Merge branch 'main' into SUMO-252086-documentation

Author: sachin-sumologic

.clabot

@@ -169,7 +169,8 @@
     "Hellfire4959",
     "antonymartinsumo",
     "amee-sumo",
-    "chetanchoudhary-sumo"
+    "chetanchoudhary-sumo",
+    "JamoCA"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-service/2021/12-31.md

@@ -566,7 +566,7 @@ Update - The [alert variable](/docs/alerts/monitors/alert-variables) `Results
 ---
 ## April 7, 2021 (Search)
 
-Update - The LogReduce operator now provides an [optimize option](/docs/search/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
+Update - The LogReduce operator now provides an [optimize option](/docs/search/behavior-insights/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
 
 ---
 ## April 6, 2021 (Dashboard)

cid-redirects.json

@@ -370,8 +370,8 @@
   "/05Search/Anomaly-Detection/Anomalies-Page/Drill-Down-into-Events": "/docs/dashboards/drill-down-to-discover-root-causes",
   "/05Search/Behavior_Insights": "/docs/search/behavior-insights",
   "/05Search/Behavior_Insights/LogExplain": "/docs/search/behavior-insights/logexplain",
-  "/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce-keys",
-  "/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce-values",
+  "/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce/logreduce-values",
   "/05Search/Get-Started-with-Search": "/docs/search/get-started-with-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search": "/docs/search/get-started-with-search/build-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices%3A-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
@@ -435,17 +435,17 @@
   "/05Search/Live-Tail/Live-Tail-Show-in-Search": "/docs/search/live-tail/live-tail-show-in-search",
   "/05Search/Live-Tail/Multiple-Live-Tails": "/docs/search/live-tail/multiple-live-tails",
   "/05Search/Live-Tail/Troubleshooting-Live-Tail": "/docs/search/live-tail/troubleshooting-live-tail",
-  "/05Search/LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/About-LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/logcompare",
-  "/05Search/LogCompare/LogCompare-Syntax": "/docs/search/logcompare",
-  "/05Search/LogCompare/Run-LogCompare": "/docs/search/logcompare",
-  "/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/logcompare",
-  "/05Search/LogReduce": "/docs/search/logreduce/logreduce-operator",
-  "/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/logreduce/logreduce-operator",
-  "/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/logreduce/detect-patterns-with-logreduce",
-  "/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/logreduce/influence-the-logreduce-outcome",
-  "/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
+  "/05Search/LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/About-LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/LogCompare-Syntax": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Run-LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/behavior-insights/logcompare",
+  "/05Search/LogReduce": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
+  "/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
+  "/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
   "/05Search/Lookup_Tables": "/docs/search/lookup-tables",
   "/05Search/Lookup_Tables/01_Create_a_Lookup_Table0": "/docs/search/lookup-tables/create-lookup-table",
   "/05Search/Lookup_Tables/01_Create_a_Lookup_Table": "/docs/search/lookup-tables/create-lookup-table",
@@ -1613,6 +1613,7 @@
   "/cid/10196": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source",
   "/cid/10122": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source",
   "/cid/10125": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source",
+  "/cid/10127": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel471-threat-intel-source",
   "/cid/10126": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source",
   "/cid/10128": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source",
   "/cid/10129": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source",
@@ -1702,7 +1703,7 @@
   "/cid/10450": "/docs/alerts/webhook-connections/microsoft-teams",
   "/cid/1046": "/docs/alerts/webhook-connections/pagerduty",
   "/cid/1047": "/docs/alerts/webhook-connections/datadog",
-  "/cid/1048": "/docs/search/logcompare",
+  "/cid/1048": "/docs/search/behavior-insights/logcompare",
   "/cid/1049": "/docs/get-started",
   "/cid/1050": "/docs/integrations/amazon-aws/s3-audit",
   "/cid/1051": "/docs/integrations/amazon-aws/vpc-flow-logs",
@@ -1719,8 +1720,8 @@
   "/cid/1061": "/release-notes-collector",
   "/cid/1062": "/docs/alerts/webhook-connections",
