Merge branch 'main' into katex

kimsauce · web-flow · commit 264de4ffd778 · 2025-01-27T15:42:58.000-05:00
diff --git a/docs/metrics/introduction/metric-quantization.md b/docs/metrics/introduction/metric-quantization.md
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Sumo ingests individual metric data points from your metric sources. In metric visualizations, rather than charting individual data points, Sumo presents the aggregated value of the data points received during an interval.
 
-Quantization is the process of aggregating metric data points for time series over an interval, for example, an hour or a minute, using a particular aggregation function: `avg`, `min`, `max`, `sum`, or `count`.
+Quantization is the process of aggregating metric data points for time series over an interval, for example, an hour or a minute, using a particular aggregation function: `avg`, `min`, `max`, `sum`, `count`, or `rate`.
 
 
 ### Quantization terminology
@@ -38,38 +38,20 @@ By default, Sumo uses the `avg` rollup type. You can specify another rollup type
 
 We use the term rollup to refer to the aggregation function Sumo uses when quantizing metrics. This table describes the different rollup types you can select when running a query.
 
-<table>
-  <tr>
-   <td><strong>Rollup type</strong>   </td>
-   <td><strong>Description</strong>   </td>
-  </tr>
-  <tr>
-   <td><code>avg</code> </td>
-   <td>Calculates the average value of the data points for a time series in each bucket. </td>
-  </tr>
-  <tr>
-   <td><code>min</code> </td>
-   <td>Calculates the minimum value among the data points for a time series in each bucket.   </td>
-  </tr>
-  <tr>
-   <td><code>max</code>   </td>
-   <td>Calculates the maximum value among the data points for a time series in each bucket. </td>
-  </tr>
-  <tr>
-   <td><code>sum</code></td>
-   <td>Calculates the sum of the values of the data points for a time series in each bucket. </td>
-  </tr>
-  <tr>
-   <td><code>count</code></td>
-   <td>Calculates the count of data points for a time series in each bucket. </td>
-  </tr>
-</table>
+| Rollup type | Description |
+| :-- | :-- |
+| [`avg`](/docs/metrics/metrics-operators/avg/) | Calculates the average value of the data points for a time series in each bucket. |
+| [`min`](/docs/metrics/metrics-operators/min/) | Calculates the minimum value among the data points for a time series in each bucket. |
+| [`max`](/docs/metrics/metrics-operators/max/) | Calculates the maximum value among the data points for a time series in each bucket. |
+| [`sum`](/docs/metrics/metrics-operators/sum/) | Calculates the sum of the values of the data points for a time series in each bucket. |
+| [`count`](/docs/metrics/metrics-operators/count/) | Calculates the count of data points for a time series in each bucket. |
+| [`rate`](/docs/metrics/metrics-operators/rate/) | Calculates the per-second rate of change between data points in a time series in each bucket.  |
 
 Sumo quantizes metrics upon ingestion and at query time.
 
 ### Quantization at ingestion
 
-Upon ingestion, Sumo quantizes raw metric data points to one hour resolutions for all rollup types: `avg`, `min`, `max`, `sum`, and `count`. This data is stored in one hour rollup tables in Sumo. The raw data is stored in a table referred to as the baseline table. For information about retention times, see [Metric Ingestion and Storage](/docs/metrics/manage-metric-volume/metric-ingestion-and-storage.md).
+Upon ingestion, Sumo quantizes raw metric data points to one hour resolutions for all rollup types: `avg`, `min`, `max`, `sum`, `count`, and `rate`. This data is stored in one hour rollup tables in Sumo. The raw data is stored in a table referred to as the baseline table. For information about retention times, see [Metric Ingestion and Storage](/docs/metrics/manage-metric-volume/metric-ingestion-and-storage.md).
 
 ### Automatic quantization at query time
 
diff --git a/docs/metrics/metrics-operators/quantize.md b/docs/metrics/metrics-operators/quantize.md
@@ -9,7 +9,7 @@ You can use the `quantize` operator to control the Sumo’s quantization behavio
 You can specify:
 
 * The size of the time buckets across which Sumo aggregates your metrics. If you do not specify a quantization interval, Sumo determines an optimum size for time buckets, as described in [Automatic quantization at query time](../introduction/metric-quantization.md).  
-* The rollup type that Sumo uses to aggregate the individual data points in a time bucket, which can be one of `avg, min, max, sum,` or `count`. If you do not specify a rollup type in the `quantize` clause of your query, for each time bucket, Sumo presents the average of the data points in that bucket.  
+* The rollup type that Sumo uses to aggregate the individual data points in a time bucket, which can be one of `avg`, `min`, `max`, `sum`, `count`, or `rate`. If you do not specify a rollup type in the `quantize` clause of your query, for each time bucket, Sumo presents the average of the data points in that bucket.  
 
 ## Syntax
 
@@ -20,7 +20,7 @@ quantize [to INTERVAL] [using ROLLUP] [drop last]
 where:
 
 * `INTERVAL` is the duration over which you want to quantize the metrics, in seconds (`s`), minutes (`m`), hours (`h`), or days (`d`).
-* `ROLLUP` is  `avg, min, max, sum`, or `count`.
+* `ROLLUP` is  `avg`, `min`, `max`, `sum`, `count`, or `rate`.
 * `drop last` causes the last time bucket to be dropped, if the end of that bucket is after the end of the query time range.
 * At least one of the `to INTERVAL` or `using ROLLUP` clauses needs to be present.
 
diff --git a/docs/platform-services/threat-intelligence-indicators.md b/docs/platform-services/threat-intelligence-indicators.md
@@ -142,6 +142,10 @@ You do not have to wait until indicators reach the end of their retention period
 
 ## Find threats with log queries
 
+:::warning
+The `threatlookup` search operator has been temporarily disabled as of January 27, 2025. 
+:::
+
 Once you [ingest threat intelligence indicators](#ingest-threat-intelligence-indicators), you can perform searches to find matches to data in the indicators using the `threatlookup` search operator.
 
 The `threatlookup` operator allows you to search logs for matches in threat intelligence indicators. For example, use the following query to find logs in all `sec_record*` indexes with a `srcDevice_ip` attribute correlated to a threat indicator with a high confidence level (greater than 50):
