You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update - We have resolved a discrepancy in the notification payload of [RealTime Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
621
+
Update - We have resolved a discrepancy in the notification payload of [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
622
622
623
623
Previously, the payload for subsequent real time alerts in a given time range would incrementally report the results and omit the records that were already present in the previous alert.
624
624
625
625
For example, if the Scheduled Search initially returned 10 records, the first alert notification would contain 10 records in the payload. If the next run contained the same 10 records plus 1 additional, the notification payload would only contain the single new record.
626
626
627
-
Going forward, we will ensure that the records sent in the notification payload will always contain all the records returned in the Scheduled Search. Following the above example, the next run of the RealTime Scheduled Search would return 11 records. This change ensures that the payload will always match the results of the search in Sumo Logic.
627
+
Going forward, we will ensure that the records sent in the notification payload will always contain all the records returned in the Scheduled Search. Following the above example, the next run of the Real-Time Scheduled Search would return 11 records. This change ensures that the payload will always match the results of the search in Sumo Logic.
Copy file name to clipboardExpand all lines: docs/contributing/glossary.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ We also maintain a [DevOps and Security Glossary](https://www.sumologic.com/glos
24
24
25
25
**[Aggregate](/docs/search/search-query-language/group-aggregate-operators)**. A group of data returned by a search, displayed in a simple table in the Aggregates tab of the Search page.
26
26
27
-
**[Alert](/docs/alerts)**. A notification you can configure for a scheduled search. There are multiple alert types: Email, Script Action, ServiceNow Connection, Webhook, Save to Index, and Real Time Alerts.
27
+
**[Alert](/docs/alerts)**. A notification you can configure for a scheduled search. There are multiple alert types, such as Email, Script Action, ServiceNow Connection, Webhook, and Save to Index.
28
28
29
29
**[Allowlist](/docs/manage/security/create-allowlist-ip-cidr-addresses)**. Sumo Logic’s Service Allowlist Settings allow you to explicitly grant access to specific IP addresses and/or CIDR notations for logins, APIs, and dashboard access.
Copy file name to clipboardExpand all lines: docs/contributing/word-list.md
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -149,8 +149,6 @@ If we are not clear on its usage, the term shouldn’t be used at all: Don't use
149
149
150
150
## R
151
151
152
-
**Real Time**. As in Real Time alerts. Use two words, no hyphen. Should always be capitalized when referring to Real Time alerts, as that is a feature name. Not capitalized for a general use, as in "real time analysis".
153
-
154
152
**Repo**. Short for repository. No need to spell out repository as our audience is technical enough for this to be clear.
Copy file name to clipboardExpand all lines: docs/get-started/account-settings-preferences.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -78,7 +78,7 @@ These settings apply only to your personal account and do not affect other users
78
78
79
79
If you want the Sumo Logic user interface to use your local time zone, or a time zone different from the time zone used in the timestamp of your log messages, change the setting here. This is a personal setting, and does not change the time zone for anyone else in your organization.
80
80
81
-
This option overrides the timezone set in your web browser, and affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, and in Dashboards. It does not affect the configurations of previously created Scheduled Searches or Real Time Alerts. For more information, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
81
+
This option overrides the timezone set in your web browser, and affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, and in Dashboards. It does not affect the configurations of previously created Scheduled Searches. For more information, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
82
82
83
83
#### Always show the timezone offset in displayed timestamps
| Search Job API |||||
@@ -125,7 +124,7 @@ The top panel of the Account Overview page provides an at-a-glance view of your
125
124
***Frequent Ingest**. Shows your daily capacity for log ingest to the Frequent Data Tier, and your average daily usage. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference.
126
125
***Metrics Ingest**. Shows your daily capacity for metrics ingest, and your average daily usage, both in DPM. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference. If your daily usage average is higher than your capacity, you will be charged the on-demand rate for the difference.
127
126
***Storage.** Shows your daily storage capacity and average daily storage usage. You can adjust capacity use by modifying your [retention periods](../partitions/manage-indexes-variable-retention.md).
