Merge branch 'main' into DOCS-453

Author: kimsauce

.clabot

@@ -166,7 +166,8 @@
     "bchrobot-mh",
     "sachin-sumologic",
     "Andrew-L-Johnson",
-    "Ayah-Saleh"
+    "Ayah-Saleh",
+    "ishaanahuja29"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we'll add you to our approved list of contributors.",
   "label": "cla-signed",

.github/workflows/build_and_deploy.yml

@@ -28,7 +28,7 @@ on:
 
 jobs:
   build-and-deploy:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     environment:
       name: ${{ inputs.environment }}
       url: ${{ inputs.hostname }}${{ inputs.base_url }}
@@ -41,13 +41,13 @@ jobs:
       AWS_DEFAULT_REGION: us-east-1
       AWS_EC2_METADATA_DISABLED: "true"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: '18.x'
+          node-version: '20.x'
           cache: 'yarn'
       - name: Docusaurus Webpack cache
         uses: actions/cache@v3
@@ -57,7 +57,7 @@ jobs:
       - name: Install awscli
         uses: unfor19/install-aws-cli-action@v1
       - name: Install jq
-        run: sudo apt-get install jq
+        run: sudo apt-get install -y jq
       - name: Install dependencies
         run: yarn install --frozen-lockfile
       - name: Build the Docusaurus site

.github/workflows/pr.yml

@@ -10,7 +10,7 @@ on:
 
 jobs:
     build-and-deploy:
-      runs-on: ubuntu-20.04
+      runs-on: ubuntu-22.04
       env:
           CI: true
           NODE_ENV: production

blog-service/2024-10-02-apps.md

@@ -0,0 +1,38 @@
+---
+title: Apps Setup Guides - September Release (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - releases-notes
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### New release
+
+We’re excited to announce the release of new Azure Load Balancer, Azure Cache for Redis, and Doppel Vision apps for Sumo Logic.
+
+- **Azure Load Balancer**. Azure Load Balancer is an Azure service that allows you to evenly distribute incoming network traffic across a group of Azure VMs or instances in a Virtual Machine Scale Set. This integration helps in monitoring inbound and outbound data throughput, outbound flows, and application endpoint's health of your Load Balancers. [Learn more](/docs/integrations/microsoft-azure/azure-load-balancer/).
+- **Azure Cache for Redis**. Azure Cache for Redis provides an in-memory data store based on the Redis software. It offers both the Redis open-source (OSS Redis) and a commercial product from Redis Inc. as a managed service. This integration helps in tracking cache performance (miss rate, latency, read and write rate) and monitor resource health incidents and resource usage (CPU, used memory, server load, and connections) of your instances. It also provides policy compliance and recommendations information from Azure advisor. [Learn more](/docs/integrations/microsoft-azure/azure-cache-for-redis).
+- **Doppel Vision**. Doppel technology identifies and takes down deep fakes, malicious impersonations, phishing, disinformation campaigns targeting clients, and utilizes proprietary AI and machine learning tools to automate threat detection and takedowns. The Doppel dashboard provides a comprehensive overview of digital risk protection metrics and alerts, helping users monitor high-severity threats, analyse alerts by various categories, and gain actionable insights. [Learn more](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/DoppelVision).
+
+### Enhancements 
+
+We're excited to announce the release of the updated version of IIS 10 - OpenTelemetry and Azure Webapps apps for Sumo Logic, which includes the below enhancements:
+
+- **IIS 10 - OpenTelemetry**. Five new metrics dashboards are added based on performance, cache counters, and worker process metrics. This app now provides more use cases around application performance, state service sessions, connections, errors, cache memory, requests executing, requests in application queue, pipeline instance count, and output cache. [Learn more](/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry).
+- **Azure Webapps**. Five new logs dashboards and seven new metrics dashboards are added that use activity logs, antivirus scan audit logs, app service platform logs, app service IPSec logs, and platform metrics. This app now provides more use cases around antivirus scan results, tracking of memory usage, insights into the IP address restrictions configured, insights into the network performance, resource health incidents, and insights into the underlying platform performance. It also provides policy compliance and recommendations information from Azure advisor. [Learn more](/docs/integrations/microsoft-azure/web-apps).
+
+### Bug Fix
+
+Minor fixes for the below listed apps. To know more about the version updates, navigate to the **Releases Notes** tab of the respective app.
+
+- Active Directory 2012+ (JSON)
+- Azure Application Gateway 
+- Barracuda CloudGen Firewall 
+- Endace
+- LambdaTest
+

