Manage performance and general settings
editManage performance and general settings
editElastic Cloud Serverless projects are fully managed and automatically scaled by Elastic. You have the option of Elasticsearch, Observability, or Elastic Security for your project.
Your project’s performance and general data retention are controlled by the Search AI Lake settings. To manage these settings:
- Navigate to cloud.elastic.co.
- Log in to your Elastic Cloud account.
- Select your project from the Serverless projects panel and click Manage.
Search AI Lake settings
editOnce ingested, your data is stored in cost-efficient, general storage. A cache layer is available on top of the general storage for recent and frequently queried data that provides faster search speed. Data in this cache layer is considered search-ready.
Together, these data storage layers form your project’s Search AI Lake.
The total volume of search-ready data is the sum of the following:
- The volume of non-time series project data
- The volume of time series project data included in the Search Boost Window
Time series data refers to any document in standard indices or data streams that includes the @timestamp
field. This field must be present for data to be subject to the Search Boost Window setting.
Each project type offers different settings that let you adjust the performance and volume of search-ready data, as well as the features available in your projects.
Setting | Description | Available in |
---|---|---|
Search Power |
Search Power controls the speed of searches against your data. With Search Power, you can improve search performance by adding more resources for querying, or you can reduce provisioned resources to cut costs. Choose from three Search Power settings: On-demand: Autoscales based on data and search load, with a lower minimum baseline for resource use. This flexibility results in more variable query latency and reduced maximum throughput. Performant: Delivers consistently low latency and autoscales to accommodate moderately high query throughput. High-throughput: Optimized for high-throughput scenarios, autoscaling to maintain query latency even at very high query volumes. |
|
Search Boost Window |
Non-time series data is always considered search-ready. The Search Boost Window determines the volume of time series project data that will be considered search-ready. Increasing the window results in a bigger portion of time series project data included in the total search-ready data volume. |
|
Data Retention |
Data retention policies determine how long your project data is retained. You can specify different retention periods for specific data streams in your project. |
|
Maximum data retention period When enabled, this setting determines the maximum length of time that data can be retained in any data streams of this project. Editing this setting replaces the data retention set for all data streams of the project that have a longer data retention defined. Data older than the new maximum retention period that you set is permanently deleted. |
||
Default data retention period When enabled, this setting determines the default retention period that is automatically applied to all data streams in your project that do not have a custom retention period already set. |
||
Project features |
Controls feature tiers and add-on options for your Elastic Security project. |
Project features and add-ons
editFor Elastic Security projects, edit the Project features to select a feature tier and enable add-on options for specific use cases.
Feature tier | Description and add-ons |
---|---|
Security Analytics Essentials |
Standard security analytics, detections, investigations, and collaborations. Allows these add-ons:
|
Security Analytics Complete |
Everything in Security Analytics Essentials plus advanced features such as entity analytics, threat intelligence, and more. Allows these add-ons:
|
Downgrading the feature tier
editWhen you downgrade your Security project features selection from Security Analytics Complete to Security Analytics Essentials, the following features become unavailable:
- All Entity Analytics features
-
The ability to use certain entity analytics-related integration packages, such as:
- Data Exfiltration detection
- Lateral Movement detection
- Living off the Land Attack detection
- Intelligence Indicators page
- External rule action connectors
- Case connectors
- Endpoint response actions history
- Endpoint host isolation exceptions
- AI Assistant
- Attack discovery
And, the following data may be permanently deleted:
- AI Assistant conversation history
- AI Assistant settings
- Entity Analytics user and host risk scores
- Entity Analytics asset criticality information
- Detection rule external connector settings
- Detection rule response action settings