Merge branch 'main' into DOCS-1110

Author: kimsauce

blog-csoar/2025-09-10-application-update.md

@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ### New feature: Test nodes in playbooks
 
-The new **Test Node** toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.
+The new **Test Mode** toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.
 
 What's new:
 * Provide mock values for variables used in the node, and run the results to see the output and any errors.

cid-redirects.json

@@ -59,7 +59,7 @@
   "/01Start-Here/Library/Library_Filters": "/docs/get-started/library",
   "/01Start-Here/Library/Library-Keyboard-Shortcuts": "/docs/get-started/keyboard-shortcuts",
   "/01Start-Here/Library/Move-Content-Personal-Folder": "/docs/get-started/library",
-  "/01Start-Here/Library/Pinned-Searches": "/docs/get-started/library",
+  "/01Start-Here/Library/Pinned-Searches": "/docs/search/get-started-with-search/search-page/pin-a-search",
   "/01Start-Here/Library/Recent-Searches": "/docs/get-started/library",
   "/01Start-Here/Library/Search-the-Library": "/docs/get-started/library",
   "/01Start-Here/Library/Share-a-Saved-Search-from-the-Library": "/docs/get-started/library",
@@ -274,6 +274,7 @@
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS-S3-Scan-Interval-for-Sources": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-scan-interval-sources",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS-S3-Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/docs/send-data/hosted-collectors/amazon-aws/aws-security-data-lake-source": "/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source",
+  "/docs/send-data/hosted-collectors/amazon-aws/cloudwatch-source": "/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Collection_from_AWS_GovCloud": "/docs/send-data/hosted-collectors/amazon-aws/collection-aws-govcloud",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Configuring-your-AWS-Source-with-CloudFormation": "/docs/send-data/hosted-collectors/amazon-aws/configure-your-aws-source-cloudformation",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Grant-Access-to-an-AWS-Product": "/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product",
@@ -376,7 +377,7 @@
   "/05Search/Library/Export-and-Import-Content-in-the-Library": "/docs/get-started/library",
   "/05Search/Library/Favorites": "/docs/get-started/library",
   "/Search/Library/Library_Keyboard_Shortcuts": "/docs/get-started/keyboard-shortcuts",
-  "/05Search/Library/Pinned-Searches": "/docs/get-started/library",
+  "/05Search/Library/Pinned-Searches": "/docs/search/get-started-with-search/search-page/pin-a-search",
   "/05Search/Library/Share-a-Saved-Search-from-the-Library": "/docs/get-started/library",
   "/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration": "/docs/send-data/use-json-configure-sources/local-configuration-file-management/view-download-source-json-configuration",
   "/05Search/Anomaly-Detection/Anomalies-Page/Drill-Down-into-Events": "/docs/dashboards/drill-down-to-discover-root-causes",
@@ -1401,6 +1402,7 @@
   "/APIs/Collector-Management-API/Upgrade-or-Downgrade-Collectors-Using-the-API": "/docs/api/collector-management/upgrade-downgrade-collectors",
   "/APIs/Content_Permissions_API": "/docs/api/content-permissions",
   "/APIs/Content-Management-API": "/docs/api/content-management",
+  "/docs/api/content": "/docs/api/content-management",
   "/APIs/Dashboard_(New)_Management_API": "/docs/api/dashboard",
   "/APIs/Data_Forwarding_Management_API": "/docs/api/logs-data-forwarding",
   "/docs/api/data-forwarding": "/docs/api/logs-data-forwarding",
@@ -3002,6 +3004,7 @@
   "/Cloud_SIEM_Enterprise/CSE_Rules/Import_YARA_Rules": "/docs/cse/rules/import-yara-rules",
