You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
***Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards, reducing time and effort in data interpretation.
50
50
***Log compatibility**. Copilot supports structured logs, semi-structured logs (partial JSON), and unstructured logs (e.g., Palo Alto Firewall) when Field Extraction Rules (FERs) are applied. This ensures valuable insights across a variety of log formats.
51
51
***Enhanced query experience**. Auto-complete to streamline natural language queries.
52
+
***Multi-turn conversations**. Ask follow-up questions without repeating yourself.
53
+
54
+
## Support for unstructured logs
55
+
56
+
Copilot now supports unstructured logs, including raw text logs with no predefined fields or Field Extraction Rules (FERs). If these logs are already visualized in dashboards, Copilot automatically parses them and surfaces insights using natural language queries.
57
+
58
+
This capability is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), which infers structure from patterns already used in your dashboards. Behind the scenes, Copilot injects the `intelliparse` operator into queries to extract fields on the fly—no FER setup required.
59
+
60
+
Here are some use cases:
61
+
* Explore raw logs without defined fields
62
+
* Triage errors and detect patterns
63
+
* Investigate anomalies in security dashboards
64
+
65
+
Copilot does not currently interpret all unstructured logs. It prioritizes those already visualized in dashboards to ensure the most relevant and accurate insights. Unlike structured logs, which contain clearly defined fields, unstructured logs require Copilot to infer structure at query time using AI and pattern recognition.
52
66
53
67
## Security and compliance
54
68
@@ -211,7 +225,8 @@ To save space, you can use the **Hide Log Query** icon to collapse the log query
211
225
212
226
#### Compatible Log Formats
213
227
214
-
Copilot querying is compatible with JSON logs, partial JSON logs, and unstructured logs with Field Extraction Rules. It cannot be used to query metrics or trace telemetry.
228
+
***Supported**. JSON, partial JSON, unstructured logs (with or without FERs).
229
+
***Not supported**. Metrics or trace telemetry.
215
230
216
231
To retrieve a list of `_sourceCategories` with JSON data, use the following query:
217
232
@@ -258,8 +273,6 @@ There are two ways to do this:
258
273
259
274
### Logs for security
260
275
261
-
<!-- add micro lesson when published-->
262
-
263
276
In the video, Copilot is used to investigate a security issue involving the potential leak of AWS CloudTrail access keys outside the organization.
264
277
265
278
The video demonstrates how to use Copilot to analyze AWS CloudTrail data, review AI-curated suggestions, refine searches using natural language prompts, and generate an AI-driven dashboard for root cause analysis and sharing.
@@ -344,7 +357,7 @@ Sumo Logic Copilot (also referred to as Sumo Logic Mo Copilot) is an AI assistan
344
357
<details>
345
358
<summary>Can I use Copilot to analyze unstructured logs?</summary>
346
359
347
-
Yes, Copilot can extract relevant insights from unstructured logs, provided Field Extraction Rules (FERs) are applied. It also supports semi-structured logs (JSON + unstructured payloads).
360
+
Yes. Copilot can parse raw logs without FERs. It also supports semi-structured logs (JSON + unstructured payloads).
0 commit comments