From 220f30a657f8fc54b7fa1e0cf624486bf3d24c59 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Tue, 25 Feb 2020 08:48:54 -0800
Subject: [PATCH 1/4] [docs] Restructure module docs

---
 filebeat/docs/modules/apache.asciidoc      | 25 +++++++++++++---------
 filebeat/module/apache/_meta/docs.asciidoc | 25 +++++++++++++---------
 2 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/filebeat/docs/modules/apache.asciidoc b/filebeat/docs/modules/apache.asciidoc
index 7a15fc611f8..af5aeca740e 100644
--- a/filebeat/docs/modules/apache.asciidoc
+++ b/filebeat/docs/modules/apache.asciidoc
@@ -13,6 +13,10 @@ https://httpd.apache.org/[Apache HTTP] server.
 
 include::../include/what-happens.asciidoc[]
 
+New to {beatname_uc} modules? Read the
+<<filebeat-modules-quickstart,quick start>> to learn how to setup and run
+modules.
+
 [float]
 === Compatibility
 
@@ -21,16 +25,6 @@ The +{modulename}+ module was tested with logs from versions 2.2.22 and 2.4.23.
 On Windows, the module was tested with Apache HTTP Server installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-apache.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -86,6 +80,17 @@ Add %v config in httpd.conf in log section
     LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 -----
 
+ifndef::hide_for_obs[]
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-apache.png[]
+
+endif::[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/apache/_meta/docs.asciidoc b/filebeat/module/apache/_meta/docs.asciidoc
index 3cfb71c1000..a265d08e097 100644
--- a/filebeat/module/apache/_meta/docs.asciidoc
+++ b/filebeat/module/apache/_meta/docs.asciidoc
@@ -8,6 +8,10 @@ https://httpd.apache.org/[Apache HTTP] server.
 
 include::../include/what-happens.asciidoc[]
 
+New to {beatname_uc} modules? Read the
+<<filebeat-modules-quickstart,quick start>> to learn how to set up and run
+modules.
+
 [float]
 === Compatibility
 
@@ -16,16 +20,6 @@ The +{modulename}+ module was tested with logs from versions 2.2.22 and 2.4.23.
 On Windows, the module was tested with Apache HTTP Server installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-apache.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -81,6 +75,17 @@ Add %v config in httpd.conf in log section
     LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 -----
 
+ifndef::hide_for_obs[]
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-apache.png[]
+
+endif::[]
+
 :has-dashboards!:
 
 :fileset_ex!:

From 6a905984986aa0cf6a680ea56382f22ec370029c Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Tue, 25 Feb 2020 10:51:55 -0800
Subject: [PATCH 2/4] Remove ifndef around dashboard because we'll need them
 after all

---
 filebeat/module/apache/_meta/docs.asciidoc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/filebeat/module/apache/_meta/docs.asciidoc b/filebeat/module/apache/_meta/docs.asciidoc
index a265d08e097..8e054b05541 100644
--- a/filebeat/module/apache/_meta/docs.asciidoc
+++ b/filebeat/module/apache/_meta/docs.asciidoc
@@ -75,7 +75,6 @@ Add %v config in httpd.conf in log section
     LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 -----
 
-ifndef::hide_for_obs[]
 [float]
 === Example dashboard
 
@@ -84,8 +83,6 @@ This module comes with a sample dashboard. For example:
 [role="screenshot"]
 image::./images/kibana-apache.png[]
 
-endif::[]
-
 :has-dashboards!:
 
 :fileset_ex!:

From 0dcaf7960aeb9f0c46508040798a412f26e0ca29 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Tue, 25 Feb 2020 12:28:44 -0800
Subject: [PATCH 3/4] Make changes across module docs

---
 filebeat/docs/modules/activemq.asciidoc       |  4 +-
 filebeat/docs/modules/apache.asciidoc         |  7 +-
 filebeat/docs/modules/auditd.asciidoc         | 24 ++---
 filebeat/docs/modules/aws.asciidoc            |  2 +
 filebeat/docs/modules/azure.asciidoc          | 26 +++---
 filebeat/docs/modules/cef.asciidoc            |  2 +-
 filebeat/docs/modules/cisco.asciidoc          | 18 ++--
 filebeat/docs/modules/coredns.asciidoc        | 18 +++-
 filebeat/docs/modules/elasticsearch.asciidoc  |  6 +-
 filebeat/docs/modules/envoyproxy.asciidoc     |  4 +-
 filebeat/docs/modules/googlecloud.asciidoc    |  2 +-
 filebeat/docs/modules/haproxy.asciidoc        | 22 ++---
 filebeat/docs/modules/ibmmq.asciidoc          | 23 +++--
 filebeat/docs/modules/icinga.asciidoc         | 20 ++--
 filebeat/docs/modules/iis.asciidoc            | 20 ++--
 filebeat/docs/modules/iptables.asciidoc       | 30 +++---
 filebeat/docs/modules/kafka.asciidoc          | 20 ++--
 filebeat/docs/modules/kibana.asciidoc         |  5 +-
 filebeat/docs/modules/logstash.asciidoc       | 26 +++---
 filebeat/docs/modules/misp.asciidoc           |  2 +
 filebeat/docs/modules/mongodb.asciidoc        | 20 ++--
 filebeat/docs/modules/mssql.asciidoc          |  6 +-
 filebeat/docs/modules/mysql.asciidoc          | 20 ++--
 filebeat/docs/modules/nats.asciidoc           | 20 ++--
 filebeat/docs/modules/netflow.asciidoc        |  2 +-
 filebeat/docs/modules/nginx.asciidoc          | 20 ++--
 filebeat/docs/modules/osquery.asciidoc        | 22 +++--
 filebeat/docs/modules/panw.asciidoc           | 92 +++++++++----------
 filebeat/docs/modules/postgresql.asciidoc     | 33 ++++---
 filebeat/docs/modules/rabbitmq.asciidoc       |  4 +-
 filebeat/docs/modules/redis.asciidoc          | 20 ++--
 filebeat/docs/modules/santa.asciidoc          | 22 ++---
 filebeat/docs/modules/suricata.asciidoc       | 26 +++---
 filebeat/docs/modules/system.asciidoc         | 20 ++--
 filebeat/docs/modules/traefik.asciidoc        | 22 ++---
 filebeat/docs/modules/zeek.asciidoc           |  2 +
 filebeat/module/apache/_meta/docs.asciidoc    |  4 +-
 filebeat/module/auditd/_meta/docs.asciidoc    | 24 ++---
 .../module/elasticsearch/_meta/docs.asciidoc  |  6 +-
 filebeat/module/haproxy/_meta/docs.asciidoc   | 22 ++---
 filebeat/module/icinga/_meta/docs.asciidoc    | 20 ++--
 filebeat/module/iis/_meta/docs.asciidoc       | 20 ++--
 filebeat/module/kafka/_meta/docs.asciidoc     | 20 ++--
 filebeat/module/kibana/_meta/docs.asciidoc    |  5 +-
 filebeat/module/logstash/_meta/docs.asciidoc  | 26 +++---
 filebeat/module/mongodb/_meta/docs.asciidoc   | 20 ++--
 filebeat/module/mysql/_meta/docs.asciidoc     | 20 ++--
 filebeat/module/nats/_meta/docs.asciidoc      | 20 ++--
 filebeat/module/nginx/_meta/docs.asciidoc     | 20 ++--
 filebeat/module/osquery/_meta/docs.asciidoc   | 22 +++--
 .../module/postgresql/_meta/docs.asciidoc     | 33 ++++---
 filebeat/module/redis/_meta/docs.asciidoc     | 20 ++--
 filebeat/module/santa/_meta/docs.asciidoc     | 22 ++---
 filebeat/module/system/_meta/docs.asciidoc    | 20 ++--
 filebeat/module/traefik/_meta/docs.asciidoc   | 22 ++---
 filebeat/scripts/module/_meta/docs.asciidoc   | 21 ++---
 .../template-test-module/_meta/docs.asciidoc  | 21 ++---
 .../module/activemq/_meta/docs.asciidoc       |  4 +-
 .../filebeat/module/aws/_meta/docs.asciidoc   |  2 +
 .../filebeat/module/azure/_meta/docs.asciidoc | 26 +++---
 .../filebeat/module/cef/_meta/docs.asciidoc   |  2 +-
 .../filebeat/module/cisco/_meta/docs.asciidoc | 18 ++--
 .../module/coredns/_meta/docs.asciidoc        | 18 +++-
 .../module/envoyproxy/_meta/docs.asciidoc     |  4 +-
 .../module/googlecloud/_meta/docs.asciidoc    |  2 +-
 .../filebeat/module/ibmmq/_meta/docs.asciidoc | 23 +++--
 .../module/iptables/_meta/docs.asciidoc       | 30 +++---
 .../filebeat/module/misp/_meta/docs.asciidoc  |  2 +
 .../filebeat/module/mssql/_meta/docs.asciidoc |  6 +-
 .../module/netflow/_meta/docs.asciidoc        |  2 +-
 .../filebeat/module/panw/_meta/docs.asciidoc  | 92 +++++++++----------
 .../module/rabbitmq/_meta/docs.asciidoc       |  4 +-
 .../module/suricata/_meta/docs.asciidoc       | 26 +++---
 .../filebeat/module/zeek/_meta/docs.asciidoc  |  2 +
 74 files changed, 656 insertions(+), 647 deletions(-)

diff --git a/filebeat/docs/modules/activemq.asciidoc b/filebeat/docs/modules/activemq.asciidoc
index 1a6af077159..1fffb68c2d9 100644
--- a/filebeat/docs/modules/activemq.asciidoc
+++ b/filebeat/docs/modules/activemq.asciidoc
@@ -16,13 +16,13 @@ This module parses Apache ActiveMQ logs. It supports application and audit logs.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The module has been tested with ActiveMQ 5.13.0 and 5.15.9. Other versions are expected to work.
 