blog-service/2024-10-03-manage.md

@@ -0,0 +1,18 @@
+---
+title: Forward raw log data to S3 - Beta (Manage) 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - data forwarding
+  - manage
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We are happy to announce that you can now configure the schema and format of log data forwarded from Sumo Logic to an S3 destination. Previously, forwarding was limited to raw log data along with its metadata and enriched fields. Now, you have the flexibility to choose between forwarding only log data, log data with metadata, or log data with metadata and enriched fields, in either CSV or JSON format. This enhanced flexibility enables you to perform more precise analytics on the data using your preferred tools.
+
+<img src={useBaseUrl('img/data-forwarding/forward-raw-data.png')} alt="Options to forward raw data" style={{border: '1px solid gray'}} width="450"/>
+
+To learn more, see the *Forward data to an S3 forwarding destination* section in our article [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket). 

cid-redirects.json

@@ -34,6 +34,7 @@
   "/01Start-Here/04Getting-Started/Certification_FAQs": "/docs/get-started/training-certification-faq",
   "/docs/get-started/certification-faq": "/docs/get-started/training-certification-faq",
   "/01Start-Here/05Customize-Your-Sumo-Logic-Experience": "/docs/get-started/account-settings-preferences",
+  "/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Change-Your-Email-Address": "/docs/get-started/account-settings-preferences",
   "/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Change-Your-Password": "/docs/get-started/account-settings-preferences",
   "/docs/get-started/account-setup": "/docs/get-started/account-settings-preferences",
   "/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page": "/docs/get-started/sumo-logic-ui",
@@ -79,12 +80,14 @@
   "/Start_Here/About_Sumo_Logic/Status_and_Scheduled_Maintenance": "/docs/get-started/help",
   "/Start_Here/About_Sumo_Logic/Sumo_Logic_Support_Terms_and_Conditions": "/docs/get-started/support-terms",
   "/Start_Here/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
+  "/Start_Here/Getting_Started/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
   "/Start-Here/09Customize-Your-Sumo-Logic-Experience/Preferences-Page": "/docs/get-started/account-settings-preferences",
   "/Start-Here/02Getting-Started/Glossary": "/docs/contributing/glossary",
   "/01Start-Here/02Getting-Started/Glossary": "/docs/contributing/glossary",
   "/docs/contributing/create-document": "/docs/contributing/create-edit-doc",
   "/docs/contributing/edit-doc": "/docs/contributing/create-edit-doc",
   "/docs/contributing/markdown-cheat-sheet": "/docs/contributing/style-guide",
+  "/docs/c2c": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework",
   "/03Send-Data": "/docs/send-data",
   "/03Send-Data/01-Design-Your-Deployment": "/docs/send-data/choose-collector-source",
   "/03Send-Data/01-Design-Your-Deployment/Best-Practices%3A-Good-Source-Category%2C-Bad-Source-Category": "/docs/send-data/best-practices",
@@ -371,6 +374,7 @@
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Search-Templates": "/docs/search/get-started-with-search/build-search/search-templates",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Set-the-Time-Range": "/docs/search/get-started-with-search/build-search/set-time-range",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Use_a_URL_to_Run_a_Search": "/docs/search/get-started-with-search/build-search/use-url-to-run-search",
+  "/docs/search/get-started-with-search/build-search/use-url-to-run": "/docs/search/get-started-with-search/build-search/use-url-to-run-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Use-Receipt-Time": "/docs/search/get-started-with-search/build-search/use-receipt-time",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/What-Data-Do-I-Have": "/docs/search/get-started-with-search/build-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Write-Efficient-Search-Queries": "/docs/search/get-started-with-search/build-search",
@@ -1473,6 +1477,7 @@
   "/docs/integrations/microsoft-azure/iis-10-legacy": "/docs/integrations/web-servers/iis-10",
   "/docs/integrations/security-threat-detection/zscaler-web-security": "/docs/integrations/security-threat-detection/zscaler-internet-access",
   "/docs/observability/aws/quickstart": "/docs/observability/aws/deploy-use-aws-observability/deploy-with-aws-cloudformation/automatic-installation-script",
+  "/docs/dashboards-classic": "/docs/dashboards",
   "/docs/dashboards-classic/about": "/docs/dashboards",
   "/docs/dashboards-classic/get-started": "/docs/dashboards",
   "/docs/dashboards-classic/get-started/create-dashboard": "/docs/dashboards",
@@ -1628,6 +1633,7 @@
