Update detections-logsdb-impact.asciidoc (#6327)

* Update detections-logsdb-impact.asciidoc * Update docs/detections/detections-logsdb-impact.asciidoc --------- Co-authored-by: Nastasha Solomon <[email protected]>
elastic · Dec 16, 2024 · 180cf67 · 180cf67
1 parent 9c25db5
commit 180cf67
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/docs/detections/detections-logsdb-impact.asciidoc b/docs/detections/detections-logsdb-impact.asciidoc
@@ -11,6 +11,8 @@ When the `_source` is reconstructed, {ref}/mapping-source-field.html#synthetic-s
 
 Continue reading to find out how this affects specific {elastic-sec} components. 
 
+NOTE: Logsdb is not recommended for {elastic-sec} at this time. Users must fully understand and accept the documented changes to detection alert documents (see below), and ensure their deployment has excess hot data tier CPU resource capacity before enabling logsdb mode, as logsdb mode requires additional CPU resources during the ingest/indexing process. Enabling logsdb without sufficient hot data tier CPU may result in data ingestion backups and/or security detection rule timeouts and errors.
+
 [discrete]
 [[logsdb-alerts]]
 == Alerts
@@ -62,4 +64,4 @@ The following will not work with synthetic source (logsdb index mode enabled):
 [source,console]
 ----
 "source": """  emit(params._source['agent.name'] + "_____" + doc['agent.name'].value );  """
-----
+----