Log Search Behavior Insights refactor

Author: kimsauce

blog-service/2021/12-31.md

@@ -566,7 +566,7 @@ Update - The [alert variable](/docs/alerts/monitors/alert-variables) `Results
 ---
 ## April 7, 2021 (Search)
 
-Update - The LogReduce operator now provides an [optimize option](/docs/search/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
+Update - The LogReduce operator now provides an [optimize option](/docs/search/behavior-insights/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
 
 ---
 ## April 6, 2021 (Dashboard)

cid-redirects.json

@@ -370,8 +370,8 @@
   "/05Search/Anomaly-Detection/Anomalies-Page/Drill-Down-into-Events": "/docs/dashboards/drill-down-to-discover-root-causes",
   "/05Search/Behavior_Insights": "/docs/search/behavior-insights",
   "/05Search/Behavior_Insights/LogExplain": "/docs/search/behavior-insights/logexplain",
-  "/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce-keys",
-  "/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce-values",
+  "/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce/logreduce-values",
   "/05Search/Get-Started-with-Search": "/docs/search/get-started-with-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search": "/docs/search/get-started-with-search/build-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices%3A-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
@@ -435,17 +435,17 @@
   "/05Search/Live-Tail/Live-Tail-Show-in-Search": "/docs/search/live-tail/live-tail-show-in-search",
   "/05Search/Live-Tail/Multiple-Live-Tails": "/docs/search/live-tail/multiple-live-tails",
   "/05Search/Live-Tail/Troubleshooting-Live-Tail": "/docs/search/live-tail/troubleshooting-live-tail",
-  "/05Search/LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/About-LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/logcompare",
-  "/05Search/LogCompare/LogCompare-Syntax": "/docs/search/logcompare",
-  "/05Search/LogCompare/Run-LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/logcompare",
-  "/05Search/LogReduce": "/docs/search/logreduce/logreduce-operator",
-  "/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/logreduce/logreduce-operator",
-  "/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/logreduce/detect-patterns-with-logreduce",
-  "/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/logreduce/influence-the-logreduce-outcome",
-  "/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
+  "/05Search/LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/About-LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/LogCompare-Syntax": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Run-LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogReduce": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
+  "/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
+  "/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
   "/05Search/Lookup_Tables": "/docs/search/lookup-tables",
   "/05Search/Lookup_Tables/01_Create_a_Lookup_Table0": "/docs/search/lookup-tables/create-lookup-table",
   "/05Search/Lookup_Tables/01_Create_a_Lookup_Table": "/docs/search/lookup-tables/create-lookup-table",
@@ -1700,7 +1700,7 @@
   "/cid/10450": "/docs/alerts/webhook-connections/microsoft-teams",
   "/cid/1046": "/docs/alerts/webhook-connections/pagerduty",
   "/cid/1047": "/docs/alerts/webhook-connections/datadog",
-  "/cid/1048": "/docs/search/logcompare",
+  "/cid/1048": "/docs/search/behavior-insights/logcompare",
   "/cid/1049": "/docs/get-started",
   "/cid/1050": "/docs/integrations/amazon-aws/s3-audit",
   "/cid/1051": "/docs/integrations/amazon-aws/vpc-flow-logs",
@@ -1717,8 +1717,8 @@
   "/cid/1061": "/release-notes-collector",
   "/cid/1062": "/docs/alerts/webhook-connections",
   "/cid/1063": "/docs/alerts/webhook-connections/aws-lambda",
-  "/cid/1064": "/docs/search/logreduce/logreduce-operator",
-  "/cid/1065": "/docs/search/logreduce/logreduce-operator",
+  "/cid/1064": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/cid/1065": "/docs/search/behavior-insights/logreduce/logreduce-operator",
   "/cid/1066": "/docs/send-data/hosted-collectors/cloud-syslog-source",
   "/cid/1067": "/docs/search/live-tail/live-tail-cli",
   "/cid/1068": "/docs/search/live-tail/about-live-tail",
@@ -1874,7 +1874,7 @@
   "/cid/2005": "/docs/search/get-started-with-search",
