } from '../../lib/layouts';
+import type { BaseParams, BasePayload } from '../../types';
+
+// Job params: structure of incoming user request data
+export interface JobParamsPNGV2 extends BaseParams {
+  layout: LayoutParams;
+  /**
+   * This value is used to re-create the same visual state as when the report was requested as well as navigate to the correct page.
+   */
+  locatorParams: LocatorParams;
+}
+
+// Job payload: structure of stored job data provided by create_job
+export interface TaskPayloadPNGV2 extends BasePayload {
+  layout: LayoutParams;
+  forceNow: string;
+  /**
+   * Even though we only ever handle one locator for a PNG, we store it as an array for consistency with how PDFs are stored
+   */
+  locatorParams: LocatorParams[];
+}
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/execute_job/index.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf/execute_job/index.ts
index a878c51ba02e29..1fcd448344bcfb 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/execute_job/index.ts
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf/execute_job/index.ts
@@ -16,9 +16,9 @@ import {
   getConditionalHeaders,
   getFullUrls,
   omitBlockedHeaders,
+  getCustomLogo,
 } from '../../common';
 import { generatePdfObservableFactory } from '../lib/generate_pdf';
-import { getCustomLogo } from '../lib/get_custom_logo';
 import { TaskPayloadPDF } from '../types';
 
 export const runTaskFnFactory: RunTaskFnFactory<
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/generate_pdf.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/generate_pdf.ts
index 88b9f8dc95b94c..737068eaba8b63 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/generate_pdf.ts
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf/lib/generate_pdf.ts
@@ -13,7 +13,7 @@ import { LevelLogger } from '../../../lib';
 import { createLayout, LayoutParams } from '../../../lib/layouts';
 import { getScreenshots$, ScreenshotResults } from '../../../lib/screenshots';
 import { ConditionalHeaders } from '../../common';
-import { PdfMaker } from './pdf';
+import { PdfMaker } from '../../common/pdf';
 import { getTracker } from './tracker';
 
 const getTimeRange = (urlScreenshots: ScreenshotResults[]) => {
@@ -50,7 +50,7 @@ export async function generatePdfObservableFactory(reporting: ReportingCore) {
     tracker.startScreenshots();
     const screenshots$ = getScreenshots$(captureConfig, browserDriverFactory, {
       logger,
-      urls,
+      urlsOrUrlLocatorTuples: urls,
       conditionalHeaders,
       layout,
       browserTimezone,
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf/types.d.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf/types.d.ts
index 26cc402a8d5098..5172bf300abc87 100644
--- a/x-pack/plugins/reporting/server/export_types/printable_pdf/types.d.ts
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf/types.d.ts
@@ -11,6 +11,7 @@ import { BaseParams, BasePayload } from '../../types';
 interface BaseParamsPDF {
   layout: LayoutParams;
   forceNow?: string;
+  // TODO: Add comment explaining this field
   relativeUrls: string[];
 }
 
