Merge branch 'main' into C3M-Library-content-GA

Author: JV0812

README.md

@@ -38,7 +38,7 @@ Before submitting an issue or pull request, we recommend reviewing the sections
 
 To contribute to Sumo Docs, ensure you have the following tools installed:
 
-- [Node.js](https://nodejs.org/en/download/) version 18 or higher
+- [Node.js](https://nodejs.org/en/download/) version 20 or higher
 - [Yarn](https://yarnpkg.com/en/), installable via [Homebrew](https://brew.sh/) (`brew install yarn`)
 
 ## Installation

blog-collector/2025-10-13-installed.md

@@ -8,4 +8,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Sumo Logic has been using Java 8 for its Installed Collectors until now. However, with Java 8 reaching its end of public updates in January 2019, and with newer Java versions offering significant improvements in both performance and security, we are upgrading our Installed Collectors to Java 17. This upgrade will provide enhanced functionality, better security patches, and overall improved system efficiency.
 
-If you're running a collector with your own custom JRE, ensure the JRE version is 17 or higher. If not, upgrade to Java 17 or a more recent version. [Learn more](/docs/send-data/collection/upgrade-collectors/#upgradecollectors-to-the-latest-build).
+Starting January 31, 2026, Sumo Logic will no longer support the collectors using Java Runtime Environment (JRE) versions older than 17. To ensure continued compatibility and support, upgrade your collectors to JRE 17 or later before this date. [Learn more](/docs/send-data/collection/upgrade-collectors/#upgradecollectors-to-the-latest-build).

blog-service/2025-10-14-apps.md

@@ -1,6 +1,6 @@
 ---
 title: Azure Security - Microsoft Defender for Cloud Apps (Apps)
-image: https://help.sumologic.com/img/reuse/rss-image.jpg
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
 keywords:
   - apps
   - azure
@@ -11,4 +11,4 @@ hide_table_of_contents: true
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Defender for Cloud Apps. This app enhances Azure security with centralized monitoring, proactive threat detection, and rapid incident response. It also offers interactive dashboards for tracking user activity and access, enabling faster threat management and stronger protection of cloud assets. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/).
+We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Defender for Cloud Apps. This app enhances Azure security with centralized monitoring, proactive threat detection, and rapid incident response. It also offers interactive dashboards for tracking user activity and access, enabling faster threat management and stronger protection of cloud assets. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/).

blog-service/2025-10-16-collection.md

@@ -0,0 +1,25 @@
+---
+title: Cloud Syslog Source Certificate Fully Transitioned to ACM (Collection)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - certificates
+  - Cloud Syslog Source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce that Sumo Logic has fully transitioned to AWS Certificate Manager (ACM) certificates for Transport Layer Security (TLS) communication between your cloud syslog sources and Sumo Logic.
+
+In [a previous release note](/release-notes-service/2025/08/01/collection/), we announced that we are transitioning from DigiCert to ACM certificates.
+
+This change provides the following benefits:
+* **Automated certificate renewal and deployment**. ACM eliminates the need for future manual renewals, reducing administrative overhead.
+* **Simplified infrastructure management for AWS customers**. ACM is deeply integrated into the AWS ecosystem, streamlining your overall infrastructure management. Because Sumo Logic is also on AWS, using ACM provides a seamless experience.
+
+If you use cloud syslog sources to send data to Sumo Logic, download and configure the ACM certificate on your system. For more information and setup instructions, see:
+* [Cloud Syslog Source](/docs/send-data/hosted-collectors/cloud-syslog-source/)
+* [rsyslog](/docs/send-data/hosted-collectors/cloud-syslog-source/rsyslog)
+* [syslog-ng](/docs/send-data/hosted-collectors/cloud-syslog-source/syslog-ng/)
+* [Collect Logs for SentinelOne](/docs/send-data/collect-from-other-data-sources/collect-logs-sentinelone/)
+* [Acquia](/docs/integrations/saas-cloud/acquia/#step-2-configure-a-source)

blog-service/2025-10-17-apps.md

@@ -0,0 +1,14 @@
+---
+title: Azure Security - Microsoft Entra ID Protection (Apps)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - apps
+  - azure
+  - microsoft
+  - azure-security-microsoft-entra-id-protection
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Entra ID Protection. This app enhances identity security across Azure environments by proactively detecting, investigating, and mitigating identity-related risks. This integration helps you safeguard user accounts and credentials, ensuring secure access to critical cloud resources. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection/).

cid-redirects.json

@@ -1525,6 +1525,7 @@
   "/Traces/01Getting_Started_with_Transaction_Tracing/01Instrument_your_application_with_OpenTelemetry": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation",
   "/Traces/01Getting_Started_with_Transaction_Tracing/01Instrument_your_application_with_OpenTelemetry/.NET_OpenTelemetry_auto-instrumentation": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/dotnet",
   "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/net": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/aws-lambda/dotnet",
+  "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/net/traceid-spanid-injection-into-logs": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/dotnet/traceid-spanid-injection-into-logs",
   "/Traces/01Getting_Started_with_Transaction_Tracing/01Instrument_your_application_with_OpenTelemetry/.NET_OpenTelemetry_auto-instrumentation/01NET_Core_TraceID_and_SpanID_Injection_into_Logs": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/dotnet/traceid-spanid-injection-into-logs",
   "/Traces/01Getting_Started_with_Transaction_Tracing/01Instrument_your_application_with_OpenTelemetry/AWS_Lambda_-_Java_function_instrumentation_with_Sumo_Logic_tracing": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/aws-lambda/java",
   "/Traces/01Getting_Started_with_Transaction_Tracing/01Instrument_your_application_with_OpenTelemetry/AWS_Lambda_-_NodeJS_function_instrumentation_with_Sumo_Logic_tracing": "/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/aws-lambda/nodejs",
@@ -2950,6 +2951,8 @@
   "/cid/1111": "/docs/integrations/microsoft-azure/azure-open-ai",
   "/cid/1115": "/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps",
   "/docs/integrations/microsoft-azure/microsoft-defender-for-cloud-apps/": "/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps",
+  "/cid/1116": "/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection",
+  "/docs/integrations/microsoft-azure/microsoft-entra-id-protection/": "/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection",
   "/cid/1113": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/databricks-audit-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
@@ -3138,6 +3141,7 @@
   "/Manage/01Manage_Subscription/05Manage_Organization": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/Manage/01Manage_Subscription/05Manage_Organizational_Settings": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/docs/manage/manage-subscription/upgrade-cloud-flex-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account",
+  "/docs/manage/manage-subscription/usage-management": "/docs/manage/ingestion-volume",
   "/Manage/01Manage_Subscription/06Manage_Billing_Information": "/docs/manage/manage-subscription/manage-billing-information",
   "/Manage/01Manage_Subscription/08Create_and_Manage_Orgs": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs",
   "/Manage/01Manage_Subscription/10Create_and_Manage_Orgs_(Service_Providers)": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",
@@ -3384,6 +3388,7 @@
   "/Manage/Security/Access_Keys/Create_Access_Keys": "/docs/manage/security/access-keys",
   "/Manage/Security/Audit_Event_Index": "/docs/manage/security/audit-indexes/audit-event-index",
   "/docs/audit/audit-events": "/docs/manage/security/audit-indexes",
+  "/docs/manage/security/audit": "/docs/manage/security/audit-indexes",
   "/Manage/Security/Audit-Index": "/docs/manage/security/audit-indexes/audit-index",
   "/Manage/Security/Cloud_Security_Events": "/docs/cse",
   "/Manage/Security/Create-an-Allowlist-for-IP-or-CIDR-Addresses": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
@@ -4169,6 +4174,7 @@
   "/Send-Data/Applications-and-Other-Data-Sources/AWS_WAF/Collect_Logs_for_AWS_WAF": "/docs/integrations/amazon-aws/waf",
   "/Send-Data/Applications-and-Other-Data-Sources/AWS-Lambda": "/docs/integrations/amazon-aws/lambda",
   "/Send-Data/Applications-and-Other-Data-Sources/AWS-CloudTrail/04-Set-Up-Admin-Access-for-CloudTrail": "/docs/integrations/amazon-aws/cloudtrail",
+  "/Send-Data/Applications-and-Other-Data-Sources/AWS-Config": "/docs/send-data/collect-from-other-data-sources",
   "/Send-Data/Applications-and-Other-Data-Sources/AWS-Elastic-Load-Balancing-ULM-Application/Collect-Logs-and-Metrics-for-AWS-Elastic-Load-Balancing-ULM-Application": "/docs/integrations/amazon-aws/classic-load-balancer",
   "/Send-Data/Applications-and-Other-Data-Sources/AWS-Elastic-Load-Balancing-ULM-CLB/Collect-Logs-and-Metrics-for-AWS-Elastic-Load-Balancing-ULM-CLB": "/docs/integrations/amazon-aws/classic-load-balancer",
   "/Send-Data/Applications-and-Other-Data-Sources/Azure_Active_Directory": "/docs/integrations/microsoft-azure/active-directory-azure",
@@ -4436,6 +4442,7 @@
   "/docs/cloud-infrastructure-security/audit-and-compliance": "/docs/security/additional-security-features/audit-and-compliance",
   "/docs/cloud-infrastructure-security/threat-detection-and-investigation": "/docs/security/additional-security-features/threat-detection-and-investigation",
   "/docs/cloud-infrastructure-security/application-security": "/docs/security/additional-security-features/application-security",
+  "/docs/security/automation/playbooks": "/docs/platform-services/automation-service",
   "/docs/cse/automation-service/": "/docs/cse/automation",
   "/docs/cse/automation-service/about-automation-service": "/docs/cse/automation/about-automation-service-and-cloud-siem",
   "/docs/cse/automation-service/automation-service-automations": "/docs/cse/automation/automations-in-cloud-siem",
@@ -4450,6 +4457,7 @@
   "/docs/cse/automation-service/automation-service-integration-framework": "/docs/platform-services/automation-service/integration-framework",
   "/docs/cloud-soar/cloud-soar-integration-framework": "/docs/platform-services/automation-service/integration-framework",
   "/docs/platform-services/automation-service/automation-service-integration-framework": "/docs/platform-services/automation-service/integration-framework",
+  "/docs/send-data/collect-data-from-kubernetes/gke-autopilot-collection": "/docs/send-data/kubernetes",
   "/docs/send-data/collect-from-other-data-sources/kubernetes": "/docs/send-data/kubernetes",
   "/docs/send-data/kubernetes/v4": "/docs/send-data/kubernetes",
   "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/collect-logs-azure-blob-storage": "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs",