   "/cid/10163": "/docs/cse/administration",
   "/cid/10264": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source",
   "/cid/12321": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source",
+  "/cid/10231": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-logic-sample-data-source",
   "/cid/10164": "/docs/alerts/scheduled-searches/schedule-search",
   "/cid/10165": "/docs/integrations/cloud-security-monitoring-analytics",
   "/cid/10166": "/docs/cse/records-signals-entities-insights/configure-entity-lookup-table",
@@ -2375,6 +2381,7 @@
   "/cid/5421": "/docs/search/search-query-language/search-operators/fillmissing",
   "/cid/5422": "/docs/search/time-compare",
   "/cid/12356": "/docs/integrations/sumo-apps/log-analysis-quickstart",
+  "/cid/12357": "/docs/integrations/sumo-apps/sample-data-astronomy",
   "/cid/5423": "/docs/send-data/installed-collectors/collector-installation-reference/force-collectors-name-clobber",
   "/cid/5424": "/docs/dashboards/about",
   "/cid/5426": "/docs/send-data/collection/processing-rules/hash-rules",
@@ -2676,6 +2683,7 @@
   "/cid/30039": "/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights",
   "/cid/30040": "/docs/integrations/microsoft-azure/azure-hdinsight",
   "/cid/21001": "/docs/integrations/google/cloud-alloydb-for-postgresql",
+  "/cid/21342": "/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source",
   "/cid/21002": "/docs/integrations/google/cloud-api-gateway",
   "/cid/21003": "/docs/integrations/google/cloud-apis",
   "/cid/21004": "/docs/integrations/google/cloud-armor",
@@ -2982,6 +2990,7 @@
   "/docs/dashboards-new/panels/scatter-charts": "/docs/dashboards/panels/scatter-charts",
   "/docs/dashboards-new/panels/single-value-charts": "/docs/dashboards/panels/single-value-charts",
   "/docs/dashboards-new/panels/table-charts": "/docs/dashboards/panels/table-charts",
+  "/Manage/Connections/Webhook_Connections": "/docs/alerts/webhook-connections",
   "/Manage/Connections/Webhook_Connections/About_Webhook_Connections": "/docs/alerts/webhook-connections",
   "/Manage/Connections/Webhook_Connections/Use_the_Audit_Index_with_Webhook_Connections": "/docs/alerts/webhook-connections/audit-index",
   "/Manage/Connections/Webhook_Connections/Webhook_Connection_for_Datadog": "/docs/alerts/webhook-connections/datadog",
@@ -3694,6 +3703,7 @@
   "/Search/Search_Query_Language/01_Parse_Operators": "/docs/search/search-query-language/parse-operators",
   "/Search/Search_Query_Language/01_Parse_Operators/03_Parse_JSON_Formatted_Logs": "/docs/search/search-query-language/parse-operators/parse-json-formatted-logs",
   "/Search/Search_Query_Language/01_Parse_Operators/01_Parse_Predictable_Patterns_Using_an_Anchor": "/docs/search/search-query-language/parse-operators/parse-predictable-patterns-using-an-anchor",
+  "/Search/Search_Query_Language/01_Parse_Operators/Parse_nodrop_option": "/docs/search/search-query-language/parse-operators/parse-nodrop-option",
   "/Search/Search_Query_Language/Search_Operators": "/docs/search/search-query-language/search-operators/matches",
   "/Search/Search_Query_Language/Search_Operators/matches": "/docs/search/search-query-language/search-operators/matches",
   "/Search/Search_Query_Language/Search_Operators/formatDate": "/docs/search/search-query-language/search-operators/formatdate",
@@ -3822,6 +3832,7 @@
   "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation": "/docs/send-data/installed-collectors/collector-installation-reference",
   "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/11Set-a-Collector-as-Ephemeral": "/docs/send-data/installed-collectors/collector-installation-reference/set-collector-as-ephemeral",
   "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/06Parameters-for-the-Command-Line-Installer": "/docs/send-data/installed-collectors/collector-installation-reference",
+  "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/06user.properties": "/docs/send-data/installed-collectors/collector-installation-reference/user-properties",
   "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/04Add_a_Collector_to_a_Windows_Machine_Image": "/docs/send-data/installed-collectors/collector-installation-reference/add-collector-windows-machine-image",
   "/Send-Data/Installed-Collectors/05Reference-Information-for-Collector-Installation/02Download-a-Collector-from-a-Static-URL": "/docs/send-data/installed-collectors/collector-installation-reference/download-collector-from-static-url",
   "/Send-Data/Sources/03Use-Case-Library/Amazon-Web-Services/AWS-EC2-Instance-Log-Collection": "/docs/send-data/installed-collectors/sources/host-metrics-source",

docs/alerts/monitors/create-monitor.md

@@ -96,7 +96,11 @@ Lets you detect an unusual change or a spike in a time series of a key indicator
 
