You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can now use Copilot to analyze raw, unstructured log data, even if it’s not in JSON or lacks Field Extraction Rules (FERs). This Beta expands Copilot’s reach to custom, legacy, and inconsistent log formats with no setup required.
12
+
13
+
* Ask questions in plain English—no schema or FERs needed.
14
+
* Works with raw logs like firewalls, syslog, and homegrown formats.
15
+
* Ideal for error triage, threat hunting, and exploratory analysis.
16
+
17
+
To join the Beta, [enroll here](https://forms.gle/LozrrAppM9FM94tS9) or reach out to your Sumo Logic account team.
Copy file name to clipboardExpand all lines: docs/search/copilot-unstructured-logs.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,16 +21,16 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
21
21
22
22
This feature is in Beta. To participate, contact your Sumo Logic account executive or [enroll here](https://forms.gle/LozrrAppM9FM94tS9).
23
23
24
-
Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs—even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs).
24
+
Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs).
25
25
26
26
## What's new
27
27
28
-
Previously, Copilot worked best on structured (JSON) logs. Now, it automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box.
28
+
Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box and enables support for a broader range of log types.
29
29
30
-
Copilot learns from usage patterns—if a log source is already used in dashboards or commonly queried, it’s more likely to produce strong results.
30
+
Copilot learns from usage patterns; if a log source is already used in dashboards or commonly queried, it’s more likely to produce accurate, actionable results.
31
31
32
32
***Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types.
33
-
***Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches—even for raw, non-JSON logs.
33
+
***Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs.
34
34
***Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience.
35
35
***Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation.
36
36
***Common use cases**.
@@ -46,15 +46,15 @@ Copilot learns from usage patterns—if a log source is already used in dashboar
46
46
- “Find logs with IP 192.0.2.0”
47
47
- “What are the top 5 errors from nginx logs today?”
48
48
* Use dashboards to monitor your log sources. Copilot performs better when logs are part of existing queries and visualizations.
49
-
* Logs with clear timestamps, separators (like commas or tabs), and consistent patterns tend to yield better results.
49
+
* Logs with consistent formats, clear timestamps, and standard separators (like commas or tabs) yield better results.
50
50
51
51
## Related updates
52
52
53
53
These recent Copilot enhancements make it even easier to work with unstructured logs:
54
54
55
-
***Dynamic conversation titles**. Your queries are automatically named for easy organization and retrieval.
55
+
***Dynamic conversation titles**. Your queries are automatically titled for easy organization and retrieval.
56
56
***"Open in Copilot" for alerts**. Investigate alerts directly in Copilot without losing context.
57
-
***Suggestion pinning**. Pin suggestions inside a conversation to revisit them during your investigation.
57
+
***Suggestion pinning**. Pin suggestions inside a conversation to revisit them later.
0 commit comments