Merge branch 'main' into DOCS-559

Author: kimsauce

.clabot

@@ -5,11 +5,9 @@
     "JV0812",
     "jpipkin1",
     "JainM6",
-    "swiatekm-sumo",
     "docsSeema",
     "angadrandhawa1",
     "kkujawa-sumo",
-    "open-source-collection-team",
     "mat-rumian",
     "perk-sumo",
     "jmartini-sumo",
@@ -26,12 +24,10 @@
     "agaur",
     "bhargavisumo",
     "ravipadala-sumo",
-    "jd-sumo",
     "davidcarltonsumo",
     "pkazmir-sumo",
     "dkarabin-sumo",
     "kevin-sumo",
-    "mgol-sumo",
     "crm6718",
     "mvirga-sumo",
     "tarunk2",
@@ -72,6 +68,9 @@
     "rikishi-c",
     "Melvin-CnC",
     "yuting-liu",
+    "jc-sumo",
+    "vfalconisumo",
+    "yuting-liu",
     "arpitjain305",
     "kparekh010",
     "ajaiswals",
@@ -171,7 +170,7 @@
     "antonymartinsumo",
     "amee-sumo"
   ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement. To proceed with your PR, please [sign here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
   "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
 }

.github/CODEOWNERS

@@ -1,14 +1,16 @@
+# More details: https://help.github.com/articles/about-codeowners
+
 # Default owners for everything in the repo.
 * @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
-# Owners of all files in the `/docs` directory and its subdirectories.
-/docs/   @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+# Owners of all files in the `/docs/integrations` directory.
+/docs/integrations/ @SumoLogic/sumoappdev @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/kubernetes` directory.
-/docs/send-data/kubernetes/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+/docs/send-data/kubernetes/ @SumoLogic/open-source-collection-team @SumoLogic/k8s-developers @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/opentelemetry-collector` directory and its subdirectories.
-/docs/send-data/opentelemetry-collector/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
+/docs/send-data/opentelemetry-collector/ @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
 
 # GitHub workflow owners
 /.github/workflows/ @SumoLogic/open-source-collection-team @kimsauce

blog-collector/2024-11-26.md

@@ -0,0 +1,25 @@
+---
+title: Version 19.516-1
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-collector/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches.
+		
+### Security Fixes
+		
+- Upgraded `Tanuki version` to version 3.5.60 to fix the collector intermittently crashing issue.
+- Upgraded collector JRE to **Amazon Corretto Version 8.432.06.1**.
+		
+### Troubleshooting
+		
+When upgrading this collector version, the collector running as a non-root user (run as mode) or on a Mac operating system cannot be upgraded through the API/Web UI. To resolve these issue, follow the respective steps below:
+	- **Collector running as a non-root user.** An error message will be displayed indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Refer to [Upgrade Collectors in Sumo Logic](/docs/send-data/collection/upgrade-collectors/#upgrade-collectors-using-the-command-line) to upgrade the collector manually.
+	- **Collector running on Mac.** The process will stop while upgrading, and the collector will need to be restarted manually on your machine. Use the code below to restart manually.
+        ```
+        sudo ./collector start
+        ```

blog-service/2024-11-28-search.md

@@ -0,0 +1,28 @@
+---
+title: Logs Query Assist - Preview (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - query
+  - ai
+  - copilot
+  - search
+  - log-search
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This feature is in Preview. To participate, contact your Sumo Logic account representative.
+
+We’re excited to announce the preview release of **Query Assist**, designed to simplify query building by reducing complexity, enabling easier field discovery, minimizing errors, and providing intelligent query-writing assistance. These enhancements deliver real-time syntax suggestions, schema-based recommendations, and a frictionless query experience.
+
+### Key features
+
+* **Real-time syntax suggestions**. Get instant recommendations for syntax and operators to accelerate query creation and reduce errors.  
+* **Schema-based field suggestions**. Automatically discover relevant keys and fields for structured data like JSON logs.  
+* **Partial query prediction**. Anticipate the next operator or receive partial query suggestions based on your input.  
+* **Enhanced user experience**. Real-time error highlighting and intelligent suggestions provide a smooth and seamless query-building process.  
+
+These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist).  

cid-redirects.json

@@ -2004,6 +2004,7 @@
   "/cid/10220": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source",
   "/cid/25618": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source",
   "/cid/25619": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source",
+  "/cid/25779": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source",
   "/cid/25719": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source",
   "/cid/25620": "/docs/integrations/security-threat-detection/duo-security",
   "/cid/25621": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source",

docs/alerts/monitors/settings.md

@@ -116,9 +116,10 @@ Click the **Mute** button mute the monitor. See also: [Muting Schedules](/docs/
 Click the **More Actions** menu to view more options, including:
 
