Merge branch 'main' into CONN-4131-doc-update

Author: JV0812

.clabot

@@ -174,7 +174,8 @@
     "darshan-sumo",
     "mahendrak-sumo",
     "chvik",
-    "Apoorvkudesia-sumologic"
+    "Apoorvkudesia-sumologic",
+    "akesle"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

cid-redirects.json

@@ -1764,7 +1764,10 @@
   "/cid/10321": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/windows",
   "/cid/10322": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker",
   "/cid/10323": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx",
-  "/cid/10324": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka",
+  "/cid/10340": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka",
+  "/cid/10341": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/postgresql",
+  "/cid/10342": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/mysql",
+  "/cid/10343": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/elasticsearch",
   "/cid/10325": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/apache/changelog",
   "/cid/10326": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/linux/changelog",
   "/cid/10327": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/localfile/changelog",
@@ -1776,6 +1779,10 @@
   "/cid/10337": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker/changelog",
   "/cid/10338": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx/changelog",
   "/cid/10339": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka/changelog",
+  "/cid/10344": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/postgresql/changelog",
+  "/cid/10345": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/mysql/changelog",
+  "/cid/10346": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/elasticsearch/changelog",
+  "/cid/10347": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/st-with-secrets",
   "/cid/10822": "/docs/manage/manage-subscription/create-manage-orgs-flex",
   "/cid/10817": "/docs/integrations/sumo-apps/cse",
   "/cid/10818": "/docs/integrations/sumo-apps/cse",

docs/integrations/databases/opentelemetry/postgresql-opentelemetry.md

@@ -19,7 +19,7 @@ This app supports PostgreSQL version 9.6+.
 
 We use the OpenTelemetry collector for PostgreSQL metric collection and for collecting PostgreSQL logs.
 
-The diagram below illustrates the components of the PostgreSQL collection for each database server. OpenTelemetry collector runs on the same host as PostgreSQL, and uses the [PostgreSQL receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/postgresqlreceiver) to obtain PostgreSQL metrics, and the [Sumo Logic OpenTelemetry Exporter](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/sumologicexporter) to send the metrics to Sumo Logic. MySQL logs are sent to Sumo Logic through a [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver).
+The diagram below illustrates the components of the PostgreSQL collection for each database server. OpenTelemetry collector runs on the same host as PostgreSQL, and uses the [PostgreSQL receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/postgresqlreceiver) to obtain PostgreSQL metrics, and the [Sumo Logic OpenTelemetry Exporter](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/sumologicexporter) to send the metrics to Sumo Logic. PostgreSQL logs are sent to Sumo Logic through a [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver).
 
 <img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Postgresql-OpenTelemetry/PostgreSQL-Schematics.png' alt="Schematics" />
 
@@ -107,7 +107,7 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md';
 
 ### Step 2: Configure integration
 
-In this step, you will configure the yaml file required for Mysql collection.
+In this step, you will configure the yaml file required for PostgreSQL collection.
 
 Below is the required input:
 

