diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index c9c1d63e021e..7fc40783c2f2 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -273,6 +273,7 @@ The default is to log certificate subject and issuer. If ``extended`` is
 enabled, then the log gets more verbose.
 
 By using ``custom`` it is possible to select which TLS fields to log.
+**Note that this will disable ``extended`` logging.**
 
 ARP
 ~~~
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 5f9eaf68393e..f191bf60b9da 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -272,6 +272,7 @@ outputs:
             # session id
             #session-resumption: no
             # custom controls which TLS fields that are included in eve-log
+            # WARNING: enabling custom disables extended logging.
             #custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, chain, ja3, ja3s, ja4, subjectaltname]
         - files:
             force-magic: no   # force logging magic on all logged files