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/create_job.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/create_job.ts
new file mode 100644
index 00000000000000..b621759528e80f
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/create_job.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { cryptoFactory } from '../../lib';
+import { CreateJobFn, CreateJobFnFactory } from '../../types';
+import { JobParamsPDFV2, TaskPayloadPDFV2 } from './types';
+
+export const createJobFnFactory: CreateJobFnFactory<
+  CreateJobFn<JobParamsPDFV2, TaskPayloadPDFV2>
+> = function createJobFactoryFn(reporting, logger) {
+  const config = reporting.getConfig();
+  const crypto = cryptoFactory(config.get('encryptionKey'));
+
+  return async function createJob(jobParams, context, req) {
+    const serializedEncryptedHeaders = await crypto.encrypt(req.headers);
+
+    return {
+      ...jobParams,
+      headers: serializedEncryptedHeaders,
+      spaceId: reporting.getSpaceId(req, logger),
+      forceNow: new Date().toISOString(),
+    };
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.test.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.test.ts
new file mode 100644
index 00000000000000..f1d1ec82cdcdda
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.test.ts
@@ -0,0 +1,126 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+jest.mock('./lib/generate_pdf', () => ({ generatePdfObservableFactory: jest.fn() }));
+
+import * as Rx from 'rxjs';
+import { Writable } from 'stream';
+import { ReportingCore } from '../../';
+import { CancellationToken } from '../../../common';
+import { LocatorParams } from '../../../common/types';
+import { cryptoFactory, LevelLogger } from '../../lib';
+import { createMockConfigSchema, createMockReportingCore } from '../../test_helpers';
+import { runTaskFnFactory } from './execute_job';
+import { generatePdfObservableFactory } from './lib/generate_pdf';
+import { TaskPayloadPDFV2 } from './types';
+
+let content: string;
+let mockReporting: ReportingCore;
+let stream: jest.Mocked<Writable>;
+
+const cancellationToken = ({
+  on: jest.fn(),
+} as unknown) as CancellationToken;
+
+const mockLoggerFactory = {
+  get: jest.fn().mockImplementation(() => ({
+    error: jest.fn(),
+    debug: jest.fn(),
+    warn: jest.fn(),
+  })),
+};
+const getMockLogger = () => new LevelLogger(mockLoggerFactory);
+
+const mockEncryptionKey = 'testencryptionkey';
+const encryptHeaders = async (headers: Record<string, string>) => {
+  const crypto = cryptoFactory(mockEncryptionKey);
+  return await crypto.encrypt(headers);
+};
+
+const getBasePayload = (baseObj: any) =>
+  ({
+    params: { forceNow: 'test' },
+    ...baseObj,
+  } as TaskPayloadPDFV2);
+
+beforeEach(async () => {
+  content = '';
+  stream = ({ write: jest.fn((chunk) => (content += chunk)) } as unknown) as typeof stream;
+
+  const reportingConfig = {
+    'server.basePath': '/sbp',
+    index: '.reports-test',
+    encryptionKey: mockEncryptionKey,
+    'kibanaServer.hostname': 'localhost',
+    'kibanaServer.port': 5601,
+    'kibanaServer.protocol': 'http',
+  };
+  const mockSchema = createMockConfigSchema(reportingConfig);
+  mockReporting = await createMockReportingCore(mockSchema);
+
+  (generatePdfObservableFactory as jest.Mock).mockReturnValue(jest.fn());
+});
+
+afterEach(() => (generatePdfObservableFactory as jest.Mock).mockReset());
+
+test(`passes browserTimezone to generatePdf`, async () => {
+  const encryptedHeaders = await encryptHeaders({});
+  const generatePdfObservable = (await generatePdfObservableFactory(mockReporting)) as jest.Mock;
+  generatePdfObservable.mockReturnValue(Rx.of(Buffer.from('')));
+
+  const runTask = runTaskFnFactory(mockReporting, getMockLogger());
+  const browserTimezone = 'UTC';
+  await runTask(
+    'pdfJobId',
+    getBasePayload({
+      forceNow: 'test',
+      title: 'PDF Params Timezone Test',
+      locatorParams: [{ version: 'test', id: 'test' }] as LocatorParams[],
+      browserTimezone,
+      headers: encryptedHeaders,
+    }),
+    cancellationToken,
+    stream
+  );
+
+  const tzParam = generatePdfObservable.mock.calls[0][4];
+  expect(tzParam).toBe('UTC');
+});
+
+test(`returns content_type of application/pdf`, async () => {
+  const logger = getMockLogger();
+  const runTask = runTaskFnFactory(mockReporting, logger);
+  const encryptedHeaders = await encryptHeaders({});
+
+  const generatePdfObservable = await generatePdfObservableFactory(mockReporting);
+  (generatePdfObservable as jest.Mock).mockReturnValue(Rx.of(Buffer.from('')));
+
+  const { content_type: contentType } = await runTask(
+    'pdfJobId',
+    getBasePayload({ locatorParams: [], headers: encryptedHeaders }),
+    cancellationToken,
+    stream
+  );
+  expect(contentType).toBe('application/pdf');
+});
+
+test(`returns content of generatePdf getBuffer base64 encoded`, async () => {
+  const testContent = 'test content';
+  const generatePdfObservable = await generatePdfObservableFactory(mockReporting);
+  (generatePdfObservable as jest.Mock).mockReturnValue(Rx.of({ buffer: Buffer.from(testContent) }));
+
+  const runTask = runTaskFnFactory(mockReporting, getMockLogger());
+  const encryptedHeaders = await encryptHeaders({});
+  await runTask(
+    'pdfJobId',
+    getBasePayload({ locatorParams: [], headers: encryptedHeaders }),
+    cancellationToken,
+    stream
+  );
+
+  expect(content).toEqual(Buffer.from(testContent).toString('base64'));
+});
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.ts
new file mode 100644
index 00000000000000..c79f53d48e0f1e
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/execute_job.ts
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import apm from 'elastic-apm-node';
+import * as Rx from 'rxjs';
+import { catchError, map, mergeMap, takeUntil } from 'rxjs/operators';
+import { PDF_JOB_TYPE_V2 } from '../../../common/constants';
+import { TaskRunResult } from '../../lib/tasks';
+import { RunTaskFn, RunTaskFnFactory } from '../../types';
+import {
+  decryptJobHeaders,
+  getConditionalHeaders,
+  omitBlockedHeaders,
+  getCustomLogo,
+  setForceNow,
+} from '../common';
+import { generatePdfObservableFactory } from './lib/generate_pdf';
+import { TaskPayloadPDFV2 } from './types';
+
+export const runTaskFnFactory: RunTaskFnFactory<
+  RunTaskFn<TaskPayloadPDFV2>
+> = function executeJobFactoryFn(reporting, parentLogger) {
+  const config = reporting.getConfig();
+  const encryptionKey = config.get('encryptionKey');
+
+  return async function runTask(jobId, job, cancellationToken, stream) {
+    const jobLogger = parentLogger.clone([PDF_JOB_TYPE_V2, 'execute-job', jobId]);
+    const apmTrans = apm.startTransaction('reporting execute_job pdf_v2', 'reporting');
+    const apmGetAssets = apmTrans?.startSpan('get_assets', 'setup');
+    let apmGeneratePdf: { end: () => void } | null | undefined;
+
+    const generatePdfObservable = await generatePdfObservableFactory(reporting);
+
+    const process$: Rx.Observable<TaskRunResult> = Rx.of(1).pipe(
+      mergeMap(() => decryptJobHeaders(encryptionKey, job.headers, jobLogger)),
+      map((decryptedHeaders) => omitBlockedHeaders(decryptedHeaders)),
+      map((filteredHeaders) => getConditionalHeaders(config, filteredHeaders)),
+      mergeMap((conditionalHeaders) =>
+        getCustomLogo(reporting, conditionalHeaders, job.spaceId, jobLogger)
+      ),
+      mergeMap(({ logo, conditionalHeaders }) => {
+        const { browserTimezone, layout, title, locatorParams } = job;
+        if (apmGetAssets) apmGetAssets.end();
+
+        apmGeneratePdf = apmTrans?.startSpan('generate_pdf_pipeline', 'execute');
+        return generatePdfObservable(
+          jobLogger,
+          jobId,
+          title,
+          locatorParams.map(setForceNow(job.forceNow)),
+          browserTimezone,
+          conditionalHeaders,
+          layout,
+          logo
+        );
+      }),
+      map(({ buffer, warnings }) => {
+        if (apmGeneratePdf) apmGeneratePdf.end();
+
+        const apmEncode = apmTrans?.startSpan('encode_pdf', 'output');
+        const content = buffer?.toString('base64') || null;
+        apmEncode?.end();
+
+        stream.write(content);
+
+        return {
+          content_type: 'application/pdf',
+          content,
+          size: buffer?.byteLength || 0,
+          warnings,
+        };
+      }),
+      catchError((err) => {
+        jobLogger.error(err);
+        return Rx.throwError(err);
+      })
+    );
+
+    const stop$ = Rx.fromEventPattern(cancellationToken.on);
+
+    if (apmTrans) apmTrans.end();
+    return process$.pipe(takeUntil(stop$)).toPromise();
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/index.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/index.ts
new file mode 100644
index 00000000000000..ffaf0c4567147b
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/index.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  LICENSE_TYPE_ENTERPRISE,
+  LICENSE_TYPE_GOLD,
+  LICENSE_TYPE_PLATINUM,
+  LICENSE_TYPE_STANDARD,
+  LICENSE_TYPE_TRIAL,
+  PDF_JOB_TYPE_V2 as jobType,
+} from '../../../common/constants';
+import { CreateJobFn, ExportTypeDefinition, RunTaskFn } from '../../types';
+import { createJobFnFactory } from './create_job';
+import { runTaskFnFactory } from './execute_job';
+import { metadata } from './metadata';
+import { JobParamsPDFV2, TaskPayloadPDFV2 } from './types';
+
+export const getExportType = (): ExportTypeDefinition<
+  CreateJobFn<JobParamsPDFV2>,
+  RunTaskFn<TaskPayloadPDFV2>
+> => ({
+  ...metadata,
+  jobType,
+  jobContentEncoding: 'base64',
+  jobContentExtension: 'pdf',
+  createJobFnFactory,
+  runTaskFnFactory,
+  validLicenses: [
+    LICENSE_TYPE_TRIAL,
+    LICENSE_TYPE_STANDARD,
+    LICENSE_TYPE_GOLD,
+    LICENSE_TYPE_PLATINUM,
+    LICENSE_TYPE_ENTERPRISE,
+  ],
+});
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/generate_pdf.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/generate_pdf.ts
new file mode 100644
index 00000000000000..ff3ee8e52e53a7
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/generate_pdf.ts
@@ -0,0 +1,130 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { groupBy, zip } from 'lodash';
+import * as Rx from 'rxjs';
+import { mergeMap } from 'rxjs/operators';
+import { ReportingCore } from '../../../';
+import { getRedirectAppPathHome } from '../../../../common/constants';
+import { LocatorParams, UrlOrUrlLocatorTuple } from '../../../../common/types';
+import { LevelLogger } from '../../../lib';
+import { createLayout, LayoutParams } from '../../../lib/layouts';
+import { getScreenshots$, ScreenshotResults } from '../../../lib/screenshots';
+import { ConditionalHeaders } from '../../common';
+import { PdfMaker } from '../../common/pdf';
+import { getFullUrls } from '../../common/v2/get_full_urls';
+import { getTracker } from './tracker';
+
+const getTimeRange = (urlScreenshots: ScreenshotResults[]) => {
+  const grouped = groupBy(urlScreenshots.map((u) => u.timeRange));
+  const values = Object.values(grouped);
+  if (values.length === 1) {
+    return values[0][0];
+  }
+
+  return null;
+};
+
+export async function generatePdfObservableFactory(reporting: ReportingCore) {
+  const config = reporting.getConfig();
+  const captureConfig = config.get('capture');
+  const { browserDriverFactory } = await reporting.getPluginStartDeps();
+
+  return function generatePdfObservable(
+    logger: LevelLogger,
+    jobId: string,
+    title: string,
+    locatorParams: LocatorParams[],
+    browserTimezone: string | undefined,
+    conditionalHeaders: ConditionalHeaders,
+    layoutParams: LayoutParams,
+    logo?: string
+  ): Rx.Observable<{ buffer: Buffer | null; warnings: string[] }> {
+    const tracker = getTracker();
+    tracker.startLayout();
+
+    const layout = createLayout(captureConfig, layoutParams);
+    logger.debug(`Layout: width=${layout.width} height=${layout.height}`);
+    tracker.endLayout();
+
+    tracker.startScreenshots();
+
+    /**
+     * For each locator we get the relative URL to the redirect app
+     */
+    const relativeUrls = locatorParams.map(() => getRedirectAppPathHome());
+    const urls = getFullUrls(reporting.getConfig(), relativeUrls);
+
+    const screenshots$ = getScreenshots$(captureConfig, browserDriverFactory, {
+      logger,
+      urlsOrUrlLocatorTuples: zip(urls, locatorParams) as UrlOrUrlLocatorTuple[],
+      conditionalHeaders,
+      layout,
+      browserTimezone,
+    }).pipe(
+      mergeMap(async (results: ScreenshotResults[]) => {
+        tracker.endScreenshots();
+
+        tracker.startSetup();
+        const pdfOutput = new PdfMaker(layout, logo);
+        if (title) {
+          const timeRange = getTimeRange(results);
+          title += timeRange ? ` - ${timeRange}` : '';
+          pdfOutput.setTitle(title);
+        }
+        tracker.endSetup();
+
+        results.forEach((r) => {
+          r.screenshots.forEach((screenshot) => {
+            logger.debug(`Adding image to PDF. Image base64 size: ${screenshot.base64EncodedData?.length || 0}`); // prettier-ignore
+            tracker.startAddImage();
+            tracker.endAddImage();
+            pdfOutput.addImage(screenshot.base64EncodedData, {
+              title: screenshot.title,
+              description: screenshot.description,
+            });
+          });
+        });
+
+        let buffer: Buffer | null = null;
+        try {
+          tracker.startCompile();
+          logger.debug(`Compiling PDF using "${layout.id}" layout...`);
+          pdfOutput.generate();
+          tracker.endCompile();
+
+          tracker.startGetBuffer();
+          logger.debug(`Generating PDF Buffer...`);
+          buffer = await pdfOutput.getBuffer();
+
+          const byteLength = buffer?.byteLength ?? 0;
+          logger.debug(`PDF buffer byte length: ${byteLength}`);
+          tracker.setByteLength(byteLength);
+
+          tracker.endGetBuffer();
+        } catch (err) {
+          logger.error(`Could not generate the PDF buffer!`);
+          logger.error(err);
+        }
+
+        tracker.end();
+
+        return {
+          buffer,
+          warnings: results.reduce((found, current) => {
+            if (current.error) {
+              found.push(current.error.message);
+            }
+            return found;
+          }, [] as string[]),
+        };
+      })
+    );
+
+    return screenshots$;
+  };
+}
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/tracker.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/tracker.ts
new file mode 100644
index 00000000000000..4b5a0a7bdade71
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/tracker.ts
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import apm from 'elastic-apm-node';
+
+interface PdfTracker {
+  setByteLength: (byteLength: number) => void;
+  startLayout: () => void;
+  endLayout: () => void;
+  startScreenshots: () => void;
+  endScreenshots: () => void;
+  startSetup: () => void;
+  endSetup: () => void;
+  startAddImage: () => void;
+  endAddImage: () => void;
+  startCompile: () => void;
+  endCompile: () => void;
+  startGetBuffer: () => void;
+  endGetBuffer: () => void;
+  end: () => void;
+}
+
+const SPANTYPE_SETUP = 'setup';
+const SPANTYPE_OUTPUT = 'output';
+
+interface ApmSpan {
+  end: () => void;
+}
+
+export function getTracker(): PdfTracker {
+  const apmTrans = apm.startTransaction('reporting generate_pdf', 'reporting');
+
+  let apmLayout: ApmSpan | null = null;
+  let apmScreenshots: ApmSpan | null = null;
+  let apmSetup: ApmSpan | null = null;
+  let apmAddImage: ApmSpan | null = null;
+  let apmCompilePdf: ApmSpan | null = null;
+  let apmGetBuffer: ApmSpan | null = null;
+
+  return {
+    startLayout() {
+      apmLayout = apmTrans?.startSpan('create_layout', SPANTYPE_SETUP) || null;
+    },
+    endLayout() {
+      if (apmLayout) apmLayout.end();
+    },
+    startScreenshots() {
+      apmScreenshots = apmTrans?.startSpan('screenshots_pipeline', SPANTYPE_SETUP) || null;
+    },
+    endScreenshots() {
+      if (apmScreenshots) apmScreenshots.end();
+    },
+    startSetup() {
+      apmSetup = apmTrans?.startSpan('setup_pdf', SPANTYPE_SETUP) || null;
+    },
+    endSetup() {
+      if (apmSetup) apmSetup.end();
+    },
+    startAddImage() {
+      apmAddImage = apmTrans?.startSpan('add_pdf_image', SPANTYPE_OUTPUT) || null;
+    },
+    endAddImage() {
+      if (apmAddImage) apmAddImage.end();
+    },
+    startCompile() {
+      apmCompilePdf = apmTrans?.startSpan('compile_pdf', SPANTYPE_OUTPUT) || null;
+    },
+    endCompile() {
+      if (apmCompilePdf) apmCompilePdf.end();
+    },
+    startGetBuffer() {
+      apmGetBuffer = apmTrans?.startSpan('get_buffer', SPANTYPE_OUTPUT) || null;
+    },
+    endGetBuffer() {
+      if (apmGetBuffer) apmGetBuffer.end();
+    },
+    setByteLength(byteLength: number) {
+      apmTrans?.setLabel('byte_length', byteLength, false);
+    },
+    end() {
+      if (apmTrans) apmTrans.end();
+    },
+  };
+}
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/uri_encode.js b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/uri_encode.js
new file mode 100644
index 00000000000000..c2170b0aaf8970
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/lib/uri_encode.js
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { forEach, isArray } from 'lodash';
+import { url } from '../../../../../../../src/plugins/kibana_utils/server';
+
+function toKeyValue(obj) {
+  const parts = [];
+  forEach(obj, function (value, key) {
+    if (isArray(value)) {
+      forEach(value, function (arrayValue) {
+        const keyStr = url.encodeUriQuery(key, true);
+        const valStr = arrayValue === true ? '' : '=' + url.encodeUriQuery(arrayValue, true);
+        parts.push(keyStr + valStr);
+      });
+    } else {
+      const keyStr = url.encodeUriQuery(key, true);
+      const valStr = value === true ? '' : '=' + url.encodeUriQuery(value, true);
+      parts.push(keyStr + valStr);
+    }
+  });
+  return parts.length ? parts.join('&') : '';
+}
+
+export const uriEncode = {
+  stringify: toKeyValue,
+  string: url.encodeUriQuery,
+};
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/metadata.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/metadata.ts
new file mode 100644
index 00000000000000..f4fc93a86821bb
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/metadata.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const metadata = {
+  id: 'printablePdfV2',
+  name: 'PDF',
+};
diff --git a/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/types.ts b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/types.ts
new file mode 100644
index 00000000000000..a629eea9f21f7e
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/printable_pdf_v2/types.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { LocatorParams } from '../../../common/types';
+import { LayoutParams } from '../../lib/layouts';
+import { BaseParams, BasePayload } from '../../types';
+
+interface BaseParamsPDFV2 {
+  layout: LayoutParams;
+
+  /**
+   * This value is used to re-create the same visual state as when the report was requested as well as navigate to the correct page.
+   */
+  locatorParams: LocatorParams[];
+}
+
+// Job params: structure of incoming user request data, after being parsed from RISON
+export type JobParamsPDFV2 = BaseParamsPDFV2 & BaseParams;
+
+// Job payload: structure of stored job data provided by create_job
+export interface TaskPayloadPDFV2 extends BasePayload, BaseParamsPDFV2 {
+  layout: LayoutParams;
+  /**
+   * The value of forceNow is injected server-side every time a given report is generated.
+   */
+  forceNow: string;
+}
diff --git a/x-pack/plugins/reporting/server/index.ts b/x-pack/plugins/reporting/server/index.ts
index 999311b9ae17b0..bc6529eb90782c 100644
--- a/x-pack/plugins/reporting/server/index.ts
+++ b/x-pack/plugins/reporting/server/index.ts
@@ -21,5 +21,4 @@ export {
   ReportingSetupDeps as PluginSetup,
   ReportingStartDeps as PluginStart,
 } from './types';
-
 export { ReportingPlugin as Plugin };
diff --git a/x-pack/plugins/reporting/server/lib/export_types_registry.ts b/x-pack/plugins/reporting/server/lib/export_types_registry.ts
index 890af432977512..314d50e1315656 100644
--- a/x-pack/plugins/reporting/server/lib/export_types_registry.ts
+++ b/x-pack/plugins/reporting/server/lib/export_types_registry.ts
@@ -10,7 +10,10 @@ import { getExportType as getTypeCsvDeprecated } from '../export_types/csv';
 import { getExportType as getTypeCsvFromSavedObject } from '../export_types/csv_searchsource_immediate';
 import { getExportType as getTypeCsv } from '../export_types/csv_searchsource';
 import { getExportType as getTypePng } from '../export_types/png';
+import { getExportType as getTypePngV2 } from '../export_types/png_v2';
 import { getExportType as getTypePrintablePdf } from '../export_types/printable_pdf';
+import { getExportType as getTypePrintablePdfV2 } from '../export_types/printable_pdf_v2';
+
 import { CreateJobFn, ExportTypeDefinition } from '../types';
 
 type GetCallbackFn = (item: ExportTypeDefinition) => boolean;
@@ -88,7 +91,9 @@ export function getExportTypesRegistry(): ExportTypesRegistry {
     getTypeCsvDeprecated,
     getTypeCsvFromSavedObject,
     getTypePng,
+    getTypePngV2,
     getTypePrintablePdf,
+    getTypePrintablePdfV2,
   ];
   getTypeFns.forEach((getType) => {
     registry.register(getType());
diff --git a/x-pack/plugins/reporting/server/lib/screenshots/index.ts b/x-pack/plugins/reporting/server/lib/screenshots/index.ts
index d5ef52d627c6bf..d5920605a8be66 100644
--- a/x-pack/plugins/reporting/server/lib/screenshots/index.ts
+++ b/x-pack/plugins/reporting/server/lib/screenshots/index.ts
@@ -6,6 +6,7 @@
  */
 
 import { LevelLogger } from '../';
+import { UrlOrUrlLocatorTuple } from '../../../common/types';
 import { ConditionalHeaders } from '../../export_types/common';
 import { LayoutInstance } from '../layouts';
 