docs/integrations/saas-cloud/fastly.md

@@ -69,39 +69,39 @@ When you configure the Sumo Logic endpoint in Fastly:
      "protocol": "%{req.proto}V",
      "host": "%{req.http.Fastly-Orig-Host}V",
      "origin_host": "%{req.http.Host}V",
-     "url": "%{cstr_escape(req.url)}V",
+     "url": "%{json.escape(req.url)}V",
      "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V",
      "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V",
-     "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V",
-     "tls_client_servername": "%{cstr_escape(tls.client.servername)}V",
-     "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V",
-     "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V",
-     "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V",
+     "tls_client_protocol": "%{json.escape(tls.client.protocol)}V",
+     "tls_client_servername": "%{json.escape(tls.client.servername)}V",
+     "tls_client_cipher": "%{json.escape(tls.client.cipher)}V",
+     "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V",
+     "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V",
      "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V",
      "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V",
      "h2_stream_id": "%{fastly_info.h2.stream_id}V",
-     "request_referer": "%{cstr_escape(req.http.Referer)}V",
-     "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-     "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
-     "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V",
-     "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V",
-     "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V",
-     "request_connection": "%{cstr_escape(req.http.Connection)}V",
-     "request_dnt": "%{cstr_escape(req.http.DNT)}V",
-     "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V",
-     "request_via": "%{cstr_escape(req.http.Via)}V",
-     "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V",
-     "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V",
-     "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V",
+     "request_referer": "%{json.escape(req.http.Referer)}V",
+     "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+     "request_accept_content": "%{json.escape(req.http.Accept)}V",
+     "request_accept_language": "%{json.escape(req.http.Accept-Language)}V",
+     "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V",
+     "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V",
+     "request_connection": "%{json.escape(req.http.Connection)}V",
+     "request_dnt": "%{json.escape(req.http.DNT)}V",
+     "request_forwarded": "%{json.escape(req.http.Forwarded)}V",
+     "request_via": "%{json.escape(req.http.Via)}V",
+     "request_cache_control": "%{json.escape(req.http.Cache-Control)}V",
+     "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V",
+     "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V",
      "status": "%{resp.status}V",
-     "content_type": "%{cstr_escape(resp.http.Content-Type)}V",
+     "content_type": "%{json.escape(resp.http.Content-Type)}V",
      "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V",
      "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V",
-     "response_age": "%{cstr_escape(resp.http.Age)}V",
-     "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V",
-     "response_expires": "%{cstr_escape(resp.http.Expires)}V",
-     "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V",
-     "response_tsv": "%{cstr_escape(resp.http.TSV)}V",
+     "response_age": "%{json.escape(resp.http.Age)}V",
+     "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V",
+     "response_expires": "%{json.escape(resp.http.Expires)}V",
+     "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V",
+     "response_tsv": "%{json.escape(resp.http.TSV)}V",
      "geo_datacenter": "%{server.datacenter}V",
      "geo_city": "%{client.geo.city}V",
      "geo_country_code": "%{client.geo.country_code}V",
@@ -152,39 +152,39 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "protocol": "%{req.proto}V",
     "host": "%{req.http.Fastly-Orig-Host}V",
     "origin_host": "%{req.http.Host}V",
-    "url": "%{cstr_escape(req.url)}V",
+    "url": "%{json.escape(req.url)}V",
     "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V",
     "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V",
-    "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V",
-    "tls_client_servername": "%{cstr_escape(tls.client.servername)}V",
-    "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V",
-    "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V",
-    "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V",
+    "tls_client_protocol": "%{json.escape(tls.client.protocol)}V",
+    "tls_client_servername": "%{json.escape(tls.client.servername)}V",
+    "tls_client_cipher": "%{json.escape(tls.client.cipher)}V",
+    "tls_client_cipher_sha": "%{json.escape(tls.client.ciphers_sha)}V",
