Skip to content

Update deletion-requests.md #4865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 12, 2024
Merged

Update deletion-requests.md #4865

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
236aabc
Update deletion-requests.md
JV0812 Dec 11, 2024
2284af7
Merge branch 'main' into deletion-requests
JV0812 Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 17 additions & 16 deletions docs/manage/deletion-requests.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,27 @@ Data cannot be recovered once it gets deleted. Ensure that you have appropriatel

### From a Log Search

#### Delete audit events

The Audit Event Index has detailed JSON logs. To search for audit events for data deletion logs, use metadata field `_sourceCategory=deletionRule`. For example, to search for data deletion logs you would use the query:

```
(_index=sumologic_audit_events) AND _sourceCategory=deletionRule
```

#### Delete system events
1. In the **Log Search**, search for the required logs that needs to be deleted.
1. Click the cog icon, then in the dropdown, select **Create Deletion Request**.<br/><img src={useBaseUrl('img/search/get-started-search/deletion-request.png')} alt="deletion request" style={{border: '1px solid gray'}} width="400"/>
1. In the popup window, enter a **Name** and **Reason** for your data deletion request, then click **Create Request**.

#### Delete events

The System Event Index has detailed JSON logs. To search for system events for data deletion logs, use metadata field `_sourceCategory=deletionRule`. For example, to search for data deletion logs you would use the query:
The Audit Event Index and System Event Index has detailed JSON logs. To search for audit events or system events for data deletion logs, use metadata field `_sourceCategory=deletionRule`.

```
(_index=sumologic_system_events) AND _sourceCategory=deletionRule
```sql
(_index=sumologic_*_events) AND _sourceCategory=deletionRule
| json field=_raw "resourceIdentity.name" as name nodrop
| json field=_raw "resourceIdentity.id" as id nodrop
| json field=_raw "eventName"
| json field=_raw "operator.interface" as operator nodrop
| json field=_raw "operator.email" as email nodrop

| count by _messagetime,eventname,name,id,operator,email,_view
| sort _messagetime asc
```

1. In the **Log Search**, search for the required logs that needs to be deleted.
1. Click the cog icon, then in the dropdown, select **Create Deletion Request**.<br/><img src={useBaseUrl('img/search/get-started-search/deletion-request.png')} alt="deletion request" style={{border: '1px solid gray'}} width="400"/>
1. In the popup window, enter a **Name** and **Reason** for your data deletion request, then click **Create Request**.
The events `DeletionRuleCreated` and `DeletionRuleStateUpdated` are contained in the `sumologic_audit_events` index and `DeletionRuleProcessingConcluded` is in the `sumologic_system_events` index.

## Cancel a deletion request

Expand Down Expand Up @@ -100,4 +101,4 @@ Each deletion request is limited to 100,000 messages. This means that any deleti

### Supported operators

Currently, we only support [`as`](/docs/search/search-query-language/search-operators/as), [`concat`](/docs/search/search-query-language/search-operators/concat), [`contains`](/docs/search/search-query-language/search-operators/contains), [`decToHex`](/docs/search/search-query-language/search-operators/dectohex), [`floor`](/docs/search/search-query-language/math-expressions/floor), [`if`](/docs/search/search-query-language/search-operators/if), [`in`](/docs/search/search-query-language/search-operators/in), [`lookup`](/docs/search/search-query-language/search-operators/lookup), [`toLower`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), [`matches`](/docs/search/search-query-language/search-operators/matches), [`parse`](/docs/search/search-query-language/parse-operators), [`toUpper`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), and [`where`](/docs/search/search-query-language/search-operators/where) search query operators.
Currently, we only support [`as`](/docs/search/search-query-language/search-operators/as), [`concat`](/docs/search/search-query-language/search-operators/concat), [`contains`](/docs/search/search-query-language/search-operators/contains), [`decToHex`](/docs/search/search-query-language/search-operators/dectohex), [`floor`](/docs/search/search-query-language/math-expressions/floor), [`if`](/docs/search/search-query-language/search-operators/if), [`in`](/docs/search/search-query-language/search-operators/in), [`lookup`](/docs/search/search-query-language/search-operators/lookup), [`toLower`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), [`matches`](/docs/search/search-query-language/search-operators/matches), [`parse`](/docs/search/search-query-language/parse-operators), [`toUpper`](/docs/search/search-query-language/search-operators/tolowercase-touppercase), and [`where`](/docs/search/search-query-language/search-operators/where) search query operators.
Loading