-include::../include/running-modules.asciidoc[]
-
 include::../include/configuring-intro.asciidoc[]
 
 :fileset_ex: log
diff --git a/filebeat/docs/modules/apache.asciidoc b/filebeat/docs/modules/apache.asciidoc
index af5aeca740e..351394379d2 100644
--- a/filebeat/docs/modules/apache.asciidoc
+++ b/filebeat/docs/modules/apache.asciidoc
@@ -13,9 +13,7 @@ https://httpd.apache.org/[Apache HTTP] server.
 
 include::../include/what-happens.asciidoc[]
 
-New to {beatname_uc} modules? Read the
-<<filebeat-modules-quickstart,quick start>> to learn how to setup and run
-modules.
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Compatibility
@@ -80,7 +78,6 @@ Add %v config in httpd.conf in log section
     LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 -----
 
-ifndef::hide_for_obs[]
 [float]
 === Example dashboard
 
@@ -89,8 +86,6 @@ This module comes with a sample dashboard. For example:
 [role="screenshot"]
 image::./images/kibana-apache.png[]
 
-endif::[]
-
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/auditd.asciidoc b/filebeat/docs/modules/auditd.asciidoc
index 0bffbfd3844..f24f087e514 100644
--- a/filebeat/docs/modules/auditd.asciidoc
+++ b/filebeat/docs/modules/auditd.asciidoc
@@ -13,6 +13,8 @@ The +{modulename}+ module collects and parses logs from the audit daemon
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -21,18 +23,6 @@ The +{modulename}+ module was tested with logs from `auditd` on OSes like CentOS
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing an overview of the audit log
-data. You can build more specific dashboards that are tailored to the audit
-rules that you use on your systems.
-
-[role="screenshot"]
-image::./images/kibana-audit-auditd.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -67,6 +57,16 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing an overview of the audit log
+data. You can build more specific dashboards that are tailored to the audit
+rules that you use on your systems.
+
+[role="screenshot"]
+image::./images/kibana-audit-auditd.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/aws.asciidoc b/filebeat/docs/modules/aws.asciidoc
index e8e971b6690..8e0abbc83bb 100644
--- a/filebeat/docs/modules/aws.asciidoc
+++ b/filebeat/docs/modules/aws.asciidoc
@@ -23,6 +23,8 @@ from network interfaces in AWS VPC. ELB access logs captures detailed informatio
 about requests sent to the load balancer. CloudTrail logs contain events
 that represent actions taken by a user, role or AWS service.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Module configuration
 
diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc
index da75817ad03..5d52e33beac 100644
--- a/filebeat/docs/modules/azure.asciidoc
+++ b/filebeat/docs/modules/azure.asciidoc
@@ -8,20 +8,18 @@ This file is generated! See scripts/docs_collector.py
 :modulename: azure
 :has-dashboards: false
 
-== azure module
+== Azure module
 
 beta[]
 
-This is the azure module.
-
-The azure module will concentrate on retrieving different types of log data from Azure.
+The azure module retrieves different types of log data from Azure.
 There are several requirements before using the module since the logs will actually be read from azure event hubs.
 
    - the logs have to be exported first to the event hubs https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create-kafka-enabled
    - to export activity logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-export
    - to export audit and sign-in logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub
 
-The module will contain the following filesets:
+The module contains the following filesets:
 
 `activitylogs` ::
 Will retrieve azure activity logs. Control-plane events on Azure Resource Manager resources. Activity logs provide insight into the operations that were performed on resources in your subscription.
@@ -32,14 +30,6 @@ Will retrieve azure Active Directory sign-in logs. The sign-ins report provides
 `auditlogs` ::
 Will retrieve azure Active Directory audit logs. The audit logs provide traceability through logs for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies.
 
-[float]
-=== Dashboards
-
-The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example:
-
-image::./images/filebeat-azure-overview.png[]
-
-
 [float]
 === Module configuration
 
@@ -100,14 +90,22 @@ The name of the storage account the state/offsets will be stored and updated.
 _string_
 The storage account key, this key will be used to authorize access to data in your storage account.
 
-
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 TODO: document with what versions of the software is this tested
 
+[float]
+=== Dashboards
+
+The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example:
+
+image::./images/filebeat-azure-overview.png[]
+
 
 
 
diff --git a/filebeat/docs/modules/cef.asciidoc b/filebeat/docs/modules/cef.asciidoc
index 97c0469daa5..d52feb78d91 100644
--- a/filebeat/docs/modules/cef.asciidoc
+++ b/filebeat/docs/modules/cef.asciidoc
@@ -18,7 +18,7 @@ encoded data. The decoded data is written into a `cef` object field. Lastly any
 Elastic Common Schema (ECS) fields that can be populated with the CEF data are
 populated.
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/filebeat/docs/modules/cisco.asciidoc b/filebeat/docs/modules/cisco.asciidoc
index 02113481f2b..b90f1ea8c5b 100644
--- a/filebeat/docs/modules/cisco.asciidoc
+++ b/filebeat/docs/modules/cisco.asciidoc
@@ -34,15 +34,7 @@ Check the <<dynamic-script-compilations>> section for more information.
 
 include::../include/what-happens.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard for ASA:
-
-[role="screenshot"]
-image::./images/kibana-cisco-asa.png[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -305,6 +297,14 @@ on your cluster:
 - {ref}/modules-scripting-using.html#modules-scripting-using-caching[script.cache_max_size]:
   Increase to at least `200` if using both filesets or other script-heavy modules.
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard for ASA:
+
+[role="screenshot"]
+image::./images/kibana-cisco-asa.png[]
+
 :modulename!:
 
 
diff --git a/filebeat/docs/modules/coredns.asciidoc b/filebeat/docs/modules/coredns.asciidoc
index ef2aa91826d..2977b70aef1 100644
--- a/filebeat/docs/modules/coredns.asciidoc
+++ b/filebeat/docs/modules/coredns.asciidoc
@@ -13,19 +13,19 @@ This file is generated! See scripts/docs_collector.py
 This is a filebeat module for CoreDNS. It supports both standalone CoreDNS deployment and
 CoreDNS deployment in Kubernetes.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 Although this module has been developed against Kubernetes v1.13.x, it is expected to work
 with other versions of Kubernetes.
 
-[float]
-=== Example dashboard
+include::../include/configuring-intro.asciidoc[]
 
-This module comes with a sample dashboard.
+:fileset_ex: log
 
-[role="screenshot"]
-image::./images/kibana-coredns.jpg[]
+include::../include/config-option-intro.asciidoc[]
 
 [float]
 ==== `log` fileset settings
@@ -47,6 +47,14 @@ include::../include/var-paths.asciidoc[]
 
 An array of tags describing the monitored CoreDNS setup.
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard.
+
+[role="screenshot"]
+image::./images/kibana-coredns.jpg[]
+
 
 [float]
 === Fields
diff --git a/filebeat/docs/modules/elasticsearch.asciidoc b/filebeat/docs/modules/elasticsearch.asciidoc
index 730dcd0177a..9a0ded684d9 100644
--- a/filebeat/docs/modules/elasticsearch.asciidoc
+++ b/filebeat/docs/modules/elasticsearch.asciidoc
@@ -14,15 +14,13 @@ This is the elasticsearch module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The Elasticsearch module is compatible with Elasticsearch 6.2 and newer.
 
