Description
Description
In https://www.elastic.co/guide/en/security/current/detections-logsdb-index-mode-impact.html, we describe the impact of using logsdb with the Elastic Security and recommend that users do not enable logsdb at this time. In 9.0, logsdb will be enabled by default on clusters that have no logs indices yet. logsdb will still be disabled by default for clusters that already have logs-*-* indices. We need to document the process for enabling logsdb so customers can take advantage of the storage savings.
To opt in, users need to set cluster.logsdb.enabled: true in their cluster settings. The dev tools request to do this is
PUT _cluster/settings
{
"persistent": {
"cluster.logsdb.enabled": true
}
}
Background & resources
- PRs: n/a
- Issues/metas:
- Point of contact: @marshallmain
- Test environments: n/a
Which documentation set does this change impact?
ESS only
ESS release
8.18 and 9.0
Serverless release
n/a
Feature differences
Opting out is only recommended for ESS
API docs impact
No API changes
Prerequisites, privileges, feature flags
Users must have the manage cluster privilege to update the cluster settings (https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-update-settings.html)