diff --git a/elastic/security/templates/component/track-shared-logsdb-mode.json b/elastic/security/templates/component/track-shared-logsdb-mode.json
new file mode 100644
index 000000000..fc1002083
--- /dev/null
+++ b/elastic/security/templates/component/track-shared-logsdb-mode.json
@@ -0,0 +1,11 @@
+{
+  "template": {
+    "settings": {
+      {% if index_mode %}
+      "index": {
+          "mode": {{ index_mode | tojson }}
+      }
+      {% endif %}
+    }
+  }
+}
diff --git a/elastic/security/templates/composable/.logs-endpoint.action.responses.json b/elastic/security/templates/composable/.logs-endpoint.action.responses.json
index 973e60571..f1c23d48d 100644
--- a/elastic/security/templates/composable/.logs-endpoint.action.responses.json
+++ b/elastic/security/templates/composable/.logs-endpoint.action.responses.json
@@ -24,7 +24,8 @@
       ".logs-endpoint.action.responses@package",
       ".logs-endpoint.action.responses@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/.logs-endpoint.actions.json b/elastic/security/templates/composable/.logs-endpoint.actions.json
index c8c369ad5..da50aa226 100644
--- a/elastic/security/templates/composable/.logs-endpoint.actions.json
+++ b/elastic/security/templates/composable/.logs-endpoint.actions.json
@@ -24,7 +24,8 @@
       ".logs-endpoint.actions@package",
       ".logs-endpoint.actions@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/.logs-endpoint.diagnostic.collection.json b/elastic/security/templates/composable/.logs-endpoint.diagnostic.collection.json
index e94d0a78e..1446d3219 100644
--- a/elastic/security/templates/composable/.logs-endpoint.diagnostic.collection.json
+++ b/elastic/security/templates/composable/.logs-endpoint.diagnostic.collection.json
@@ -24,7 +24,8 @@
       ".logs-endpoint.diagnostic.collection@package",
       ".logs-endpoint.diagnostic.collection@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.alerts.json b/elastic/security/templates/composable/logs-endpoint.alerts.json
index 17c38ef1d..111e5ac5d 100644
--- a/elastic/security/templates/composable/logs-endpoint.alerts.json
+++ b/elastic/security/templates/composable/logs-endpoint.alerts.json
@@ -24,7 +24,8 @@
       "logs-endpoint.alerts@package",
       "logs-endpoint.alerts@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.file.json b/elastic/security/templates/composable/logs-endpoint.events.file.json
index 188b69a4c..a2cc67abf 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.file.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.file.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.file@package",
       "logs-endpoint.events.file@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.library.json b/elastic/security/templates/composable/logs-endpoint.events.library.json
index 4d5515127..729e0b179 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.library.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.library.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.library@package",
       "logs-endpoint.events.library@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.network.json b/elastic/security/templates/composable/logs-endpoint.events.network.json
index c20b48f0d..440320817 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.network.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.network.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.network@package",
       "logs-endpoint.events.network@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.process.json b/elastic/security/templates/composable/logs-endpoint.events.process.json
index c6846a1b6..07acf26b4 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.process.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.process.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.process@package",
       "logs-endpoint.events.process@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.registry.json b/elastic/security/templates/composable/logs-endpoint.events.registry.json
index 33c8122b9..30ba6c7a8 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.registry.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.registry.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.registry@package",
       "logs-endpoint.events.registry@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/logs-endpoint.events.security.json b/elastic/security/templates/composable/logs-endpoint.events.security.json
index 32aaa5720..dca3688d7 100644
--- a/elastic/security/templates/composable/logs-endpoint.events.security.json
+++ b/elastic/security/templates/composable/logs-endpoint.events.security.json
@@ -24,7 +24,8 @@
       "logs-endpoint.events.security@package",
       "logs-endpoint.events.security@custom",
       ".fleet_globals-1",
-      ".fleet_agent_id_verification-1"
+      ".fleet_agent_id_verification-1",
+      "track-shared-logsdb-mode"
     ],
     "priority": 200,
     "_meta": {
diff --git a/elastic/security/templates/composable/security-auditbeat.json b/elastic/security/templates/composable/security-auditbeat.json
index 09b1d14f3..4cce3871a 100644
--- a/elastic/security/templates/composable/security-auditbeat.json
+++ b/elastic/security/templates/composable/security-auditbeat.json
@@ -8106,7 +8106,7 @@
       }
     }
   },
-  "composed_of" : ["track-custom-mappings"],
+  "composed_of" : ["track-custom-mappings", "track-shared-logsdb-mode"],
   "priority" : 150,
   "data_stream" : { }
 }
diff --git a/elastic/security/templates/composable/security-filebeat.json b/elastic/security/templates/composable/security-filebeat.json
index 2a7b6563e..ebda1fb7a 100644
--- a/elastic/security/templates/composable/security-filebeat.json
+++ b/elastic/security/templates/composable/security-filebeat.json
@@ -29071,7 +29071,7 @@
       }
     }
   },
-  "composed_of" : ["track-custom-mappings"],
+  "composed_of" : ["track-custom-mappings", "track-shared-logsdb-mode"],
   "priority" : 150,
   "data_stream" : { }
 }
diff --git a/elastic/security/templates/composable/security-metricbeat.json b/elastic/security/templates/composable/security-metricbeat.json
index 15682c721..ba5edaf65 100644
--- a/elastic/security/templates/composable/security-metricbeat.json
+++ b/elastic/security/templates/composable/security-metricbeat.json
@@ -29619,7 +29619,7 @@
       "date_detection" : false
     }
   },
-  "composed_of" : ["track-custom-mappings"],
+  "composed_of" : ["track-custom-mappings", "track-shared-logsdb-mode"],
   "priority" : 150,
   "data_stream" : { }
 }
\ No newline at end of file
diff --git a/elastic/security/templates/composable/security-packetbeat.json b/elastic/security/templates/composable/security-packetbeat.json
index 270883df4..8ee5b913e 100644
--- a/elastic/security/templates/composable/security-packetbeat.json
+++ b/elastic/security/templates/composable/security-packetbeat.json
@@ -8973,7 +8973,7 @@
       }
     }
   },
-  "composed_of" : ["track-custom-mappings"],
+  "composed_of" : ["track-custom-mappings", "track-shared-logsdb-mode"],
   "priority" : 150,
   "data_stream" : { }
 }
diff --git a/elastic/security/templates/composable/security-winlogbeat.json b/elastic/security/templates/composable/security-winlogbeat.json
index c31e25f9d..e49ede61b 100644
--- a/elastic/security/templates/composable/security-winlogbeat.json
+++ b/elastic/security/templates/composable/security-winlogbeat.json
@@ -7317,7 +7317,7 @@
       }
     }
   },
-  "composed_of" : ["track-custom-mappings"],
+  "composed_of" : ["track-custom-mappings", "track-shared-logsdb-mode"],
   "priority" : 150,
   "data_stream" : { }
 }
\ No newline at end of file
diff --git a/elastic/security/track.json b/elastic/security/track.json
index 2c2e3e1fb..a517a91e4 100644
--- a/elastic/security/track.json
+++ b/elastic/security/track.json
@@ -92,6 +92,10 @@
 {% endfor %}
   ],
   "component-templates": [
+    {
+      "name": "track-shared-logsdb-mode",
+      "template": "./templates/component/track-shared-logsdb-mode.json"
+    },
     {
       "name": "track-custom-mappings",
       "template": "./templates/component/track-custom-mappings.json"