elastic · Copilot · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025
@@ -100,7 +100,7 @@ See [Aggregating data for faster performance](ml-configuring-aggregation.md) to
 
 Set a results retention window to reduce the amount of results stored.
 
-{{anomaly-detect-cap}} results are retained indefinitely by default. Results build up over time, and your result index may be quite large. A large results index is slow to query and takes up significant space on your cluster. Consider how long you wish to retain the results and set `results_retention_days` accordingly – for example, to 30 or 60 days – to avoid unnecessarily large result indices. Deleting old results does not affect the model behavior. You can change this setting for existing jobs.
+{{anomaly-detect-cap}} results are retained indefinitely by default, except for predefined {{ml}} configurations for logs which retain results for 120 days ({applies_to}`stack: ga 9.2`). Results build up over time, and your result index may be quite large. A large results index is slow to query and takes up significant space on your cluster. Consider how long you wish to retain the results and set `results_retention_days` accordingly – for example, to 30 or 60 days – to avoid unnecessarily large result indices. Deleting old results does not affect the model behavior. You can change this setting for existing jobs.
 
 ## 10. Optimize the renormalization window [renormalization-window]
 

@@ -27,6 +27,12 @@ Create a {{ml}} job to categorize log messages automatically. {{ml-cap}} observe
 3. Add the indices that contain the logs you want to examine. By default, Machine Learning analyzes messages in all log indices that match the patterns set in the **logs sources** advanced setting. To open **Advanced settings**, find it in the navigation menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 4. Click **Create ML job**. This creates and runs the job. It takes a few minutes for the {{ml}} robots to collect the necessary data. After the job has processed the data, you can view its results.
 
+::::{note}
+:applies_to: stack: ga 9.2
+
+Log categorization {{ml}} jobs retain results for 120 days by default. Modify the `results_retention_days` setting to change this period.
+::::
+
 
 ## Analyze log categories [analyze-log-categories]
 

@@ -32,6 +32,12 @@ Create a {{ml}} job to detect anomalous log entry rates automatically.
 3. Add the indices that contain the logs you want to examine. By default, Machine Learning analyzes messages in all log indices that match the patterns set in the **logs source** advanced setting. To open **Advanced settings**, find it in the navigation menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 4. Click **Create ML job**. This creates and runs the job. It takes a few minutes for the {{ml}} robots to collect the necessary data. After the job has processed the data, you can view its results.
 
+::::{note}
+:applies_to: stack: ga 9.2
+
+Log anomaly {{ml}} jobs retain results for 120 days by default. Modify the `results_retention_days` setting to change this period.
+::::
+
 ## Anomalies chart [anomalies-chart]
 
 The Anomalies chart shows an overall, color-coded visualization of the log entry rate, partitioned according to the value of the Elastic Common Schema (ECS) [`event.dataset`](ecs://reference/ecs-event.md) field. This chart helps you quickly spot increases or decreases in each partition’s log rate.