Skip to content

Commit 158d30c

Browse files
JV0812JV0812
authored
Update deletion-requests.md (#4865)
1 parent 730d0ea commit 158d30c

File tree

1 file changed

+17
-16
lines changed

1 file changed

+17
-16
lines changed

docs/manage/deletion-requests.md

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -53,26 +53,27 @@ Data cannot be recovered once it gets deleted. Ensure that you have appropriatel
5353

5454
### From a Log Search
5555

56-
#### Delete audit events
57-
58-
The Audit Event Index has detailed JSON logs. To search for audit events for data deletion logs, use metadata field `_sourceCategory=deletionRule`. For example, to search for data deletion logs you would use the query:
59-
60-
```
61-
(_index=sumologic_audit_events) AND _sourceCategory=deletionRule
62-
```
63-
64-
#### Delete system events
56+
1. In the **Log Search**, search for the required logs that needs to be deleted.
57+
1. Click the cog icon, then in the dropdown, select **Create Deletion Request**.<br/><img src={useBaseUrl('img/search/get-started-search/deletion-request.png')} alt="deletion request" style={{border: '1px solid gray'}} width="400"/>
58+
1. In the popup window, enter a **Name** and **Reason** for your data deletion request, then click **Create Request**.
59+
60+
#### Delete events
6561

66-
The System Event Index has detailed JSON logs. To search for system events for data deletion logs, use metadata field `_sourceCategory=deletionRule`. For example, to search for data deletion logs you would use the query:
62+
The Audit Event Index and System Event Index has detailed JSON logs. To search for audit events or system events for data deletion logs, use metadata field `_sourceCategory=deletionRule`.
6763

68-
```
69-
(_index=sumologic_system_events) AND _sourceCategory=deletionRule
64+
```sql
65+
(_index=sumologic_*_events) AND _sourceCategory=deletionRule
66+
| json field=_raw "resourceIdentity.name" as name nodrop
67+
| json field=_raw "resourceIdentity.id" as id nodrop
68+
| json field=_raw "eventName"
69+
| json field=_raw "operator.interface" as operator nodrop
70+
| json field=_raw "operator.email" as email nodrop
7071

72+
| count by _messagetime,eventname,name,id,operator,email,_view
73+
| sort _messagetime asc
7174
```
7275

73-
1. In the **Log Search**, search for the required logs that needs to be deleted.
74-
1. Click the cog icon, then in the dropdown, select **Create Deletion Request**.<br/><img src={useBaseUrl('img/search/get-started-search/deletion-request.png')} alt="deletion request" style={{border: '1px solid gray'}} width="400"/>
75-
1. In the popup window, enter a **Name** and **Reason** for your data deletion request, then click **Create Request**.
76+
The events `DeletionRuleCreated` and `DeletionRuleStateUpdated` are contained in the `sumologic_audit_events` index and `DeletionRuleProcessingConcluded` is in the `sumologic_system_events` index.
7677

7778
## Cancel a deletion request
7879

@@ -100,4 +101,4 @@ Each deletion request is limited to 100,000 messages. This means that any deleti
100101

101102
### Supported operators
102103

103-
Currently, we only support [`as`](/docs/search/search-query-language/search-operators/as), [`concat`](/docs/search/search-query-language/search-operators/concat), [`contains`](/docs/search/search-query-language/search-operators/contains), [`decToHex`](/docs/search/search-query-language/search-operators/dectohex), [`floor`](/docs/search/search-query-language/math-expressions/floor), [`if`](/docs/search/search-query-language/search-operators/if), [`in`](/docs/search/search-query-language/search-operators/in), [`lookup`](/docs/search/search-query-language/search-operators/lookup), [`toLower`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), [`matches`](/docs/search/search-query-language/search-operators/matches), [`parse`](/docs/search/search-query-language/parse-operators), [`toUpper`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), and [`where`](/docs/search/search-query-language/search-operators/where) search query operators.
104+
Currently, we only support [`as`](/docs/search/search-query-language/search-operators/as), [`concat`](/docs/search/search-query-language/search-operators/concat), [`contains`](/docs/search/search-query-language/search-operators/contains), [`decToHex`](/docs/search/search-query-language/search-operators/dectohex), [`floor`](/docs/search/search-query-language/math-expressions/floor), [`if`](/docs/search/search-query-language/search-operators/if), [`in`](/docs/search/search-query-language/search-operators/in), [`lookup`](/docs/search/search-query-language/search-operators/lookup), [`toLower`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), [`matches`](/docs/search/search-query-language/search-operators/matches), [`parse`](/docs/search/search-query-language/parse-operators), [`toUpper`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), and [`where`](/docs/search/search-query-language/search-operators/where) search query operators.

0 commit comments

Comments
 (0)