[8.15 & Serverless] Update the Security Timeline Documentation in accordance with new Unified Timeline changes

[nastasha-solomon]

Fixes #5341

8.15 previews

• Investigate in Timeline - Made several changes to this page:

  • Revised section about event renderers
  • Wrote a brief explanation of how to add and remove fields from the table
  • Updated the list of actions that users can take from Timeline
  • Updated various screenshots

• Refreshed screenshots and some instructions on the following pages:

  • About Timeline templates | Create a Timeline template
  • Create runtime fields
  • Launch Timeline from investigation guides
  • Timeline schema

Serverless previews

Made duplicate changes in the following places:

• Investigate in Timeline
• About Timeline templates | Create a Timeline template
• Create runtime fields
• Launch Timeline from investigation guides
• Timeline schema

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

[elasticdocs]

🚀 Built elastic-dot-co-docs-preview-docs successfully!

• https://elastic-dot-co-docs-production-48defdly2-elastic-dev.vercel.app

• Built with commit ad2d793

Issues? Visit #next-docs in Slack

[logeekal]

Only 2 minor comments. Otherwise looks great. Thank you.

I would also recommend @michaelolo24 to take a look as well.

[nastasha-solomon]

Thanks both! @logeekal let's add the docs for the column features (copy column and edit data view field) to this PR. That'll create fewer PRs for everyone to review and keep the publishing process cleaner.

[logeekal]

Thanks both! @logeekal let's add the docs for the column features (copy column and edit data view field) to this PR. That'll create fewer PRs for everyone to review and keep the publishing process cleaner.

Thanks @nastasha-solomon , makes sense. Below is description of both of those controls.

Copy Column : copies the values of the columns for all visible rows seperated by new line. If the values are repeated in the table, they will appear multiple times in the copied text.

edit data view field : gives the ability to customize field label, field description or the format of field.

• Set custom label : Create a label to display in place of the field name in Discover, Maps, Lens, Visualize, and TSVB. Useful for shortening a long field name. Queries and filters use the original field name.
• Set custom description : Add a description to the field. It's displayed next to the field on the Discover, Lens, and Data View Management pages.
• Set format: Set your preferred format for displaying the value. Changing the format can affect the value and prevent highlighting in Discover.
• 

[nastasha-solomon]

Hey, @logeekal - thanks for providing descriptions for the two new controls that we're providing to users in Timeline. I have a few follow-up questions on the new functionality:

• Can you share a bit more on the purpose of the Copy Column option? Is there a general use case for this functionality? Why would users want to copy all of the values in a column?

• Do you know of any feature docs for the Edit data view field option? The descriptions are helpful, but I could use more information on the following:

  • How does this option differ from creating runtime fields and adding them to a data view?
  • Do users need to re-map fields after they rename them?
  • Are there any fields that users should not rename? If so, what are they?
  • How does the Preview panel work? Is it updated in real-time to show what the new field would appear as in event/alert docs?
  

Also, @michaelolo24 I still need that updated screenshot of the Correlation tab when you have a chance. 🙏🏼

Thanks, both!

[natasha-moore-elastic]

Just a few minor suggestions that would apply to both ESS and serverless if you chose to apply them.

[nastasha-solomon]

Validated that changes are on prod server