From 72ae76df6fc709fbaa0108290dd0bded4001face Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Mon, 2 May 2022 12:40:03 +1000 Subject: [PATCH] Correct docs on DLS bitset cache default values (#86282) In #50535 (ES v7.6) the default values for the `DocumentSubsetBitsetCache` settings were changed. However, the docs were not updated at that time, and still reflect the old values for these settings --- docs/reference/settings/security-settings.asciidoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index bcb4f03fd8973..6eb24e697449e 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -133,14 +133,16 @@ from being configured. Defaults to `true`. The time-to-live for cached `BitSet` entries for document level security. Document level security queries may depend on Lucene BitSet objects, and these are automatically cached to improve performance. Defaults to expire entries that are -unused for `168h` (7 days). +unused for `2h` (2 hours). `xpack.security.dls.bitset.cache.size`:: (<>) The maximum memory usage of cached `BitSet` entries for document level security. Document level security queries may depend on Lucene BitSet objects, and these are -automatically cached to improve performance. Defaults to `50mb`, after which -least-recently-used entries will be evicted. +automatically cached to improve performance. Can be configured as a raw number +of bytes (such as `200mb` or `1g`) or a percentage of the node's JVM heap +memory (such as `5%`). When the default value is exceeded, the least recently +used entries are evicted. Defaults to `10%` of the heap assigned to the node. [discrete] [[token-service-settings]]