+    "tls_client_tlsexts_sha": "%{json.escape(tls.client.tlsexts_sha)}V",
     "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V",
     "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V",
     "h2_stream_id": "%{fastly_info.h2.stream_id}V",
-    "request_referer": "%{cstr_escape(req.http.Referer)}V",
-    "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-    "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
-    "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V",
-    "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V",
-    "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V",
-    "request_connection": "%{cstr_escape(req.http.Connection)}V",
-    "request_dnt": "%{cstr_escape(req.http.DNT)}V",
-    "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V",
-    "request_via": "%{cstr_escape(req.http.Via)}V",
-    "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V",
-    "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V",
-    "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V",
+    "request_referer": "%{json.escape(req.http.Referer)}V",
+    "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+    "request_accept_content": "%{json.escape(req.http.Accept)}V",
+    "request_accept_language": "%{json.escape(req.http.Accept-Language)}V",
+    "request_accept_encoding": "%{json.escape(req.http.Accept-Encoding)}V",
+    "request_accept_charset": "%{json.escape(req.http.Accept-Charset)}V",
+    "request_connection": "%{json.escape(req.http.Connection)}V",
+    "request_dnt": "%{json.escape(req.http.DNT)}V",
+    "request_forwarded": "%{json.escape(req.http.Forwarded)}V",
+    "request_via": "%{json.escape(req.http.Via)}V",
+    "request_cache_control": "%{json.escape(req.http.Cache-Control)}V",
+    "request_x_requested_with": "%{json.escape(req.http.X-Requested-With)}V",
+    "request_x_forwarded_for": "%{json.escape(req.http.X-Forwarded-For)}V",
     "status": "%{resp.status}V",
-    "content_type": "%{cstr_escape(resp.http.Content-Type)}V",
+    "content_type": "%{json.escape(resp.http.Content-Type)}V",
     "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V",
     "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V",
-    "response_age": "%{cstr_escape(resp.http.Age)}V",
-    "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V",
-    "response_expires": "%{cstr_escape(resp.http.Expires)}V",
-    "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V",
-    "response_tsv": "%{cstr_escape(resp.http.TSV)}V",
+    "response_age": "%{json.escape(resp.http.Age)}V",
+    "response_cache_control": "%{json.escape(resp.http.Cache-Control)}V",
+    "response_expires": "%{json.escape(resp.http.Expires)}V",
+    "response_last_modified": "%{json.escape(resp.http.Last-Modified)}V",
+    "response_tsv": "%{json.escape(resp.http.TSV)}V",
     "geo_datacenter": "%{server.datacenter}V",
     "geo_city": "%{client.geo.city}V",
     "geo_country_code": "%{client.geo.country_code}V",
@@ -214,7 +214,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "waf_rule_id": "%{waf.rule_id}V",
     "waf_severity": "%{waf.severity}V",
     "waf_passed": "%{waf.passed}V",
-    "waf_logdata": "%{cstr_escape(waf.logdata)}V",
+    "waf_logdata": "%{json.escape(waf.logdata)}V",
     "waf_executed": "%{waf.executed}V",
     "waf_anomaly_score": "%{waf.anomaly_score}V",
     "waf_sql_score": "%{waf.sql_injection_score}V",
@@ -225,7 +225,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda
     "waf_php_score": "%{waf.php_injection_score}V",
     "waf_rce_score": "%{waf.rce_score}V",
     "waf_session_fixation_score": "%{waf.session_fixation_score}V",
-    "waf_message": "%{cstr_escape(waf.message)}V"
+    "waf_message": "%{json.escape(waf.message)}V"
     }
     ```
     </details>
@@ -251,10 +251,10 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "request": "%{req.request}V",
     "protocol": "%{req.proto}V",
     "origin_host": "%{req.http.Host}V",
-    "url": "%{cstr_escape(req.url)}V",
-    "request_referer": "%{cstr_escape(req.http.Referer)}V",
-    "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V",
-    "request_accept_content": "%{cstr_escape(req.http.Accept)}V",
+    "url": "%{json.escape(req.url)}V",
+    "request_referer": "%{json.escape(req.http.Referer)}V",
+    "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
+    "request_accept_content": "%{json.escape(req.http.Accept)}V",
     "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE|NONE)).*\", \"\\2\\3\")}V",
     "geo_datacenter": "%{server.datacenter}V",
     "geo_city": "%{client.geo.city}V",
@@ -268,7 +268,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "waf_rule_id": "%{waf.rule_id}V",
     "waf_severity": "%{waf.severity}V",
     "waf_passed": "%{waf.passed}V",
-    "waf_logdata": "%{cstr_escape(waf.logdata)}V",
+    "waf_logdata": "%{json.escape(waf.logdata)}V",
     "waf_executed": "%{waf.executed}V",
     "waf_anomaly_score": "%{waf.anomaly_score}V",
