Merge branch 'main' into katex

Author: kimsauce

docs/cse/get-started-with-cloud-siem/intro-for-analysts.md

@@ -303,8 +303,8 @@ If you do decide to write a custom rule, insight, or rule tuning expression, the
 
 You're updating some of the firewalls in your system, and you don't want to trigger unnecessary alerts. Write a rule tuning expression that will allow yourself to bypass firewall-related rules.
 
-1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Rule Tuning**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Rule Tuning**. You can also click the **Go To...** menu at the top of the screen and select **Rule Tuning**. 
-1. On the **Rule Tuning** page, click **Create**.
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Cloud SIEM**. Then in the top menu, select **Content > Rule Tuning**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Rule Tuning**. You can also click the **Go To...** menu at the top of the screen and select **Rule Tuning**. 
+1. On the **Rule Tuning** page, click **Add Rule Tuning Expression**.
 1. Name your rule tuning expression.
 1. **Tune selected Rules** should be selected by default. 
 1. Use the **Type to add a Rule** search bar to find rules to add your expression to.

docs/cse/rules/about-cse-rules.md

@@ -81,7 +81,7 @@ The tuning expression is AND’d with the rule expression—the rule will only g
 
 Rule tuning expressions allow you to tailor the logic of a built-in rule without replicating and modifying the rule. The benefit of using a tuning expression, over the copy and edit method, is that when Cloud SIEM updates built-in rules, your tuning expressions are preserved. This division of logic means that you don’t need to create as many custom rules. If you use tuning expressions in combination with multi-entity rules you’ll further reduce the need for custom rules.   
 
-You create tuning expressions on the **Rule Tuning** page, which is available from the **Content** menu. When you create a tuning expression, you have the option of applying to all of your rules, or to selected rules. Or, you can apply tuning expressions when you create a rule. You can apply multiple tuning expressions to a rule. You can assign a tuning expression to selected rules, or to all of your rules. You can also create a tuning expression without immediately assigning it to any rules. For more information, see [Rule Tuning Expressions](/docs/cse/rules/rule-tuning-expressions).
+You create tuning expressions on the **Rule Tuning** page. When you create a tuning expression, you have the option of applying to all of your rules, or to selected rules. Or, you can apply tuning expressions when you create a rule. You can apply multiple tuning expressions to a rule. You can assign a tuning expression to selected rules, or to all of your rules. You can also create a tuning expression without immediately assigning it to any rules. For more information, see [Rule Tuning Expressions](/docs/cse/rules/rule-tuning-expressions).
 
 ## "On Entity" configuration
 

docs/cse/rules/rule-tuning-expressions.md

@@ -75,10 +75,10 @@ Watch this micro lesson to learn how to create a rule tuning expression.
 
 ## Create a tuning expression
 
-1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Rule Tuning**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Rule Tuning**. You can also click the **Go To...** menu at the top of the screen and select **Rule Tuning**. 
-1. On the **Rule Tuning** page, click **Create**.
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Cloud SIEM**. Then in the top menu select **Content > Rule Tuning**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Rule Tuning**. You can also click the **Go To...** menu at the top of the screen and select **Rule Tuning**. 
+1. On the **Rule Tuning** page, click **Add Rule Tuning Expression**.
 1. The **New Rule Tuning Expression** page appears.
-    <br/><img src={useBaseUrl('img/cse/annotated-expression.png')} alt="Annotated expression" style={{border: '1px solid gray'}} width="800"/>
+    <br/><img src={useBaseUrl('img/cse/annotated-expression.png')} alt="Empty screen to create a rule tuning expression" style={{border: '1px solid gray'}} width="800"/>
 1. **Name**. Enter a name for the tuning expression. 
 1. **Description**. Enter a description of the tuning expression.
 1. In the **Tune [selected|all] Rules** section:
@@ -104,14 +104,11 @@ You can also create new tuning expression and apply existing tuning expressions
 
 When you create a tuning expression it is enabled by default. If you disable a tuning expression, rules that it is applied to will behave as if the tuning expression does not exist. 
 
-You can toggle the enablement state of a tuning expression on the **Rule Tuning** page using the control to the left of the delete icon.
+<img src={useBaseUrl('img/cse/enable-on-list.png')} alt="Enable on list page" style={{border: '1px solid gray'}} width="600"/>
 
-<img src={useBaseUrl('img/cse/enable-on-list.png')} alt="Enable on list page" style={{border: '1px solid gray'}} width="800"/>
-
-You can also toggle the enablement state on the details page for a tuning expression.
-
-<img src={useBaseUrl('img/cse/enable-on-details.png')} alt="Enable on details page" style={{border: '1px solid gray'}} width="800"/>
+You can toggle the enablement state on the details page for a tuning expression.
 
+<img src={useBaseUrl('img/cse/enable-on-details.png')} alt="Enable on details page" style={{border: '1px solid gray'}} width="600"/>
 
 ## Testing tuning expressions
 

docs/send-data/kubernetes/troubleshoot-collection.md

@@ -696,6 +696,33 @@ Then, look at the Sumo Logic Mock logs:
 2024-02-13T14:19:56.412Z DEBUG [sumologic_mock::router::otlp] Span => name: ancestor-7, span_id: 34b7b7f27d6a9d86, parent_span_id: 2ef9759def53f709, trace_id: f7563cc4ef721e1d14974eea71e20b55
 ```
 
+### Auto-instrumentation (tracing)
+
+The environment variables injected into a pod by Java auto-instrumentation are shown below.
+
+```yaml
+Environment:
+      OTEL_NODE_IP:                         (v1:status.hostIP)
+      OTEL_POD_IP:                          (v1:status.podIP)
+      OTEL_METRICS_EXPORTER:               otlp
+      OTEL_TRACES_EXPORTER:                otlp
+      OTEL_EXPORTER_OTLP_PROTOCOL:         http/protobuf
+      OTEL_EXPORTER_OTLP_ENDPOINT:         http://sumo-sumologic-otelagent.observability:4318
+      JAVA_TOOL_OPTIONS:                    -javaagent:/otel-auto-instrumentation-java/javaagent.jar
+      OTEL_APPLICATION_NAMESPACE_NAME:     default
+      OTEL_SERVICE_NAME:                   java-app
+      OTEL_RESOURCE_ATTRIBUTES_POD_NAME:   java-app-58cdff4f7b-2zv5q (v1:metadata.name)
+      OTEL_RESOURCE_ATTRIBUTES_NODE_NAME:   (v1:spec.nodeName)
+      OTEL_PROPAGATORS:                    tracecontext,baggage
+      OTEL_RESOURCE_ATTRIBUTES:            application=default,k8s.container.name=javaapp,k8s.deployment.name=java-app,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.replicaset.name=java-app-58cdff4f7b,service.instance.id=default.$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME).javaapp,service.version=main
+```
+
+:::note
+Ensure that the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable is set to `http://sumo-sumologic-otelagent.observability:4318` to allow proper communication with the OpenTelemetry Collector.
+
+Where `sumo` is the release name and `observability` is the release namespace.
+:::
+
 ## Collecting events
 
 ### Check events body