   "/cid/1063": "/docs/alerts/webhook-connections/aws-lambda",
-  "/cid/1064": "/docs/search/logreduce/logreduce-operator",
-  "/cid/1065": "/docs/search/logreduce/logreduce-operator",
+  "/cid/1064": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/cid/1065": "/docs/search/behavior-insights/logreduce/logreduce-operator",
   "/cid/1066": "/docs/send-data/hosted-collectors/cloud-syslog-source",
   "/cid/1067": "/docs/search/live-tail/live-tail-cli",
   "/cid/1068": "/docs/search/live-tail/about-live-tail",
@@ -1876,7 +1877,7 @@
   "/cid/2005": "/docs/search/get-started-with-search",
   "/cid/2006": "/docs/search/search-query-language/search-operators/manually-cast-data-string-number",
   "/cid/2008": "/docs/send-data/installed-collectors/linux",
-  "/cid/2009": "/docs/search/logcompare",
+  "/cid/2009": "/docs/search/behavior-insights/logcompare",
   "/cid/2010": "/docs/search/search-query-language/search-operators/if",
   "/cid/2011": "/docs/get-started/help",
   "/cid/2012": "/docs/manage/security/enable-support-account",
@@ -1887,15 +1888,15 @@
   "/cid/2017": "/docs/manage/users-roles/users/delete-user",
   "/cid/2018": "/docs/send-data/installed-collectors/windows",
   "/cid/2019": "/docs/integrations/pci-compliance/linux",
-  "/cid/2021": "/docs/search/logreduce/detect-patterns-with-logreduce",
+  "/cid/2021": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
   "/cid/2022": "/docs/send-data/installed-collectors",
   "/cid/2023": "/docs/send-data/collection/edit-collector",
   "/cid/2024": "/docs/search/get-started-with-search/search-basics/export-search-results",
   "/cid/2026": "/",
   "/cid/2027": "/docs/search/get-started-with-search/build-search/keyword-search-expressions",
   "/cid/2028": "/docs/search/get-started-with-search",
   "/cid/2030": "/docs/search/search-query-language/group-aggregate-operators",
-  "/cid/2032": "/docs/search/logreduce/influence-the-logreduce-outcome",
+  "/cid/2032": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
   "/cid/2033": "/docs/get-started",
   "/cid/2036": "/docs/integrations/hosts-operating-systems/linux",
   "/cid/2038": "/docs/search/search-query-language/math-expressions",
@@ -1910,20 +1911,20 @@
   "/cid/2047": "/docs/search/get-started-with-search/search-basics/pause-cancel-search",
   "/cid/2049": "/docs/send-data/installed-collectors/sources/remote-file-source/prerequisites-windows-remote-file-collection",
   "/cid/2050": "/docs/get-started",
-  "/cid/2057": "/docs/search/logcompare",
+  "/cid/2057": "/docs/search/behavior-insights/logcompare",
   "/cid/2058": "/docs/alerts/scheduled-searches/create-email-alert",
   "/cid/2059": "/docs/search/get-started-with-search/search-basics/save-search",
-  "/cid/2060": "/docs/search/logcompare",
+  "/cid/2060": "/docs/search/behavior-insights/logcompare",
   "/cid/2064": "/docs/search/search-cheat-sheets/general-search-examples",
   "/cid/2066": "/docs/search/get-started-with-search/search-basics/search-surrounding-messages",
   "/cid/2068": "/docs/integrations/saas-cloud/fastly",
   "/cid/2069": "/docs/integrations/app-development/gitlab",
   "/cid/2070": "/docs/search/search-query-language/search-operators/sort",
   "/cid/2071": "/docs/send-data/collection/start-stop-collector-using-scripts",
   "/cid/2072": "/docs/search/get-started-with-search/suggested-searches",
-  "/cid/2073": "/docs/search/logcompare",
-  "/cid/2074": "/docs/search/logreduce/logreduce-operator",
-  "/cid/2075": "/docs/search/logreduce/logreduce-operator",
+  "/cid/2073": "/docs/search/behavior-insights/logcompare",
+  "/cid/2074": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/cid/2075": "/docs/search/behavior-insights/logreduce/logreduce-operator",
   "/cid/2076": "/docs/get-started",
   "/cid/2077": "/docs/get-started",
   "/cid/2078": "/docs/search/search-query-language/search-operators/if",
@@ -2088,7 +2089,7 @@
   "/cid/4412": "/docs/integrations/saas-cloud/crowdstrike-fdr-host-inventory",
   "/cid/44122": "/docs/integrations/saas-cloud/crowdstrike-spotlight",
   "/cid/44123": "/docs/integrations/saas-cloud/crowdstrike-falcon-filevantage",
-  "/cid/4020": "/docs/search/logreduce",
+  "/cid/4020": "/docs/search/behavior-insights/logreduce",
   "/cid/4021": "/docs/search/search-query-language/search-operators/accum",
   "/cid/40001": "/docs/search/search-query-language/search-operators/as",
   "/cid/40002": "/docs/search/search-query-language/search-operators/asn-lookup",
@@ -2284,7 +2285,7 @@
   "/cid/5134": "/docs/dashboards/panels",
   "/cid/5135": "/docs/dashboards/drill-down-to-discover-root-causes",
   "/cid/5136": "/docs/get-started/library",
-  "/cid/5138": "/docs/search/logreduce/influence-the-logreduce-outcome",