   "/cid/2006": "/docs/search/search-query-language/search-operators/manually-cast-data-string-number",
   "/cid/2008": "/docs/send-data/installed-collectors/linux",
-  "/cid/2009": "/docs/search/logcompare",
+  "/cid/2009": "/docs/search/behavior-insights/logcompare",
   "/cid/2010": "/docs/search/search-query-language/search-operators/if",
   "/cid/2011": "/docs/get-started/help",
   "/cid/2012": "/docs/manage/security/enable-support-account",
@@ -1885,15 +1885,15 @@
   "/cid/2017": "/docs/manage/users-roles/users/delete-user",
   "/cid/2018": "/docs/send-data/installed-collectors/windows",
   "/cid/2019": "/docs/integrations/pci-compliance/linux",
-  "/cid/2021": "/docs/search/logreduce/detect-patterns-with-logreduce",
+  "/cid/2021": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
   "/cid/2022": "/docs/send-data/installed-collectors",
   "/cid/2023": "/docs/send-data/collection/edit-collector",
   "/cid/2024": "/docs/search/get-started-with-search/search-basics/export-search-results",
   "/cid/2026": "/",
   "/cid/2027": "/docs/search/get-started-with-search/build-search/keyword-search-expressions",
   "/cid/2028": "/docs/search/get-started-with-search",
   "/cid/2030": "/docs/search/search-query-language/group-aggregate-operators",
-  "/cid/2032": "/docs/search/logreduce/influence-the-logreduce-outcome",
+  "/cid/2032": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
   "/cid/2033": "/docs/get-started",
   "/cid/2036": "/docs/integrations/hosts-operating-systems/linux",
   "/cid/2038": "/docs/search/search-query-language/math-expressions",
@@ -1908,20 +1908,20 @@
   "/cid/2047": "/docs/search/get-started-with-search/search-basics/pause-cancel-search",
   "/cid/2049": "/docs/send-data/installed-collectors/sources/remote-file-source/prerequisites-windows-remote-file-collection",
   "/cid/2050": "/docs/get-started",
-  "/cid/2057": "/docs/search/logcompare",
+  "/cid/2057": "/docs/search/behavior-insights/logcompare",
   "/cid/2058": "/docs/alerts/scheduled-searches/create-email-alert",
   "/cid/2059": "/docs/search/get-started-with-search/search-basics/save-search",
-  "/cid/2060": "/docs/search/logcompare",
+  "/cid/2060": "/docs/search/behavior-insights/logcompare",
   "/cid/2064": "/docs/search/search-cheat-sheets/general-search-examples",
   "/cid/2066": "/docs/search/get-started-with-search/search-basics/search-surrounding-messages",
   "/cid/2068": "/docs/integrations/saas-cloud/fastly",
   "/cid/2069": "/docs/integrations/app-development/gitlab",
   "/cid/2070": "/docs/search/search-query-language/search-operators/sort",
   "/cid/2071": "/docs/send-data/collection/start-stop-collector-using-scripts",
   "/cid/2072": "/docs/search/get-started-with-search/suggested-searches",
-  "/cid/2073": "/docs/search/logcompare",
-  "/cid/2074": "/docs/search/logreduce/logreduce-operator",
-  "/cid/2075": "/docs/search/logreduce/logreduce-operator",
+  "/cid/2073": "/docs/search/behavior-insights/logcompare",
+  "/cid/2074": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/cid/2075": "/docs/search/behavior-insights/logreduce/logreduce-operator",
   "/cid/2076": "/docs/get-started",
   "/cid/2077": "/docs/get-started",
   "/cid/2078": "/docs/search/search-query-language/search-operators/if",
@@ -2086,7 +2086,7 @@
   "/cid/4412": "/docs/integrations/saas-cloud/crowdstrike-fdr-host-inventory",
   "/cid/44122": "/docs/integrations/saas-cloud/crowdstrike-spotlight",
   "/cid/44123": "/docs/integrations/saas-cloud/crowdstrike-falcon-filevantage",
-  "/cid/4020": "/docs/search/logreduce",
+  "/cid/4020": "/docs/search/behavior-insights/logreduce",
   "/cid/4021": "/docs/search/search-query-language/search-operators/accum",
   "/cid/40001": "/docs/search/search-query-language/search-operators/as",
   "/cid/40002": "/docs/search/search-query-language/search-operators/asn-lookup",
@@ -2282,7 +2282,7 @@
   "/cid/5134": "/docs/dashboards/panels",
   "/cid/5135": "/docs/dashboards/drill-down-to-discover-root-causes",
   "/cid/5136": "/docs/get-started/library",
-  "/cid/5138": "/docs/search/logreduce/influence-the-logreduce-outcome",
+  "/cid/5138": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
   "/cid/5139": "/docs/send-data/collection/edit-source",
   "/cid/5140": "/docs/get-started/library",
   "/cid/5143": "/docs/manage/users-roles/roles/create-manage-roles",
@@ -2420,7 +2420,7 @@
