Skip to content

Commit 6ae67c6

Browse files
committed
Dynamic Conversation Titles in Copilot
1 parent 4f1e912 commit 6ae67c6

13 files changed

+50
-21
lines changed
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
---
2+
title: Dynamic Conversation Titles in Copilot (Search)
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- copilot
6+
- log-search
7+
- search
8+
hide_table_of_contents: true
9+
---
10+
11+
import useBaseUrl from '@docusaurus/useBaseUrl';
12+
13+
<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
14+
15+
Copilot now automatically updates conversation titles based on your query, making it easier to track and revisit past investigations. You can also customize it by clicking the pencil icon next to the title.
16+
17+
* Better organization. Each conversation gets a meaningful name, making it easier to sort through your history.
18+
* Faster troubleshooting. Easily find and resume previous investigations.
19+
* More control. Rename conversations to fit your workflow.
20+
21+
[Learn more](/docs/search/copilot).

docs/search/copilot.md

Lines changed: 29 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -86,25 +86,27 @@ From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), navigate to
8686

8787
From the [**New UI**](/docs/get-started/sumo-logic-ui), click **Copilot** in the left nav.<br/><img src={useBaseUrl('img/search/copilot/copilot-tab-new.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="250" />
8888

89-
### Step 2: Review the auto-selected source
89+
### Step 2: Review and adjust the auto-selected source
9090

91-
Review the auto-selected **Source Category** and adjust it if needed. The source category is selected based on Copilot’s assessment of user intent. You can also type a source expression in the box. In either approach, you are defining the scope of your exploration.
91+
Copilot automatically selects a source category based on its assessment of user intent. Review the selection and adjust it if needed. You can also manually enter a source expression to define the scope of your exploration.
9292

93-
In this example, we'll select a source for AWS WAF. For indexes, type `_index=<index name>`. Autocompletion is supported for sources; type a few words, view source suggestions and pick one.
93+
For example, to explore AWS WAF logs, select the appropriate source. For indexes, use `_index=<index name>`. Autocompletion is supported—start typing a few words to see source suggestions and choose one.
9494

9595
<img src={useBaseUrl('img/search/copilot/source-category.png')} alt="Copilot source category" style={{border: '1px solid gray'}} width="600" />
9696

97-
### Step 3: Execute a Suggestion
97+
### Step 3: Execute a query
98+
99+
#### Click a suggestion
98100

99101
Click on any of the prebuilt **Suggestions** prompts to launch your investigation. These AI-curated natural language insights are tailored to the specific source you've chosen.
100102

101103
In this example, we'll click `Count the number of log entries by the collector ID`. This translates the insight to a log query and renders results.
102104

103105
<img src={useBaseUrl('img/search/copilot/suggestions.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="600" />
104106

105-
### Step 4: Ask a question
107+
#### Ask a question
106108

107-
In the **Ask Something...** field, you can manually enter a natural language prompt similar to the prebuilt ones under **Suggestions**. In addition, use autocompletions if appropriate. Type a word in the search bar to trigger completions based on the keyword.
109+
In the **Ask Something...** field, you can manually enter a natural language prompt, similar to the prebuilt options under **Suggestions**. You can also use autocompletion—start typing a keyword to see relevant suggestions.
108110

109111
<img src={useBaseUrl('img/search/copilot/manual-entry.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="600" />
110112

@@ -179,7 +181,7 @@ By default, Copilot searches run with a 15-minute time range. If your search ret
179181

180182
Copilot will automatically attempt to visualize your data. For example, a query like `Top ip by geo` will trigger a geo lookup and display the results on a map:
181183

182-
<img src={useBaseUrl('img/search/copilot/copilot-geo-chart.png')} alt="Copilot chart types" style={{border: '1px solid gray'}} width="800" />
184+
<img src={useBaseUrl('img/search/copilot/geo-chart.png')} alt="Copilot chart types" style={{border: '1px solid gray'}} width="800" />
183185