 ### Query
 
-In this step, you'll need to provide a logs or metrics query. This is not applicable to **SLO** monitors.
+:::tip
+For guidance on optimizing scan costs when using Flex Pricing, refer to the [FAQ on optimizing scan costs for monitors](/docs/alerts/monitors/monitor-faq/#how-can-i-optimize-scan-costs-for-monitors-when-using-flex-pricing).
+:::
+
+In this step, you'll need to provide a logs or metrics query. This is not applicable to SLO monitors.
 
 * **Logs** monitors can have one query up to 15,000 characters long.
 * **Metrics** monitors can have up to 6 queries. When providing multiple metrics queries, use the letter labels to reference a query row. The monitor will automatically detect the query that triggers your alert, and will mark that row with a notification bell icon. See [Joined metrics queries](/docs/metrics/metrics-queries/metrics-explorer/#join-metric-queries) for details.<br/><img src={useBaseUrl('img/monitors/metrics-monitor-query-row.png')} alt="Screenshot of the 'New Monitor' setup page in Sumo Logic, showing the Trigger Conditions section. Metrics is selected as the Monitor Type and Static as the Detection Method. The query includes two metrics: CPU_Sys and CPU_User, with an alert condition combining both metrics (#B + #C). A bell icon is highlighted on the left side." style={{border: '1px solid gray'}} width="700"/>

docs/alerts/monitors/monitor-faq.md

@@ -6,6 +6,15 @@ description: Frequently asked questions about Sumo Logic monitors.
 
 import AlertsTimeslice from '../../reuse/alerts-timeslice.md';
 
+## How can I optimize scan costs for monitors when using Flex Pricing?
+
+To optimize scan costs for monitors under [Flex Pricing](/docs/manage/partitions/flex), consider the following factors:
+
+- **Data scanned by the query**. This is the primary driver of cost and is incurred every time the monitor is evaluated. To reduce costs, optimize your query using [default scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope) to include only necessary partitions and minimize the amount of data scanned.
+- **Time range of the monitor query**. For static monitors, adjust the detection window under [Trigger Type](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (for example, `"Alert when result is _____ within <detection window> minutes"`) to use a shorter time range, which reduces the amount of data scanned. For outlier monitors, reduce the **datapoints** parameter under **Trigger Type** to lower the scanned bytes.
+
+By carefully configuring these elements, you can balance scan costs with monitoring requirements.
+
 ## Can I convert my existing Scheduled Search to a monitor?
 
 Yes, however, it's a manual process. You have to create a new monitor with the appropriate query and alerting condition based on your existing Scheduled Search. See the [differences between monitors and Scheduled Searches](/docs/alerts/difference-from-scheduled-searches) before you consider converting.

docs/get-started/apps-integrations.md

@@ -66,6 +66,10 @@ import AppInstall from '../reuse/apps/app-install-v2.md';
 
 ### How to upgrade Next-Gen apps
 
+:::info
+See our [Releases Notes](/docs/release-notes) to learn about app version updates.
+:::
+
 import AppUpdate from '../reuse/apps/app-update.md';
 
 <AppUpdate/>

docs/integrations/containers-orchestration/docker-community-edition.md

@@ -7,7 +7,7 @@ description: The Docker app monitors Docker container logs and metrics (stats) i
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-<img src={useBaseUrl('img/integrations/containers-orchestration/docker.png')} alt="icon" width="150"/>
+<img src={useBaseUrl('img/integrations/containers-orchestration/docker.png')} alt="icon" width="90"/>
 
 :::note
 The Docker app will be fully functional with Docker setup using [cgroup v1](https://docs.docker.com/config/containers/runmetrics/#control-groups).
@@ -450,4 +450,4 @@ import AppUpdate from '../../reuse/apps/app-update.md';
 
 import AppUninstall from '../../reuse/apps/app-uninstall.md';
 
-<AppUninstall/>
+<AppUninstall/>