     "waf_sql_score": "%{waf.sql_injection_score}V",
@@ -279,7 +279,7 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to add
     "waf_php_score": "%{waf.php_injection_score}V",
     "waf_rce_score": "%{waf.rce_score}V",
     "waf_session_fixation_score": "%{waf.session_fixation_score}V",
-    "waf_message": "%{cstr_escape(waf.message)}V"
+    "waf_message": "%{json.escape(waf.message)}V"
   }
   ```
 

docs/manage/partitions/flex/faq.md

@@ -91,8 +91,9 @@ We recommend you configure partitions to have less than 5 TB per day flowing int
 
 Default scope allows you to include or exclude the partitions in the search query, helping you to optimize the search cost. For example, if a query needs to run through 10 partitions, which consumes about 10 GB of search data, narrowing the search query using the default scope can improve the query performance and reduce scan cost. You can modify the default scope by selecting or deselecting the **Include this partition in default scope** checkbox when creating/updating your partition. Let's say that out of 10 partitions, you excluded two partitions. Now, when you run a query that does not have `_index` / `_view` term referenced in the query, the search will only consider the included partitions, reducing the amount of data scanned and lowering the cost.
 
+If you do not specify a partition name using `_index` or `_view`, or if you do not use metadata fields in your query scope that correspond to the routing expression of a partition, you will be billed for all default scope partitions that are not explicitly excluded. This also includes the `sumologic_default` partition.
 
-When partitions are marked as included and `_index` or `_view` is not referenced in the query, all included partitions will be considered by default. Default scope is also useful when `AND` or `OR` conditions are used in the query with `_index`. For example, consider you have three partitions: Partition A (Excluded), Partition B (Included), and Partition C (Included). Below are some scenarios:
+When partitions are marked as included and `_index` or `_view` is not referenced in the query, all partitions part of default scope will be considered by default. Default scope is also useful when `AND` or `OR` conditions are used in the query with `_index`. For example, consider you have three partitions: Partition A (Excluded), Partition B (Included), and Partition C (Included). Below are some scenarios:
 
 - When you run the query without referring to `_index`, for example `error | count`, only Partition B and Partition C will be considered for the query, as Partition A is excluded from the default scope. 
 - When you run a query referring to an index term, for example `_index="Partition A"`, only Partition A will be considered for the query. 

docs/search/get-started-with-search/search-page/log-level.md

@@ -54,7 +54,9 @@ Sumo Logic detects five log levels out of the box: FATAL, ERROR, WARN, INFO, and
 
 Log-Level pattern detection is automatic, meaning you do not need to parse log levels manually or write specific queries to see your distribution of error logs. 
 
-If the log message is in JSON format, the log level detection method searches for the presence of keys such as "level", "Level", "loglevel", "logLevel", "Loglevel", "LogLevel", "log_level", "log-level", "Log_Level", "Log_level", "severity", or "_loglevel." If any of these keys are identified in the log message, their corresponding values will be considered and displayed in the results. And if the log message is in a non-JSON format, the log level detection method looks for keywords such as "debug", "info/information", "warn/warning", and "error." If any of these keywords are found in the log message, their corresponding values will be considered and displayed in the results. 
+If the log message is in JSON format, the log level detection method searches for the presence of keys such as "level", "Level", "loglevel", "logLevel", "Loglevel", "LogLevel", "log_level", "log-level", "Log_Level", "Log_level", "severity", or "_loglevel". If any of these keys are identified in the log message, their corresponding values will be considered and displayed in the results. If any of these specified log level keys are not found in JSON log messages, the log level detection method falls back to a plain text search for terms like "debug", "info/information", "warn/warning", and "error." But this fallback mechanism can result in false positives, especially when these terms appear in other contexts like encoded data fields.
+
+And if the log message is in a non-JSON format, the log level detection method looks for keywords such as "debug", "info/information", "warn/warning", and "error". If any of these keywords are found in the log message, their corresponding values will be considered and displayed in the results. 
 
 :::info
 If multiple log levels are detected in the message, they will be prioritized in the following order: ERROR > WARN > INFO > DEBUG.