+  "/cid/5138": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
   "/cid/5139": "/docs/send-data/collection/edit-source",
   "/cid/5140": "/docs/get-started/library",
   "/cid/5143": "/docs/manage/users-roles/roles/create-manage-roles",
@@ -2422,7 +2423,7 @@
   "/cid/5334": "/docs/search/get-started-with-search/suggested-searches/microsoft-iis-parser",
   "/cid/5335": "/docs/search",
   "/cid/5336": "/docs/send-data/collection/search-for-a-collector-or-source",
-  "/cid/5339": "/docs/search/logreduce",
+  "/cid/5339": "/docs/search/behavior-insights/logreduce",
   "/cid/5340": "/docs/integrations/sumo-apps/security-analytics",
   "/cid/5341": "/docs/integrations/sumo-apps/security-analytics",
   "/cid/5342": "/docs/alerts/webhook-connections/servicenow",
@@ -2438,7 +2439,7 @@
   "/cid/5356": "/docs/dashboards/panels/modify-chart",
   "/cid/5368": "/docs/dashboards/panels/single-value-charts",
   "/cid/5375": "/",
-  "/cid/5377": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
+  "/cid/5377": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
   "/cid/5378": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
   "/cid/5379": "/docs/integrations/amazon-aws/elastic-load-balancing",
   "/cid/5380": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
@@ -2477,7 +2478,7 @@
   "/cid/5444": "/docs/integrations/web-servers/varnish",
   "/cid/5445": "/docs/integrations/web-servers/varnish",
   "/cid/5446": "/docs/integrations/containers-orchestration/vmware-legacy",
-  "/cid/5448": "/docs/search/logreduce/detect-patterns-with-logreduce",
+  "/cid/5448": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
   "/cid/5449": "/docs/integrations/containers-orchestration/vmware-legacy",
   "/cid/5450": "/",
   "/cid/5454": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
@@ -2686,8 +2687,8 @@
   "/cid/23411": "/docs/integrations/saas-cloud/sophos",
   "/cid/9078": "/docs/manage/users-roles/roles/construct-search-filter-for-role",
   "/cid/915200739": "/docs/observability/sdo/about-sdo",
-  "/cid/9201": "/docs/search/behavior-insights/logreduce-keys",
-  "/cid/9202": "/docs/search/behavior-insights/logreduce-values",
+  "/cid/9201": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/cid/9202": "/docs/search/behavior-insights/logreduce/logreduce-values",
   "/cid/9205": "/docs/search/behavior-insights/logexplain",
   "/cid/96734": "/docs/send-data/hosted-collectors/http-source/troubleshooting",
   "/cid/97652": "/docs/integrations/saas-cloud/qualys-vmdr",
@@ -3798,9 +3799,9 @@
   "/Search/Get_Started_with_Search/Search_Basics/Search_Metadata": "/docs/search/get-started-with-search/search-basics",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App": "/docs/integrations/sumo-apps/data-volume",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App/Data-Volume-App-Dashboards": "/docs/integrations/sumo-apps/data-volume",
-  "/Search/LogCompare": "/docs/search/logcompare",
-  "/Search/LogCompare/About_LogCompare": "/docs/search/logcompare",
-  "/Search/LogReduce": "/docs/search/logreduce",
+  "/Search/LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/Search/LogCompare/About_LogCompare": "/docs/search/behavior-insights/logcompare",
+  "/Search/LogReduce": "/docs/search/behavior-insights/logreduce",
   "/Query_Language": "/docs/search/search-query-language",
   "/Search/Search_Query_Language": "/docs/search/search-query-language",
   "/Search/Search_Query_Language/Parse_Operators/CSV_Operator": "/docs/search/search-query-language/parse-operators/parse-csv-formatted-logs",
@@ -4185,5 +4186,13 @@
   "/docs/integrations/amazon-aws/aurora-mysql-ulm": "/docs/integrations/amazon-aws/rds",
   "/docs/integrations/amazon-aws/aurora-postgresql-ulm": "/docs/integrations/amazon-aws/rds",
   "/docs/integrations/amazon-aws/elastic-load-balancer-app": "/docs/integrations/amazon-aws/application-load-balancer",
-  "/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer"
+  "/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer",
+  "/docs/search/logcompare": "/docs/search/behavior-insights/logcompare",
+  "/docs/search/behavior-insights/logreduce-keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
+  "/docs/search/logreduce": "/docs/search/behavior-insights/logreduce",
+  "/docs/search/logreduce/logreduce-operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
+  "/docs/search/logreduce/detect-patterns-with-logreduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
+  "/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
+  "/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
+  "/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values"
 }