   "/cid/5334": "/docs/search/get-started-with-search/suggested-searches/microsoft-iis-parser",
   "/cid/5335": "/docs/search",
   "/cid/5336": "/docs/send-data/collection/search-for-a-collector-or-source",
-  "/cid/5339": "/docs/search/logreduce",
+  "/cid/5339": "/docs/search/behavior-insights/logreduce",
   "/cid/5340": "/docs/integrations/sumo-apps/security-analytics",
   "/cid/5341": "/docs/integrations/sumo-apps/security-analytics",
   "/cid/5342": "/docs/alerts/webhook-connections/servicenow",
@@ -2436,7 +2436,7 @@
   "/cid/5356": "/docs/dashboards/panels/modify-chart",
   "/cid/5368": "/docs/dashboards/panels/single-value-charts",
   "/cid/5375": "/",
-  "/cid/5377": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
+  "/cid/5377": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
   "/cid/5378": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
   "/cid/5379": "/docs/integrations/amazon-aws/elastic-load-balancing",
   "/cid/5380": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
@@ -2475,7 +2475,7 @@
   "/cid/5444": "/docs/integrations/web-servers/varnish",
   "/cid/5445": "/docs/integrations/web-servers/varnish",
   "/cid/5446": "/docs/integrations/containers-orchestration/vmware-legacy",
-  "/cid/5448": "/docs/search/logreduce/detect-patterns-with-logreduce",
+  "/cid/5448": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
   "/cid/5449": "/docs/integrations/containers-orchestration/vmware-legacy",
   "/cid/5450": "/",
   "/cid/5454": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
@@ -2684,8 +2684,8 @@
   "/cid/23411": "/docs/integrations/saas-cloud/sophos",
   "/cid/9078": "/docs/manage/users-roles/roles/construct-search-filter-for-role",
   "/cid/915200739": "/docs/observability/sdo/about-sdo",
-  "/cid/9201": "/docs/search/behavior-insights/logreduce-keys",
-  "/cid/9202": "/docs/search/behavior-insights/logreduce-values",
+  "/cid/9201": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/cid/9202": "/docs/search/behavior-insights/logreduce/logreduce-values",
   "/cid/9205": "/docs/search/behavior-insights/logexplain",
   "/cid/96734": "/docs/send-data/hosted-collectors/http-source/troubleshooting",
   "/cid/97652": "/docs/integrations/saas-cloud/qualys-vmdr",
@@ -3796,9 +3796,9 @@
   "/Search/Get_Started_with_Search/Search_Basics/Search_Metadata": "/docs/search/get-started-with-search/search-basics",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App": "/docs/integrations/sumo-apps/data-volume",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App/Data-Volume-App-Dashboards": "/docs/integrations/sumo-apps/data-volume",
-  "/Search/LogCompare": "/docs/search/logcompare",
-  "/Search/LogCompare/About_LogCompare": "/docs/search/logcompare",
-  "/Search/LogReduce": "/docs/search/logreduce",
+  "/Search/LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/Search/LogCompare/About_LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/Search/LogReduce": "/docs/search/behavior-insights/logreduce",
   "/Query_Language": "/docs/search/search-query-language",
   "/Search/Search_Query_Language": "/docs/search/search-query-language",
   "/Search/Search_Query_Language/Parse_Operators/CSV_Operator": "/docs/search/search-query-language/parse-operators/parse-csv-formatted-logs",
@@ -4183,5 +4183,13 @@
   "/docs/integrations/amazon-aws/aurora-mysql-ulm": "/docs/integrations/amazon-aws/rds",
   "/docs/integrations/amazon-aws/aurora-postgresql-ulm": "/docs/integrations/amazon-aws/rds",
   "/docs/integrations/amazon-aws/elastic-load-balancer-app": "/docs/integrations/amazon-aws/application-load-balancer",
-  "/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer"
+  "/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer",
+  "/docs/search/logcompare": "/docs/search/behavior-insights/logcompare",
+  "/docs/search/behavior-insights/logreduce-keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/docs/search/logreduce": "/docs/search/behavior-insights/logreduce",
+  "/docs/search/logreduce/logreduce-operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/docs/search/logreduce/detect-patterns-with-logreduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
+  "/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
+  "/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
+  "/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values"
 }