@@ -13,7 +14,7 @@ export { getScreenshots$ } from './observable';
 
 export interface ScreenshotObservableOpts {
   logger: LevelLogger;
-  urls: string[];
+  urlsOrUrlLocatorTuples: UrlOrUrlLocatorTuple[];
   conditionalHeaders: ConditionalHeaders;
   layout: LayoutInstance;
   browserTimezone?: string;
diff --git a/x-pack/plugins/reporting/server/lib/screenshots/observable.test.ts b/x-pack/plugins/reporting/server/lib/screenshots/observable.test.ts
index 7458340a4a52fc..e5caa2490153a1 100644
--- a/x-pack/plugins/reporting/server/lib/screenshots/observable.test.ts
+++ b/x-pack/plugins/reporting/server/lib/screenshots/observable.test.ts
@@ -69,7 +69,7 @@ describe('Screenshot Observable Pipeline', () => {
   it('pipelines a single url into screenshot and timeRange', async () => {
     const result = await getScreenshots$(captureConfig, mockBrowserDriverFactory, {
       logger,
-      urls: ['/welcome/home/start/index.htm'],
+      urlsOrUrlLocatorTuples: ['/welcome/home/start/index.htm'],
       conditionalHeaders: {} as ConditionalHeaders,
       layout: mockLayout,
       browserTimezone: 'UTC',
@@ -129,7 +129,10 @@ describe('Screenshot Observable Pipeline', () => {
     // test
     const result = await getScreenshots$(captureConfig, mockBrowserDriverFactory, {
       logger,
-      urls: ['/welcome/home/start/index2.htm', '/welcome/home/start/index.php3?page=./home.php'],
+      urlsOrUrlLocatorTuples: [
+        '/welcome/home/start/index2.htm',
+        '/welcome/home/start/index.php3?page=./home.php',
+      ],
       conditionalHeaders: {} as ConditionalHeaders,
       layout: mockLayout,
       browserTimezone: 'UTC',
@@ -228,7 +231,7 @@ describe('Screenshot Observable Pipeline', () => {
       const getScreenshot = async () => {
         return await getScreenshots$(captureConfig, mockBrowserDriverFactory, {
           logger,
-          urls: [
+          urlsOrUrlLocatorTuples: [
             '/welcome/home/start/index2.htm',
             '/welcome/home/start/index.php3?page=./home.php3',
           ],
@@ -322,7 +325,7 @@ describe('Screenshot Observable Pipeline', () => {
       const getScreenshot = async () => {
         return await getScreenshots$(captureConfig, mockBrowserDriverFactory, {
           logger,
-          urls: ['/welcome/home/start/index.php3?page=./home.php3'],
+          urlsOrUrlLocatorTuples: ['/welcome/home/start/index.php3?page=./home.php3'],
           conditionalHeaders: {} as ConditionalHeaders,
           layout: mockLayout,
           browserTimezone: 'UTC',
@@ -352,7 +355,7 @@ describe('Screenshot Observable Pipeline', () => {
 
       const screenshots = await getScreenshots$(captureConfig, mockBrowserDriverFactory, {
         logger,
-        urls: ['/welcome/home/start/index.php3?page=./home.php3'],
+        urlsOrUrlLocatorTuples: ['/welcome/home/start/index.php3?page=./home.php3'],
         conditionalHeaders: {} as ConditionalHeaders,
         layout: mockLayout,
         browserTimezone: 'UTC',
diff --git a/x-pack/plugins/reporting/server/lib/screenshots/observable.ts b/x-pack/plugins/reporting/server/lib/screenshots/observable.ts
index baaf8a4fb38ee9..e833a0dfcaf60e 100644
--- a/x-pack/plugins/reporting/server/lib/screenshots/observable.ts
+++ b/x-pack/plugins/reporting/server/lib/screenshots/observable.ts
@@ -34,7 +34,13 @@ interface ScreenSetupData {
 export function getScreenshots$(
   captureConfig: CaptureConfig,
   browserDriverFactory: HeadlessChromiumDriverFactory,
-  { logger, urls, conditionalHeaders, layout, browserTimezone }: ScreenshotObservableOpts
+  {
+    logger,
+    urlsOrUrlLocatorTuples,
+    conditionalHeaders,
+    layout,
+    browserTimezone,
+  }: ScreenshotObservableOpts
 ): Rx.Observable<ScreenshotResults[]> {
   const apmTrans = apm.startTransaction(`reporting screenshot pipeline`, 'reporting');
 
@@ -49,8 +55,8 @@ export function getScreenshots$(
       apmCreatePage?.end();
       exit$.subscribe({ error: () => apmTrans?.end() });
 
-      return Rx.from(urls).pipe(
-        concatMap((url, index) => {
+      return Rx.from(urlsOrUrlLocatorTuples).pipe(
+        concatMap((urlOrUrlLocatorTuple, index) => {
           const setup$: Rx.Observable<ScreenSetupData> = Rx.of(1).pipe(
             mergeMap(() => {
               // If we're moving to another page in the app, we'll want to wait for the app to tell us
@@ -62,7 +68,7 @@ export function getScreenshots$(
               return openUrl(
                 captureConfig,
                 driver,
-                url,
+                urlOrUrlLocatorTuple,
                 pageLoadSelector,
                 conditionalHeaders,
                 logger
@@ -129,7 +135,7 @@ export function getScreenshots$(
             )
           );
         }),
-        take(urls.length),
+        take(urlsOrUrlLocatorTuples.length),
         toArray()
       );
     }),
diff --git a/x-pack/plugins/reporting/server/lib/screenshots/open_url.ts b/x-pack/plugins/reporting/server/lib/screenshots/open_url.ts
index 377897bcc381ff..588cd792bdf062 100644
--- a/x-pack/plugins/reporting/server/lib/screenshots/open_url.ts
+++ b/x-pack/plugins/reporting/server/lib/screenshots/open_url.ts
@@ -6,6 +6,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import { LocatorParams, UrlOrUrlLocatorTuple } from '../../../common/types';
 import { LevelLogger, startTrace } from '../';
 import { durationToNumber } from '../../../common/schema_utils';
 import { HeadlessChromiumDriver } from '../../browsers';
@@ -15,19 +16,24 @@ import { CaptureConfig } from '../../types';
 export const openUrl = async (
   captureConfig: CaptureConfig,
   browser: HeadlessChromiumDriver,
-  url: string,
-  pageLoadSelector: string,
+  urlOrUrlLocatorTuple: UrlOrUrlLocatorTuple,
+  waitForSelector: string,
   conditionalHeaders: ConditionalHeaders,
   logger: LevelLogger
 ): Promise<void> => {
   const endTrace = startTrace('open_url', 'wait');
+  let url: string;
+  let locator: undefined | LocatorParams;
+
+  if (typeof urlOrUrlLocatorTuple === 'string') {
+    url = urlOrUrlLocatorTuple;
+  } else {
+    [url, locator] = urlOrUrlLocatorTuple;
+  }
+
   try {
     const timeout = durationToNumber(captureConfig.timeouts.openUrl);
-    await browser.open(
-      url,
-      { conditionalHeaders, waitForSelector: pageLoadSelector, timeout },
-      logger
-    );
+    await browser.open(url, { conditionalHeaders, waitForSelector, timeout, locator }, logger);
   } catch (err) {
     logger.error(err);
     throw new Error(
diff --git a/x-pack/plugins/reporting/server/plugin.ts b/x-pack/plugins/reporting/server/plugin.ts
index 185b47a980bfe1..0090afb855ee9d 100644
--- a/x-pack/plugins/reporting/server/plugin.ts
+++ b/x-pack/plugins/reporting/server/plugin.ts
@@ -33,11 +33,14 @@ export class ReportingPlugin
   }
 
   public setup(core: CoreSetup, plugins: ReportingSetupDeps) {
+    const { http } = core;
+    const { screenshotMode, features, licensing, security, spaces, taskManager } = plugins;
+
     const reportingCore = new ReportingCore(this.logger, this.initContext);
 
     // prevent throwing errors in route handlers about async deps not being initialized
     // @ts-expect-error null is not assignable to object. use a boolean property to ensure reporting API is enabled.
-    core.http.registerRouteHandlerContext(PLUGIN_ID, () => {
+    http.registerRouteHandlerContext(PLUGIN_ID, () => {
       if (reportingCore.pluginIsStarted()) {
         return reportingCore.getContract();
       } else {
@@ -46,9 +49,6 @@ export class ReportingPlugin
       }
     });
 
-    const { http } = core;
-    const { screenshotMode, features, licensing, security, spaces, taskManager } = plugins;
-
     const router = http.createRouter<ReportingRequestHandlerContext>();
     const basePath = http.basePath;
 
diff --git a/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.test.ts b/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.test.ts
index 9b3260cb31da7d..4dfedef93f2912 100644
--- a/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.test.ts
+++ b/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.test.ts
@@ -18,9 +18,9 @@ import {
 import { registerDiagnoseScreenshot } from './screenshot';
 import type { ReportingRequestHandlerContext } from '../../types';
 
-jest.mock('../../export_types/png/lib/generate_png');
+jest.mock('../../export_types/common/generate_png');
 
-import { generatePngObservableFactory } from '../../export_types/png/lib/generate_png';
+import { generatePngObservableFactory } from '../../export_types/common';
 
 type SetupServerReturn = UnwrapPromise<ReturnType<typeof setupServer>>;
 
diff --git a/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.ts b/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.ts
index 765e0a2a4e8a21..3a89c869542b4a 100644
--- a/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.ts
+++ b/x-pack/plugins/reporting/server/routes/diagnostic/screenshot.ts
@@ -9,9 +9,8 @@ import { i18n } from '@kbn/i18n';
 import { ReportingCore } from '../..';
 import { APP_WRAPPER_CLASS } from '../../../../../../src/core/server';
 import { API_DIAGNOSE_URL } from '../../../common/constants';
-import { omitBlockedHeaders } from '../../export_types/common';
+import { omitBlockedHeaders, generatePngObservableFactory } from '../../export_types/common';
 import { getAbsoluteUrlFactory } from '../../export_types/common/get_absolute_url';
-import { generatePngObservableFactory } from '../../export_types/png/lib/generate_png';
 import { LevelLogger as Logger } from '../../lib';
 import { authorizedUserPreRouting } from '../lib/authorized_user_pre_routing';
 import { DiagnosticResponse } from './';
diff --git a/x-pack/plugins/reporting/server/routes/jobs.ts b/x-pack/plugins/reporting/server/routes/jobs.ts
index ad0aac121106ca..6086c1b9eb872c 100644
--- a/x-pack/plugins/reporting/server/routes/jobs.ts
+++ b/x-pack/plugins/reporting/server/routes/jobs.ts
@@ -112,7 +112,7 @@ export function registerJobInfoRoutes(reporting: ReportingCore) {
       const result = await jobsQuery.get(user, docId);
 
       if (!result) {
-        throw Boom.notFound();
+        return res.notFound();
       }
 
       const { jobtype: jobType } = result;
diff --git a/x-pack/plugins/reporting/server/types.ts b/x-pack/plugins/reporting/server/types.ts
index 16cd247b4d00e4..0d1520f3c4d0b9 100644
--- a/x-pack/plugins/reporting/server/types.ts
+++ b/x-pack/plugins/reporting/server/types.ts
@@ -30,11 +30,11 @@ import { ReportTaskParams } from './lib/tasks';
 export interface ReportingSetupDeps {
   licensing: LicensingPluginSetup;
   features: FeaturesPluginSetup;
+  screenshotMode: ScreenshotModePluginSetup;
   security?: SecurityPluginSetup;
   spaces?: SpacesPluginSetup;
   taskManager: TaskManagerSetupContract;
   usageCollection?: UsageCollectionSetup;
-  screenshotMode: ScreenshotModePluginSetup;
 }
 
 export interface ReportingStartDeps {
diff --git a/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/render_cell_value.tsx b/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/render_cell_value.tsx
index 72914507bb6a66..46fb853a7aa299 100644
--- a/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/render_cell_value.tsx
+++ b/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/render_cell_value.tsx
@@ -31,6 +31,9 @@ export const RenderCellValue: React.FC<
   rowIndex,
   setCellProps,
   timelineId,
+  ecsData,
+  rowRenderers,
+  browserFields,
 }) => (
   <DefaultCellRenderer
     columnId={columnId}
@@ -45,5 +48,8 @@ export const RenderCellValue: React.FC<
     rowIndex={rowIndex}
     setCellProps={setCellProps}
     timelineId={timelineId}
+    ecsData={ecsData}
+    rowRenderers={rowRenderers}
+    browserFields={browserFields}
   />
 );
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
index 323ef93133e247..4fc8d3e9167c20 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
@@ -31,7 +31,6 @@ import { SiemSearchBar } from '../../../common/components/search_bar';
 import { SecuritySolutionPageWrapper } from '../../../common/components/page_wrapper';
 import { inputsSelectors } from '../../../common/store/inputs';
 import { setAbsoluteRangeDatePicker } from '../../../common/store/inputs/actions';
-import { useAlertInfo } from '../../components/alerts_info';
 import { AlertsTable } from '../../components/alerts_table';
 import { NoApiIntegrationKeyCallOut } from '../../components/callouts/no_api_integration_callout';
 import { AlertsHistogramPanel } from '../../components/alerts_kpis/alerts_histogram_panel';
@@ -42,7 +41,7 @@ import { DetectionEngineHeaderPage } from '../../components/detection_engine_hea
 import { useListsConfig } from '../../containers/detection_engine/lists/use_lists_config';
 import { DetectionEngineUserUnauthenticated } from './detection_engine_user_unauthenticated';
 import * as i18n from './translations';
-import { LinkButton } from '../../../common/components/links';
+import { LinkAnchor } from '../../../common/components/links';
 import { useFormatUrl } from '../../../common/components/link_to';
 import { useGlobalFullScreen } from '../../../common/containers/use_full_screen';
 import { Display } from '../../../hosts/pages/display';
@@ -122,7 +121,6 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ({
     loading: listsConfigLoading,
     needsConfiguration: needsListsConfiguration,
   } = useListsConfig();
-  const [lastAlerts] = useAlertInfo({});
   const { formatUrl } = useFormatUrl(SecurityPageName.rules);
   const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false);
   const [showOnlyThreatIndicatorAlerts, setShowOnlyThreatIndicatorAlerts] = useState(false);
@@ -281,27 +279,14 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ({
             data-test-subj="detectionsAlertsPage"
           >
             <Display show={!globalFullScreen}>
-              <DetectionEngineHeaderPage
-                subtitle={
-                  lastAlerts != null && (
-                    <>
-                      {i18n.LAST_ALERT}
-                      {': '}
-                      {lastAlerts}
-                    </>
-                  )
-                }
-                title={i18n.PAGE_TITLE}
-              >
-                <LinkButton
-                  fill
+              <DetectionEngineHeaderPage title={i18n.PAGE_TITLE}>
+                <LinkAnchor
                   onClick={goToRules}
                   href={formatUrl(getRulesUrl())}
-                  iconType="gear"
                   data-test-subj="manage-alert-detection-rules"
                 >
                   {i18n.BUTTON_MANAGE_RULES}
-                </LinkButton>
+                </LinkAnchor>
               </DetectionEngineHeaderPage>
               <EuiHorizontalRule margin="m" />
               <AlertsTableFilterGroup onFilterGroupChanged={onFilterGroupChangedCallback} />
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts
index 9475701baf2fd6..96e423aff16586 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts
@@ -43,7 +43,7 @@ export const ALERT = i18n.translate('xpack.securitySolution.detectionEngine.aler
 export const BUTTON_MANAGE_RULES = i18n.translate(
   'xpack.securitySolution.detectionEngine.buttonManageRules',
   {
-    defaultMessage: 'Manage detection rules',
+    defaultMessage: 'Manage rules',
   }
 );
 
diff --git a/x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/catalog/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/catalog/index.tsx
index f724c19913c8e8..548dadf21b78b9 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/catalog/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/row_renderers_browser/catalog/index.tsx
@@ -40,6 +40,26 @@ const Link = ({ children, url }: { children: React.ReactNode; url: string }) =>
   </EuiLink>
 );
 
+export const eventRendererNames: { [key in RowRendererId]: string } = {
+  [RowRendererId.alerts]: i18n.ALERTS_NAME,
+  [RowRendererId.auditd]: i18n.AUDITD_NAME,
+  [RowRendererId.auditd_file]: i18n.AUDITD_FILE_NAME,
+  [RowRendererId.library]: i18n.LIBRARY_NAME,
+  [RowRendererId.system_security_event]: i18n.AUTHENTICATION_NAME,
+  [RowRendererId.system_dns]: i18n.DNS_NAME,
+  [RowRendererId.netflow]: i18n.FLOW_NAME,
+  [RowRendererId.system]: i18n.SYSTEM_NAME,
+  [RowRendererId.system_endgame_process]: i18n.PROCESS,
+  [RowRendererId.registry]: i18n.REGISTRY_NAME,
+  [RowRendererId.system_fim]: i18n.FIM_NAME,
+  [RowRendererId.system_file]: i18n.FILE_NAME,
+  [RowRendererId.system_socket]: i18n.SOCKET_NAME,
+  [RowRendererId.suricata]: 'Suricata',
+  [RowRendererId.threat_match]: i18n.THREAT_MATCH_NAME,
+  [RowRendererId.zeek]: i18n.ZEEK_NAME,
+  [RowRendererId.plain]: '',
+};
+
 export interface RowRendererOption {
   id: RowRendererId;
   name: string;
@@ -51,14 +71,14 @@ export interface RowRendererOption {
 export const renderers: RowRendererOption[] = [
   {
     id: RowRendererId.alerts,
-    name: i18n.ALERTS_NAME,
+    name: eventRendererNames[RowRendererId.alerts],
     description: i18n.ALERTS_DESCRIPTION,
     example: AlertsExample,
     searchableDescription: i18n.ALERTS_DESCRIPTION,
   },
   {
     id: RowRendererId.auditd,
-    name: i18n.AUDITD_NAME,
+    name: eventRendererNames[RowRendererId.auditd],
     description: (
       <span>
         <Link url="https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html">
@@ -72,7 +92,7 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.auditd_file,
-    name: i18n.AUDITD_FILE_NAME,
+    name: eventRendererNames[RowRendererId.auditd_file],
     description: (
       <span>
         <Link url="https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html">
@@ -86,14 +106,14 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.library,
-    name: i18n.LIBRARY_NAME,
+    name: eventRendererNames[RowRendererId.library],
     description: i18n.LIBRARY_DESCRIPTION,
     example: LibraryExample,
     searchableDescription: i18n.LIBRARY_DESCRIPTION,
   },
   {
     id: RowRendererId.system_security_event,
-    name: i18n.AUTHENTICATION_NAME,
+    name: eventRendererNames[RowRendererId.system_security_event],
     description: (
       <div>
         <p>{i18n.AUTHENTICATION_DESCRIPTION_PART1}</p>
@@ -106,14 +126,14 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.system_dns,
-    name: i18n.DNS_NAME,
+    name: eventRendererNames[RowRendererId.system_dns],
     description: i18n.DNS_DESCRIPTION_PART1,
     example: SystemDnsExample,
     searchableDescription: i18n.DNS_DESCRIPTION_PART1,
   },
   {
     id: RowRendererId.netflow,
-    name: i18n.FLOW_NAME,
+    name: eventRendererNames[RowRendererId.netflow],
     description: (
       <div>
         <p>{i18n.FLOW_DESCRIPTION_PART1}</p>
@@ -126,7 +146,7 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.system,
-    name: i18n.SYSTEM_NAME,
+    name: eventRendererNames[RowRendererId.system],
     description: (
       <div>
         <p>
@@ -145,7 +165,7 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.system_endgame_process,
-    name: i18n.PROCESS,
+    name: eventRendererNames[RowRendererId.system_endgame_process],
     description: (
       <div>
         <p>{i18n.PROCESS_DESCRIPTION_PART1}</p>
@@ -158,28 +178,28 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.registry,
-    name: i18n.REGISTRY_NAME,
+    name: eventRendererNames[RowRendererId.registry],
     description: i18n.REGISTRY_DESCRIPTION,
     example: RegistryExample,
     searchableDescription: i18n.REGISTRY_DESCRIPTION,
   },
   {
     id: RowRendererId.system_fim,
-    name: i18n.FIM_NAME,
+    name: eventRendererNames[RowRendererId.system_fim],
     description: i18n.FIM_DESCRIPTION_PART1,
     example: SystemFimExample,
     searchableDescription: i18n.FIM_DESCRIPTION_PART1,
   },
   {
     id: RowRendererId.system_file,
-    name: i18n.FILE_NAME,
+    name: eventRendererNames[RowRendererId.system_file],
     description: i18n.FILE_DESCRIPTION_PART1,
     example: SystemFileExample,
     searchableDescription: i18n.FILE_DESCRIPTION_PART1,
   },
   {
     id: RowRendererId.system_socket,
-    name: i18n.SOCKET_NAME,
+    name: eventRendererNames[RowRendererId.system_socket],
     description: (
       <div>
         <p>{i18n.SOCKET_DESCRIPTION_PART1}</p>
@@ -192,7 +212,7 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.suricata,
-    name: 'Suricata',
+    name: eventRendererNames[RowRendererId.suricata],
     description: (
       <p>
         {i18n.SURICATA_DESCRIPTION_PART1}{' '}
@@ -207,14 +227,14 @@ export const renderers: RowRendererOption[] = [
   },
   {
     id: RowRendererId.threat_match,
-    name: i18n.THREAT_MATCH_NAME,
+    name: eventRendererNames[RowRendererId.threat_match],
     description: i18n.THREAT_MATCH_DESCRIPTION,
     example: ThreatMatchExample,
     searchableDescription: `${i18n.THREAT_MATCH_NAME} ${i18n.THREAT_MATCH_DESCRIPTION}`,
   },
   {
     id: RowRendererId.zeek,
-    name: i18n.ZEEK_NAME,
+    name: eventRendererNames[RowRendererId.zeek],
     description: (
       <p>
         {i18n.ZEEK_DESCRIPTION_PART1}{' '}
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/column_renderer.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/column_renderer.ts
index fc13680b81be2b..1e6f613999ece3 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/column_renderer.ts
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/column_renderer.ts
@@ -6,7 +6,9 @@
  */
 
 import type React from 'react';
-import { ColumnHeaderOptions } from '../../../../../../common';
+
+import { BrowserFields, ColumnHeaderOptions, RowRenderer } from '../../../../../../common';
+import { Ecs } from '../../../../../../common/ecs';
 import { TimelineNonEcsData } from '../../../../../../common/search_strategy/timeline';
 
 export interface ColumnRenderer {
@@ -29,5 +31,8 @@ export interface ColumnRenderer {
     truncate?: boolean;
     values: string[] | null | undefined;
     linkValues?: string[] | null | undefined;
+    ecsData?: Ecs;
+    rowRenderers?: RowRenderer[];
+    browserFields?: BrowserFields;
   }) => React.ReactNode;
 }
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/constants.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/constants.tsx
index aeb40bed26c8ea..3a7a43da2aedc6 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/constants.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/constants.tsx
@@ -17,3 +17,4 @@ export const EVENT_URL_FIELD_NAME = 'event.url';
 export const SIGNAL_RULE_NAME_FIELD_NAME = 'signal.rule.name';
 export const SIGNAL_STATUS_FIELD_NAME = 'signal.status';
 export const AGENT_STATUS_FIELD_NAME = 'agent.status';
+export const REASON_FIELD_NAME = 'signal.reason';
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/index.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/index.ts
index 911dcc8cd2e875..11c501f9426f40 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/index.ts
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/index.ts
@@ -16,6 +16,7 @@ import { unknownColumnRenderer } from './unknown_column_renderer';
 import { zeekRowRenderer } from './zeek/zeek_row_renderer';
 import { systemRowRenderers } from './system/generic_row_renderer';
 import { threatMatchRowRenderer } from './cti/threat_match_row_renderer';
+import { reasonColumnRenderer } from './reason_column_renderer';
 
 // The row renderers are order dependent and will return the first renderer
 // which returns true from its isInstance call. The bottom renderers which
@@ -34,6 +35,7 @@ export const defaultRowRenderers: RowRenderer[] = [
 ];
 
 export const columnRenderers: ColumnRenderer[] = [
+  reasonColumnRenderer,
   plainColumnRenderer,
   emptyColumnRenderer,
   unknownColumnRenderer,
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.test.tsx
new file mode 100644
index 00000000000000..addb991af58d72
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.test.tsx
@@ -0,0 +1,148 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { mockTimelineData } from '../../../../../common/mock';
+import { defaultColumnHeaderType } from '../column_headers/default_headers';
+import { REASON_FIELD_NAME } from './constants';
+import { reasonColumnRenderer } from './reason_column_renderer';
+import { plainColumnRenderer } from './plain_column_renderer';
+
+import {
+  BrowserFields,
+  ColumnHeaderOptions,
+  RowRenderer,
+  RowRendererId,
+} from '../../../../../../common';
+import { fireEvent, render } from '@testing-library/react';
+import { TestProviders } from '../../../../../../../timelines/public/mock';
+import { useDraggableKeyboardWrapper as mockUseDraggableKeyboardWrapper } from '../../../../../../../timelines/public/components';
+import { cloneDeep } from 'lodash';
+jest.mock('./plain_column_renderer');
+
+jest.mock('../../../../../common/lib/kibana', () => {
+  const originalModule = jest.requireActual('../../../../../common/lib/kibana');
+  return {
+    ...originalModule,
+    useKibana: () => ({
+      services: {
+        timelines: {
+          getUseDraggableKeyboardWrapper: () => mockUseDraggableKeyboardWrapper,
+        },
+      },
+    }),
+  };
+});
+
+jest.mock('../../../../../common/components/link_to', () => {
+  const original = jest.requireActual('../../../../../common/components/link_to');
+  return {
+    ...original,
+    useFormatUrl: () => ({
+      formatUrl: () => '',
+    }),
+  };
+});
+
+const invalidEcs = cloneDeep(mockTimelineData[0].ecs);
+const validEcs = cloneDeep(mockTimelineData[28].ecs);
+
+const field: ColumnHeaderOptions = {
+  id: 'test-field-id',
+  columnHeaderType: defaultColumnHeaderType,
+};
+
+const rowRenderers: RowRenderer[] = [
+  {
+    id: RowRendererId.alerts,
+    isInstance: (ecs) => ecs === validEcs,
+    // eslint-disable-next-line react/display-name
+    renderRow: () => <span data-test-subj="test-row-render" />,
+  },
+];
+const browserFields: BrowserFields = {};
+
+const defaultProps = {
+  columnName: REASON_FIELD_NAME,
+  eventId: 'test-event-id',
+  field,
+  timelineId: 'test-timeline-id',
+  values: ['test-value'],
+};
+
+describe('reasonColumnRenderer', () => {
+  beforeEach(() => {
+    jest.resetAllMocks();
+  });
+
+  describe('isIntance', () => {
+    it('returns true when columnName is `signal.reason`', () => {
+      expect(reasonColumnRenderer.isInstance(REASON_FIELD_NAME, [])).toBeTruthy();
+    });
+  });
+
+  describe('renderColumn', () => {
+    it('calls `plainColumnRenderer.renderColumn` when ecsData, rowRenderers or browserFields is empty', () => {
+      reasonColumnRenderer.renderColumn(defaultProps);
+
+      expect(plainColumnRenderer.renderColumn).toBeCalledTimes(1);
+    });
+
+    it("doesn't call `plainColumnRenderer.renderColumn` when ecsData, rowRenderers or browserFields fields are not empty", () => {
+      reasonColumnRenderer.renderColumn({
+        ...defaultProps,
+        ecsData: invalidEcs,
+        rowRenderers,
+        browserFields,
+      });
+
+      expect(plainColumnRenderer.renderColumn).toBeCalledTimes(0);
+    });
+
+    it("doesn't render popover button when getRowRenderer doesn't find a rowRenderer", () => {
+      const renderedColumn = reasonColumnRenderer.renderColumn({
+        ...defaultProps,
+        ecsData: invalidEcs,
+        rowRenderers,
+        browserFields,
+      });
+
+      const wrapper = render(<TestProviders>{renderedColumn}</TestProviders>);
+
+      expect(wrapper.queryByTestId('reason-cell-button')).not.toBeInTheDocument();
+    });
+
+    it('render popover button when getRowRenderer finds a rowRenderer', () => {
+      const renderedColumn = reasonColumnRenderer.renderColumn({
+        ...defaultProps,
+        ecsData: validEcs,
+        rowRenderers,
+        browserFields,
+      });
+
+      const wrapper = render(<TestProviders>{renderedColumn}</TestProviders>);
+
+      expect(wrapper.queryByTestId('reason-cell-button')).toBeInTheDocument();
+    });
+
+    it('render rowRender inside a popover when reson field button is clicked', () => {
+      const renderedColumn = reasonColumnRenderer.renderColumn({
+        ...defaultProps,
+        ecsData: validEcs,
+        rowRenderers,
+        browserFields,
+      });
+
+      const wrapper = render(<TestProviders>{renderedColumn}</TestProviders>);
+
+      fireEvent.click(wrapper.getByTestId('reason-cell-button'));
+
+      expect(wrapper.queryByTestId('test-row-render')).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.tsx
new file mode 100644
index 00000000000000..0914c861d00edf
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/reason_column_renderer.tsx
@@ -0,0 +1,164 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiButtonEmpty, EuiPopover, EuiPopoverTitle } from '@elastic/eui';
+import { isEqual } from 'lodash/fp';
+import React, { useCallback, useMemo, useState } from 'react';
+
+import styled from 'styled-components';
+import { BrowserFields, ColumnHeaderOptions, RowRenderer } from '../../../../../../common';
+import { Ecs } from '../../../../../../common/ecs';
+import { DefaultDraggable } from '../../../../../common/components/draggables';
+import { eventRendererNames } from '../../../row_renderers_browser/catalog';
+import { ColumnRenderer } from './column_renderer';
+import { REASON_FIELD_NAME } from './constants';
+import { getRowRenderer } from './get_row_renderer';
+import { plainColumnRenderer } from './plain_column_renderer';
+import * as i18n from './translations';
+
+export const reasonColumnRenderer: ColumnRenderer = {
+  isInstance: isEqual(REASON_FIELD_NAME),
+
+  renderColumn: ({
+    columnName,
+    eventId,
+    field,
+    isDraggable = true,
+    timelineId,
+    truncate,
+    values,
+    linkValues,
+    ecsData,
+    rowRenderers = [],
+    browserFields,
+  }: {
+    columnName: string;
+    eventId: string;
+    field: ColumnHeaderOptions;
+    isDraggable?: boolean;
+    timelineId: string;
+    truncate?: boolean;
+    values: string[] | undefined | null;
+    linkValues?: string[] | null | undefined;
+
+    ecsData?: Ecs;
+    rowRenderers?: RowRenderer[];
+    browserFields?: BrowserFields;
+  }) =>
+    values != null && ecsData && rowRenderers?.length > 0 && browserFields
+      ? values.map((value, i) => (
+          <ReasonCell
+            key={`reason-column-renderer-value-${timelineId}-${columnName}-${eventId}-${field.id}-${value}-${i}`}
+            contextId={`reason-column-renderer-${timelineId}`}
+            timelineId={timelineId}
+            eventId={eventId}
+            value={value}
+            isDraggable={isDraggable}
+            fieldName={columnName}
+            ecsData={ecsData}
+            rowRenderers={rowRenderers}
+            browserFields={browserFields}
+          />
+        ))
+      : plainColumnRenderer.renderColumn({
+          columnName,
+          eventId,
+          field,
+          isDraggable,
+          timelineId,
+          truncate,
+          values,
+          linkValues,
+        }),
+};
+
+const StyledEuiButtonEmpty = styled(EuiButtonEmpty)`
+  font-weight: ${(props) => props.theme.eui.euiFontWeightRegular};
+`;
+
+const ReasonCell: React.FC<{
+  contextId: string;
+  eventId: string;
+  fieldName: string;
+  isDraggable?: boolean;
+  value: string | number | undefined | null;
+  timelineId: string;
+  ecsData: Ecs;
+  rowRenderers: RowRenderer[];
+  browserFields: BrowserFields;
+}> = ({
+  ecsData,
+  rowRenderers,
+  browserFields,
+  timelineId,
+  value,
+  fieldName,
+  isDraggable,
+  contextId,
+  eventId,
+}) => {
+  const [isOpen, setIsOpen] = useState(false);
+
+  const rowRenderer = useMemo(() => getRowRenderer(ecsData, rowRenderers), [ecsData, rowRenderers]);
+
+  const rowRender = useMemo(() => {
+    return (
+      rowRenderer &&
+      rowRenderer.renderRow({
+        browserFields,
+        data: ecsData,
+        isDraggable: true,
+        timelineId,
+      })
+    );
+  }, [rowRenderer, browserFields, ecsData, timelineId]);
+
+  const handleTogglePopOver = useCallback(() => setIsOpen(!isOpen), [setIsOpen, isOpen]);
+  const handleClosePopOver = useCallback(() => setIsOpen(false), [setIsOpen]);
+
+  const button = useMemo(
+    () => (
+      <StyledEuiButtonEmpty
+        data-test-subj="reason-cell-button"
+        size="xs"
+        flush="left"
+        onClick={handleTogglePopOver}
+      >
+        {value}
+      </StyledEuiButtonEmpty>
+    ),
+    [value, handleTogglePopOver]
+  );
+
+  return (
+    <>
+      <DefaultDraggable
+        field={fieldName}
+        id={`reason-column-draggable-${contextId}-${eventId}-${fieldName}-${value}`}
+        isDraggable={isDraggable}
+        value={`${value}`}
+        tooltipContent={value}
+      >
+        {rowRenderer && rowRender ? (
+          <EuiPopover
+            isOpen={isOpen}
+            anchorPosition="rightCenter"
+            closePopover={handleClosePopOver}
+            button={button}
+          >
+            <EuiPopoverTitle paddingSize="s">
+              {i18n.EVENT_RENDERER_POPOVER_TITLE(eventRendererNames[rowRenderer.id] ?? '')}
+            </EuiPopoverTitle>
+            {rowRender}
+          </EuiPopover>
+        ) : (
+          value
+        )}
+      </DefaultDraggable>
+    </>
+  );
+};
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts
index d00148d41f3f64..a703c7afdaf7bc 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts
@@ -51,3 +51,9 @@ export const EMPTY_STATUS = i18n.translate(
     defaultMessage: '-',
   }
 );
+
+export const EVENT_RENDERER_POPOVER_TITLE = (eventRendererName: string) =>
+  i18n.translate('xpack.securitySolution.event.reason.eventRenderPopoverTitle', {
+    values: { eventRendererName },
+    defaultMessage: 'Event renderer: {eventRendererName} ',
+  });
diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx
index d2652ed063fc7c..d45c8103d1cca5 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/cell_rendering/default_cell_renderer.tsx
@@ -22,6 +22,9 @@ export const DefaultCellRenderer: React.FC<CellValueElementProps> = ({
   linkValues,
   setCellProps,
   timelineId,
+  rowRenderers,
+  browserFields,
+  ecsData,
 }) => (
   <>
     {getColumnRenderer(header.id, columnRenderers, data).renderColumn({
@@ -36,6 +39,9 @@ export const DefaultCellRenderer: React.FC<CellValueElementProps> = ({
         data,
         fieldName: header.id,
       }),
+      rowRenderers,
+      browserFields,
+      ecsData,
     })}
   </>
 );
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule.ts
index 25e687050cf882..9d72d72e78b168 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule.ts
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export const createRuleMock = () => ({
+import { RuleParams } from '../../schemas/rule_schemas';
+
+export const createRuleMock = (params: Partial<RuleParams>) => ({
   actions: [],
   author: [],
   buildingBlockType: undefined,
@@ -49,4 +51,5 @@ export const createRuleMock = () => ({
   updatedAt: '2020-01-10T21:11:45.839Z',
   updatedBy: 'elastic',
   version: 1,
+  ...params,
 });
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule_type.ts
index 0fa2bcc270a167..151b1d8b2fb13f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule_type.ts
@@ -18,8 +18,12 @@ import { AlertAttributes } from '../../signals/types';
 import { createRuleMock } from './rule';
 import { listMock } from '../../../../../../lists/server/mocks';
 import { ruleRegistryMocks } from '../../../../../../rule_registry/server/mocks';
+import { RuleParams } from '../../schemas/rule_schemas';
 
-export const createRuleTypeMocks = () => {
+export const createRuleTypeMocks = (
+  ruleType: string = 'query',
+  ruleParams: Partial<RuleParams> = {}
+) => {
   /* eslint-disable @typescript-eslint/no-explicit-any */
   let alertExecutor: (...args: any[]) => Promise<any>;
 
@@ -43,7 +47,7 @@ export const createRuleTypeMocks = () => {
   const mockSavedObjectsClient = savedObjectsClientMock.create();
   mockSavedObjectsClient.get.mockResolvedValue({
     id: 'de2f6a49-28a3-4794-bad7-0e9482e075f8',
-    type: 'query',
+    type: ruleType,
     references: [],
     attributes: {
       actions: [],
@@ -57,7 +61,7 @@ export const createRuleTypeMocks = () => {
         interval: '30m',
       },
       throttle: '',
-      params: createRuleMock(),
+      params: createRuleMock(ruleParams),
     },
   } as SavedObject<AlertAttributes>);
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/cti.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/cti.ts
new file mode 100644
index 00000000000000..daf54e4f7cf5cf
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/cti.ts
@@ -0,0 +1,154 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ctiFieldMap = {
+  'threat.indicator': {
+    type: 'nested',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.as.number': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.as.organization.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.confidence': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.dataset': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.description': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.domain': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.email.address': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.first_seen': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.city_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.continent_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.country_iso_code': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.country_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.location': {
+    type: 'geo_point',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.region_iso_code': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.region_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.ip': {
+    type: 'ip',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.last_seen': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.marking.tlp': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.atomic': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.field': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.type': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.module': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.port': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.provider': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.scanner_stats': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.sightings': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.type': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/index.ts
index 1b1fe48be00e00..75252cc3d47aed 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/index.ts
@@ -6,3 +6,4 @@
  */
 
