Existing logsdb "not supported" note needs clarification to avoid confusion #6518
Comments
MikePaquette
added
the
Priority: Urgent
MikePaquette
changed the title
|
Hi @nastasha-solomon one further tweak to the suggested text (of course still subject to copy review/editing):
|
|
Hey, @MikePaquette - the 8.17 docs have been updated. The changes should be reflected on this page once the docs rebuilt (it usually takes about an hour). |
What can we change to make the docs better?
Current docs are creating confusion with customers and Elastic field personnel.
Doc URL
Doc URL: https://www.elastic.co/guide/en/security/8.17/detections-logsdb-index-mode-impact.html
Github issue link(s)/Other resources: None
Customers and Elastic field personnel have expressed confusion about the current "not supported" statement with regards to logsdb index mode, and have asked us to provide some clarification regarding new deployments vs. existing deployments.
As a short-term solution, we should replace the current text with something like:
Logsdb index mode is fully supported, and is recommended for new Elastic Security deployments. LogsDB is not recommended for existing Elastic Security deployments unless users fully understand and accept the documented changes to detection alert documents (see below), and ensure that their deployment has sufficient excess hot data tier CPU capacity to support the LogsDB ingest/indexing process. Enabling logsdb index mode without sufficient excess hot data tier CPU capacity may result in data ingestion backups and/or security detection rule timeouts and errors.Which documentation set needs improvement?
ESS and serverless
Software version
Any version where LogsDB impact statement is included.
The text was updated successfully, but these errors were encountered: