Skip to content

Update logs-data-stream.md to include runtime fields compability issues #3517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 20, 2025
Merged

Update logs-data-stream.md to include runtime fields compability issues #3517

Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
968120c
Update logs-data-stream.md to include runtime fields compability issues
philippkahr Oct 17, 2025
963a3d0
Update manage-data/data-store/data-streams/logs-data-stream.md
florent-leborgne Oct 17, 2025
6873210
Use sentence case in heading
leemthompo Oct 17, 2025
a6481d1
dot md
florent-leborgne Oct 17, 2025
804e1fe
no dot md after anchor t-t-t
florent-leborgne Oct 17, 2025
99206f0
Merge branch 'main' into philippkahr-patch-1
leemthompo Oct 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions manage-data/data-store/data-streams/logs-data-stream.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,3 +188,6 @@
## Upgrade to logsdb [upgrade-to-logsdb]

Starting with version `9.0`, `logsdb` index mode is automatically applied to data streams with names matching the pattern `logs-*-*`. This default applies to Elasticsearch instances created in version `9.0` or later, as well as older instances that had no data streams matching the pattern `logs-*-*`. For the latter, you can still [configure `logsdb` index mode manually](#how-to-use-logsds).

## Runtime fields [runtime-fields]
There are some compatibility issues with runtime fields which are commonly used within Rules for Elastic Security. Refer to [](/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security#logsdb-runtime-fields.md) for more information.

Check warning on line 193 in manage-data/data-store/data-streams/logs-data-stream.md

View workflow job for this annotation

GitHub Actions / preview / build 

'/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security' could not be resolved to a markdown file while creating an auto text link, '/github/workspace/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security' does not exist.

Check failure on line 193 in manage-data/data-store/data-streams/logs-data-stream.md

View workflow job for this annotation

GitHub Actions / preview / build 

`/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security` does not exist. If it was recently removed add a redirect. resolved to `/github/workspace/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security