diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc
index 3acf3fc745..8a21211cf1 100644
--- a/docs/events/timeline-ui-overview.asciidoc
+++ b/docs/events/timeline-ui-overview.asciidoc
@@ -185,6 +185,8 @@ From the *Correlation* tab, you can also do the following:
 
 preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
 
+NOTE: The {esql} tab is available by default. Since it's in technical preview, you can remove it by editing your {cloud}/ec-manage-kibana-settings.html#ec-manage-kibana-settings[{kib} user settings] and adding the `xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"]` feature flag.
+
 The {ref}/esql.html[Elasticsearch Query Language ({esql})] provides a powerful way to filter, transform, and analyze event data stored in {es}. {esql} queries use "pipes" to manipulate and transform data in a step-by-step fashion. This approach allows you to compose a series of operations, where the output of one operation becomes the input for the next, enabling complex data transformations and analysis.
 
 You can use {esql} in Timeline by opening the **{esql}** tab. From there, you can: