Merge branch 'main' into CSOAR-3196

Author: mahendrak-sumo

docs/integrations/google/cloud-iam.md

@@ -91,7 +91,7 @@ _collector="HTTP Source for GCP Pub/Sub" logName resource timestamp
 | where type = "project" and log_name matches "projects/*/logs/cloudaudit.googleapis.com%2Factivity"
 | timeslice 1h
 | json "message.data.resource.labels", "message.data.resource.labels.project_id", "message.data.protoPayload.serviceData.policyDelta.bindingDeltas[*]" as labels, project, changes
-| parse regex field=changes "\"role\":\"roles\\\/(?<role>[a-zA-Z.]+)\",\"member\":\".*\",\"action\":\"(?<action>[A-Z]+)\"" multi
+| parse regex field=changes "\"role\":\"roles\/(?<role>[a-zA-Z.]+)\",\"member\":\".*\",\"action\":\"(?<action>[A-Z]+)\"" multi
 | where action="ADD"
 | count by _timeslice, role
 | transpose row _timeslice column role
@@ -258,4 +258,4 @@ import AppUpdate from '../../reuse/apps/app-update.md';
 
 import AppUninstall from '../../reuse/apps/app-uninstall.md';
 
-<AppUninstall/>
+<AppUninstall/>

docs/search/search-cheat-sheets/log-operators.md

@@ -32,7 +32,7 @@ Sumo provides a number of ways to [parse](/docs/search/search-query-language/pa
   <tr>
    <td><a href="/docs/search/search-query-language/parse-operators/parse-keyvalue-formatted-logs">keyvalue</a></td>
    <td>Typically, log files contain information that follow a key-value pair structure. The keyvalue operator allows you to get values from a log message by specifying the key paired with each value.</td>
-   <td><code>| keyvalue infer "module", "thread"</code></td>
+   <td><code>| keyvalue "module", "thread"</code></td>
   </tr>
   <tr>
    <td><a href="/docs/search/search-query-language/parse-operators/parse-csv-formatted-logs">csv</a></td>