 * **Copy Path**. Copies the path of the monitor to your computer clipboard.
-* **Duplicate**. Makes another monitor based on the same settings.
+* **Duplicate**. Copies the monitor and gives you creator permissions on the duplicated monitor. 
 * **Move**. Moves the monitor to a different path.
 * **Export**. Provides JSON of the monitor, allowing you to transfer content within Sumo Logic by copying this JSON, then pasting it into the import dialog in the [Library](/docs/get-started/library) location you choose. This JSON format may change without notice. 
+* **Copy Link**. Copies a link to the monitor. Provide the link to any Sumo Logic user in your organization so they can view the monitor. While this option doesn't allow you to share the monitor in the same way you can share a dashboard, you can use this option to quickly allow others in your Sumo Logic organization to view the monitor details.
 
 <img src={useBaseUrl('img/alerts/monitors/more-actions.png')} alt="monitor more actions" style={{border: '1px solid gray'}} width="600"/>
 

docs/api/search-job.md

@@ -66,21 +66,19 @@ So, a 404 status is generated in these two situations:
 
 You can start requesting results asynchronously while the job is running and page through partial results while the job is in progress.
 
-
-
 ## Search Job Result Limits
 
 | Data Tier | Non-aggregate Search |
 | :- | :- |
-| Continuous | Can return up to 10M records and 100K messages per search. |
-| Frequent  | Can return up to 10M records and 100K messages per search. |
-| Infrequent  | Can return up to 10M records and 100K messages per search. |
+| Continuous | Can return up to 100K messages per search. |
+| Frequent  | Can return up to 100K messages per search. |
+| Infrequent  | Can return up to 100K messages per search. |
 
 :::info
-Flex Licensing model can return up to 10M records and 100K messages per search.
+Flex Licensing model can return up to 100K messages per search.
 :::
 
-If you need more results, you'll need to break up your search into several searches that span smaller blocks of the time range needed. For example, if your search runs for a week and returns 70 million records, consider breaking it into at least seven searches, each spanning a day.
+If you need more results, you'll need to break up your search into several searches that span smaller blocks of the time range needed.
 
 ## Rate limit throttling  
 
@@ -110,10 +108,9 @@ The following figure shows the process flow for search jobs.
 2. **Response.** Sumo Logic responds with a job ID. If there’s a problem with the request, an error code is provided (see the list of error codes following the figure).
 3. **Request.** Use the job ID to request search status. This needs to be done at least every 20-30 seconds so the search session is not canceled due to inactivity.
 4. **Response.** Sumo Logic responds with job status. An error code (404) is returned if the request could not be completed. The status includes the current state of the search job (gathering results, done executing, etc.). It also includes the message and record counts based on how many results have already been found while executing the search. For non-aggregation queries, only the number of messages is reported. For aggregation queries, the number of records produced is also reported. The search job status provides access to an implicitly generated histogram of the distribution of found messages over the time range specified for the search job. During and after execution, the API can be used to request available messages and records in a paging fashion.
-5. **Request.** You request results. It’s not necessary for the search to be complete for the user to request results; the process works asynchronously. You can repeat the request as often as needed to keep seeing updated results, keeping in mind the rate limits. The Search Job API can return up to 10M records and 100K messages per search.
+5. **Request.** You request results. It’s not necessary for the search to be complete for the user to request results; the process works asynchronously. You can repeat the request as often as needed to keep seeing updated results, keeping in mind the rate limits. The Search Job API can return 100K messages per search.
 6. **Response.** Sumo Logic delivers JSON-formatted search results as requested. The API can deliver partial results that the user can start paging through, even as new results continue to come in. If there’s a problem with the results, an error code is provided (see the list of error codes following the figure).
 
-
 ## Errors
 
 **Generic errors that apply to all APIs**

docs/integrations/amazon-aws/elastic-container-service-container-insights-cloudwatch.md

@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 Amazon Elastic Container Service (Amazon ECS) is a container management service that allows you to manage Docker containers on a cluster of Amazon EC2 instances. The Sumo Logic app for Amazon ECS provides preconfigured searches and Dashboards that allow you to monitor various metrics (CPU and Memory Utilization, CPU and Memory Reservation) across ECS clusters and services. The app also monitors API calls made by or on behalf of Amazon ECS in your AWS account.
 