   "/Cloud_SIEM_Enterprise/CSE_Rules/Normalized_Authentication_Rules": "/docs/cse/rules/normalized-authentication-rules",
   "/Cloud_SIEM_Enterprise/CSE_Rules/Normalized_Threat_Rules": "/docs/cse/rules/normalized-threat-rules",
+  "/docs/cse/rules/rule-expression-syntax": "/docs/cse/rules/cse-rules-syntax",
   "/Cloud_SIEM_Enterprise/CSE_Rules/Rule_Tuning_Expressions": "/docs/cse/rules/rule-tuning-expressions",
   "/Cloud_SIEM_Enterprise/CSE_Rules/Tailor_a_Global_Rule": "/docs/cse/rules/tailor-global-rule",
   "/docs/cse/rules/first-seen-rule": "/docs/cse/rules/write-first-seen-rule",
@@ -3048,6 +3051,7 @@
   "/Cloud_SIEM_Enterprise/Match_Lists_and_Suppressed_Lists": "/docs/cse/match-lists-suppressed-lists",
   "/Cloud_SIEM_Enterprise/Match_Lists": "/docs/cse/match-lists-suppressed-lists",
   "/Cloud_SIEM_Enterprise/Match_Lists/Standard_Match_Lists": "/docs/cse/match-lists-suppressed-lists/standard-match-lists",
+  "/docs/cse/match-lists": "/docs/cse/match-lists-suppressed-lists",
   "/docs/cse/match-lists-suppressed-lists/standard-match-list": "/docs/cse/match-lists-suppressed-lists/standard-match-lists",
   "/docs/cse/match-lists-suppressed": "/docs/cse/match-lists-suppressed-lists",
   "/Cloud_SIEM_Enterprise/Match_Lists_and_Suppressed_Lists/Create_a_Match_List": "/docs/cse/match-lists-suppressed-lists/create-match-list",
@@ -3367,6 +3371,7 @@
   "/Manage/Security/Audit_Event_Index": "/docs/manage/security/audit-indexes/audit-event-index",
   "/docs/audit/audit-events": "/docs/manage/security/audit-indexes",
   "/Manage/Security/Audit-Index": "/docs/manage/security/audit-indexes/audit-index",
+  "/Manage/Security/Cloud_Security_Events": "/docs/cse",
   "/Manage/Security/Create-an-Allowlist-for-IP-or-CIDR-Addresses": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
   "/Manage/Security/Create-a-Whitelist-for-IP-or-CIDR-Addresses": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
   "/Manage/Security/Data_Access_Level_for_Shared_Dashboards": "/docs/manage/security/data-access-level-shared-dashboards",
@@ -3587,6 +3592,7 @@
   "/Observability_Solution/Kubernetes_Solution/zDrill_down_to_discover_root_causes": "/docs/observability/kubernetes",
   "/Observability_Solution/Kubernetes_Solution/zSumo_Logic_Dashboards_for_Kubernetes": "/docs/observability/kubernetes",
   "/Observability_Solution/05Diagnose_with_the_Observability_Solution": "/docs/observability/diagnose-issues",
+  "/docs/observability/cloud-infrastructure-application-monitoring/integrations/azure/azure-application-gateway": "/docs/integrations/microsoft-azure/azure-application-gateway",
   "/Observability_Solution/06Troubleshoot_with_Observability_Solution": "/docs/observability/troubleshoot",
   "/Observability_Solution/Reliability_Management": "/docs/observability/reliability-management-slo",
   "/Observability_Solution/Reliability_Management/About_SLO": "/docs/observability/reliability-management-slo",
@@ -4496,6 +4502,7 @@
   "/docs/manage/manage-subscription/manage-org-settings": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/docs/integrations/amazon-aws/elastic-load-balancing": "/docs/integrations/amazon-aws/classic-load-balancer",
   "/docs/integrations/microsoft-azure/microsoft-defender-for-cloud": "/docs/integrations/microsoft-azure/azure-security-defender-for-cloud",
+  "/docs/integrations/microsoft-azure/microsoft-defender-for-office-365": "/docs/integrations/microsoft-azure/microsoft-defender-for-cloud-apps",
   "/docs/integrations/azure": "/docs/integrations/microsoft-azure",
   "/docs/search/copilot": "/docs/search/mobot",
   "/docs/search/copilot-unstructured-logs-beta": "/docs/search/mobot-unstructured-logs-beta",

docs/dashboards/panels/map-charts.md

@@ -29,7 +29,7 @@ To add a panel with a Cluster or Heatmap:
 1. Click the **Add to Dashboard** button on the top right of the window to add the panel to your dashboard.<br/><img src={useBaseUrl('/img/dashboards/create-dashboard/Add-to-Dashboard-button.png')} alt="Add to Dashboard button" style={{border: '1px solid gray'}} width="300"/>
 
 ### Limitations
-* Map charts have a display limit of 10,000 results.
+* Map charts queries have a display limit of 1440 results. If your query exceeds this limit, consider refining your query to see all results in the chart.
 * Colors of map markers cannot be changed.
 
 ## Missile map

docs/get-started/library.md

@@ -179,63 +179,9 @@ The Home page lists all currently running searches and any searches performed ov
 
 ### Pinned searches
 
-The **Pinned Search** feature allows you to start a search, then “pin” it, so it will continue running in the background independent of the browser session. Then, you can close the Search tab or log out and find your results later in the library on the [Recent](#recent-searches) tab in a folder named Pinned Searches.
+The *pinned search* feature allows you to start a search, then "pin" it, so it will continue running in the background independent of the browser session. Then, you can close the **Search** page or log out and find your results later.
 
-Once pinned, a search will run in the background for up to 24 hours. If it has not finished by then, it will be paused. There is no notification when your search is paused, but you can just restart the search to continue the query. Search results are available for three days.
-
-There is a limit of ten pinned searches per user. Also, queries that use the [save operator](/docs/search/search-query-language/search-operators/save) cannot be pinned.
-
-A search must be started in order for the pin button to show up in the Search tab. Once a search is pinned, you can easily unpin it, or remove it from the Pinned Searches tab. In the Pinned Searches folder, you can view the **Name**, **Status**, **Elapsed Time**, and monitor the **Progress** of each search.
-
-There is a known issue that may cause Pinned Searches to be lost when Sumo Logic performs an upgrade. For information on Scheduled Maintenance for your deployment, see [Sumo Logic Status](http://status.sumologic.com). 
-
-#### Pin and unpin a search
-
-1. Enter a query in the search box and click **Start**.
-1. Click the three-dot kebab icon and click **Pin** from the provided options. <br/> <img src={useBaseUrl('img/get-started/library/pin-search-option.png')} alt="pin-search-option.png" width="325"/>
-1. A message displays that tells you where you can find it later in the library. The Pinned Search is named by default with the name of the search tab. <br/>![pinmessage.png](/img/get-started/library/pinmessage.png)
-1. To change the name of the pinned search, double-click the **Search** tab to activate the name field and enter a new name.
-1. To preserve the pinned search, follow the steps in Save a pinned search.
-1. To unpin the search, click **Unpin** in the menu bar. <br/><img src={useBaseUrl('img/get-started/library/unpin-search-option.png')} alt="pin-search-option.png" width="300"/>
-
-#### Save a pinned search
-
-When you save a pinned search, it appears in your personal folder in the left navigation bar.
-
-1. Click the name of the search to open it in the **Search** tab.
-1. In the **Search** tab, click the three-vertical dot icon and click **Save As** from the provided options. The Save Item dialog appears.
-1. Enter a unique **Name** in the text field. In our example below, we entered Invoke Frequency.
-1. Optionally, enter a **Description**.
-1. Click **Save**. <br/>![Save_As_Search_dialog.png](/img/get-started/library/Save_As_Search_dialog.png)
-
-The search is saved to your **Personal** folder.
-
-#### Manage pinned searches
-
-This section shows you how to open previously pinned searches, rename a pinned search, and remove a search from the pinned search list,
-
-To open a previously pinned search:
-
-1. In the **Pinned Searches** tab, click the name of the search.
-1. The search query and any existing results are displayed in the **Search** tab.
-1. To run a new instance of the search, change the Time Range Expression, and click **Start**.
-
-To rename a pinned search:
-
-1. In the **Pinned Searches** tab, click the name of the search.
-1. The search query and any existing results are displayed in the **Search** tab.
-1. Double-click the **Search** tab to reactivate the name field.
-1. Enter a new name and press **Enter**.
-
-To remove a search from the pinned search List:
-
-1. Hover over the search, then click the three-dot kebab menu icon to the right of the name.
-1. Click **Unpin**. 
-1. In the **Confirm** dialog, click **OK**.
-
-The search is removed from the list of Pinned Searches.
-
-Removing an instance of a Saved Search from the list in the Pinned Searches tab does not delete the Saved Search from your Personal folder.
+For more information, see [Pin a Search](/docs/search/get-started-with-search/search-page/pin-a-search).
 
 ### Share a saved search from the library
 

docs/get-started/sumo-logic-ui-classic.md

@@ -195,7 +195,7 @@ To pin a search, do the following:
 1. A message appears telling you the location of your pinned search in the Library. The Pinned Search takes the name of the Search tab by default.<br/>  ![pinmessage.png](/img/get-started/ui/pinmessage.png)
 1. To change the name of a Pinned Search, double-click the Search tab and enter a new name in the name field.
 
-For information on how to manage pinned searches, see the [Pinned Searches](/docs/get-started/library#pinned-searches) page.
+For information on how to manage pinned searches, see [Pin a Search](/docs/search/get-started-with-search/search-page/pin-a-search).
 
 ### Manage your personal account preferences
 

docs/get-started/sumo-logic-ui.md

@@ -192,7 +192,7 @@ You must start a search for the **Pin** option to appear. To pin a search, do t
 
 Once a search is pinned, it cannot be unpinned, but you can remove it from the **Pinned Searches** tab. You can pin up to 10 searches at a time. Queries that use the [`save` operator](/docs/search/search-query-language/search-operators/save) cannot be pinned.
 
-For more information, see [Pinned Searches](/docs/get-started/library/#pinned-searches).
+For more information, see [Pin a Search](/docs/search/get-started-with-search/search-page/pin-a-search).
 
 
 ## Administrator tasks

docs/integrations/sumo-apps/data-volume.md

@@ -62,7 +62,7 @@ Use this dashboard to:
 The **Data Volume - Metrics** dashboard allows you to view your metrics ingested, identifies ingest outliers/spikes, and helps predict what ingestion is going to be.
 
 Use this dashboard to:
-* Determine the ingested DPM by various dimensions their
+* Determine the ingested DPM by various dimensions.
 * Examine trends over time.
 * Identify the spikes where current hour ingestion is above 50% from the last hour.
 * Identify ingestion outliers and forecast data ingestion, analyze the comparison of your current ingestion to your capacity, and review any overages. You must configure the “Metric_DPM_Ingest_Capacity”  variable that needs to be configured based on Account Subscription. If you have a Credit-based plan, please check with your account executive to determine these values for your account. Otherwise, see the [**Account Overview**](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#account-overview) page to see your Capacity Values.