-
-include::../include/running-modules.asciidoc[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 :fileset_ex: server
diff --git a/filebeat/docs/modules/envoyproxy.asciidoc b/filebeat/docs/modules/envoyproxy.asciidoc
index 246ffb15f3a..3d3478c2819 100644
--- a/filebeat/docs/modules/envoyproxy.asciidoc
+++ b/filebeat/docs/modules/envoyproxy.asciidoc
@@ -10,7 +10,9 @@ This file is generated! See scripts/docs_collector.py
 
 == Envoyproxy Module
 
-This is a filebeat module for Envoy proxy access log (https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/access_log). It supports both standalone deployment and Envoy proxy deployment in Kubernetes. 
+This is a Filebeat module for Envoy proxy access log (https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/access_log). It supports both standalone deployment and Envoy proxy deployment in Kubernetes. 
+
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Compatibility
diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/googlecloud.asciidoc
index 047030f1be9..cc6e4747355 100644
--- a/filebeat/docs/modules/googlecloud.asciidoc
+++ b/filebeat/docs/modules/googlecloud.asciidoc
@@ -18,7 +18,7 @@ Google Pub/Sub topic sink.
 
 include::../include/what-happens.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/filebeat/docs/modules/haproxy.asciidoc b/filebeat/docs/modules/haproxy.asciidoc
index e9771af8429..f3e185abbd5 100644
--- a/filebeat/docs/modules/haproxy.asciidoc
+++ b/filebeat/docs/modules/haproxy.asciidoc
@@ -12,6 +12,8 @@ The +{modulename}+ module collects and parses logs from a (`haproxy`) process.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -19,17 +21,6 @@ The +{modulename}+ module was tested with logs from `haproxy` running on AWS Lin
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing geolocation, distribution of requests between backends and frontends,
-and status codes over time. For example:
-
-[role="screenshot"]
-image::./images/kibana-haproxy-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The module is by default configured to run via syslog on port 9001. However
@@ -56,6 +47,15 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing geolocation, distribution of requests between backends and frontends,
+and status codes over time. For example:
+
+[role="screenshot"]
+image::./images/kibana-haproxy-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/ibmmq.asciidoc b/filebeat/docs/modules/ibmmq.asciidoc
index 456d03727e9..052e2284848 100644
--- a/filebeat/docs/modules/ibmmq.asciidoc
+++ b/filebeat/docs/modules/ibmmq.asciidoc
@@ -13,25 +13,15 @@ The `ibmmq` module collects and parses the queue manager error logs from IBM MQ
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 This module has been tested with IBM MQ v9.1.0.0, but it should be compatible with older versions.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/filebeat-ibmmq.png[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
-
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
 file to override the default paths for IBM MQ errorlog:
 
@@ -42,6 +32,7 @@ file to override the default paths for IBM MQ errorlog:
     enabled: true
     var.paths: ["C:/ibmmq/logs/*.log"]
 -----
+
 :fileset_ex: errorlog
 
 include::../include/config-option-intro.asciidoc[]
@@ -51,6 +42,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/filebeat-ibmmq.png[]
+
 :fileset_ex!:
 
 :modulename!:
diff --git a/filebeat/docs/modules/icinga.asciidoc b/filebeat/docs/modules/icinga.asciidoc
index d490f652e73..206a86cb811 100644
--- a/filebeat/docs/modules/icinga.asciidoc
+++ b/filebeat/docs/modules/icinga.asciidoc
@@ -13,6 +13,8 @@ https://www.icinga.com/products/icinga-2/[Icinga].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -21,16 +23,6 @@ systems.
 
 This module is not available for macOS.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-icinga-main.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -81,6 +73,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-icinga-main.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/iis.asciidoc b/filebeat/docs/modules/iis.asciidoc
index 32c7defc34e..52fdda10a81 100644
--- a/filebeat/docs/modules/iis.asciidoc
+++ b/filebeat/docs/modules/iis.asciidoc
@@ -13,21 +13,13 @@ Internet Information Services (IIS) HTTP server.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The IIS module was tested with logs from version 7.5 and version 10.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-iis.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -67,6 +59,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-iis.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/iptables.asciidoc b/filebeat/docs/modules/iptables.asciidoc
index c9e9714fa60..9858d0d7fcd 100644
--- a/filebeat/docs/modules/iptables.asciidoc
+++ b/filebeat/docs/modules/iptables.asciidoc
@@ -25,21 +25,7 @@ When you run the module, it performs a few tasks under the hood:
 
 * Deploys dashboards for visualizing the log data.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards showing geolocation and network
-protocols used. One for all iptables logs:
-
-[role="screenshot"]
-image::./images/kibana-iptables.png[]
-
-and one specific for Ubiquiti Firewall logs:
-
-[role="screenshot"]
-image::./images/kibana-iptables-ubiquiti.png[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -77,6 +63,20 @@ NOTE: Ports below 1024 require Filebeat to run as root.
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards showing geolocation and network
+protocols used. One for all iptables logs:
+
+[role="screenshot"]
+image::./images/kibana-iptables.png[]
+
+and one specific for Ubiquiti Firewall logs:
+
+[role="screenshot"]
+image::./images/kibana-iptables-ubiquiti.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/kafka.asciidoc b/filebeat/docs/modules/kafka.asciidoc
index f9f62106713..d9319b43b50 100644
--- a/filebeat/docs/modules/kafka.asciidoc
+++ b/filebeat/docs/modules/kafka.asciidoc
@@ -13,21 +13,13 @@ https://kafka.apache.org/[Kafka].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions 0.9, 1.1.0 and 2.0.0.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard to see Kafka logs and stack traces.
-
-[role="screenshot"]
-image::./images/filebeat-kafka-logs-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -79,6 +71,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard to see Kafka logs and stack traces.
+
+[role="screenshot"]
+image::./images/filebeat-kafka-logs-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/kibana.asciidoc b/filebeat/docs/modules/kibana.asciidoc
index 5eb36a13fe4..089936d6089 100644
--- a/filebeat/docs/modules/kibana.asciidoc
+++ b/filebeat/docs/modules/kibana.asciidoc
@@ -14,14 +14,13 @@ This is the Kibana module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The Kibana modules is compatible with Kibana 6.3 and newer.
 
-include::../include/running-modules.asciidoc[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 //set the fileset name used in the included file
diff --git a/filebeat/docs/modules/logstash.asciidoc b/filebeat/docs/modules/logstash.asciidoc
index 8776e2d1a88..2a9ace71d1b 100644
--- a/filebeat/docs/modules/logstash.asciidoc
+++ b/filebeat/docs/modules/logstash.asciidoc
@@ -13,6 +13,8 @@ and the JSON format (--log.format json). The default is the plain text format.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 The +{modulename}+ module has two filesets:
 
 * The `log` fileset collects and parses the logs that Logstash writes to disk.
@@ -29,19 +31,6 @@ The Logstash `log` fileset was tested with logs from Logstash 5.6 and 6.0.
 
 The Logstash `slowlog` fileset was tested with logs from Logstash 5.6 and 6.0
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-===  Example dashboards
-
-This module comes with two sample dashboards.
-
-[role="screenshot"]
-image::./images/kibana-logstash-log.png[]
-
-[role="screenshot"]
-image::./images/kibana-logstash-slowlog.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -96,6 +85,17 @@ default is `plain`.
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+===  Example dashboards
+
+This module comes with two sample dashboards.
+
+[role="screenshot"]
+image::./images/kibana-logstash-log.png[]
+
+[role="screenshot"]
+image::./images/kibana-logstash-slowlog.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/misp.asciidoc b/filebeat/docs/modules/misp.asciidoc
index 4460a443256..53d44ba5137 100644
--- a/filebeat/docs/modules/misp.asciidoc
+++ b/filebeat/docs/modules/misp.asciidoc
@@ -19,6 +19,8 @@ The configuration in the config.yml file uses the following format:
  * var.api_key: specifies the API key to access MISP.
  * var.json_objects_array: specifies the array object in MISP response, e.g., "response.Attribute".
  * var.url: URL of the MISP REST API, e.g., "http://x.x.x.x/attributes/restSearch"
+ 
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Example dashboard
diff --git a/filebeat/docs/modules/mongodb.asciidoc b/filebeat/docs/modules/mongodb.asciidoc
index b70cb2bf5b0..57959c74d1a 100644
--- a/filebeat/docs/modules/mongodb.asciidoc
+++ b/filebeat/docs/modules/mongodb.asciidoc
@@ -13,21 +13,13 @@ https://www.mongodb.com/[MongoDB].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions v3.2.11 on Debian.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with one sample dashboard including error and regular logs.
-
-[role="screenshot"]
-image::./images/filebeat-mongodb-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -61,6 +53,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with one sample dashboard including error and regular logs.
+
+[role="screenshot"]
+image::./images/filebeat-mongodb-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/mssql.asciidoc b/filebeat/docs/modules/mssql.asciidoc
index 4442766a1ec..fdcc52fd567 100644
--- a/filebeat/docs/modules/mssql.asciidoc
+++ b/filebeat/docs/modules/mssql.asciidoc
@@ -12,10 +12,10 @@ The +{modulename}+ module parses error logs created by MSSQL.
 
 include::../include/what-happens.asciidoc[]
 
-[float]
-=== Compatibility
+include::../include/gs-link.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
+//[float]
+//=== Compatibility
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/filebeat/docs/modules/mysql.asciidoc b/filebeat/docs/modules/mysql.asciidoc
index c04f8afa0b0..5e384157f94 100644
--- a/filebeat/docs/modules/mysql.asciidoc
+++ b/filebeat/docs/modules/mysql.asciidoc
@@ -13,6 +13,8 @@ created by https://www.mysql.com/[MySQL].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -22,16 +24,6 @@ MariaDB 10.1, 10.2 and 10.3, and Percona 5.7 and 8.0.
 On Windows, the module was tested with MySQL installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-mysql.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -73,6 +65,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-mysql.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/nats.asciidoc b/filebeat/docs/modules/nats.asciidoc
index f0e595c7c02..90fca8be1be 100644
--- a/filebeat/docs/modules/nats.asciidoc
+++ b/filebeat/docs/modules/nats.asciidoc
@@ -12,22 +12,13 @@ This is the nats module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from version v1.4.0.
 