 export { createQueryAlertType } from './query/create_query_alert_type';
+export { createIndicatorMatchAlertType } from './indicator_match/create_indicator_match_alert_type';
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts
new file mode 100644
index 00000000000000..50aff001913965
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.test.ts
@@ -0,0 +1,260 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { v4 } from 'uuid';
+
+// eslint-disable-next-line @kbn/eslint/no-restricted-paths
+import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks';
+
+import { allowedExperimentalValues } from '../../../../../common/experimental_features';
+import { createRuleTypeMocks } from '../__mocks__/rule_type';
+import { createIndicatorMatchAlertType } from './create_indicator_match_alert_type';
+import { sampleDocNoSortId } from '../../signals/__mocks__/es_results';
+import { CountResponse } from 'kibana/server';
+import { RuleParams } from '../../schemas/rule_schemas';
+
+jest.mock('../utils/get_list_client', () => ({
+  getListClient: jest.fn().mockReturnValue({
+    listClient: {
+      getListItemIndex: jest.fn(),
+    },
+    exceptionsClient: jest.fn(),
+  }),
+}));
+
+jest.mock('../../signals/rule_status_service', () => ({
+  ruleStatusServiceFactory: () => ({
+    goingToRun: jest.fn(),
+    success: jest.fn(),
+    partialFailure: jest.fn(),
+    error: jest.fn(),
+  }),
+}));
+
+describe('Indicator Match Alerts', () => {
+  const params: Partial<RuleParams> = {
+    from: 'now-1m',
+    index: ['*'],
+    threatIndex: ['filebeat-*'],
+    threatLanguage: 'kuery',
+    threatMapping: [
+      {
+        entries: [
+          {
+            field: 'file.hash.md5',
+            type: 'mapping',
+            value: 'threatintel.indicator.file.hash.md5',
+          },
+        ],
+      },
+    ],
+    threatQuery: '*:*',
+    to: 'now',
+    type: 'threat_match',
+  };
+
+  it('does not send an alert when no events found', async () => {
+    const { services, dependencies, executor } = createRuleTypeMocks('threat_match', params);
+    const indicatorMatchAlertType = createIndicatorMatchAlertType({
+      experimentalFeatures: allowedExperimentalValues,
+      indexAlias: 'alerts.security-alerts',
+      lists: dependencies.lists,
+      logger: dependencies.logger,
+      mergeStrategy: 'allFields',
+      ruleDataClient: dependencies.ruleDataClient,
+      ruleDataService: dependencies.ruleDataService,
+      version: '1.0.0',
+    });
+
+    dependencies.alerting.registerType(indicatorMatchAlertType);
+
+    services.scopedClusterClient.asCurrentUser.search.mockReturnValueOnce(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({
+        hits: {
+          hits: [],
+          sequences: [],
+          events: [],
+          total: {
+            relation: 'eq',
+            value: 0,
+          },
+        },
+        took: 0,
+        timed_out: false,
+        _shards: {
+          failed: 0,
+          skipped: 0,
+          successful: 1,
+          total: 1,
+        },
+      })
+    );
+
+    await executor({ params });
+    expect(dependencies.ruleDataClient.getWriter).not.toBeCalled();
+  });
+
+  it('does not send an alert when no enrichments are found', async () => {
+    const { services, dependencies, executor } = createRuleTypeMocks('threat_match', params);
+    const indicatorMatchAlertType = createIndicatorMatchAlertType({
+      experimentalFeatures: allowedExperimentalValues,
+      indexAlias: 'alerts.security-alerts',
+      lists: dependencies.lists,
+      logger: dependencies.logger,
+      mergeStrategy: 'allFields',
+      ruleDataClient: dependencies.ruleDataClient,
+      ruleDataService: dependencies.ruleDataService,
+      version: '1.0.0',
+    });
+
+    dependencies.alerting.registerType(indicatorMatchAlertType);
+
+    services.scopedClusterClient.asCurrentUser.search.mockReturnValueOnce(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({
+        hits: {
+          hits: [sampleDocNoSortId(v4()), sampleDocNoSortId(v4()), sampleDocNoSortId(v4())],
+          total: {
+            relation: 'eq',
+            value: 3,
+          },
+        },
+        took: 0,
+        timed_out: false,
+        _shards: {
+          failed: 0,
+          skipped: 0,
+          successful: 1,
+          total: 1,
+        },
+      })
+    );
+
+    await executor({ params });
+    expect(dependencies.ruleDataClient.getWriter).not.toBeCalled();
+  });
+
+  it('sends an alert when enrichments are found', async () => {
+    const { services, dependencies, executor } = createRuleTypeMocks('threat_match', params);
+    const indicatorMatchAlertType = createIndicatorMatchAlertType({
+      experimentalFeatures: allowedExperimentalValues,
+      indexAlias: 'alerts.security-alerts',
+      lists: dependencies.lists,
+      logger: dependencies.logger,
+      mergeStrategy: 'allFields',
+      ruleDataClient: dependencies.ruleDataClient,
+      ruleDataService: dependencies.ruleDataService,
+      version: '1.0.0',
+    });
+
+    dependencies.alerting.registerType(indicatorMatchAlertType);
+
+    // threat list count
+    services.scopedClusterClient.asCurrentUser.count.mockReturnValue(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({ count: 1 } as CountResponse)
+    );
+
+    services.scopedClusterClient.asCurrentUser.search.mockReturnValueOnce(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({
+        hits: {
+          hits: [
+            {
+              ...sampleDocNoSortId(v4()),
+              _source: {
+                ...sampleDocNoSortId(v4())._source,
+                'threatintel.indicator.file.hash.md5': 'a1b2c3',
+              },
+              fields: {
+                ...sampleDocNoSortId(v4()).fields,
+                'threatintel.indicator.file.hash.md5': ['a1b2c3'],
+              },
+            },
+          ],
+          total: {
+            relation: 'eq',
+            value: 1,
+          },
+        },
+        took: 0,
+        timed_out: false,
+        _shards: {
+          failed: 0,
+          skipped: 0,
+          successful: 1,
+          total: 1,
+        },
+      })
+    );
+
+    services.scopedClusterClient.asCurrentUser.search.mockReturnValueOnce(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({
+        hits: {
+          hits: [
+            {
+              ...sampleDocNoSortId(v4()),
+              _source: {
+                ...sampleDocNoSortId(v4())._source,
+                'file.hash.md5': 'a1b2c3',
+              },
+              fields: {
+                ...sampleDocNoSortId(v4()).fields,
+                'file.hash.md5': ['a1b2c3'],
+              },
+            },
+          ],
+          total: {
+            relation: 'eq',
+            value: 1,
+          },
+        },
+        took: 0,
+        timed_out: false,
+        _shards: {
+          failed: 0,
+          skipped: 0,
+          successful: 1,
+          total: 1,
+        },
+      })
+    );
+
+    services.scopedClusterClient.asCurrentUser.search.mockReturnValueOnce(
+      elasticsearchClientMock.createSuccessTransportRequestPromise({
+        hits: {
+          hits: [
+            {
+              ...sampleDocNoSortId(v4()),
+              _source: {
+                ...sampleDocNoSortId(v4())._source,
+                'file.hash.md5': 'a1b2c3',
+              },
+              fields: {
+                ...sampleDocNoSortId(v4()).fields,
+                'file.hash.md5': ['a1b2c3'],
+              },
+            },
+          ],
+          total: {
+            relation: 'eq',
+            value: 1,
+          },
+        },
+        took: 0,
+        timed_out: false,
+        _shards: {
+          failed: 0,
+          skipped: 0,
+          successful: 1,
+          total: 1,
+        },
+      })
+    );
+
+    await executor({ params });
+
+    expect(dependencies.ruleDataClient.getWriter).toBeCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts
new file mode 100644
index 00000000000000..61342981479aed
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type.ts
@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { validateNonExact } from '@kbn/securitysolution-io-ts-utils';
+import { PersistenceServices } from '../../../../../../rule_registry/server';
+import { INDICATOR_ALERT_TYPE_ID } from '../../../../../common/constants';
+import { threatRuleParams, ThreatRuleParams } from '../../schemas/rule_schemas';
+import { threatMatchExecutor } from '../../signals/executors/threat_match';
+import { createSecurityRuleTypeFactory } from '../create_security_rule_type_factory';
+import { CreateRuleOptions } from '../types';
+
+export const createIndicatorMatchAlertType = (createOptions: CreateRuleOptions) => {
+  const {
+    experimentalFeatures,
+    indexAlias,
+    lists,
+    logger,
+    mergeStrategy,
+    ruleDataClient,
+    version,
+    ruleDataService,
+  } = createOptions;
+  const createSecurityRuleType = createSecurityRuleTypeFactory({
+    indexAlias,
+    lists,
+    logger,
+    mergeStrategy,
+    ruleDataClient,
+    ruleDataService,
+  });
+  return createSecurityRuleType<ThreatRuleParams, {}, PersistenceServices, {}>({
+    id: INDICATOR_ALERT_TYPE_ID,
+    name: 'Indicator Match Rule',
+    validate: {
+      params: {
+        validate: (object: unknown) => {
+          const [validated, errors] = validateNonExact(object, threatRuleParams);
+          if (errors != null) {
+            throw new Error(errors);
+          }
+          if (validated == null) {
+            throw new Error('Validation of rule params failed');
+          }
+          return validated;
+        },
+      },
+    },
+    actionGroups: [
+      {
+        id: 'default',
+        name: 'Default',
+      },
+    ],
+    defaultActionGroupId: 'default',
+    actionVariables: {
+      context: [{ name: 'server', description: 'the server' }],
+    },
+    minimumLicenseRequired: 'basic',
+    isExportable: false,
+    producer: 'security-solution',
+    async executor(execOptions) {
+      const {
+        runOpts: {
+          buildRuleMessage,
+          bulkCreate,
+          exceptionItems,
+          listClient,
+          rule,
+          searchAfterSize,
+          tuple,
+          wrapHits,
+        },
+        services,
+        state,
+      } = execOptions;
+
+      const result = await threatMatchExecutor({
+        buildRuleMessage,
+        bulkCreate,
+        exceptionItems,
+        experimentalFeatures,
+        eventsTelemetry: undefined,
+        listClient,
+        logger,
+        rule,
+        searchAfterSize,
+        services,
+        tuple,
+        version,
+        wrapHits,
+      });
+      return { ...result, state };
+    },
+  });
+};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
index c487d8c93119dd..b66e76f598bf4d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.ts
@@ -5,28 +5,15 @@
  * 2.0.
  */
 
-import { Logger } from '@kbn/logging';
 import { validateNonExact } from '@kbn/securitysolution-io-ts-utils';
-import { PersistenceServices, RuleDataClient } from '../../../../../../rule_registry/server';
+import { PersistenceServices } from '../../../../../../rule_registry/server';
 import { QUERY_ALERT_TYPE_ID } from '../../../../../common/constants';
-import { ExperimentalFeatures } from '../../../../../common/experimental_features';
-import { ConfigType } from '../../../../config';
-import { SetupPlugins } from '../../../../plugin';
-import { IRuleDataPluginService } from '../../rule_execution_log/types';
 import { queryRuleParams, QueryRuleParams } from '../../schemas/rule_schemas';
 import { queryExecutor } from '../../signals/executors/query';
 import { createSecurityRuleTypeFactory } from '../create_security_rule_type_factory';
+import { CreateRuleOptions } from '../types';
 
-export const createQueryAlertType = (createOptions: {
-  experimentalFeatures: ExperimentalFeatures;
-  indexAlias: string;
-  lists: SetupPlugins['lists'];
-  logger: Logger;
-  mergeStrategy: ConfigType['alertMergeStrategy'];
-  ruleDataClient: RuleDataClient;
-  version: string;
-  ruleDataService: IRuleDataPluginService;
-}) => {
+export const createQueryAlertType = (createOptions: CreateRuleOptions) => {
   const {
     experimentalFeatures,
     indexAlias,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/scripts/create_rule_indicator_match.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/scripts/create_rule_indicator_match.sh
new file mode 100644
index 00000000000000..f50aac30a69c53
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/scripts/create_rule_indicator_match.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+# to see alerts with this script
+# 1. enable filebeat threatintel module and run filebeat
+# 2. using Kibana DevTools, create `test-index` with the following mappings: @timestamp:date, file.hash.md5:text
+# 3. run this script
+# 4. using Kibana DevTools, post to test-index an existing file.hash.md5 value with a current timestamp
+# 5. alert should be generated and can be viewed on the Alerts table
+
+curl -X POST ${KIBANA_URL}${SPACE_URL}/api/alerts/alert \
+     -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+     -H 'kbn-xsrf: true' \
+     -H 'Content-Type: application/json' \
+     --verbose \
+     -d '
+{
+  "params":{
+     "author": [],
+     "description": "Indicator Match Rule",
+     "exceptionsList": [],
+     "falsePositives": [],
+     "from": "now-300s",
+     "query": "*:*",
+     "immutable": false,
+     "index": ["test-*"],
+     "language": "kuery",
+     "maxSignals": 10,
+     "outputIndex": "",
+     "references": [],
+     "riskScore": 21,
+     "riskScoreMapping": [],
+     "ruleId": "81dec1ba-b779-469c-9667-6b0e865fb86c",
+     "severity": "low",
+     "severityMapping": [],
+     "threat": [],
+     "threatQuery": "*:*",
+     "threatMapping": [
+        {
+          "entries":[
+            {
+              "field":"file.hash.md5",
+              "type":"mapping",
+              "value":"threatintel.indicator.file.hash.md5"
+            }
+          ]
+        }
+     ],
+     "threatLanguage": "kuery",
+     "threatIndex": ["filebeat-*"],
+     "to": "now",
+     "type": "threat_match",
+     "version": 1
+   },
+   "consumer":"alerts",
+   "alertTypeId":"siem.indicatorRule",
+   "schedule":{
+      "interval":"1m"
+   },
+   "actions":[],
+   "tags":[
+      "indicator match",
+      "persistence"
+   ],
+   "notifyWhen":"onActionGroupChange",
+   "name":"Basic Indicator Match Rule"
+}'
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
index 20fb7213086008..f0f11f470bc6cc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
@@ -33,6 +33,7 @@ import { RuleParams } from '../schemas/rule_schemas';
 import { BuildRuleMessage } from '../signals/rule_messages';
 import { AlertAttributes, BulkCreate, WrapHits } from '../signals/types';
 import { AlertsFieldMap, RulesFieldMap } from './field_maps';
+import { ExperimentalFeatures } from '../../../../common/experimental_features';
 
 export interface SecurityAlertTypeReturnValue<TState extends AlertTypeState> {
   bulkCreateTimes: string[];
@@ -118,3 +119,14 @@ export type RACAlert = Exclude<
 
 export type RACSourceHit = SearchHit<RACAlert>;
 export type WrappedRACAlert = BaseHit<RACAlert>;
+
+export interface CreateRuleOptions {
+  experimentalFeatures: ExperimentalFeatures;
+  indexAlias: string;
+  lists: SetupPlugins['lists'];
+  logger: Logger;
+  mergeStrategy: ConfigType['alertMergeStrategy'];
+  ruleDataClient: RuleDataClient;
+  version: string;
+  ruleDataService: IRuleDataPluginService;
+}
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index e67c9fbfd8327d..d19c799295cfb9 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -66,6 +66,7 @@ import {
   NOTIFICATIONS_ID,
   QUERY_ALERT_TYPE_ID,
   DEFAULT_SPACE_ID,
+  INDICATOR_ALERT_TYPE_ID,
 } from '../common/constants';
 import { registerEndpointRoutes } from './endpoint/routes/metadata';
 import { registerLimitedConcurrencyRoutes } from './endpoint/routes/limited_concurrency';
@@ -94,6 +95,9 @@ import { rulesFieldMap } from './lib/detection_engine/rule_types/field_maps/rule
 import { RuleExecutionLogClient } from './lib/detection_engine/rule_execution_log/rule_execution_log_client';
 import { getKibanaPrivilegesFeaturePrivileges } from './features';
 import { EndpointMetadataService } from './endpoint/services/metadata';
+import { createIndicatorMatchAlertType } from './lib/detection_engine/rule_types/indicator_match/create_indicator_match_alert_type';
+import { CreateRuleOptions } from './lib/detection_engine/rule_types/types';
+import { ctiFieldMap } from './lib/detection_engine/rule_types/field_maps/cti';
 
 export interface SetupPlugins {
   alerting: AlertingSetup;
@@ -231,7 +235,10 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
               settings: {
                 number_of_shards: 1,
               },
-              mappings: mappingFromFieldMap({ ...alertsFieldMap, ...rulesFieldMap }, false),
+              mappings: mappingFromFieldMap(
+                { ...alertsFieldMap, ...rulesFieldMap, ...ctiFieldMap },
+                false
+              ),
             },
           },
         });
@@ -264,18 +271,19 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
       );
 
