Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change LogsDB "Not Supported" message to "Caution" message as soon as three "how to check" sections are available. #6526

Open
MikePaquette opened this issue Feb 10, 2025 · 1 comment
Open

Change LogsDB "Not Supported" message to "Caution" message as soon as three "how to check" sections are available. #6526

MikePaquette opened this issue Feb 10, 2025 · 1 comment
Assignees
@marshallmain @jmikell821 @nastasha-solomon
Labels
Priority: High Issues that are time-sensitive and/or are of high customer importance suggestion Suggestions to improve documentation Team: Detection Engine

Comments

@MikePaquette
Copy link
Contributor

What can we change to make the docs better?

Related Issues

The change proposed here should follow the change suggested in #6518.
In other words, #6518 should be implemented as soon as possible. Even though this issue would essentially replace the "not supported" message, we need to friendlier "not supported" message asap.

What can we change to make the docs better?

Current docs are creating confusion with customers and Elastic field personnel. Want to remove the "not recommeded" status as soon as we can document for users how to determine when it's safe to enable LogsDB.

Doc URL

Doc URL: https://www.elastic.co/guide/en/security/8.17/detections-logsdb-index-mode-impact.html
Github issue link(s)/Other resources: None

Customers and Elastic field personnel have expressed confusion about the current "not supported" statement with regards to logsdb index mode, and have asked us to provide some clarification regarding new deployments vs. existing deployments.

We want to change the "not supported" language to "caution" language as soon as we can provide the three

As a short-term solution, we should replace the current text with something like:

Logsdb index mode is fully supported, and is recommended for all Elastic Security deployments. Users with existing Elastic Security deployments are advised to fully understand and accept the documented changes to detection alert documents, runtime fields, and rule actions (see below), and ensure that their deployment has sufficient excess hot data tier CPU  capacity to support the LogsDB ingest/indexing process.  Enabling LogsDB without sufficient excess hot data tier CPU capacity may result in data ingestion backups and/or security detection rule timeouts and errors.

* 	How to determine whether your hot tier CPU has enough headroom to enable LogsDB
* 	How to check for rule actions that are accessing _source
* 	Checking runtime fields that may be affected by LogsDB

Doc URL

Doc URL: https://www.elastic.co/guide/en/security/8.17/detections-logsdb-index-mode-impact.html

Which documentation set needs improvement?

ESS and serverless

Software version

Any version where LogsDB impact statement docs are included.
@MikePaquette MikePaquette added suggestion Suggestions to improve documentation Priority: High Issues that are time-sensitive and/or are of high customer importance labels Feb 10, 2025
@MikePaquette
Copy link
Contributor Author

cc: @tylerperk Can you help us with a documented process for customers to determine their average not tier CPU, say over the last 30-90 days?

@nastasha-solomon nastasha-solomon self-assigned this Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marshallmain marshallmain

@jmikell821 jmikell821

@nastasha-solomon nastasha-solomon

Labels
Priority: High Issues that are time-sensitive and/or are of high customer importance suggestion Suggestions to improve documentation Team: Detection Engine
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MikePaquette @marshallmain @jmikell821 @nastasha-solomon