ti_custom: Document max_executions troubleshooting

packages/ti_custom/_dev/build/docs/README.md

@@ -85,6 +85,14 @@
 
 To facilitate IOC expiration, source datastream-backed indices `.ds-logs-ti_custom.indicator-*` are allowed to contain duplicates from each polling interval. ILM policy is added to these source indices so it doesn't lead to unbounded growth. This means data in these source indices will be deleted after `5 days` from ingested date.
 
+## Troubleshooting
+
+### "exceeding maximum number of CEL executions"
+
+The CEL input limits how many pages it fetches during a single polling interval. The default is `1000`. High-volume TAXII feeds with large collections may exceed this limit, causing the integration to enter a DEGRADED state with this message.
+
+To resolve this, increase `Maximum Pages Per Interval` in the integration's advanced settings. The value must be a positive integer and should be large enough to allow the agent to paginate through the full result set within one interval. Alternatively, reduce the polling interval so each run has fewer pages to fetch.
+
 ## Logs reference
 
 ### indicator

packages/ti_custom/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.6.0"
+  changes:
+    - description: Document `max_executions` setting and add troubleshooting guidance for the "exceeding maximum number of CEL executions" error.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18898
 - version: "1.5.0"
   changes:
     - description: Expose `max_executions` as an optional advanced parameter so users can raise the cap for high-volume feeds.

packages/ti_custom/docs/README.md

@@ -85,6 +85,14 @@
 
 To facilitate IOC expiration, source datastream-backed indices `.ds-logs-ti_custom.indicator-*` are allowed to contain duplicates from each polling interval. ILM policy is added to these source indices so it doesn't lead to unbounded growth. This means data in these source indices will be deleted after `5 days` from ingested date.
 
+## Troubleshooting
+
+### "exceeding maximum number of CEL executions"
+
+The CEL input limits how many pages it fetches during a single polling interval. The default is `1000`. High-volume TAXII feeds with large collections may exceed this limit, causing the integration to enter a DEGRADED state with this message.
+
+To resolve this, increase `Maximum Pages Per Interval` in the integration's advanced settings. The value must be a positive integer and should be large enough to allow the agent to paginate through the full result set within one interval. Alternatively, reduce the polling interval so each run has fewer pages to fetch.
+
 ## Logs reference
 
 ### indicator

packages/ti_custom/manifest.yml

@@ -3,7 +3,7 @@ name: ti_custom
 title: Custom Threat Intelligence
 description: Ingest threat intelligence data in STIX 2.1 format with Elastic Agent
 type: integration
-version: "1.5.0"
+version: "1.6.0"
 categories:
   - custom
   - security