128
-
***Auto Refresh Dashboard Panels and Real Time Alerts.** Show the number of auto refresh dashboard panels and real time alerts you have set up. Compares the number allowed to the number already in use. For example, out of 200, 174 have been used.
127
+
***Auto Refresh Dashboard Panels.** Show the number of auto refresh dashboard panels you have set up. Compares the number allowed to the number already in use. For example, out of 200, 174 have been used.
129
128
130
129
To view the Account page, do the following:
131
130
@@ -165,7 +164,7 @@ The following visual indicators apply:
165
164
166
165
To switch between views and time interval displays, do the following:
167
166
168
-
1. Log in to Sumo Logic.
167
+
1. Log in to Sumo Logic.
169
168
1.[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**. <br/> [**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. <br/>The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics. <br/>
170
169
1. To change the type of analytics you are viewing, in the **Usage (Daily Capacity)** panel click the arrow next to the view name and select the analytics type from the dropdown list. The display data changes accordingly. Repeat as needed to monitor all the areas of your account usage.
171
170
1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.<br/>
| Real Time Alerts |||||||
109
108
| Real User Monitoring (RUM) |||||||
110
109
| Root Cause Explorer |||||||
Copy file name to clipboardExpand all lines: docs/search/behavior-insights/logexplain.md
-1Lines changed: 0 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,7 +53,6 @@ With the provided results you can:
53
53
54
54
* Field values must be categorical.
55
55
*[Built-in metadata fields](/docs/search/get-started-with-search/search-basics/built-in-metadata) are not supported.
56
-
* Not supported with [Real Time alerts](../../alerts/scheduled-searches/create-real-time-alert.md).
57
56
*[Time Compare](/docs/search/time-compare) and the [`compare` operator](/docs/search/search-query-language/search-operators/compare) are not supported against LogExplain results.
58
57
* Response fields `_explanation`, `_relevance`, `_test_coverage`, and `_control_coverage` are not supported with [Dashboard filters](/docs/dashboards/filter-template-variables).
59
58
* If you reach the memory limit you can try to shorten the time range or the number of specified fields. When the memory limit is reached you will get partial results on a subset of your data.
<td>The logexplain operator allows you to compare sets of structured logs based on events you're interested in. Structured logs can be in JSON, CSV, key-value, or any structured format.</td>
<td>Not supported with <ahref="/docs/alerts/scheduled-searches/create-real-time-alert">Real Time alerts</a>.<br/><ahref="/docs/search/time-compare">Time Compare</a> and the <ahref="/docs/search/search-query-language/search-operators/compare">compare operator</a> are not supported against LogExplain results.</td>
395
+
<td><ahref="/docs/search/time-compare">Time Compare</a> and the <ahref="/docs/search/search-query-language/search-operators/compare">compare operator</a> are not supported against LogExplain results.</td>
396
396
<td><code>_sourceCategory=stream <br/>| if(_raw matches "error", 1, 0) as hasError<br/>| logexplain hasError == 1 on _sourceHost</code></td>
397
397
</tr>
398
398
<tr>
@@ -413,7 +413,7 @@ This section provides detailed syntax, rules, and examples for Sumo Logic Opera
<td>The logreduce values operator allows you to quickly explore structured logs by known keys. Structured logs can be in JSON, CSV, key-value, or any structured format.</td>
415
415
<td>_cluster_id<br/>_signature<br/>_count</td>
416
-
<td>Not supported with <ahref="/docs/alerts/scheduled-searches/create-real-time-alert">Real Time alerts</a>.</td>
416
+
<td></td>
417
417
<td><code>_sourceCategory= *cloudtrail* errorCode<br/>| json field=_raw "eventSource" as eventSource<br/>| json field=_raw "eventName" as eventName<br/>| json field=_raw "errorCode" as errorCode<br/>| logreduce values on eventSource, eventName, errorCode</code></td>
0 commit comments