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Dashboard
-
-The Nats module comes with a predefined dashboard. For example:
-
-image::./images/filebeat_nats_dashboard.png[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 
@@ -41,6 +32,13 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Dashboard
+
+The Nats module comes with a predefined dashboard. For example:
+
+image::./images/filebeat_nats_dashboard.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/netflow.asciidoc b/filebeat/docs/modules/netflow.asciidoc
index f23088c70fe..016e48f3e9e 100644
--- a/filebeat/docs/modules/netflow.asciidoc
+++ b/filebeat/docs/modules/netflow.asciidoc
@@ -18,7 +18,7 @@ This module wraps the <<filebeat-input-netflow,netflow input>> to enrich the
 flow records with geolocation information about the IP endpoints by using
 Elasticsearch Ingest Node.
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/filebeat/docs/modules/nginx.asciidoc b/filebeat/docs/modules/nginx.asciidoc
index 5e65820905b..450832b12b7 100644
--- a/filebeat/docs/modules/nginx.asciidoc
+++ b/filebeat/docs/modules/nginx.asciidoc
@@ -14,6 +14,8 @@ http://nginx.org/[Nginx] HTTP server.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -22,16 +24,6 @@ The Nginx module was tested with logs from version 1.10.
 On Windows, the module was tested with Nginx installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-nginx.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -76,6 +68,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-nginx.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/osquery.asciidoc b/filebeat/docs/modules/osquery.asciidoc
index b06c232c010..eee95195a55 100644
--- a/filebeat/docs/modules/osquery.asciidoc
+++ b/filebeat/docs/modules/osquery.asciidoc
@@ -16,6 +16,8 @@ driver (the default). Make sure UTC timestamps are enabled.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 
 [float]
 === Compatibility
@@ -26,16 +28,6 @@ works with any version of osquery.
 
 This module is available on Linux, macOS, and Windows.
 
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard for visualizing the data collected by
-the "compliance" pack. To collect this data, enable the `id-compliance` pack in
-the osquery configuration file.
-
-[role="screenshot"]
-image::./images/kibana-osquery-compatibility.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -74,6 +66,16 @@ setting also disables the renaming of some fields (e.g. `hostIdentifier` to
 `host_identifier`).  Note that if you set this to false, the sample dashboards
 coming with this module won't work correctly. The default is true.
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard for visualizing the data collected by
+the "compliance" pack. To collect this data, enable the `id-compliance` pack in
+the osquery configuration file.
+
+[role="screenshot"]
+image::./images/kibana-osquery-compatibility.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/panw.asciidoc b/filebeat/docs/modules/panw.asciidoc
index c56c95755ec..8958b5e333d 100644
--- a/filebeat/docs/modules/panw.asciidoc
+++ b/filebeat/docs/modules/panw.asciidoc
@@ -14,6 +14,8 @@ This is a module for Palo Alto Networks PAN-OS firewall monitoring logs received
 over Syslog or read from a file. It currently supports messages of Traffic and
 Threat types.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -23,7 +25,50 @@ versions 7.1 to 9.0 but limited compatibility is expected for earlier versions.
 The {plugins}/ingest-geoip.html[ingest-geoip]
 Elasticsearch plugin is required to run this module.
 
-include::../include/running-modules.asciidoc[]
+include::../include/configuring-intro.asciidoc[]
+
+The module is by default configured to run via syslog on port 9001. However
+it can also be configured to read logs from a file. See the following example.
+
+["source","yaml",subs="attributes"]
+-----
+- module: panw
+  panos:
+    enabled: true
+    var.paths: ["/var/log/pan-os.log"]
+    var.input: "file"
+-----
+
+:fileset_ex: panos
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `panos` fileset settings
+
+Example config:
+
+[source,yaml]
+----
+  panos:
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 514
+----
+
+include::../include/var-paths.asciidoc[]
+
+*`var.syslog_host`*::
+
+The interface to listen to UDP based syslog traffic. Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The UDP port to listen for syslog traffic. Defaults to `9001`
+
+NOTE: Ports below 1024 require {beatname_uc} to run as root.
+
+include::../include/timezone-support.asciidoc[]
 
 [float]
 === ECS field mappings
@@ -132,51 +177,6 @@ image::./images/filebeat-panw-traffic.png[]
 [role="screenshot"]
 image::./images/filebeat-panw-threat.png[]
 
-include::../include/configuring-intro.asciidoc[]
-
-The module is by default configured to run via syslog on port 9001. However
-it can also be configured to read logs from a file. See the following example.
-
-["source","yaml",subs="attributes"]
------
-- module: panw
-  panos:
-    enabled: true
-    var.paths: ["/var/log/pan-os.log"]
-    var.input: "file"
------
-
-:fileset_ex: panos
-
-include::../include/config-option-intro.asciidoc[]
-
-[float]
-==== `panos` fileset settings
-
-Example config:
-
-[source,yaml]
-----
-  panos:
-    var.syslog_host: 0.0.0.0
-    var.syslog_port: 514
-----
-
-include::../include/var-paths.asciidoc[]
-
-*`var.syslog_host`*::
-
-The interface to listen to UDP based syslog traffic. Defaults to `localhost`.
-Set to `0.0.0.0` to bind to all available interfaces.
-
-*`var.syslog_port`*::
-
-The UDP port to listen for syslog traffic. Defaults to `9001`
-
-NOTE: Ports below 1024 require {beatname_uc} to run as root.
-
-include::../include/timezone-support.asciidoc[]
-
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/postgresql.asciidoc b/filebeat/docs/modules/postgresql.asciidoc
index d13a54d11c5..4392af35aa2 100644
--- a/filebeat/docs/modules/postgresql.asciidoc
+++ b/filebeat/docs/modules/postgresql.asciidoc
@@ -13,29 +13,14 @@ https://www.postgresql.org/[PostgreSQL].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions 9.5 on Ubuntu and 9.6
 on Debian.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
-
-This module comes with two sample dashboards.
-
-The first dashboard is for regular logs.
-
-[role="screenshot"]
-image::./images/filebeat-postgresql-overview.png[]
-
-The second one shows the slowlogs of PostgreSQL.
-
-[role="screenshot"]
-image::./images/filebeat-postgresql-slowlog-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -69,6 +54,20 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with two sample dashboards.
+
+The first dashboard is for regular logs.
+
+[role="screenshot"]
+image::./images/filebeat-postgresql-overview.png[]
+
+The second one shows the slowlogs of PostgreSQL.
+
+[role="screenshot"]
+image::./images/filebeat-postgresql-slowlog-overview.png[]
 
 :has-dashboards!:
 
diff --git a/filebeat/docs/modules/rabbitmq.asciidoc b/filebeat/docs/modules/rabbitmq.asciidoc
index df3c0e472fb..8262be44f5f 100644
--- a/filebeat/docs/modules/rabbitmq.asciidoc
+++ b/filebeat/docs/modules/rabbitmq.asciidoc
@@ -12,6 +12,8 @@ This is the module for parsing https://www.rabbitmq.com/logging.html[RabbitMQ lo
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -19,8 +21,6 @@ Parses https://www.rabbitmq.com/logging.html[single file format] introduced in 3
 
 Tested with version 3.7.14.
 
-include::../include/running-modules.asciidoc[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
diff --git a/filebeat/docs/modules/redis.asciidoc b/filebeat/docs/modules/redis.asciidoc
index 8f6ce589bfb..d5db3311e85 100644
--- a/filebeat/docs/modules/redis.asciidoc
+++ b/filebeat/docs/modules/redis.asciidoc
@@ -13,6 +13,8 @@ https://redis.io/[Redis].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 The +{modulename}+ module has two filesets:
 
 * The `log` fileset collects and parses the logs that Redis writes to disk.  
@@ -36,16 +38,6 @@ On Windows, the default paths assume that Redis was installed from the Chocolate
 The Redis `slowlog` fileset was tested with Redis 3.0.2 and 2.4.6. We expect compatibility with any
 Redis version newer than 2.2.12, when the SLOWLOG command was added.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-redis.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -98,6 +90,14 @@ left empty, `localhost:6379` is assumed.
 The password to use to connect to Redis, in case Redis authentication is enabled
 (the `requirepass` option in the Redis configuration).
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-redis.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/santa.asciidoc b/filebeat/docs/modules/santa.asciidoc
index 7f7f2594e35..73da4fe4361 100644
--- a/filebeat/docs/modules/santa.asciidoc
+++ b/filebeat/docs/modules/santa.asciidoc
@@ -15,6 +15,8 @@ binaries.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -22,17 +24,6 @@ The +{modulename}+ module was tested with logs from Santa 0.9.14.
 