184186
The following rules are used to deduce chart type:
185187
* If both latitude and longitude fields exist, it returns a MAP chart type.
@@ -219,30 +221,36 @@ _sourceCategory=* "{" "}"
219221
| sum(_count) by _sourceCategory
220222
```
221223

222-
If your log query contains a mix of JSON and non-JSON formatting (i.e., a log file is partially JSON), you can isolate the JSON portion by adding `{` to the source expression to trigger **Suggestions**.<br/><img src={useBaseUrl('img/search/copilot/copilot-json.png')} alt="Copilot JSON formatting" style={{border: '1px solid gray'}} width="350" />
224+
If your log query contains a mix of JSON and non-JSON formatting (i.e., a log file is partially JSON), you can isolate the JSON portion by adding a left curly brace (`{`) to the source expression to trigger **Suggestions**.<br/><img src={useBaseUrl('img/search/copilot/copilot-json.png')} alt="Copilot JSON formatting" style={{border: '1px solid gray'}} width="350" />
225+
226+
#### Edit Title
227+
228+
Copilot automatically updates conversation titles based on your query. You can also set a custom title by clicking the "Edit Title" (pencil) icon. This helps keep investigations organized and easier to revisit.
223229

224230
#### History
225231

226-
Conversation History saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, revisit earlier queries to explore other hypotheses.
232+
The conversation history feature saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, you can revisit earlier queries to explore other possibilities.
227233

228-
This functionality comes in handy when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.
229-
<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
234+
This functionality can be useful when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
230235

231-
You can resume a conversation in two ways:
236+
There are two ways to resume a conversation:
232237

233-
* Click the **Resume conversation** icon to pick up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
234-
* Click on the row in the conversation history, and then click the gray area on the right side to resume from a specific query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
238+
* Click the "Resume Conversation" icon to pick up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
239+
* Click on any row in a conversation history, then click the "Open in Copilot" icon to resume from a specific query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
235240

236241
#### New Conversation
237242

238243
To start a fresh exploration, click **New Conversation**. This clears your current session and allows you to begin with a clean slate.<br/><img src={useBaseUrl('img/search/copilot/new-conversation.png')} alt="Copilot new conversation" style={{border: '1px solid gray'}} width="700" />
239244

240245

241-
### Step 5: Open in Log Search
246+
### Step 4: Open in Log Search
247+
248+
Opening a Log Search from Copilot will copy your query over to a new log search, allowing you to utilize all of Sumo Logic's search functionality. You can then continue investigating, save the search, and remediate.
242249

243-
Click the **Open in Log Search** icon, which will copy your query from Copilot over to a new log search, allowing you to utilize all of Sumo Logic's search functionality. You can continue investigating, save the search, and remediate.
250+
There are two ways to do this:
244251

245-
<img src={useBaseUrl('img/search/copilot/open-in-log-search.png')} alt="Copilot open in log search" style={{border: '1px solid gray'}} width="600" />
252+
* From your conversation, click the **Open in Log Search** icon.<br/><img src={useBaseUrl('img/search/copilot/open-in-log-search1.png')} alt="Copilot open in log search" style={{border: '1px solid gray'}} width="600" />
253+
* From your conversation history, hover over any row, then click the **Open in Log Search** icon.<br/><img src={useBaseUrl('img/search/copilot/open-in-log-search2.png')} alt="Open Copilot query in log search from History" style={{border: '1px solid gray'}} width="800" />
246254

247255
## Example queries
248256

@@ -278,25 +286,25 @@ You are a SecOps engineer who uses [Cloud SIEM](/docs/cse/). You are worried abo
278286
```
279287
Count logs by action. Sort the results.
280288
```
281-
<img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-1.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="500" />
289+
<img src={useBaseUrl('img/search/copilot/cloud-siem-1.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="500" />
282290
1. As soon as you do that, you can look at the **Suggestions** section on the right. These suggestions are curated based on their relevance to this Cloud SIEM source. You pick a suggestion to compare results to the last hour:
283291
```
284292
Count logs by action. Sort the results. versus the previous 1h
285293
```
286-
Notice the system translated the suggestion to a log query and rendered results as a bar graph with no user input. <br/><img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-2.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
294+
Notice the system translated the suggestion to a log query and rendered results as a bar graph with no user input. <br/><img src={useBaseUrl('img/search/copilot/cloud-siem-2.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
287295
1. Switching to table view, you notice "Malicious” in the search results. So, you add in `Filter results by action contains Malicious` to the query:
288296
```
289297
Count logs by action. Sort the results. Filter results by action contains Malicious.
290298
```
291-
<img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-3.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
299+
<img src={useBaseUrl('img/search/copilot/cloud-siem-3.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
292300
:::note
293301
If `Malicious` doesn't work, try `Malicious*`. Sumo Logic is case sensitive.
294302
:::
295303
1. Next, you look for URLs that pertain to the malicious action:
296304
```
297305
Count logs by action, url, user. Sort the results. Filter results by action contains Malicious.
298306
```
299-
<img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-4.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
307+
<img src={useBaseUrl('img/search/copilot/cloud-siem-4.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
300308
1. Even though the activity was blocked, you can investigate the affected users in the endpoint records next.
301309

302310
To summarize, you conclude there is malicious activity originating from certain users who need to be investigated further.
134 KB
Loading
-139 KB
Binary file not shown.
-623 KB
Binary file not shown.
601 KB
Loading

0 commit comments

Comments
 (0)