macro Operator docs

Author: JV0812

cid-redirects.json

@@ -1870,6 +1870,7 @@
   "/cid/2008": "/docs/send-data/installed-collectors/linux",
   "/cid/2009": "/docs/search/logcompare",
   "/cid/2010": "/docs/search/search-query-language/search-operators/if",
+  "/cid/2110": "/docs/search/search-query-language/search-operators/macro",
   "/cid/2011": "/docs/get-started/help",
   "/cid/2012": "/docs/manage/security/enable-support-account",
   "/cid/2013": "/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source",

docs/search/search-query-language/search-operators/macro.md

@@ -0,0 +1,55 @@
+---
+id: macro
+title: macro Operator
+sidebar_label: macro
+---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+With `macro` operator you can reuse the portions of search query language in multiple other queries. This operator also includes arguments and also performs its respective evaluation of the arguments.
+
+Use backquote (``) charater to refer macro operator in the query. Macros referred inside another macro is called **Nested macros**. Macro referred within the context of another macro query of is called **Inner Macro**. The macro where the inner macro is reffered is called the **Outer Macro**.
+
+:::note
+- Only **Administrators** and **Users** with access to **Query Reference** will be able to run queries using macros.
+- Only users with **Administrator** access can create or delete the macro. 
+:::
+
+## Syntax
+
+```
+`<macro name>`
+```
+
+## Add a macro
+
+To create a macro follow the steps below:
+
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data** > **Logs** > **Macros**. <br/> [**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu, select **Manage Date**, and then under **Logs**, select **Macros**. You can also click the **Go To...** menu at the top of the screen and select **Macros**.
+1. Click **+ Add Macro**.<br/><img src={useBaseUrl('img/search/searchquerylanguage/search-operators/macro-logs-page.png')} alt="macro-logs-page" style={{border: '1px solid gray'}} width="800" />
+1. Or, in the log search page, select the part of search query language that needs to be reused and click on **Create Macro**.<br/><img src={useBaseUrl('img/search/searchquerylanguage/search-operators/macro-search-page.png')} alt="macro-search-page" style={{border: '1px solid gray'}} width="800" />
+1. **Macro Details**. Enter the name for the macro. Description is optional.
+1. **Macro Definition**. Enter the definition for the macro. To add arguments use the `{{Arg}}` syntax or select a part of the definition and click on **Add Argument**.
+1. (Optional)**Arguments**. Enter the name and select the data type for the argument selcted.
+1. (Optional)**Argument Validation**. Define the validation condition and enter the error message that needs to be shown when the validation expression returns false.
+1. **Usage**. Preview of how you use the macro in the log search.
+1. Click **Submit** to save the macro.
+
+### Limitations
+
+- You can create a maximum of 50 macros.
+- You can add a maximum of 5 definitions.
+
+### Example
+
+Consider the below query that search for the errors with timeslice of 5 minutes. 
+
+```
+_sourceCategory=error | timeslice 5m
+| count by _timeslice
+```
+
+Now by creating macro for the timeslice field, the query with the `macro` operator is modified as:
+
+```
+_sourceCategory=error | `timeslice_macro`
+```

sidebars.ts

@@ -1380,6 +1380,7 @@ module.exports = {
             'search/search-query-language/search-operators/lookup-classic',
             'search/search-query-language/search-operators/lookupcontains',
             'search/search-query-language/search-operators/luhn',
+            'search/search-query-language/search-operators/macro',
             'search/search-query-language/search-operators/manually-cast-data-string-number',
             'search/search-query-language/search-operators/matches',
             'search/search-query-language/search-operators/now',