       // Register rule types via rule-registry
-      this.setupPlugins.alerting.registerType(
-        createQueryAlertType({
-          experimentalFeatures,
-          indexAlias,
-          lists: plugins.lists,
-          logger: this.logger,
-          mergeStrategy: this.config.alertMergeStrategy,
-          ruleDataClient,
-          version: this.context.env.packageInfo.version,
-          ruleDataService,
-        })
-      );
+      const createRuleOptions: CreateRuleOptions = {
+        experimentalFeatures,
+        indexAlias,
+        lists: plugins.lists,
+        logger: this.logger,
+        mergeStrategy: this.config.alertMergeStrategy,
+        ruleDataClient,
+        ruleDataService,
+        version: this.context.env.packageInfo.version,
+      };
+
+      this.setupPlugins.alerting.registerType(createQueryAlertType(createRuleOptions));
+      this.setupPlugins.alerting.registerType(createIndicatorMatchAlertType(createRuleOptions));
     }
 
     // TODO We need to get the endpoint routes inside of initRoutes
@@ -295,7 +303,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
     registerTrustedAppsRoutes(router, endpointContext);
     registerActionRoutes(router, endpointContext);
 
-    const racRuleTypes = [QUERY_ALERT_TYPE_ID];
+    const racRuleTypes = [QUERY_ALERT_TYPE_ID, INDICATOR_ALERT_TYPE_ID];
     const ruleTypes = [
       SIGNALS_ID,
       NOTIFICATIONS_ID,
diff --git a/x-pack/plugins/timelines/common/types/timeline/cells/index.ts b/x-pack/plugins/timelines/common/types/timeline/cells/index.ts
index 2a6e1b3e12bcf7..354a8b45e914d8 100644
--- a/x-pack/plugins/timelines/common/types/timeline/cells/index.ts
+++ b/x-pack/plugins/timelines/common/types/timeline/cells/index.ts
@@ -6,7 +6,9 @@
  */
 
 import { EuiDataGridCellValueElementProps } from '@elastic/eui';
-import { TimelineNonEcsData } from '../../../search_strategy';
+import { RowRenderer } from '../../..';
+import { Ecs } from '../../../ecs';
+import { BrowserFields, TimelineNonEcsData } from '../../../search_strategy';
 import { ColumnHeaderOptions } from '../columns';
 
 /** The following props are provided to the function called by `renderCellValue` */
@@ -19,4 +21,7 @@ export type CellValueElementProps = EuiDataGridCellValueElementProps & {
   timelineId: string;
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   setFlyoutAlert?: (data: any) => void;
+  ecsData?: Ecs;
+  rowRenderers?: RowRenderer[];
+  browserFields?: BrowserFields;
 };
diff --git a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx
index cc94f901446a70..5fba7cff55e5c3 100644
--- a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx
@@ -526,9 +526,12 @@ export const BodyComponent = React.memo<StatefulBodyProps>(
           rowIndex,
           setCellProps,
           timelineId: tabType != null ? `${id}-${tabType}` : id,
+          ecsData: data[rowIndex].ecs,
+          browserFields,
+          rowRenderers,
         });
       },
-      [columnHeaders, data, id, renderCellValue, tabType, theme]
+      [columnHeaders, data, id, renderCellValue, tabType, theme, browserFields, rowRenderers]
     );
 
     return (
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index c2fd76b0b73af9..d1ce8e1e429658 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -12127,30 +12127,16 @@
     "xpack.infra.metrics.alertFlyout.aggregationText.sum": "合計",
     "xpack.infra.metrics.alertFlyout.alertDescription": "メトリックアグリゲーションがしきい値を超えたときにアラートを発行します。",
     "xpack.infra.metrics.alertFlyout.alertOnNoData": "データがない場合に通知する",
-    "xpack.infra.metrics.alertFlyout.alertPreviewError": "このアラート条件をプレビューするときにエラーが発生しました",
-    "xpack.infra.metrics.alertFlyout.alertPreviewErrorDesc": "しばらくたってから再試行するか、詳細を確認してください。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewErrorResult": "一部のデータを評価するときにエラーが発生しました。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewGroupBy": "{groups}全体",
-    "xpack.infra.metrics.alertFlyout.alertPreviewLookback": "前回の{lookback}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewNoDataResult": "データなしの{wereWas} {boldedResultsNumber}がありました。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewOnlyOnStatusChange": "ステータス変更時のみ",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultInstances": "このアラートの条件を満たした{wereWas} {firedTimes}がありました",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultText": "{instanceCount} {groupByWithConditionalTrailingSpace}{lookbackText}.",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultWithSeverityLevels": "このアラートの{boldCritical}条件を満たした{wereWas} {criticalInstances}と、{boldWarning}条件を満たした{warningInstances}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewTotalNotifications": "結果として、このアラートは、「{alertThrottle}」に関して選択した［通知］設定に基づいて{notifications}を送信しました。",
     "xpack.infra.metrics.alertFlyout.anomalyFilterHelpText": "アラートトリガーの範囲を、特定のノードの影響を受ける異常に制限します。",
     "xpack.infra.metrics.alertFlyout.anomalyFilterHelpTextExample": "例：「my-node-1」または「my-node-*」",
     "xpack.infra.metrics.alertFlyout.anomalyInfluencerFilterPlaceholder": "すべて",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.memoryUsage": "メモリー使用状況",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.networkIn": "内向きのネットワーク",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.networkOut": "外向きのネットワーク",
-    "xpack.infra.metrics.alertFlyout.boldCritical": "致命的",
-    "xpack.infra.metrics.alertFlyout.boldWarning": "警告",
     "xpack.infra.metrics.alertFlyout.conditions": "条件",
     "xpack.infra.metrics.alertFlyout.createAlertPerHelpText": "すべての一意の値についてアラートを作成します。例：「host.id」または「cloud.region」。",
     "xpack.infra.metrics.alertFlyout.createAlertPerText": "次の単位でアラートを作成 (任意) ",
     "xpack.infra.metrics.alertFlyout.criticalThreshold": "アラート",
-    "xpack.infra.metrics.alertFlyout.dayLabel": "日",
     "xpack.infra.metrics.alertFlyout.error.aggregationRequired": "集約が必要です。",
     "xpack.infra.metrics.alertFlyout.error.customMetricFieldRequired": "フィールドが必要です。",
     "xpack.infra.metrics.alertFlyout.error.metricRequired": "メトリックが必要です。",
@@ -12158,7 +12144,6 @@
     "xpack.infra.metrics.alertFlyout.error.thresholdRequired": "しきい値が必要です。",
     "xpack.infra.metrics.alertFlyout.error.thresholdTypeRequired": "しきい値には有効な数値を含める必要があります。",
     "xpack.infra.metrics.alertFlyout.error.timeRequred": "ページサイズが必要です。",
-    "xpack.infra.metrics.alertFlyout.errorDetails": "詳細",
     "xpack.infra.metrics.alertFlyout.expandRowLabel": "行を展開します。",
     "xpack.infra.metrics.alertFlyout.expression.for.descriptionLabel": "対象",
     "xpack.infra.metrics.alertFlyout.expression.for.popoverTitle": "ノードのタイプ",
@@ -12174,26 +12159,13 @@
     "xpack.infra.metrics.alertFlyout.filterByNodeLabel": "ノードでフィルタリング",
     "xpack.infra.metrics.alertFlyout.filterHelpText": "KQL式を使用して、アラートトリガーの範囲を制限します。",
     "xpack.infra.metrics.alertFlyout.filterLabel": "フィルター (任意) ",
-    "xpack.infra.metrics.alertFlyout.hourLabel": "時間",
-    "xpack.infra.metrics.alertFlyout.lastDayLabel": "昨日",
-    "xpack.infra.metrics.alertFlyout.lastHourLabel": "過去1時間",
-    "xpack.infra.metrics.alertFlyout.lastMonthLabel": "先月",
-    "xpack.infra.metrics.alertFlyout.lastWeekLabel": "先週",
-    "xpack.infra.metrics.alertFlyout.monthLabel": "月",
     "xpack.infra.metrics.alertFlyout.noDataHelpText": "有効にすると、メトリックが想定された期間内にデータを報告しない場合、またはアラートがElasticsearchをクエリできない場合に、アクションをトリガーします",
     "xpack.infra.metrics.alertFlyout.ofExpression.helpTextDetail": "メトリックが見つからない場合は、{documentationLink}。",
     "xpack.infra.metrics.alertFlyout.ofExpression.popoverLinkLabel": "データの追加方法",
     "xpack.infra.metrics.alertFlyout.outsideRangeLabel": "is not between",
-    "xpack.infra.metrics.alertFlyout.previewIntervalTooShortDescription": "選択するプレビュー長を長くするか、{checkEvery}フィールドの時間を増やしてください。",
-    "xpack.infra.metrics.alertFlyout.previewIntervalTooShortTitle": "データが不十分です",
-    "xpack.infra.metrics.alertFlyout.previewLabel": "プレビュー",
     "xpack.infra.metrics.alertFlyout.removeCondition": "条件を削除",
     "xpack.infra.metrics.alertFlyout.removeWarningThreshold": "warningThresholdを削除",
-    "xpack.infra.metrics.alertFlyout.testAlertCondition": "アラート条件のテスト",
-    "xpack.infra.metrics.alertFlyout.tooManyBucketsErrorDescription": "選択するプレビュー長を短くするか、{forTheLast}フィールドの時間を増やしてください。",
-    "xpack.infra.metrics.alertFlyout.tooManyBucketsErrorTitle": "データが多すぎます (>{maxBuckets}結果) ",
     "xpack.infra.metrics.alertFlyout.warningThreshold": "警告",
-    "xpack.infra.metrics.alertFlyout.weekLabel": "週",
     "xpack.infra.metrics.alerting.alertStateActionVariableDescription": "現在のアラートの状態",
     "xpack.infra.metrics.alerting.anomaly.defaultActionMessage": "\\{\\{alertName\\}\\}は\\{\\{context.alertState\\}\\}の状態です\n\n\\{\\{context.metric\\}\\}は\\{\\{context.timestamp\\}\\}で標準を超える\\{\\{context.summary\\}\\}でした\n\n標準の値：\\{\\{context.typical\\}\\}\n実際の値：\\{\\{context.actual\\}\\}\n",
     "xpack.infra.metrics.alerting.anomaly.fired": "実行",
@@ -12460,7 +12432,6 @@
     "xpack.infra.registerFeatures.logsDescription": "ログをリアルタイムでストリーするか、コンソール式の UI で履歴ビューをスクロールします。",
     "xpack.infra.registerFeatures.logsTitle": "ログ",
     "xpack.infra.sampleDataLinkLabel": "ログ",
-    "xpack.infra.savedView.currentView": "現在のビュー",
     "xpack.infra.savedView.defaultViewNameHosts": "デフォルトビュー",
     "xpack.infra.savedView.errorOnCreate.duplicateViewName": "その名前のビューはすでに存在します。",
     "xpack.infra.savedView.errorOnCreate.title": "ビューの保存中にエラーが発生しました。",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 2e7bf5d19687c6..43b1f23233db18 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -12455,33 +12455,16 @@
     "xpack.infra.metrics.alertFlyout.aggregationText.sum": "求和",
     "xpack.infra.metrics.alertFlyout.alertDescription": "当指标聚合超过阈值时告警。",
     "xpack.infra.metrics.alertFlyout.alertOnNoData": "没数据时提醒我",
-    "xpack.infra.metrics.alertFlyout.alertPreviewError": "尝试预览此告警条件时发生错误",
-    "xpack.infra.metrics.alertFlyout.alertPreviewErrorDesc": "请稍后重试或查看详情了解更多信息。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewErrorResult": "尝试评估部分数据时发生错误。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewGroupBy": "跨 {groups}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewGroups": "{numberOfGroups, plural,other {# 个 {groupName}}}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewLookback": "在过去 {lookback}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewNoDataResult": "有 {wereWas}{boldedResultsNumber}。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewNoDataResultNumber": "{noData, plural, other {# 个无数据结果}}",
-    "xpack.infra.metrics.alertFlyout.alertPreviewOnlyOnStatusChange": "仅在状态更改时",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultInstances": "有 {wereWas}{firedTimes} 次满足此告警的条件",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultText": "{instanceCount} {groupByWithConditionalTrailingSpace}{lookbackText}。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewResultWithSeverityLevels": "有 {wereWas}{criticalInstances}满足此告警的{boldCritical}条件，{warningInstances}满足{boldWarning}条件",
-    "xpack.infra.metrics.alertFlyout.alertPreviewTotalNotifications": "因此，此告警将根据“{alertThrottle}”的选定“通知”设置发送{notifications}。",
-    "xpack.infra.metrics.alertFlyout.alertPreviewTotalNotificationsNumber": "{notifs, plural, other {# 个通知}}",
     "xpack.infra.metrics.alertFlyout.anomalyFilterHelpText": "将告警触发的范围限定在特定节点影响的异常。",
     "xpack.infra.metrics.alertFlyout.anomalyFilterHelpTextExample": "例如：“my-node-1”或“my-node-*”",
     "xpack.infra.metrics.alertFlyout.anomalyInfluencerFilterPlaceholder": "所有内容",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.memoryUsage": "内存使用",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.networkIn": "网络传入",
     "xpack.infra.metrics.alertFlyout.anomalyJobs.networkOut": "网络传出",
-    "xpack.infra.metrics.alertFlyout.boldCritical": "紧急",
-    "xpack.infra.metrics.alertFlyout.boldWarning": "警告",
     "xpack.infra.metrics.alertFlyout.conditions": "条件",
     "xpack.infra.metrics.alertFlyout.createAlertPerHelpText": "为每个唯一值创建告警。例如：“host.id”或“cloud.region”。",
     "xpack.infra.metrics.alertFlyout.createAlertPerText": "创建告警时间间隔（可选）",
     "xpack.infra.metrics.alertFlyout.criticalThreshold": "告警",
-    "xpack.infra.metrics.alertFlyout.dayLabel": "天",
     "xpack.infra.metrics.alertFlyout.error.aggregationRequired": "“聚合”必填。",
     "xpack.infra.metrics.alertFlyout.error.customMetricFieldRequired": "“字段”必填。",
     "xpack.infra.metrics.alertFlyout.error.metricRequired": "“指标”必填。",
@@ -12489,7 +12472,6 @@
     "xpack.infra.metrics.alertFlyout.error.thresholdRequired": "“阈值”必填。",
     "xpack.infra.metrics.alertFlyout.error.thresholdTypeRequired": "阈值必须包含有效数字。",
     "xpack.infra.metrics.alertFlyout.error.timeRequred": "“时间大小”必填。",
-    "xpack.infra.metrics.alertFlyout.errorDetails": "详情",
     "xpack.infra.metrics.alertFlyout.expandRowLabel": "展开行。",
     "xpack.infra.metrics.alertFlyout.expression.for.descriptionLabel": "对于",
     "xpack.infra.metrics.alertFlyout.expression.for.popoverTitle": "节点类型",
@@ -12505,28 +12487,13 @@
     "xpack.infra.metrics.alertFlyout.filterByNodeLabel": "按节点筛选",
     "xpack.infra.metrics.alertFlyout.filterHelpText": "使用 KQL 表达式限制告警触发的范围。",
     "xpack.infra.metrics.alertFlyout.filterLabel": "筛选（可选）",
-    "xpack.infra.metrics.alertFlyout.firedTimes": "{fired, plural, other {# 个实例}}",
-    "xpack.infra.metrics.alertFlyout.hourLabel": "小时",
-    "xpack.infra.metrics.alertFlyout.lastDayLabel": "昨天",
-    "xpack.infra.metrics.alertFlyout.lastHourLabel": "上一小时",
-    "xpack.infra.metrics.alertFlyout.lastMonthLabel": "上个月",
-    "xpack.infra.metrics.alertFlyout.lastWeekLabel": "上周",
-    "xpack.infra.metrics.alertFlyout.monthLabel": "个月",
     "xpack.infra.metrics.alertFlyout.noDataHelpText": "启用此选项可在指标在预期的时间段中未报告任何数据时或告警无法查询 Elasticsearch 时触发操作",
     "xpack.infra.metrics.alertFlyout.ofExpression.helpTextDetail": "找不到指标？{documentationLink}。",
     "xpack.infra.metrics.alertFlyout.ofExpression.popoverLinkLabel": "了解如何添加更多数据",
     "xpack.infra.metrics.alertFlyout.outsideRangeLabel": "不介于",
-    "xpack.infra.metrics.alertFlyout.previewIntervalTooShortDescription": "尝试选择较长的预览长度或在“{checkEvery}”字段增大时间量。",
-    "xpack.infra.metrics.alertFlyout.previewIntervalTooShortTitle": "没有足够的数据",
-    "xpack.infra.metrics.alertFlyout.previewLabel": "预览",
     "xpack.infra.metrics.alertFlyout.removeCondition": "删除条件",
     "xpack.infra.metrics.alertFlyout.removeWarningThreshold": "移除警告阈值",
-    "xpack.infra.metrics.alertFlyout.testAlertCondition": "测试告警条件",
-    "xpack.infra.metrics.alertFlyout.tooManyBucketsErrorDescription": "尝试选择较短的预览长度或在“{forTheLast}”字段中增大时间量。",
-    "xpack.infra.metrics.alertFlyout.tooManyBucketsErrorTitle": "数据过多（>{maxBuckets} 个结果）",
     "xpack.infra.metrics.alertFlyout.warningThreshold": "警告",
-    "xpack.infra.metrics.alertFlyout.weekLabel": "周",
-    "xpack.infra.metrics.alertFlyout.wereWas": "{plurality, plural, other {}}",
     "xpack.infra.metrics.alerting.alertStateActionVariableDescription": "告警的当前状态",
     "xpack.infra.metrics.alerting.anomaly.defaultActionMessage": "\\{\\{alertName\\}\\} 处于 \\{\\{context.alertState\\}\\} 状态\n\n\\{\\{context.metric\\}\\} 在 \\{\\{context.timestamp\\}\\}比正常\\{\\{context.summary\\}\\}\n\n典型值：\\{\\{context.typical\\}\\}\n实际值：\\{\\{context.actual\\}\\}\n",
     "xpack.infra.metrics.alerting.anomaly.fired": "已触发",
@@ -12793,7 +12760,6 @@
     "xpack.infra.registerFeatures.logsDescription": "实时流式传输日志或在类似控制台的工具中滚动浏览历史视图。",
     "xpack.infra.registerFeatures.logsTitle": "日志",
     "xpack.infra.sampleDataLinkLabel": "日志",
-    "xpack.infra.savedView.currentView": "当前视图",
     "xpack.infra.savedView.defaultViewNameHosts": "默认视图",
     "xpack.infra.savedView.errorOnCreate.duplicateViewName": "具有该名称的视图已存在。",
     "xpack.infra.savedView.errorOnCreate.title": "保存视图时出错。",
diff --git a/x-pack/test/accessibility/apps/spaces.ts b/x-pack/test/accessibility/apps/spaces.ts
index b85364bb84766d..daddb9b24fe032 100644
--- a/x-pack/test/accessibility/apps/spaces.ts
+++ b/x-pack/test/accessibility/apps/spaces.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-// a11y tests for spaces, space selection and spacce creation and feature controls
+// a11y tests for spaces, space selection and space creation and feature controls
 