 We offer two different ECS versions, which have separate data collection steps:
-* **[Collect Logs and Metrics for ECS](/docs/integrations/amazon-aws/elastic-container-service)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html#available_cloudwatch_metrics) and [ECS Events using AWS CloudTrail](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail)
+* **[Collect Logs and Metrics for ECS](/docs/integrations/amazon-aws/elastic-container-service)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/available-metrics.html) and [ECS Events using AWS CloudTrail](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail). For instructions on collecting this data, refer to the [Amazon Elastic Container Service (ECS)](/docs/integrations/amazon-aws/elastic-container-service/).
 * **[Collect Logs, Metrics (Container Insights+CloudWatch) and Traces for ECS](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html#available_cloudwatch_metrics), [Container Insights Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-metrics-ECS.html), [ECS Events using AWS CloudTrail](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail), Application Logs and Traces. Metrics collected by Container Insights are charged as custom metrics. For more information about CloudWatch pricing, see[ Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/). This solution enables you to monitor both ec2 and fargate based ecs deployments.
 
 This page has instructions for collecting logs and metrics for the Amazon ECS app. It uses the following data:

docs/integrations/amazon-aws/elastic-container-service.md

@@ -1,7 +1,7 @@
 ---
 id: elastic-container-service
-title: Amazon Elastic Container Service (ECS)
-sidebar_label: Amazon ECS
+title: Amazon ECS without Container Insights and Traces
+sidebar_label: Amazon ECS without Container Insights and Traces
 description: Provides preconfigured searches and Dashboards that allow you to monitor various metrics.
 ---
 
@@ -11,13 +11,11 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Amazon Elastic Container Service (Amazon ECS) is a container management service that allows you to manage Docker containers on a cluster of Amazon EC2 instances. The Sumo Logic app for Amazon ECS provides preconfigured searches and Dashboards that allow you to monitor various metrics (CPU and Memory Utilization, CPU and Memory Reservation) across ECS clusters and services. The app also monitors API calls made by or on behalf of Amazon ECS in your AWS account.
 
-## Log and Metrics types
-
-The app collects ECS logs and metrics for:
-* [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html).
-* [ECS Events using AWS CloudTrail](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html).
-   * All Amazon ECS actions are logged by CloudTrail and documented in the [Amazon Elastic Container Service API Reference](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Operations.html).
+We offer two different ECS versions, which have separate data collection steps:
+* **[Collect Logs and Metrics for ECS](/docs/integrations/amazon-aws/elastic-container-service)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/available-metrics.html) and [ECS Events using AWS CloudTrail](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail). 
+* **[Collect Logs, Metrics (Container Insights+CloudWatch) and Traces for ECS](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html#available_cloudwatch_metrics), [Container Insights Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-metrics-ECS.html), [ECS Events using AWS CloudTrail](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail), Application Logs and Traces. Metrics collected by Container Insights are charged as custom metrics. For more information about CloudWatch pricing, see[ Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/). This solution enables you to monitor both EC2 and Fargate based ECS deployments. For instructions on collecting this data, refer to the [Amazon Elastic Container Service (ECS) using Container Insights and CloudWatch](/docs/integrations/amazon-aws/elastic-container-service-container-insights-cloudwatch/).
 
+This page has instructions for collecting logs and metrics for the Amazon ECS app.
 
 ### Sample log messages
 

docs/integrations/sumo-apps/flex.md

@@ -211,10 +211,18 @@ The **Flex - Capacity Utilization** dashboard displays the subscribed, actual, a
 
 The **Flex - Credits Consumed** dashboard provides visibility into the total amount of [Sumo Logic Credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts) consumed by your organization. This allows you to monitor and control search costs.<br/><img src="https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Flex/Flex-Credits-Consumed.png" alt="Flex-Overview" style={{border:'1px solid gray'}} width="800" /> 
 
+:::note
+The `credits_conversion` parameter indicates the credits consumed per 1 GB of scan. The credits conversion used in the dashboard and saved searches might be different from what is defined in your contract (Credits Table) based on your account subscription type, so update this parameter for accurate calculation. Check with your account executive to determine this value for your account.
+:::
+
 ### Feature Level Scan Volume
 
 The **Flex - Feature Level Scan Volume** dashboard provides visibility into the scan volume at a feature level in order to monitor and control cost at a feature level.<br/><img src="https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Flex/Flex-Feature-Level-Scan-Volume.png" alt="Flex-Overview" style={{border:'1px solid gray'}} width="800" />
 
+:::note
+The `credits_conversion` parameter indicates the credits consumed per 1 GB of scan. The credits conversion used in the dashboard and saved searches might be different from what is defined in your contract (Credits Table) based on your account subscription type, so update this parameter for accurate calculation. Check with your account executive to determine this value for your account.
+:::
+
 ### Log Spikes
 
 The **Flex - Log Spikes** dashboard helps to review details of your data ingested for logs.<br/><img src="https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Flex/Flex-Log-Spikes.png" alt="Flex-Overview" style={{border:'1px solid gray'}} width="800" />