Skip to content

Commit

Permalink
[main] Update detections-logsdb-impact.asciidoc (backport #6327) (#6330)
Browse files Browse the repository at this point in the history
* Update detections-logsdb-impact.asciidoc

* Update docs/detections/detections-logsdb-impact.asciidoc

---------

Co-authored-by: Nastasha Solomon <[email protected]>
(cherry picked from commit 180cf67)

Co-authored-by: Kseniia Ignatovych <[email protected]>
Co-authored-by: Nastasha Solomon <[email protected]>
  • Loading branch information
3 people authored Dec 16, 2024
1 parent 907b8e9 commit ad10bd8
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion docs/detections/detections-logsdb-impact.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ When the `_source` is reconstructed, {ref}/mapping-source-field.html#synthetic-s

Continue reading to find out how this affects specific {elastic-sec} components.

NOTE: Logsdb is not recommended for {elastic-sec} at this time. Users must fully understand and accept the documented changes to detection alert documents (see below), and ensure their deployment has excess hot data tier CPU resource capacity before enabling logsdb mode, as logsdb mode requires additional CPU resources during the ingest/indexing process. Enabling logsdb without sufficient hot data tier CPU may result in data ingestion backups and/or security detection rule timeouts and errors.

[discrete]
[[logsdb-alerts]]
== Alerts
Expand Down Expand Up @@ -62,4 +64,4 @@ The following will not work with synthetic source (logsdb index mode enabled):
[source,console]
----
"source": """ emit(params._source['agent.name'] + "_____" + doc['agent.name'].value ); """
----
----

0 comments on commit ad10bd8

Please sign in to comment.