 This module is available for MacOS only.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing and overview of the processes
-that are executing.
-
-[role="screenshot"]
-image::./images/kibana-santa-log-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The module is by default configured to read logs from `/var/log/santa.log`.
@@ -56,6 +47,15 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing and overview of the processes
+that are executing.
+
+[role="screenshot"]
+image::./images/kibana-santa-log-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/suricata.asciidoc b/filebeat/docs/modules/suricata.asciidoc
index d622c053d64..067fa693512 100644
--- a/filebeat/docs/modules/suricata.asciidoc
+++ b/filebeat/docs/modules/suricata.asciidoc
@@ -16,25 +16,14 @@ Suricata Eve JSON format].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 This module has been developed against Suricata v4.0.4, but is expected to work
 with other versions of Suricata.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/filebeat-suricata-events.png[]
-
-[role="screenshot"]
-image::./images/filebeat-suricata-alerts.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 This is an example of how to overwrite the default log file path.
@@ -56,6 +45,17 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/filebeat-suricata-events.png[]
+
+[role="screenshot"]
+image::./images/filebeat-suricata-alerts.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc
index 7d5ed4c4d6a..8e133250017 100644
--- a/filebeat/docs/modules/system.asciidoc
+++ b/filebeat/docs/modules/system.asciidoc
@@ -13,6 +13,8 @@ service of common Unix/Linux based distributions.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -21,16 +23,6 @@ macOS Sierra.
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-system.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -76,6 +68,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-system.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/traefik.asciidoc b/filebeat/docs/modules/traefik.asciidoc
index 7ec5b2bb952..84d0c49d96c 100644
--- a/filebeat/docs/modules/traefik.asciidoc
+++ b/filebeat/docs/modules/traefik.asciidoc
@@ -13,18 +13,10 @@ https://traefik.io/[Træfik].
 
 include::../include/what-happens.asciidoc[]
 
-[float]
-=== Compatibility
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
+include::../include/gs-link.asciidoc[]
 
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-traefik.png[]
+//[float]
+//=== Compatibility
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -58,6 +50,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-traefik.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/docs/modules/zeek.asciidoc b/filebeat/docs/modules/zeek.asciidoc
index b06670bae7c..6df419f6034 100644
--- a/filebeat/docs/modules/zeek.asciidoc
+++ b/filebeat/docs/modules/zeek.asciidoc
@@ -13,6 +13,8 @@ This file is generated! See scripts/docs_collector.py
 This is a module for Zeek, which used to be called Bro. It parses logs that are in the
 https://www.zeek.org/manual/release/logs/index.html[Zeek JSON format].
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
diff --git a/filebeat/module/apache/_meta/docs.asciidoc b/filebeat/module/apache/_meta/docs.asciidoc
index 8e054b05541..0fb35de57c0 100644
--- a/filebeat/module/apache/_meta/docs.asciidoc
+++ b/filebeat/module/apache/_meta/docs.asciidoc
@@ -8,9 +8,7 @@ https://httpd.apache.org/[Apache HTTP] server.
 
 include::../include/what-happens.asciidoc[]
 
-New to {beatname_uc} modules? Read the
-<<filebeat-modules-quickstart,quick start>> to learn how to set up and run
-modules.
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Compatibility
diff --git a/filebeat/module/auditd/_meta/docs.asciidoc b/filebeat/module/auditd/_meta/docs.asciidoc
index 74a16f93be7..0d62f16715f 100644
--- a/filebeat/module/auditd/_meta/docs.asciidoc
+++ b/filebeat/module/auditd/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ The +{modulename}+ module collects and parses logs from the audit daemon
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -16,18 +18,6 @@ The +{modulename}+ module was tested with logs from `auditd` on OSes like CentOS
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing an overview of the audit log
-data. You can build more specific dashboards that are tailored to the audit
-rules that you use on your systems.
-
-[role="screenshot"]
-image::./images/kibana-audit-auditd.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -62,6 +52,16 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing an overview of the audit log
+data. You can build more specific dashboards that are tailored to the audit
+rules that you use on your systems.
+
+[role="screenshot"]
+image::./images/kibana-audit-auditd.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/elasticsearch/_meta/docs.asciidoc b/filebeat/module/elasticsearch/_meta/docs.asciidoc
index 0f41f336651..219037bafb9 100755
--- a/filebeat/module/elasticsearch/_meta/docs.asciidoc
+++ b/filebeat/module/elasticsearch/_meta/docs.asciidoc
@@ -9,15 +9,13 @@ This is the elasticsearch module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The Elasticsearch module is compatible with Elasticsearch 6.2 and newer.
 
-
-include::../include/running-modules.asciidoc[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 :fileset_ex: server
diff --git a/filebeat/module/haproxy/_meta/docs.asciidoc b/filebeat/module/haproxy/_meta/docs.asciidoc
index 4aab1035b4c..7beb7b9cb20 100644
--- a/filebeat/module/haproxy/_meta/docs.asciidoc
+++ b/filebeat/module/haproxy/_meta/docs.asciidoc
@@ -7,6 +7,8 @@ The +{modulename}+ module collects and parses logs from a (`haproxy`) process.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -14,17 +16,6 @@ The +{modulename}+ module was tested with logs from `haproxy` running on AWS Lin
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing geolocation, distribution of requests between backends and frontends,
-and status codes over time. For example:
-
-[role="screenshot"]
-image::./images/kibana-haproxy-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The module is by default configured to run via syslog on port 9001. However
@@ -51,6 +42,15 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing geolocation, distribution of requests between backends and frontends,
+and status codes over time. For example:
+
+[role="screenshot"]
+image::./images/kibana-haproxy-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/icinga/_meta/docs.asciidoc b/filebeat/module/icinga/_meta/docs.asciidoc
index 3796d0b57e4..82964dda31f 100644
--- a/filebeat/module/icinga/_meta/docs.asciidoc
+++ b/filebeat/module/icinga/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ https://www.icinga.com/products/icinga-2/[Icinga].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -16,16 +18,6 @@ systems.
 
 This module is not available for macOS.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-icinga-main.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -76,6 +68,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-icinga-main.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/iis/_meta/docs.asciidoc b/filebeat/module/iis/_meta/docs.asciidoc
index c3a63f1342e..a21445ed2ec 100644
--- a/filebeat/module/iis/_meta/docs.asciidoc
+++ b/filebeat/module/iis/_meta/docs.asciidoc
@@ -8,21 +8,13 @@ Internet Information Services (IIS) HTTP server.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The IIS module was tested with logs from version 7.5 and version 10.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-iis.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -62,6 +54,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-iis.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/kafka/_meta/docs.asciidoc b/filebeat/module/kafka/_meta/docs.asciidoc
index 787bcd8dd5b..4e199f98b4b 100644
--- a/filebeat/module/kafka/_meta/docs.asciidoc
+++ b/filebeat/module/kafka/_meta/docs.asciidoc
@@ -8,21 +8,13 @@ https://kafka.apache.org/[Kafka].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions 0.9, 1.1.0 and 2.0.0.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard to see Kafka logs and stack traces.
-
-[role="screenshot"]
-image::./images/filebeat-kafka-logs-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -74,6 +66,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard to see Kafka logs and stack traces.
+
+[role="screenshot"]
+image::./images/filebeat-kafka-logs-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/kibana/_meta/docs.asciidoc b/filebeat/module/kibana/_meta/docs.asciidoc
index d6b551ad0cd..1724d3b2c00 100644
--- a/filebeat/module/kibana/_meta/docs.asciidoc
+++ b/filebeat/module/kibana/_meta/docs.asciidoc
@@ -9,14 +9,13 @@ This is the Kibana module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The Kibana modules is compatible with Kibana 6.3 and newer.
 
-include::../include/running-modules.asciidoc[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 //set the fileset name used in the included file
diff --git a/filebeat/module/logstash/_meta/docs.asciidoc b/filebeat/module/logstash/_meta/docs.asciidoc
index c59685c00b4..2fc59161812 100644
--- a/filebeat/module/logstash/_meta/docs.asciidoc
+++ b/filebeat/module/logstash/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ and the JSON format (--log.format json). The default is the plain text format.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 The +{modulename}+ module has two filesets:
 
 * The `log` fileset collects and parses the logs that Logstash writes to disk.
@@ -24,19 +26,6 @@ The Logstash `log` fileset was tested with logs from Logstash 5.6 and 6.0.
 
