You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1.**Set a TTL (Time to Live) for table entries**? Click **No**.
47
47
1.**Choose a size limit handling option**. This option controls how additions to the Lookup table will be handled when it reaches its size limit (100 MB). Click **Delete Old Data.**
1. The page displays a **Schema** section. (The screenshot below shows the schema settings for our example filled in.) <br/><img src={useBaseUrl('img/cse/schema.png')} alt="Schema settings" width="600"/>
49
+
1. The page displays a **Schema** section. (The screenshot below shows the schema settings for our example filled in.) <br/><img src={useBaseUrl('img/cse/schema.png')} alt="Schema settings" style={{border: '1px solid gray'}} width="600"/>
50
50
1. For the first column, enter:
51
51
***Fields**. Enter *mail*.
52
52
***Value Type**. Leave the default, *string*, selected.
@@ -75,7 +75,7 @@ Where:
75
75
*`_collector` identifies the collector where the Active Directory source runs.
76
76
*`PATH` is the path of the lookup table, in this format: `path://"/Library/Admin Recommended/userIdToUsername"` You can copy the path to the Lookup Table in the Sumo Logic Library. Hover over the row for the table in the Library, and select **Copy path to clipboard** from the three-dot kebab menu.
77
77
78
-
<img src={useBaseUrl('img/cse/tree-dot.png')} alt="Kebab menu button" width="600"/>
78
+
<img src={useBaseUrl('img/cse/tree-dot.png')} alt="Kebab menu button" style={{border: '1px solid gray'}} width="600"/>
79
79
80
80
## Step 3: Save and schedule the search
81
81
@@ -85,21 +85,21 @@ Be sure to choose “Email” as the **Alert type**. (*Don’t* select **Save to
85
85
86
86
To save and schedule the search:
87
87
88
-
1. In the log search tab where you’ve run your query, choose **Save as** from the three-dot kebab menu in the query area. <br/><img src={useBaseUrl('img/cse/save-as.png')} alt="Save as on dropdown list" width="600"/>
88
+
1. In the log search tab where you’ve run your query, choose **Save as** from the three-dot kebab menu in the query area. <br/><img src={useBaseUrl('img/cse/save-as.png')} alt="Save as on dropdown list" style={{border: '1px solid gray'}} width="600"/>
89
89
1. On the **Save Item** popup:
90
90
***Name**. Enter a name for the query.
91
91
***Time range**. Select a time range for the query.
92
92
***Search By**. Select *Receipt Time*.
93
93
***Location to save to**. Choose a folder location.
***Run frequency**. Select *Daily*, unless you have another preference.
97
97
***Send Notification**. Choose *If the following condition is met*.
98
98
***Alert condition**. Select *Less than \<*.
99
99
***Alert type**. Select *Email*.
100
100
***Number of results**. Enter *5*, or another value if you prefer.
101
101
***Recipients.** Enter the email addresses of one or more users to receive email alerts.
102
-
***Include in email**. Select *Search Query* and *Histogram*, unless you have another preference. <br/><img src={useBaseUrl('img/cse/save-item-2.png')} alt="Save item dialog" width="400"/>
102
+
***Include in email**. Select *Search Query* and *Histogram*, unless you have another preference. <br/><img src={useBaseUrl('img/cse/save-item-2.png')} alt="Save item dialog" style={{border: '1px solid gray'}} width="400"/>
103
103
1. Click **Save.**
104
104
105
105
## Step 4: Configure the Lookup Table in Cloud SIEM
0 commit comments