You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/search/copilot.md
+12-13Lines changed: 12 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,16 +104,22 @@ Break your questions into smaller, specific requirements to help Copilot provide
104
104
see https://drive.google.com/file/d/10XUn4DQD3K91V3Qf5heCizkHJneTaBJ7/view?usp=sharing
105
105
--->
106
106
107
-
Copilot is built on [Sumo Logic search query language](/docs/search/search-query-language). Below are key functions you can call using natural language prompts:
107
+
##### Tips and tricks
108
+
109
+
***Start with a broad query**. Begin with a query like `Show me the most recent logs` to understand the structure and available fields in your logs.
110
+
***Clarify field names**. If fields have similar names and cause confusion, explicitly specify the field (e.g., `<field_name>`) to improve accuracy.
111
+
***Experiment with phrasing**. Try multiple variations of a query to provide context and receive more relevant suggestions.
112
+
***Include time for timeslicing**. When timeslicing data, include the term `time` in your query. For example: `Count requests, every 1m, different code challenges and user used during login attempts by time`.
108
113
109
-
*`Count logs by`[field(s)]
110
-
*`Group logs by`[field(s)]
114
+
Below are examples of how you can phrase queries if the autocompletions and contextual suggestions are not relevant to you:
115
+
116
+
*`Count logs by`[field(s)] and `Group logs by`[field(s)] produce the same result
111
117
*`Sort by`[field(s)][in descending order]
112
-
*`Percentage breakdown in`[field]`values`
118
+
*`Percentage by`[field]`values`
113
119
*`Find`[stat]`for`[field] (max, min, standard deviation, etc.)
114
120
*`Filter by`[field]`contains`[keyword]
115
-
:::note
116
-
Keyword searches are case-sensitive
121
+
:note
122
+
Keyword searches are case-sensitive.
117
123
:::
118
124
*`Apply logreduce to logs`
119
125
@@ -122,13 +128,6 @@ Additional prompts can trigger more advanced activities (e.g., mapping network a
122
128
*`Analyze risk and severity of network activity`
123
129
*`Identify top application categories accessed`
124
130
125
-
##### Tips and tricks
126
-
127
-
***Start with a broad query**. Begin with a query like `Show me the most recent logs` to understand the structure and available fields in your logs.
128
-
***Clarify field names**. If fields have similar names and cause confusion, explicitly specify the field (e.g., `<field_name>`) to improve accuracy.
129
-
***Experiment with phrasing**. Try multiple variations of a query to provide context and receive more relevant suggestions.
130
-
***Include time for timeslicing**. When timeslicing data, include the term `time` in your query. For example: `Count requests, every 1m, different code challenges and user used during login attempts by time`.
131
-
132
131
#### Time range
133
132
134
133
By default, Copilot searches run with a 15-minute time range. If your search returns no results, consider expanding the time range.
0 commit comments