 import { FtrProviderContext } from '../ftr_provider_context';
 
@@ -52,7 +52,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     });
 
     // EUI issue - https://github.com/elastic/eui/issues/3999
-    it.skip('a11y test for color picker', async () => {
+    it('a11y test for color picker', async () => {
       await PageObjects.spaceSelector.clickColorPicker();
       await a11y.testAppSnapshot();
       await browser.pressKeys(browser.keys.ESCAPE);
diff --git a/x-pack/test/functional/apps/infra/home_page.ts b/x-pack/test/functional/apps/infra/home_page.ts
index c16219bae89ba2..e344f86f89fe8e 100644
--- a/x-pack/test/functional/apps/infra/home_page.ts
+++ b/x-pack/test/functional/apps/infra/home_page.ts
@@ -16,7 +16,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const pageObjects = getPageObjects(['common', 'infraHome', 'infraSavedViews']);
 
   // Failing: See https://github.com/elastic/kibana/issues/106650
-  describe.skip('Home page', function () {
+  describe('Home page', function () {
     this.tags('includeFirefox');
     before(async () => {
       await esArchiver.load('x-pack/test/functional/es_archives/empty_kibana');
diff --git a/x-pack/test/functional/apps/infra/metrics_explorer.ts b/x-pack/test/functional/apps/infra/metrics_explorer.ts
index 5a8d7da628259f..90a875a07f8a79 100644
--- a/x-pack/test/functional/apps/infra/metrics_explorer.ts
+++ b/x-pack/test/functional/apps/infra/metrics_explorer.ts
@@ -88,7 +88,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
     });
 
     // FLAKY: https://github.com/elastic/kibana/issues/106651
-    describe.skip('Saved Views', () => {
+    describe('Saved Views', () => {
       before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/metrics_and_logs'));
       after(() => esArchiver.unload('x-pack/test/functional/es_archives/infra/metrics_and_logs'));
       describe('save functionality', () => {
diff --git a/x-pack/test/functional/apps/management/create_index_pattern_wizard.js b/x-pack/test/functional/apps/management/create_index_pattern_wizard.js
index 445e340d236e69..9061817bbce790 100644
--- a/x-pack/test/functional/apps/management/create_index_pattern_wizard.js
+++ b/x-pack/test/functional/apps/management/create_index_pattern_wizard.js
@@ -8,14 +8,20 @@
 export default function ({ getService, getPageObjects }) {
   const kibanaServer = getService('kibanaServer');
   const es = getService('es');
+  const security = getService('security');
   const PageObjects = getPageObjects(['settings', 'common']);
+  const soInfo = getService('savedObjectInfo');
+  const log = getService('log');
 
   describe('"Create Index Pattern" wizard', function () {
     before(async function () {
-      // delete .kibana index and then wait for Kibana to re-create it
+      await soInfo.logSoTypes(log);
+      await security.testUser.setRoles([
+        'global_index_pattern_management_all',
+        'test_logs_data_reader',
+      ]);
       await kibanaServer.uiSettings.replace({});
       await PageObjects.settings.navigateTo();
-      await PageObjects.settings.clickKibanaIndexPatterns();
     });
 
     describe('data streams', () => {
@@ -43,13 +49,19 @@ export default function ({ getService, getPageObjects }) {
           method: 'PUT',
         });
 
+        await PageObjects.settings.clickKibanaIndexPatterns();
         await PageObjects.settings.createIndexPattern('test_data_stream');
+      });
+    });
 
-        await es.transport.request({
-          path: '/_data_stream/test_data_stream',
-          method: 'DELETE',
-        });
+    after(async () => {
+      await kibanaServer.savedObjects.clean({ types: ['index-pattern'] });
+      await es.transport.request({
+        path: '/_data_stream/test_data_stream',
+        method: 'DELETE',
       });
+      await security.testUser.restoreDefaults();
+      await soInfo.logSoTypes(log);
     });
   });
 }
diff --git a/x-pack/test/functional/config.js b/x-pack/test/functional/config.js
index 06e58638922d4a..704ce819b5b382 100644
--- a/x-pack/test/functional/config.js
+++ b/x-pack/test/functional/config.js
@@ -384,6 +384,17 @@ export default async function ({ readConfigFile }) {
           },
         },
 
+        test_logs_data_reader: {
+          elasticsearch: {
+            indices: [
+              {
+                names: ['test_data_stream'],
+                privileges: ['read', 'view_index_metadata'],
+              },
+            ],
+          },
+        },
+
         geoall_data_writer: {
           elasticsearch: {
             indices: [
diff --git a/x-pack/test/functional/page_objects/infra_saved_views.ts b/x-pack/test/functional/page_objects/infra_saved_views.ts
index 31b528d4ec1532..ef91b3b5fcb3c2 100644
--- a/x-pack/test/functional/page_objects/infra_saved_views.ts
+++ b/x-pack/test/functional/page_objects/infra_saved_views.ts
@@ -74,13 +74,14 @@ export function InfraSavedViewsProvider({ getService }: FtrProviderContext) {
     },
 
     async ensureViewIsLoaded(name: string) {
-      const subject = await testSubjects.find('savedViews-currentViewName');
+      const subject = await testSubjects.find('savedViews-openPopover');
       expect(await subject.getVisibleText()).to.be(name);
     },
 
     async ensureViewIsLoadable(name: string) {
       const subjects = await testSubjects.getVisibleTextAll('savedViews-loadList');
-      expect(subjects.some((s) => s.split('\n').includes(name))).to.be(true);
+      const includesName = subjects.some((s) => s.includes(name));
+      expect(includesName).to.be(true);
     },
 
     async closeSavedViewsLoadModal() {