docs/alerts/monitors/alert-response-faq.md

@@ -67,7 +67,7 @@ Sumo Logic detects and maintains a signature library. It does that by analyzing
 
 There could be cases where the process has still not cataloged a new log message to a signature. As a result, it would get bundled into the "Others" category. This problem should be fixed automatically after some time (when the background process runs).
 
-You can also force run the signature cataloging process manually, by calling the [LogCompare](../../search/logcompare.md) or [LogReduce](/docs/search/logreduce) operators from the Log Search page. 
+You can also force run the signature cataloging process manually, by calling the [LogCompare](/docs/search/behavior-insights/logcompare) or [LogReduce](/docs/search/behavior-insights/logreduce) operators from the Log Search page. 
 
 ## I don’t see the Dimensional Explanation card for logs-based alert
 

docs/alerts/monitors/alert-response.md

@@ -160,7 +160,7 @@ See [Using tags in alerts](/docs/alerts/monitors/settings/#using-tags-in-alerts)
 
 ### Log fluctuations
 
-This card detects different signatures in your log messages using [LogReduce](/docs/search/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.
+This card detects different signatures in your log messages using [LogReduce](/docs/search/behavior-insights/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.
 
 * **New**. Log signatures that were only seen after the Alert was triggered but not one hour prior to the Alert start time.
 * **Gone**. Log signatures that are not present after the Alert was created but were present one hour prior to the Alert start time, such as **Transaction Succeeded** or **Success**.

docs/alerts/monitors/overview.md

@@ -130,7 +130,7 @@ Custom variables used inside the Action Payload.
 ### General
 
 * [Receipt Time](../../search/get-started-with-search/build-search/use-receipt-time.md) is not supported.
-* [LogReduce](/docs/search/logreduce/logreduce-operator) / [LogCompare](../../search/logcompare.md) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.  
+* [LogReduce](/docs/search/behavior-insights/logreduce/logreduce-operator) / [LogCompare](/docs/search/behavior-insights/logcompare) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.  
 * Monitors only support the [Continuous data tier](/docs/manage/partitions/data-tiers).
 * An aggregate Metric Monitor can evaluate up to 15,000 time series. A non-aggregate Metric Monitor can evaluate up to 3,000 time series.
 * [Save to Index](../scheduled-searches/save-to-index.md) and [Save to Lookup](../scheduled-searches/save-to-lookup.md) are not supported.

docs/contributing/glossary.md

@@ -174,9 +174,9 @@ We also maintain a [DevOps and Security Glossary](https://www.sumologic.com/glos
 
 **[Local Configuration File Management](/docs/send-data/use-json-configure-sources/local-configuration-file-management)**. Local Configuration File Management allows you to set up and manage Sources on an Installed Collector using one or more JSON files.
 
-**[LogCompare](/docs/search/logcompare)**. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns.
+**[LogCompare](/docs/search/behavior-insights/logcompare)**. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns.
 
-**[LogReduce](/docs/search/logreduce)**. LogReduce uses fuzzy logic to cluster messages together based on string and pattern similarity. Use the LogReduce button and operator to quickly assess activity patterns for things like a range of devices or traffic on a website.
+**[LogReduce](/docs/search/behavior-insights/logreduce)**. LogReduce uses fuzzy logic to cluster messages together based on string and pattern similarity. Use the LogReduce button and operator to quickly assess activity patterns for things like a range of devices or traffic on a website.
 
 **[Logs-to-Metrics](/docs/metrics/logs-to-metrics)**. A Sumo Logic feature you can use to extract or create metrics from log data. You can extract metrics that are embedded in logs, or count logs as a metric.