 The Logstash `slowlog` fileset was tested with logs from Logstash 5.6 and 6.0
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-===  Example dashboards
-
-This module comes with two sample dashboards.
-
-[role="screenshot"]
-image::./images/kibana-logstash-log.png[]
-
-[role="screenshot"]
-image::./images/kibana-logstash-slowlog.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -91,6 +80,17 @@ default is `plain`.
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+===  Example dashboards
+
+This module comes with two sample dashboards.
+
+[role="screenshot"]
+image::./images/kibana-logstash-log.png[]
+
+[role="screenshot"]
+image::./images/kibana-logstash-slowlog.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/mongodb/_meta/docs.asciidoc b/filebeat/module/mongodb/_meta/docs.asciidoc
index fb991a1859b..6945b46d5df 100755
--- a/filebeat/module/mongodb/_meta/docs.asciidoc
+++ b/filebeat/module/mongodb/_meta/docs.asciidoc
@@ -8,21 +8,13 @@ https://www.mongodb.com/[MongoDB].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions v3.2.11 on Debian.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with one sample dashboard including error and regular logs.
-
-[role="screenshot"]
-image::./images/filebeat-mongodb-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -56,6 +48,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with one sample dashboard including error and regular logs.
+
+[role="screenshot"]
+image::./images/filebeat-mongodb-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/mysql/_meta/docs.asciidoc b/filebeat/module/mysql/_meta/docs.asciidoc
index 1ad7b8bd560..a58576373e4 100644
--- a/filebeat/module/mysql/_meta/docs.asciidoc
+++ b/filebeat/module/mysql/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ created by https://www.mysql.com/[MySQL].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -17,16 +19,6 @@ MariaDB 10.1, 10.2 and 10.3, and Percona 5.7 and 8.0.
 On Windows, the module was tested with MySQL installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-mysql.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -68,6 +60,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-mysql.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/nats/_meta/docs.asciidoc b/filebeat/module/nats/_meta/docs.asciidoc
index cc7cf0e2c28..070a909bb35 100644
--- a/filebeat/module/nats/_meta/docs.asciidoc
+++ b/filebeat/module/nats/_meta/docs.asciidoc
@@ -7,22 +7,13 @@ This is the nats module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from version v1.4.0.
 
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Dashboard
-
-The Nats module comes with a predefined dashboard. For example:
-
-image::./images/filebeat_nats_dashboard.png[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
 
@@ -36,6 +27,13 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Dashboard
+
+The Nats module comes with a predefined dashboard. For example:
+
+image::./images/filebeat_nats_dashboard.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/nginx/_meta/docs.asciidoc b/filebeat/module/nginx/_meta/docs.asciidoc
index e9d03ceae70..4c2b38e0681 100644
--- a/filebeat/module/nginx/_meta/docs.asciidoc
+++ b/filebeat/module/nginx/_meta/docs.asciidoc
@@ -9,6 +9,8 @@ http://nginx.org/[Nginx] HTTP server.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -17,16 +19,6 @@ The Nginx module was tested with logs from version 1.10.
 On Windows, the module was tested with Nginx installed from the Chocolatey
 repository.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-nginx.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -71,6 +63,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-nginx.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/osquery/_meta/docs.asciidoc b/filebeat/module/osquery/_meta/docs.asciidoc
index b8601be9174..17de37af09a 100644
--- a/filebeat/module/osquery/_meta/docs.asciidoc
+++ b/filebeat/module/osquery/_meta/docs.asciidoc
@@ -11,6 +11,8 @@ driver (the default). Make sure UTC timestamps are enabled.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 
 [float]
 === Compatibility
@@ -21,16 +23,6 @@ works with any version of osquery.
 
 This module is available on Linux, macOS, and Windows.
 
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard for visualizing the data collected by
-the "compliance" pack. To collect this data, enable the `id-compliance` pack in
-the osquery configuration file.
-
-[role="screenshot"]
-image::./images/kibana-osquery-compatibility.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -69,6 +61,16 @@ setting also disables the renaming of some fields (e.g. `hostIdentifier` to
 `host_identifier`).  Note that if you set this to false, the sample dashboards
 coming with this module won't work correctly. The default is true.
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard for visualizing the data collected by
+the "compliance" pack. To collect this data, enable the `id-compliance` pack in
+the osquery configuration file.
+
+[role="screenshot"]
+image::./images/kibana-osquery-compatibility.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/postgresql/_meta/docs.asciidoc b/filebeat/module/postgresql/_meta/docs.asciidoc
index 7360720da06..3aa5e02c227 100644
--- a/filebeat/module/postgresql/_meta/docs.asciidoc
+++ b/filebeat/module/postgresql/_meta/docs.asciidoc
@@ -8,29 +8,14 @@ https://www.postgresql.org/[PostgreSQL].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The +{modulename}+ module was tested with logs from versions 9.5 on Ubuntu and 9.6
 on Debian.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
-
-This module comes with two sample dashboards.
-
-The first dashboard is for regular logs.
-
-[role="screenshot"]
-image::./images/filebeat-postgresql-overview.png[]
-
-The second one shows the slowlogs of PostgreSQL.
-
-[role="screenshot"]
-image::./images/filebeat-postgresql-slowlog-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -64,6 +49,20 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with two sample dashboards.
+
+The first dashboard is for regular logs.
+
+[role="screenshot"]
+image::./images/filebeat-postgresql-overview.png[]
+
+The second one shows the slowlogs of PostgreSQL.
+
+[role="screenshot"]
+image::./images/filebeat-postgresql-slowlog-overview.png[]
 
 :has-dashboards!:
 
diff --git a/filebeat/module/redis/_meta/docs.asciidoc b/filebeat/module/redis/_meta/docs.asciidoc
index 08641f6069e..8e75f061b0d 100644
--- a/filebeat/module/redis/_meta/docs.asciidoc
+++ b/filebeat/module/redis/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ https://redis.io/[Redis].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 The +{modulename}+ module has two filesets:
 
 * The `log` fileset collects and parses the logs that Redis writes to disk.  
@@ -31,16 +33,6 @@ On Windows, the default paths assume that Redis was installed from the Chocolate
 The Redis `slowlog` fileset was tested with Redis 3.0.2 and 2.4.6. We expect compatibility with any
 Redis version newer than 2.2.12, when the SLOWLOG command was added.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/kibana-redis.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -93,6 +85,14 @@ left empty, `localhost:6379` is assumed.
 The password to use to connect to Redis, in case Redis authentication is enabled
 (the `requirepass` option in the Redis configuration).
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/kibana-redis.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/santa/_meta/docs.asciidoc b/filebeat/module/santa/_meta/docs.asciidoc
index 258355d40c2..01d1408c918 100644
--- a/filebeat/module/santa/_meta/docs.asciidoc
+++ b/filebeat/module/santa/_meta/docs.asciidoc
@@ -10,6 +10,8 @@ binaries.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -17,17 +19,6 @@ The +{modulename}+ module was tested with logs from Santa 0.9.14.
 
 This module is available for MacOS only.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard showing and overview of the processes
-that are executing.
-
-[role="screenshot"]
-image::./images/kibana-santa-log-overview.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The module is by default configured to read logs from `/var/log/santa.log`.
@@ -51,6 +42,15 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard showing and overview of the processes
+that are executing.
+
+[role="screenshot"]
+image::./images/kibana-santa-log-overview.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/system/_meta/docs.asciidoc b/filebeat/module/system/_meta/docs.asciidoc
index 3fcfa5773fd..7907810f4fe 100644
--- a/filebeat/module/system/_meta/docs.asciidoc
+++ b/filebeat/module/system/_meta/docs.asciidoc
@@ -8,6 +8,8 @@ service of common Unix/Linux based distributions.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -16,16 +18,6 @@ macOS Sierra.
 
 This module is not available for Windows.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-system.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
@@ -71,6 +63,14 @@ include::../include/var-paths.asciidoc[]
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-system.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/module/traefik/_meta/docs.asciidoc b/filebeat/module/traefik/_meta/docs.asciidoc
index d0c5283d37b..53d8e907fc1 100644
--- a/filebeat/module/traefik/_meta/docs.asciidoc
+++ b/filebeat/module/traefik/_meta/docs.asciidoc
@@ -8,18 +8,10 @@ https://traefik.io/[Træfik].
 
 include::../include/what-happens.asciidoc[]
 
-[float]
-=== Compatibility
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboards
+include::../include/gs-link.asciidoc[]
 
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/kibana-traefik.png[]
+//[float]
+//=== Compatibility
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -53,6 +45,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboards
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/kibana-traefik.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/scripts/module/_meta/docs.asciidoc b/filebeat/scripts/module/_meta/docs.asciidoc
index 12f49c049c3..54762e8c7dd 100644
--- a/filebeat/scripts/module/_meta/docs.asciidoc
+++ b/filebeat/scripts/module/_meta/docs.asciidoc
@@ -7,22 +7,13 @@ This is the {module} module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 TODO: document with what versions of the software is this tested
 
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-TODO: include an image of a sample dashboard. If you do not include a dashboard,
-remove this section and set `:has-dashboards: false` at the top of this file.
-
 include::../include/configuring-intro.asciidoc[]
 
 TODO: provide an example configuration
@@ -40,6 +31,14 @@ the relevant file. For example:
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+TODO: include an image of a sample dashboard. If you do not include a dashboard,
+remove this section and set `:has-dashboards: false` at the top of this file.
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/filebeat/tests/system/input/template-test-module/_meta/docs.asciidoc b/filebeat/tests/system/input/template-test-module/_meta/docs.asciidoc
index aeb7d4c50eb..0a8cd4148e1 100644
--- a/filebeat/tests/system/input/template-test-module/_meta/docs.asciidoc
+++ b/filebeat/tests/system/input/template-test-module/_meta/docs.asciidoc
@@ -7,22 +7,13 @@ This is the template-test-module module.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 TODO: document with what versions of the software is this tested
 
-
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-TODO: include an image of a sample dashboard. If you do not include a dashboard,
-remove this section and set `:has-dashboards: false` at the top of this file.
-
 include::../include/configuring-intro.asciidoc[]
 
 TODO: provide an example configuration
@@ -40,6 +31,14 @@ the relevant file. For example:
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+TODO: include an image of a sample dashboard. If you do not include a dashboard,
+remove this section and set `:has-dashboards: false` at the top of this file.
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/x-pack/filebeat/module/activemq/_meta/docs.asciidoc b/x-pack/filebeat/module/activemq/_meta/docs.asciidoc
index 5b47f36a781..cdded2dc7fb 100644
--- a/x-pack/filebeat/module/activemq/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/activemq/_meta/docs.asciidoc
@@ -11,13 +11,13 @@ This module parses Apache ActiveMQ logs. It supports application and audit logs.
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 The module has been tested with ActiveMQ 5.13.0 and 5.15.9. Other versions are expected to work.
 