docs/alerts/monitors/alert-response-faq.md

@@ -67,7 +67,7 @@ Sumo Logic detects and maintains a signature library. It does that by analyzing
 
 There could be cases where the process has still not cataloged a new log message to a signature. As a result, it would get bundled into the "Others" category. This problem should be fixed automatically after some time (when the background process runs).
 
-You can also force run the signature cataloging process manually, by calling the [LogCompare](../../search/logcompare.md) or [LogReduce](/docs/search/logreduce) operators from the Log Search page. 
+You can also force run the signature cataloging process manually, by calling the [LogCompare](/docs/search/behavior-insights/logcompare) or [LogReduce](/docs/search/behavior-insights/logreduce) operators from the Log Search page. 
 
 ## I don’t see the Dimensional Explanation card for logs-based alert
 

docs/alerts/monitors/alert-response.md

@@ -160,7 +160,7 @@ See [Using tags in alerts](/docs/alerts/monitors/settings/#using-tags-in-alerts)
 
 ### Log fluctuations
 
-This card detects different signatures in your log messages using [LogReduce](/docs/search/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.
+This card detects different signatures in your log messages using [LogReduce](/docs/search/behavior-insights/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.
 
 * **New**. Log signatures that were only seen after the Alert was triggered but not one hour prior to the Alert start time.
 * **Gone**. Log signatures that are not present after the Alert was created but were present one hour prior to the Alert start time, such as **Transaction Succeeded** or **Success**.

docs/alerts/monitors/overview.md

@@ -130,7 +130,7 @@ Custom variables used inside the Action Payload.
 ### General
 
 * [Receipt Time](../../search/get-started-with-search/build-search/use-receipt-time.md) is not supported.
-* [LogReduce](/docs/search/logreduce/logreduce-operator) / [LogCompare](../../search/logcompare.md) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.  
+* [LogReduce](/docs/search/behavior-insights/logreduce/logreduce-operator) / [LogCompare](/docs/search/behavior-insights/logcompare) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.  
 * Monitors only support the [Continuous data tier](/docs/manage/partitions/data-tiers).
 * An aggregate Metric Monitor can evaluate up to 15,000 time series. A non-aggregate Metric Monitor can evaluate up to 3,000 time series.
 * [Save to Index](../scheduled-searches/save-to-index.md) and [Save to Lookup](../scheduled-searches/save-to-lookup.md) are not supported.