You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/detect-and-alert.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,7 +53,7 @@ Cold data tiers store time series data that is accessed infrequently and rarely
53
53
### Best practices [best-practices-data-tiers]
54
54
55
55
* **Retention in hot tier**: We recommend keeping data in the hot tier for at least 24 hours. {{ilm-cap}} policies that roll over data more frequently than once every 24 hours can increase the volume of frozen data queried by rules, leading to performance issues.
56
-
* **Replicas for Mission-Critical Data**: Your data should have replicas if it must be constantly available. Since frozen tiers don't support replicas, shard unavailability can cause partial rule run failures. Shard unavailability may be also encountered during or after {stack} upgrades. If this happens, you can [manually run](/solutions/security/detect-and-alert/manage-detection-rules.md#manually-run-rules) the rule over the affected time period.
56
+
* **Replicas for mission-critical data**: Your data should have replicas if it must be constantly available. Since frozen tiers don't support replicas, shard unavailability can cause partial rule run failures. Shard unavailability may be also encountered during or after {stack} upgrades. If this happens, you can [manually run](/solutions/security/detect-and-alert/manage-detection-rules.md#manually-run-rules) the rule over the affected time period.
0 commit comments