-include::../include/running-modules.asciidoc[]
-
 include::../include/configuring-intro.asciidoc[]
 
 :fileset_ex: log
diff --git a/x-pack/filebeat/module/aws/_meta/docs.asciidoc b/x-pack/filebeat/module/aws/_meta/docs.asciidoc
index e222f55d23f..e8fa73a923b 100644
--- a/x-pack/filebeat/module/aws/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/aws/_meta/docs.asciidoc
@@ -18,6 +18,8 @@ from network interfaces in AWS VPC. ELB access logs captures detailed informatio
 about requests sent to the load balancer. CloudTrail logs contain events
 that represent actions taken by a user, role or AWS service.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Module configuration
 
diff --git a/x-pack/filebeat/module/azure/_meta/docs.asciidoc b/x-pack/filebeat/module/azure/_meta/docs.asciidoc
index 966c2ed8827..5bf7bb576d0 100644
--- a/x-pack/filebeat/module/azure/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/azure/_meta/docs.asciidoc
@@ -3,20 +3,18 @@
 :modulename: azure
 :has-dashboards: false
 
-== azure module
+== Azure module
 
 beta[]
 
-This is the azure module.
-
-The azure module will concentrate on retrieving different types of log data from Azure.
+The azure module retrieves different types of log data from Azure.
 There are several requirements before using the module since the logs will actually be read from azure event hubs.
 
    - the logs have to be exported first to the event hubs https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create-kafka-enabled
    - to export activity logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-export
    - to export audit and sign-in logs to event hubs users can follow the steps here https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub
 
-The module will contain the following filesets:
+The module contains the following filesets:
 
 `activitylogs` ::
 Will retrieve azure activity logs. Control-plane events on Azure Resource Manager resources. Activity logs provide insight into the operations that were performed on resources in your subscription.
@@ -27,14 +25,6 @@ Will retrieve azure Active Directory sign-in logs. The sign-ins report provides
 `auditlogs` ::
 Will retrieve azure Active Directory audit logs. The audit logs provide traceability through logs for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies.
 
-[float]
-=== Dashboards
-
-The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example:
-
-image::./images/filebeat-azure-overview.png[]
-
-
 [float]
 === Module configuration
 
@@ -95,14 +85,22 @@ The name of the storage account the state/offsets will be stored and updated.
 _string_
 The storage account key, this key will be used to authorize access to data in your storage account.
 
-
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 TODO: document with what versions of the software is this tested
 
+[float]
+=== Dashboards
+
+The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example:
+
+image::./images/filebeat-azure-overview.png[]
+
 
 
 
diff --git a/x-pack/filebeat/module/cef/_meta/docs.asciidoc b/x-pack/filebeat/module/cef/_meta/docs.asciidoc
index 19b2f5eb1b3..e962e86b735 100644
--- a/x-pack/filebeat/module/cef/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/cef/_meta/docs.asciidoc
@@ -13,7 +13,7 @@ encoded data. The decoded data is written into a `cef` object field. Lastly any
 Elastic Common Schema (ECS) fields that can be populated with the CEF data are
 populated.
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc
index 3e6c133811f..96add391fa2 100644
--- a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc
@@ -29,15 +29,7 @@ Check the <<dynamic-script-compilations>> section for more information.
 
 include::../include/what-happens.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard for ASA:
-
-[role="screenshot"]
-image::./images/kibana-cisco-asa.png[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -300,4 +292,12 @@ on your cluster:
 - {ref}/modules-scripting-using.html#modules-scripting-using-caching[script.cache_max_size]:
   Increase to at least `200` if using both filesets or other script-heavy modules.
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard for ASA:
+
+[role="screenshot"]
+image::./images/kibana-cisco-asa.png[]
+
 :modulename!:
diff --git a/x-pack/filebeat/module/coredns/_meta/docs.asciidoc b/x-pack/filebeat/module/coredns/_meta/docs.asciidoc
index 872dc4de977..056f45e1523 100644
--- a/x-pack/filebeat/module/coredns/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/coredns/_meta/docs.asciidoc
@@ -8,19 +8,19 @@
 This is a filebeat module for CoreDNS. It supports both standalone CoreDNS deployment and
 CoreDNS deployment in Kubernetes.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 Although this module has been developed against Kubernetes v1.13.x, it is expected to work
 with other versions of Kubernetes.
 
-[float]
-=== Example dashboard
+include::../include/configuring-intro.asciidoc[]
 
-This module comes with a sample dashboard.
+:fileset_ex: log
 
-[role="screenshot"]
-image::./images/kibana-coredns.jpg[]
+include::../include/config-option-intro.asciidoc[]
 
 [float]
 ==== `log` fileset settings
@@ -41,3 +41,11 @@ include::../include/var-paths.asciidoc[]
 *`var.tags`*::
 
 An array of tags describing the monitored CoreDNS setup.
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard.
+
+[role="screenshot"]
+image::./images/kibana-coredns.jpg[]
diff --git a/x-pack/filebeat/module/envoyproxy/_meta/docs.asciidoc b/x-pack/filebeat/module/envoyproxy/_meta/docs.asciidoc
index 126b3f83c5e..ae036ce7249 100644
--- a/x-pack/filebeat/module/envoyproxy/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/envoyproxy/_meta/docs.asciidoc
@@ -5,7 +5,9 @@
 
 == Envoyproxy Module
 
-This is a filebeat module for Envoy proxy access log (https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/access_log). It supports both standalone deployment and Envoy proxy deployment in Kubernetes. 
+This is a Filebeat module for Envoy proxy access log (https://www.envoyproxy.io/docs/envoy/v1.10.0/configuration/access_log). It supports both standalone deployment and Envoy proxy deployment in Kubernetes. 
+
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Compatibility
diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc
index b0d75e06b10..7b61903352b 100644
--- a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc
@@ -13,7 +13,7 @@ Google Pub/Sub topic sink.
 
 include::../include/what-happens.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/x-pack/filebeat/module/ibmmq/_meta/docs.asciidoc b/x-pack/filebeat/module/ibmmq/_meta/docs.asciidoc
index 1a34a4be0e2..98c67383b63 100644
--- a/x-pack/filebeat/module/ibmmq/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/ibmmq/_meta/docs.asciidoc
@@ -8,25 +8,15 @@ The `ibmmq` module collects and parses the queue manager error logs from IBM MQ
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 This module has been tested with IBM MQ v9.1.0.0, but it should be compatible with older versions.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with a sample dashboard. For example:
-
-[role="screenshot"]
-image::./images/filebeat-ibmmq.png[]
-
-
 include::../include/configuring-intro.asciidoc[]
 
-
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
 file to override the default paths for IBM MQ errorlog:
 
@@ -37,6 +27,7 @@ file to override the default paths for IBM MQ errorlog:
     enabled: true
     var.paths: ["C:/ibmmq/logs/*.log"]
 -----
+
 :fileset_ex: errorlog
 
 include::../include/config-option-intro.asciidoc[]
@@ -46,6 +37,14 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+[role="screenshot"]
+image::./images/filebeat-ibmmq.png[]
+
 :fileset_ex!:
 
 :modulename!:
diff --git a/x-pack/filebeat/module/iptables/_meta/docs.asciidoc b/x-pack/filebeat/module/iptables/_meta/docs.asciidoc
index 12875fb946e..f95425b7148 100644
--- a/x-pack/filebeat/module/iptables/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/iptables/_meta/docs.asciidoc
@@ -20,21 +20,7 @@ When you run the module, it performs a few tasks under the hood:
 
 * Deploys dashboards for visualizing the log data.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards showing geolocation and network
-protocols used. One for all iptables logs:
-
-[role="screenshot"]
-image::./images/kibana-iptables.png[]
-
-and one specific for Ubiquiti Firewall logs:
-
-[role="screenshot"]
-image::./images/kibana-iptables-ubiquiti.png[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -72,6 +58,20 @@ NOTE: Ports below 1024 require Filebeat to run as root.
 
 include::../include/timezone-support.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards showing geolocation and network
+protocols used. One for all iptables logs:
+
+[role="screenshot"]
+image::./images/kibana-iptables.png[]
+
+and one specific for Ubiquiti Firewall logs:
+
+[role="screenshot"]
+image::./images/kibana-iptables-ubiquiti.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/x-pack/filebeat/module/misp/_meta/docs.asciidoc b/x-pack/filebeat/module/misp/_meta/docs.asciidoc
index 3f0eb441e6f..c8082cb9ee5 100644
--- a/x-pack/filebeat/module/misp/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/misp/_meta/docs.asciidoc
@@ -14,6 +14,8 @@ The configuration in the config.yml file uses the following format:
  * var.api_key: specifies the API key to access MISP.
  * var.json_objects_array: specifies the array object in MISP response, e.g., "response.Attribute".
  * var.url: URL of the MISP REST API, e.g., "http://x.x.x.x/attributes/restSearch"
+ 
+include::../include/gs-link.asciidoc[]
 
 [float]
 === Example dashboard
diff --git a/x-pack/filebeat/module/mssql/_meta/docs.asciidoc b/x-pack/filebeat/module/mssql/_meta/docs.asciidoc
index 969105e1c49..ff4dc54b3d5 100644
--- a/x-pack/filebeat/module/mssql/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/mssql/_meta/docs.asciidoc
@@ -7,10 +7,10 @@ The +{modulename}+ module parses error logs created by MSSQL.
 
 include::../include/what-happens.asciidoc[]
 
-[float]
-=== Compatibility
+include::../include/gs-link.asciidoc[]
 
-include::../include/running-modules.asciidoc[]
+//[float]
+//=== Compatibility
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/x-pack/filebeat/module/netflow/_meta/docs.asciidoc b/x-pack/filebeat/module/netflow/_meta/docs.asciidoc
index c92f6de7c16..f882a253fbd 100644
--- a/x-pack/filebeat/module/netflow/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/netflow/_meta/docs.asciidoc
@@ -13,7 +13,7 @@ This module wraps the <<filebeat-input-netflow,netflow input>> to enrich the
 flow records with geolocation information about the IP endpoints by using
 Elasticsearch Ingest Node.
 
-include::../include/running-modules.asciidoc[]
+include::../include/gs-link.asciidoc[]
 
 include::../include/configuring-intro.asciidoc[]
 
diff --git a/x-pack/filebeat/module/panw/_meta/docs.asciidoc b/x-pack/filebeat/module/panw/_meta/docs.asciidoc
index a3a3c1d9689..2a7f045e82a 100644
--- a/x-pack/filebeat/module/panw/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/panw/_meta/docs.asciidoc
@@ -9,6 +9,8 @@ This is a module for Palo Alto Networks PAN-OS firewall monitoring logs received
 over Syslog or read from a file. It currently supports messages of Traffic and
 Threat types.
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -18,7 +20,50 @@ versions 7.1 to 9.0 but limited compatibility is expected for earlier versions.
 The {plugins}/ingest-geoip.html[ingest-geoip]
 Elasticsearch plugin is required to run this module.
 
-include::../include/running-modules.asciidoc[]
+include::../include/configuring-intro.asciidoc[]
+
+The module is by default configured to run via syslog on port 9001. However
+it can also be configured to read logs from a file. See the following example.
+
+["source","yaml",subs="attributes"]
+-----
+- module: panw
+  panos:
+    enabled: true
+    var.paths: ["/var/log/pan-os.log"]
+    var.input: "file"
+-----
+
+:fileset_ex: panos
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `panos` fileset settings
+
+Example config:
+
+[source,yaml]
+----
+  panos:
+    var.syslog_host: 0.0.0.0
+    var.syslog_port: 514
+----
+
+include::../include/var-paths.asciidoc[]
+
+*`var.syslog_host`*::
+
+The interface to listen to UDP based syslog traffic. Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The UDP port to listen for syslog traffic. Defaults to `9001`
+
+NOTE: Ports below 1024 require {beatname_uc} to run as root.
+
+include::../include/timezone-support.asciidoc[]
 
 [float]
 === ECS field mappings
@@ -127,51 +172,6 @@ image::./images/filebeat-panw-traffic.png[]
 [role="screenshot"]
 image::./images/filebeat-panw-threat.png[]
 
-include::../include/configuring-intro.asciidoc[]
-
-The module is by default configured to run via syslog on port 9001. However
-it can also be configured to read logs from a file. See the following example.
-
-["source","yaml",subs="attributes"]
------
-- module: panw
-  panos:
-    enabled: true
-    var.paths: ["/var/log/pan-os.log"]
-    var.input: "file"
------
-
-:fileset_ex: panos
-
-include::../include/config-option-intro.asciidoc[]
-
-[float]
-==== `panos` fileset settings
-
-Example config:
-
-[source,yaml]
-----
-  panos:
-    var.syslog_host: 0.0.0.0
-    var.syslog_port: 514
-----
-
-include::../include/var-paths.asciidoc[]
-
-*`var.syslog_host`*::
-
-The interface to listen to UDP based syslog traffic. Defaults to `localhost`.
-Set to `0.0.0.0` to bind to all available interfaces.
-
-*`var.syslog_port`*::
-
-The UDP port to listen for syslog traffic. Defaults to `9001`
-
-NOTE: Ports below 1024 require {beatname_uc} to run as root.
-
-include::../include/timezone-support.asciidoc[]
-
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc b/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc
index 0c5c69a2d5b..2222da5e045 100644
--- a/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/rabbitmq/_meta/docs.asciidoc
@@ -7,6 +7,8 @@ This is the module for parsing https://www.rabbitmq.com/logging.html[RabbitMQ lo
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
@@ -14,8 +16,6 @@ Parses https://www.rabbitmq.com/logging.html[single file format] introduced in 3
 
 Tested with version 3.7.14.
 
-include::../include/running-modules.asciidoc[]
-
 include::../include/configuring-intro.asciidoc[]
 
 The following example shows how to set paths in the +modules.d/{modulename}.yml+
diff --git a/x-pack/filebeat/module/suricata/_meta/docs.asciidoc b/x-pack/filebeat/module/suricata/_meta/docs.asciidoc
index 058d66bf05f..4cdff6aa3d2 100644
--- a/x-pack/filebeat/module/suricata/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/suricata/_meta/docs.asciidoc
@@ -11,25 +11,14 @@ Suricata Eve JSON format].
 
 include::../include/what-happens.asciidoc[]
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 
 This module has been developed against Suricata v4.0.4, but is expected to work
 with other versions of Suricata.
 
-include::../include/running-modules.asciidoc[]
-
-[float]
-=== Example dashboard
-
-This module comes with sample dashboards. For example:
-
-[role="screenshot"]
-image::./images/filebeat-suricata-events.png[]
-
-[role="screenshot"]
-image::./images/filebeat-suricata-alerts.png[]
-
 include::../include/configuring-intro.asciidoc[]
 
 This is an example of how to overwrite the default log file path.
@@ -51,6 +40,17 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+[float]
+=== Example dashboard
+
+This module comes with sample dashboards. For example:
+
+[role="screenshot"]
+image::./images/filebeat-suricata-events.png[]
+
+[role="screenshot"]
+image::./images/filebeat-suricata-alerts.png[]
+
 :has-dashboards!:
 
 :fileset_ex!:
diff --git a/x-pack/filebeat/module/zeek/_meta/docs.asciidoc b/x-pack/filebeat/module/zeek/_meta/docs.asciidoc
index 3b77ddb0d74..e9b4bc6627d 100644
--- a/x-pack/filebeat/module/zeek/_meta/docs.asciidoc
+++ b/x-pack/filebeat/module/zeek/_meta/docs.asciidoc
@@ -8,6 +8,8 @@
 This is a module for Zeek, which used to be called Bro. It parses logs that are in the
 https://www.zeek.org/manual/release/logs/index.html[Zeek JSON format].
 
+include::../include/gs-link.asciidoc[]
+
 [float]
 === Compatibility
 

From e72af7f2ecb06c453e7e531e9b6d3e7bc7635c61 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Tue, 25 Feb 2020 15:48:42 -0800
Subject: [PATCH 4/4] Add missing file

---
 filebeat/docs/include/gs-link.asciidoc | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 filebeat/docs/include/gs-link.asciidoc

diff --git a/filebeat/docs/include/gs-link.asciidoc b/filebeat/docs/include/gs-link.asciidoc
new file mode 100644
index 00000000000..38b22e54a5d
--- /dev/null
+++ b/filebeat/docs/include/gs-link.asciidoc
@@ -0,0 +1,2 @@
+TIP: Read the <<filebeat-modules-quickstart,quick start>> to learn how to set up and
+run modules.
\ No newline at end of file