docs/cse/rules/cse-rules-syntax.md

@@ -195,6 +195,10 @@ The equal to (=) function returns “true” if the expressions are equal, or 
 
    `null = null`
 
+:::note
+The `=` and `==` functions do not match against a regular expression or pattern. Instead, use the [`like`](#like) function.
+:::
+
 ### ==
 
 The double equal sign (==) function returns “true” if the two expressions are equal. The two expressions must be the same type, and must be a type that can be used in an equality comparison. For complex types such as array and struct, the data types of fields must be orderable.

docs/integrations/amazon-aws/application-load-balancer.md

@@ -140,14 +140,16 @@ Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.ama
 ```
 
 ```sql title="Parse Expression"
-json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
-|"" as namespace
+json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop
 | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
-| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, loadbalancer, f1 nodrop
-| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype matches "net", "aws/networkelb", namespace)) as namespace
-| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
-| where namespace="aws/applicationelb" or isEmpty(namespace)
-| toLowerCase(loadbalancer) as loadbalancer  
+| "" as namespace 
+| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, loadbalancer1, f1 nodrop
+| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, loadbalancer2, f1, f2 nodrop
+| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace 
+| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace
+| where namespace="aws/applicationelb" or isEmpty(namespace) 
+| if (!isEmpty(loadbalancer), loadbalancer, if (!isEmpty(loadbalancer1), loadbalancer1, loadbalancer2)) as loadbalancer
+| toLowerCase(loadbalancer) as loadbalancer 
 | fields region, namespace, loadbalancer, accountid
 ```
 

docs/integrations/amazon-aws/network-load-balancer.md

@@ -68,14 +68,16 @@ Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.ama
 ```
 
 ```sql title="Parse Expression"
-json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
-|"" as namespace
+json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop
 | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
-| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, networkloadbalancer, f1 nodrop
-| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype matches "net", "aws/networkelb", namespace)) as namespace
-| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
-| where namespace="aws/networkelb" or isEmpty(namespace)
-| toLowerCase(networkloadbalancer) as networkloadbalancer  
+| "" as namespace
+| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, networkloadbalancer1, f1 nodrop
+| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, networkloadbalancer2, f1, f2 nodrop
+| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace 
+| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace
+| where namespace="aws/networkelb" or isEmpty(namespace)  
+| if (!isEmpty(networkloadbalancer), networkloadbalancer, if (!isEmpty(networkloadbalancer1), networkloadbalancer1, networkloadbalancer2)) as networkloadbalancer
+| toLowerCase(networkloadbalancer) as networkloadbalancer 
 | fields region, namespace, networkloadbalancer, accountid
 ```