diff --git a/manage-data/data-store/data-streams/logs-data-stream.md b/manage-data/data-store/data-streams/logs-data-stream.md
index 69ac770914..34773d8a59 100644
--- a/manage-data/data-store/data-streams/logs-data-stream.md
+++ b/manage-data/data-store/data-streams/logs-data-stream.md
@@ -188,3 +188,6 @@ The `logsdb` index mode uses the following settings:
 ## Upgrade to logsdb [upgrade-to-logsdb]
 
 Starting with version `9.0`, `logsdb` index mode is automatically applied to data streams with names matching the pattern `logs-*-*`. This default applies to Elasticsearch instances created in version `9.0` or later, as well as older instances that had no data streams matching the pattern `logs-*-*`. For the latter, you can still [configure `logsdb` index mode manually](#how-to-use-logsds).
+
+## Runtime fields [runtime-fields]
+There are some compatibility issues with runtime fields which are commonly used within Rules for Elastic Security. Refer to [](/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security.md#logsdb-runtime-fields) for more information.