Dynamic Conversation Titles in Copilot

Author: kimsauce

blog-service/2025-02-25-copilot-search.md

@@ -0,0 +1,21 @@
+---
+title: Dynamic Conversation Titles in Copilot (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - copilot
+  - log-search
+  - search
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+Copilot now automatically updates conversation titles based on your query, making it easier to track and revisit past investigations. You can also customize it by clicking the pencil icon next to the title.
+
+* Better organization. Each conversation gets a meaningful name, making it easier to sort through your history.
+* Faster troubleshooting. Easily find and resume previous investigations.
+* More control. Rename conversations to fit your workflow.
+
+[Learn more](/docs/search/copilot).

docs/search/copilot.md

@@ -86,25 +86,27 @@ From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), navigate to
 
 From the [**New UI**](/docs/get-started/sumo-logic-ui), click **Copilot** in the left nav.<br/><img src={useBaseUrl('img/search/copilot/copilot-tab-new.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="250" />
 
-### Step 2: Review the auto-selected source
+### Step 2: Review and adjust the auto-selected source  
 
-Review the auto-selected **Source Category** and adjust it if needed. The source category is selected based on Copilot’s assessment of user intent. You can also type a source expression in the box. In either approach, you are defining the scope of your exploration.
+Copilot automatically selects a source category based on its assessment of user intent. Review the selection and adjust it if needed. You can also manually enter a source expression to define the scope of your exploration.  
 
-In this example, we'll select a source for AWS WAF. For indexes, type `_index=<index name>`. Autocompletion is supported for sources; type a few words, view source suggestions and pick one.
+For example, to explore AWS WAF logs, select the appropriate source. For indexes, use `_index=<index name>`. Autocompletion is supported—start typing a few words to see source suggestions and choose one.
 
 <img src={useBaseUrl('img/search/copilot/source-category.png')} alt="Copilot source category" style={{border: '1px solid gray'}} width="600" />
 
-### Step 3: Execute a Suggestion
+### Step 3: Execute a query
+
+#### Click a suggestion
 
 Click on any of the prebuilt **Suggestions** prompts to launch your investigation. These AI-curated natural language insights are tailored to the specific source you've chosen.
 
 In this example, we'll click `Count the number of log entries by the collector ID`. This translates the insight to a log query and renders results.
 
 <img src={useBaseUrl('img/search/copilot/suggestions.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="600" />
 
-### Step 4: Ask a question
+#### Ask a question
 
-In the **Ask Something...** field, you can manually enter a natural language prompt similar to the prebuilt ones under **Suggestions**. In addition, use autocompletions if appropriate. Type a word in the search bar to trigger completions based on the keyword.
+In the **Ask Something...** field, you can manually enter a natural language prompt, similar to the prebuilt options under **Suggestions**. You can also use autocompletion—start typing a keyword to see relevant suggestions.
 
 <img src={useBaseUrl('img/search/copilot/manual-entry.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="600" />
 
@@ -179,7 +181,7 @@ By default, Copilot searches run with a 15-minute time range. If your search ret
 
 Copilot will automatically attempt to visualize your data. For example, a query like `Top ip by geo` will trigger a geo lookup and display the results on a map:
 
-<img src={useBaseUrl('img/search/copilot/copilot-geo-chart.png')} alt="Copilot chart types" style={{border: '1px solid gray'}} width="800" />
+<img src={useBaseUrl('img/search/copilot/geo-chart.png')} alt="Copilot chart types" style={{border: '1px solid gray'}} width="800" />
 
 The following rules are used to deduce chart type:
 * If both latitude and longitude fields exist, it returns a MAP chart type.
@@ -219,30 +221,36 @@ _sourceCategory=* "{" "}"
 | sum(_count) by _sourceCategory
 ```
 
-If your log query contains a mix of JSON and non-JSON formatting (i.e., a log file is partially JSON), you can isolate the JSON portion by adding `{` to the source expression to trigger **Suggestions**.<br/><img src={useBaseUrl('img/search/copilot/copilot-json.png')} alt="Copilot JSON formatting" style={{border: '1px solid gray'}} width="350" />
+If your log query contains a mix of JSON and non-JSON formatting (i.e., a log file is partially JSON), you can isolate the JSON portion by adding a left curly brace (`{`) to the source expression to trigger **Suggestions**.<br/><img src={useBaseUrl('img/search/copilot/copilot-json.png')} alt="Copilot JSON formatting" style={{border: '1px solid gray'}} width="350" />
+
+#### Edit Title
+
+Copilot automatically updates conversation titles based on your query. You can also set a custom title by clicking the "Edit Title" (pencil) icon. This helps keep investigations organized and easier to revisit.
 
 #### History
 
-Conversation History saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, revisit earlier queries to explore other hypotheses.
+The conversation history feature saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, you can revisit earlier queries to explore other possibilities.
 
-This functionality comes in handy when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.
-<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
+This functionality can be useful when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
 
-You can resume a conversation in two ways:
+There are two ways to resume a conversation:
 
-* Click the **Resume conversation** icon to pick up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
-* Click on the row in the conversation history, and then click the gray area on the right side to resume from a specific query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
+* Click the "Resume Conversation" icon to pick up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
+* Click on any row in a conversation history, then click the "Open in Copilot" icon to resume from a specific query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
 
 #### New Conversation
 
 To start a fresh exploration, click **New Conversation**. This clears your current session and allows you to begin with a clean slate.<br/><img src={useBaseUrl('img/search/copilot/new-conversation.png')} alt="Copilot new conversation" style={{border: '1px solid gray'}} width="700" />
 
 
-### Step 5: Open in Log Search
+### Step 4: Open in Log Search
+
+Opening a Log Search from Copilot will copy your query over to a new log search, allowing you to utilize all of Sumo Logic's search functionality. You can then continue investigating, save the search, and remediate.
 
-Click the **Open in Log Search** icon, which will copy your query from Copilot over to a new log search, allowing you to utilize all of Sumo Logic's search functionality. You can continue investigating, save the search, and remediate.
+There are two ways to do this:
 
-<img src={useBaseUrl('img/search/copilot/open-in-log-search.png')} alt="Copilot open in log search" style={{border: '1px solid gray'}} width="600" />
+* From your conversation, click the **Open in Log Search** icon.<br/><img src={useBaseUrl('img/search/copilot/open-in-log-search1.png')} alt="Copilot open in log search" style={{border: '1px solid gray'}} width="600" />
+* From your conversation history, hover over any row, then click the **Open in Log Search** icon.<br/><img src={useBaseUrl('img/search/copilot/open-in-log-search2.png')} alt="Open Copilot query in log search from History" style={{border: '1px solid gray'}} width="800" />
 
 ## Example queries
 
@@ -278,25 +286,25 @@ You are a SecOps engineer who uses [Cloud SIEM](/docs/cse/). You are worried abo
    ```
    Count logs by action. Sort the results.
    ```
-   <img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-1.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="500" />
+   <img src={useBaseUrl('img/search/copilot/cloud-siem-1.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="500" />
 1. As soon as you do that, you can look at the **Suggestions** section on the right. These suggestions are curated based on their relevance to this Cloud SIEM source. You pick a suggestion to compare results to the last hour:
    ```
    Count logs by action. Sort the results. versus the previous 1h
    ```
-   Notice the system translated the suggestion to a log query and rendered results as a bar graph with no user input. <br/><img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-2.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
+   Notice the system translated the suggestion to a log query and rendered results as a bar graph with no user input. <br/><img src={useBaseUrl('img/search/copilot/cloud-siem-2.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
 1. Switching to table view, you notice "Malicious” in the search results. So, you add in `Filter results by action contains Malicious` to the query:
    ```
    Count logs by action. Sort the results. Filter results by action contains Malicious.
    ```
-   <img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-3.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
+   <img src={useBaseUrl('img/search/copilot/cloud-siem-3.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
    :::note
    If `Malicious` doesn't work, try `Malicious*`. Sumo Logic is case sensitive.
    :::
 1. Next, you look for URLs that pertain to the malicious action:
    ```
    Count logs by action, url, user. Sort the results. Filter results by action contains Malicious.
    ```
-   <img src={useBaseUrl('img/search/copilot/copilot-cloud-siem-4.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
+   <img src={useBaseUrl('img/search/copilot/cloud-siem-4.png')} alt="Copilot tab" style={{border: '1px solid gray'}} width="800" />
 1. Even though the activity was blocked, you can investigate the affected users in the endpoint records next.
 
 To summarize, you conclude there is malicious activity originating from certain users who need to be investigated further.