You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/search/get-started-with-search/build-search/dynamic-parsing.md
+2-14Lines changed: 2 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,18 +6,6 @@ description: Dynamic Parsing (Auto Parse Mode) allows you to configure automatic
6
6
7
7
import useBaseUrl from '@docusaurus/useBaseUrl';
8
8
9
-
<!-- When Intelliparse goes GA, add a note here and in that doc differentiating it from Auto Parse.
10
-
Logs currently have two parsing modes:
11
-
Manual mode:
12
-
Nothing is automatically parsed
13
-
Autoparse mode:
14
-
Json blocks within logs are automatically parsed
15
-
We’re adding a third mode:
16
-
Intelliparse Mode:
17
-
Json blocks within logs are automatically parsed
18
-
Unstructured logs are parsed via pre-discovered parsers
19
-
-->
20
-
21
9
Dynamic Parsing (Auto Parse Mode) allows automatic field extraction from your JSON log messages when you run a search. This allows you to view fields from JSON logs without having to manually specify parsing logic.
22
10
23
11
## How Dynamic Parsing works
@@ -59,7 +47,7 @@ To optimize search performance you can manually set up Dynamic Parsing by defin
59
47
60
48
Run Time FERs have a scope, exactly like an Ingest Time FER, that defines which searches are applicable to Dynamic Parsing **Auto Parse Mode**. For Dynamic Parsing to work your query needs to have a scope that is defined in a Run Time FER, otherwise **Auto Parse Mode** will not be applicable.
61
49
62
-
1.[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Field Extraction Rules**. You can also click the **Go To...** menu at the top of the screen and select **Field Extraction Rules**. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Field Extraction Rules**.
50
+
1.[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Field Extraction Rules**. You can also click the **Go To...** menu at the top of the screen and select **Field Extraction Rules**. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Field Extraction Rules**.
63
51
1. Click **+ Add** at top right of the table to create an FER.<br/> 
64
52
1. Enter the following options:
65
53
***Rule Name**. Type a name that makes it easy to identify the rule.
@@ -108,7 +96,7 @@ The [field browser](/docs/search/get-started-with-search/search-page/field-brows
108
96
109
97
## Using Manual mode
110
98
111
-
When **Auto Parse Mode** is disabled, you'll be in manual mode, meaning:
99
+
When **Auto Parse Mode** is disabled, you'll be in manual parsing mode, meaning:
112
100
* Fields won't be parsed automatically unless defined by an Ingest-Time FER.
113
101
* You'll need to add parsing logic manually.
114
102
* This mode is best suited for advanced users who want full control and optimized performance.
Copy file name to clipboardExpand all lines: docs/search/get-started-with-search/build-search/use-receipt-time.md
-12Lines changed: 0 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,18 +6,6 @@ description: Enable the Use Receipt Time feature to display search results in th
6
6
7
7
import useBaseUrl from '@docusaurus/useBaseUrl';
8
8
9
-
<!-- When Intelliparse goes GA, update this doc to reflect new Search Config...
10
-
11
-
Parsing
12
-
* Intelliparse
13
-
* Auto Parse
14
-
* Manual
15
-
16
-
Timestamp
17
-
* Message Time
18
-
* Receipt Time
19
-
-->
20
-
21
9
By default, log searches run by Message time. Enable the **Use Receipt Time** setting to run the search by Receipt time, which is the timestamp when a log message hits the Sumo Logic receivers.
22
10
23
11
To search data based on the order that Collectors received the messages use **Receipt Time**. This option has the search reference the [metadata](../search-basics/built-in-metadata.md) field `_receiptTime` instead of `_messageTime`, giving you the ability to view the difference in the parsed [timestamp](/docs/send-data/reference-information/time-reference) (`_messageTime`) and receipt time (`_receiptTime`) to pinpoint Sources that may be parsing the message's timestamps incorrectly.
Copy file name to clipboardExpand all lines: docs/search/mobot-unstructured-logs-beta.md
-5Lines changed: 0 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,11 +29,6 @@ At this stage, Mobot prioritizes unstructured logs that are already used in dash
29
29
***Performance and reliability**. Response times and suggestion accuracy are consistent with Mobot’s structured log experience.
30
30
***Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Mobot’s secure foundation.
31
31
32
-
<!---No need to call it out until GA
33
-
### Powered by Intelliparse mode
34
-
Unstructured Logs Support is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), a new parsing engine that automatically extracts fields from raw logs based on patterns already used in your dashboards. This eliminates the need for manual Field Extraction Rules (FERs) and allows Mobot to surface insights from unstructured logs out-of-the-box. Behind the scenes, Mobot injects a hidden `intelliparse` operator into relevant queries to make unstructured logs easier to work with.
35
-
-->
36
-
37
32
### Common use cases
38
33
39
34
***General log exploration**. Ask questions about unstructured logs that are already used in your dashboards, even if they lack predefined fields.
0 commit comments