elastic · nastasha-solomon · May 20, 2024 · May 7, 2024 · May 7, 2024 · May 9, 2024
@@ -185,6 +185,10 @@ The **Knowledge base** tab of the AI Assistant settings menu allows you to enabl
 [[rag-for-esql]]
 ==== Knowledge base for {esql}
 
+NOTE: {esql} is enabled by default in {kib}. It can be
+disabled using the `enableESQL` setting from the
+{kibana-ref}/advanced-options.html[Advanced Settings]. This will hide the {esql} user interface from various applications. However, users will be able to access existing {esql} artifacts like saved searches and visualizations.
+
 IMPORTANT: {esql} queries generated by AI Assistant might require additional validation. To ensure they're correct, refer to the {ref}/esql-language.html[{esql} documentation]. 
 
 When this feature is enabled, AI Assistant can help you write an {esql} query for a particular use case, or answer general questions about {esql} syntax and usage. To enable AI Assistant to answer questions about {esql}:

@@ -43,6 +43,10 @@ TIP: You can also use value lists as the indicator match index. See <<indicator-
 * <<create-new-terms-rule, *New terms*>>: Generates an alert for each new term detected in source documents within a specified time range. You can also detect a combination of up to three new terms (for example, a `host.ip` and `host.id` that have never been observed together before).
 
 * <<create-esql-rule, *ES|QL*>>: Searches the defined indices and creates an alert when results match an {ref}/esql.html[Elasticsearch Query Language (ES|QL)] query.
++
+NOTE: {esql} is enabled by default in {kib}. It can be
+disabled using the `enableESQL` setting from the
+{kibana-ref}/advanced-options.html[Advanced Settings]. This will hide the {esql} user interface from various applications. However, users will be able to access existing {esql} artifacts like saved searches and visualizations.
 
 [role="screenshot"]
 image::images/all-rules.png[Shows the Rules page]

@@ -196,6 +196,10 @@ From the *Correlation* tab, you can also do the following:
 [[esql-in-timeline]]
 == Use {esql} to investigate events 
 
+NOTE: {esql} is enabled by default in {kib}. It can be
+disabled using the `enableESQL` setting from the
+{kibana-ref}/advanced-options.html[Advanced Settings]. This will hide the {esql} user interface from various applications. However, users will be able to access existing {esql} artifacts like saved searches and visualizations.
+
 The {ref}/esql.html[Elasticsearch Query Language ({esql})] provides a powerful way to filter, transform, and analyze event data stored in {es}. {esql} queries use "pipes" to manipulate and transform data in a step-by-step fashion. This approach allows you to compose a series of operations, where the output of one operation becomes the input for the next, enabling complex data transformations and analysis.
 
 You can use {esql} in Timeline by opening the **{esql}** tab. From there, you can: