})
diff --git a/docs/alerts/monitors/use-playbooks-with-monitors.md b/docs/alerts/monitors/use-playbooks-with-monitors.md
index 5035fac189..fba68a10ac 100644
--- a/docs/alerts/monitors/use-playbooks-with-monitors.md
+++ b/docs/alerts/monitors/use-playbooks-with-monitors.md
@@ -6,6 +6,7 @@ description: Learn how to use Automation Service playbooks with monitors.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
This article describes how to configure automated playbooks in monitors. An *automated playbook* is a [playbook in the Automation Service](/docs/platform-services/automation-service/automation-service-playbooks/), and is a predefined set of actions and conditional statements that run in an automated workflow to respond to an event. For example, suppose that a monitor detects suspicious behavior that could indicate a security problem. When the monitor sends the alert, it could also run an automated playbook to respond to the event.
@@ -83,21 +84,34 @@ An anomaly monitor is triggered when unusual conditions are detected. Anomaly mo
Weekly seasonality detection is turned off by default to optimize performance. [Contact Sumo Logic Customer Support](https://support.sumologic.com/support/s/contactsupport) to activate it for specific monitors. (*Weekly seasonality detection* is the optimization of baseline calculations to account for the variations of data flow that can occur in a work week.)
:::
+:::sumo Micro Lesson
Watch this micro lesson to learn about anomaly monitors.
+
+
+
+:::
To create an anomaly monitor that runs an automated playbook in response to an alert:
diff --git a/docs/apm/real-user-monitoring/configure-data-collection.md b/docs/apm/real-user-monitoring/configure-data-collection.md
index 0e15bcd6a6..074af9357d 100644
--- a/docs/apm/real-user-monitoring/configure-data-collection.md
+++ b/docs/apm/real-user-monitoring/configure-data-collection.md
@@ -14,6 +14,19 @@ To collect [traces](/docs/apm/traces) and RUM metrics from a browser, you'll fir
:::sumo Micro Lesson
Using the RUM HTTP Traces App for Manual Testing.
+
+
+
:::
## Prerequisites
diff --git a/docs/apm/real-user-monitoring/index.md b/docs/apm/real-user-monitoring/index.md
index 3c3b156fdb..f6d2a4ec60 100644
--- a/docs/apm/real-user-monitoring/index.md
+++ b/docs/apm/real-user-monitoring/index.md
@@ -26,6 +26,19 @@ All data collected is compatible with OpenTelemetry and doesn't use proprietary
:::sumo Micro Lesson
See Real User Monitoring in action.
+
+
+
:::
diff --git a/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/java/index.md b/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/java/index.md
index 2edbb55e8f..3d1e278598 100644
--- a/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/java/index.md
+++ b/docs/apm/traces/get-started-transaction-tracing/opentelemetry-instrumentation/java/index.md
@@ -10,8 +10,20 @@ Perhaps the most convenient way to start capturing telemetry from Java (or, gene
import Iframe from 'react-iframe';
:::sumo Micro Lesson
-Tutorial: Auto-instrumentation of a Java app by OpenTelemetry for K8s Environment.
+
+
+
:::
diff --git a/docs/apm/traces/quickstart.md b/docs/apm/traces/quickstart.md
index adcb593371..897da5b4ad 100644
--- a/docs/apm/traces/quickstart.md
+++ b/docs/apm/traces/quickstart.md
@@ -21,12 +21,26 @@ You can access Traces if your Sumo Logic service package has been upgraded to in
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access Traces, go to the **Home** screen and select **Traces**.
[**New UI**](/docs/get-started/sumo-logic-ui/). To access Traces, in the main Sumo Logic menu, select **Observability**, and then under **Application Monitoring**, select **Transaction Traces**. You can also click the **Go To...** menu at the top of the screen and select **Transaction Traces**.
-
-## Micro Lesson
+## Micro lesson
+
+:::sumo Micro Lesson
This micro lesson can help you get started with Tracing.
+
+
+
+:::
Trace data is visualized through filtered trace lists and icicle charts allowing you to find and troubleshoot faulty transactions easily. See how easy it is to [view and investigate traces](view-and-investigate-traces.md).
diff --git a/docs/apm/traces/spans.md b/docs/apm/traces/spans.md
index d2d097f022..2c15ab7907 100644
--- a/docs/apm/traces/spans.md
+++ b/docs/apm/traces/spans.md
@@ -31,6 +31,19 @@ import Iframe from 'react-iframe';
This micro lesson provides an overview of Span Analytics, and describes the term Span in the distributed tracing and the benefits of Span Analytics. It also explains how to perform Span Analytics in Sumo Logic UI.
+
+
+
:::
diff --git a/docs/cloud-soar/incidents-triage.md b/docs/cloud-soar/incidents-triage.md
index 5d29863d7b..e8fad0afd2 100644
--- a/docs/cloud-soar/incidents-triage.md
+++ b/docs/cloud-soar/incidents-triage.md
@@ -28,8 +28,22 @@ Incidents are events that require investigation and remediation. Incidents are a
[**New UI**](/docs/cloud-soar/overview#new-ui). To access incidents, in the main Sumo Logic menu select **Cloud SOAR > Incidents**. You can also click the **Go To...** menu at the top of the screen and select **Incidents**.
+:::sumo Micro Lesson
Watch this micro lesson to learn more about incidents in Cloud SOAR.
+
+
+
+:::
### Filter incidents
The **Incidents** screen lists all Cloud SOAR incidents. Clicking on any of the incident IDs will open the incident. You can configure what incidents are displayed by creating queries against available incident data and saving them as incident filters.
@@ -317,8 +333,23 @@ To explore entities:
Cloud SOAR's **Dashboards** section highlights the most important pieces of data to the user or investigator who is logged into the platform. This data is presented through the use of multiple widgets that you can add, remove, and customize to include all data relevant to your job functions and duties.
+:::sumo Micro Lesson
+
Watch the following micro lesson to learn about dashboards.
+
+
+
+
+:::
### Create a dashboard
diff --git a/docs/cloud-soar/legacy/legacy-global-functions-menu.md b/docs/cloud-soar/legacy/legacy-global-functions-menu.md
index b5570cc987..fa487e3d39 100644
--- a/docs/cloud-soar/legacy/legacy-global-functions-menu.md
+++ b/docs/cloud-soar/legacy/legacy-global-functions-menu.md
@@ -41,20 +41,6 @@ CBR solves new problems by adapting previously successful solutions to similar p
ARK assists operators during investigations in two main areas: Automatically suggesting/prompting next actions/tasks in Playbooks (until version 5) and Correlation/ Deduplication of similar threats into 1 unique incident.
-Watch this micro lesson to learn more about ARK.
-
-
-
-
#### Enable ARK
To enable ARK, click the cog icon, then **Settings** > **ARK** and make sure you have it set to **ON**.
diff --git a/docs/contributing/create-edit-doc.md b/docs/contributing/create-edit-doc.md
index b343c4930c..06e49d5e90 100644
--- a/docs/contributing/create-edit-doc.md
+++ b/docs/contributing/create-edit-doc.md
@@ -31,6 +31,19 @@ Submitting a minor fix, such as correcting a typo, is very easy and can be done
:::sumo Micro Lesson
Check out this brief tutorial on how to submit a basic change to our docs.
+
+
+
- View text instructions
diff --git a/docs/cse/administration/create-cse-actions.md b/docs/cse/administration/create-cse-actions.md index fc2725b868..1b15380485 100644 --- a/docs/cse/administration/create-cse-actions.md +++ b/docs/cse/administration/create-cse-actions.md @@ -6,6 +6,7 @@ description: You can use Cloud SIEM actions to issue notifications to another se --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic has instructions for configuring Cloud SIEM actions. @@ -29,8 +30,23 @@ You can use Cloud SIEM actions to issue a notification to another service when c An action can be configured for insight-related activity as described below in [Insight actions](#insight-actions). You can also configure an action to be run when a rule is automatically disabled, as described below in [Rule actions](#rule-actions). +:::sumo Micro Lesson + Watch this micro lesson to learn how to configure an action. + + + -import Iframe from 'react-iframe'; - +::: ## Insight actions diff --git a/docs/cse/administration/create-cse-context-actions.md b/docs/cse/administration/create-cse-context-actions.md index 627f89fc22..bb30237c2b 100644 --- a/docs/cse/administration/create-cse-context-actions.md +++ b/docs/cse/administration/create-cse-context-actions.md @@ -6,6 +6,7 @@ description: Learn about context actions, options that a Cloud SIEM analyst can --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic has information about Cloud SIEM context actions and how to create them. @@ -35,8 +36,23 @@ In the screenshot below, context actions are listed below the built-in **Add to If an action name is shown in red font, that indicates that the action depends on a record field that doesn’t exist. +:::sumo Micro Lesson + Watch this micro lesson to learn more about how to use context actions. + + + -import Iframe from 'react-iframe'; +::: ## Configure a context action diff --git a/docs/cse/administration/create-custom-threat-intel-source.md b/docs/cse/administration/create-custom-threat-intel-source.md index 8a63f7c8a1..b17368f075 100644 --- a/docs/cse/administration/create-custom-threat-intel-source.md +++ b/docs/cse/administration/create-custom-threat-intel-source.md @@ -12,21 +12,6 @@ This topic has information about setting up a *custom threat intelligence source You can set up and populate custom threat intelligence sources interactively from the Cloud SIEM UI, by uploading a .csv file, or using Cloud SIEM APIs. You can populate the sources with IP addresses, hostnames, URLs, email addresses, and file hashes. -Watch this micro lesson to learn more about Cloud SIEM threat intelligence. - - - -import Iframe from 'react-iframe'; - ### How Cloud SIEM uses indicators When Cloud SIEM encounters an indicator from your threat source in an incoming diff --git a/docs/cse/administration/mitre-coverage.md b/docs/cse/administration/mitre-coverage.md index cd86d18088..a28b64e4e4 100644 --- a/docs/cse/administration/mitre-coverage.md +++ b/docs/cse/administration/mitre-coverage.md @@ -22,9 +22,23 @@ Coverage data is updated on the page once a day. To determine your coverage, the * To run APIs to get information on coverage, see [MITRE ATT&CK coverage APIs](#mitre-attck-coverage-apis). ::: +:::sumo Micro Lesson + Watch this micro lesson to learn about the MITRE ATT&CK Threat Coverage Explorer. - - +::: ## User interface diff --git a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md index a648ddfeb4..314b7f0143 100644 --- a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md +++ b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md @@ -6,6 +6,7 @@ description: Learn about the contents of the insights UI in Cloud SIEM. --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic describes the Cloud SIEM UI for working with insights. @@ -231,8 +232,23 @@ In addition, the following can appear in the graph: * **Threat indicators**. Any entity with a threat indicator will have an additional icon in the upper right. If the threat indicator is Malicious or Suspicious, the entity will be highlighted in red or yellow accordingly. * **Hover**. If you hover over an entity, it and all connections to it will be highlighted in blue. If its value is not fully visible by default, the full value will be displayed. +:::sumo Micro Lesson + Watch this micro lesson to learn more about the entity relationship graph. + + + -import Iframe from 'react-iframe'; +::: #### Entity details in the right pane diff --git a/docs/cse/get-started-with-cloud-siem/insight-generation-process.md b/docs/cse/get-started-with-cloud-siem/insight-generation-process.md index cedd0ef53e..fc52b4c94d 100644 --- a/docs/cse/get-started-with-cloud-siem/insight-generation-process.md +++ b/docs/cse/get-started-with-cloud-siem/insight-generation-process.md @@ -6,13 +6,28 @@ description: Learn how Cloud SIEM correlates signals by entity to create insight --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This page explains Cloud SIEM's insight generation process. The concept of an *entity* is central to the process Cloud SIEM uses to correlate signals and create insights. So, what is an entity? In Cloud SIEM, an entity is a actor, for example, a hostname, username, or MAC address encountered in an incoming message. For more information about entities and entity types, see [View and Manage Entities](/docs/cse/records-signals-entities-insights/view-manage-entities). +:::sumo Micro Lesson Watch this micro lesson to learn how insights are created. + + + -import Iframe from 'react-iframe'; - +::: ## Entities in messages are mapped to entity-type schema attributes diff --git a/docs/cse/ingestion/sumo-logic-ingest-mapping.md b/docs/cse/ingestion/sumo-logic-ingest-mapping.md index fe6f9fd841..6732da851c 100644 --- a/docs/cse/ingestion/sumo-logic-ingest-mapping.md +++ b/docs/cse/ingestion/sumo-logic-ingest-mapping.md @@ -6,6 +6,7 @@ description: Learn how to configure Sumo Logic and Cloud SIEM to enable Sumo Log --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic has instructions for creating a Cloud SIEM ingest mapping for a data source. An ingest mapping gives Cloud SIEM the information it needs in order to map message fields to record attributes. These are referred to as mapping hints, and include: Format, Vendor, Product, and Event ID Pattern. @@ -13,8 +14,23 @@ This topic has instructions for creating a Cloud SIEM ingest mapping for a data The use of ingest mappings is recommended only if there is no Sumo Logic parser or Cloud-to-Cloud connector for the target data source. For more information, see [Cloud SIEM Ingestion Best Practices](/docs/cse/ingestion/cse-ingestion-best-practices/). ::: +:::sumo Micro Lesson + Watch this micro lesson to learn more about ingest mapping for Cloud SIEM: + + + -import Iframe from 'react-iframe'; Watch this micro lesson to learn about forwarding ingested data to Cloud SIEM: + + + +::: ## Before you start diff --git a/docs/cse/records-signals-entities-insights/global-intelligence-security-insights.md b/docs/cse/records-signals-entities-insights/global-intelligence-security-insights.md index f703674feb..342d988f8a 100644 --- a/docs/cse/records-signals-entities-insights/global-intelligence-security-insights.md +++ b/docs/cse/records-signals-entities-insights/global-intelligence-security-insights.md @@ -5,11 +5,27 @@ description: Insight Confidence scores, predicted by Sumo Logic’s Global Intel --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This page describes Global Intelligence for security insights, implemented in Cloud SIEM as Global Confidence scores. This feature helps security analysts triage and prioritize insights. +:::sumo Micro Lesson + Watch this micro lesson to learn more about Global Intelligence for insights. + + + -import Iframe from 'react-iframe'; +::: ## What is a Global Confidence score? An insight’s Global Confidence score represents a level of confidence, predicted by Sumo Logic’s Global Intelligence machine learning model, that the insight is actionable. diff --git a/docs/cse/records-signals-entities-insights/view-manage-entities.md b/docs/cse/records-signals-entities-insights/view-manage-entities.md index 9b2fa3bbf5..f9ed7e5663 100644 --- a/docs/cse/records-signals-entities-insights/view-manage-entities.md +++ b/docs/cse/records-signals-entities-insights/view-manage-entities.md @@ -9,6 +9,7 @@ keywords: --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic has information about the **Entities** page in Cloud SIEM UI, which lists all of the entities in Cloud SIEM and their activity scores, and the **Entities > Details** page, which presents information about a particular entity, including signals and insights associated with the entity. @@ -16,8 +17,23 @@ The **Entities** page is useful for monitoring entities that are close to having You can also update the [tags](/docs/cse/records-signals-entities-insights/tags-insights-signals-entities-rules/), [suppression](/docs/cse/records-signals-entities-insights/about-signal-suppression/) state, and [criticality](/docs/cse/records-signals-entities-insights/entity-criticality/) assigned to entities, as described below in the [Update multiple entities](#update-multiple-entities) section below. +:::sumo Micro Lesson + Watch this micro lesson to learn more about entities. + + + -import Iframe from 'react-iframe'; +::: ## About entities diff --git a/docs/cse/rules/about-cse-rules.md b/docs/cse/rules/about-cse-rules.md index a33d7599b9..23d9dc8057 100644 --- a/docs/cse/rules/about-cse-rules.md +++ b/docs/cse/rules/about-cse-rules.md @@ -6,6 +6,7 @@ description: Learn about Cloud SIEM rules, rules syntax, and how to write rules. --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; A Cloud SIEM rule is logic that fires based on information in incoming records. When a rule fires, it creates a signal. @@ -17,8 +18,23 @@ A Cloud SIEM rule is logic that fires based on information in incoming records. For a complete list of out-of-the-box rules, see [Rules](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/rules/README.md) in the [Cloud SIEM Content Catalog](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/README.md). ::: +:::sumo Micro Lesson + Watch this micro lesson to learn more about rules. + + + -import Iframe from 'react-iframe'; - +::: ## About rule expressions diff --git a/docs/cse/rules/insight-trainer.md b/docs/cse/rules/insight-trainer.md index 2e2eed7990..52302a882c 100644 --- a/docs/cse/rules/insight-trainer.md +++ b/docs/cse/rules/insight-trainer.md @@ -10,11 +10,27 @@ keywords: --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; [Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse#insight-trainer) is a dashboard in the Enterprise Audit - Cloud SIEM app. Insight Trainer offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity signals, resulting in generation of more meaningful insights. +:::sumo Micro Lesson + Watch this micro lesson to learn how to use the Insight Trainer dashboard. + + + -import Iframe from 'react-iframe'; +::: ## About Insight Trainer diff --git a/docs/cse/rules/rule-tuning-expressions.md b/docs/cse/rules/rule-tuning-expressions.md index e9bf5ca950..68d1323fb3 100644 --- a/docs/cse/rules/rule-tuning-expressions.md +++ b/docs/cse/rules/rule-tuning-expressions.md @@ -6,6 +6,7 @@ description: Rule tuning expressions allow you to tailor the logic of a built-in --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; This topic has instructions for creating and using tuning expressions for rules. @@ -41,8 +42,23 @@ Here’s what the example tuning expression looks like in the Cloud SIEM UI. Writing a tuning expression is just like writing a rule expression. A tuning expression can use metadata, record fields, and Cloud SIEM [rules language](/docs/cse/rules/cse-rules-syntax) functions. For more information, see [About rule expressions](/docs/cse/rules/about-cse-rules#about-rule-expressions). +:::sumo Micro Lesson + Watch this micro lesson to learn how to create a rule tuning expression. + + + -import Iframe from 'react-iframe'; +::: ## Create a tuning expression diff --git a/docs/cse/rules/write-aggregation-rule.md b/docs/cse/rules/write-aggregation-rule.md index 8c6e26d3c0..c8aad6d533 100644 --- a/docs/cse/rules/write-aggregation-rule.md +++ b/docs/cse/rules/write-aggregation-rule.md @@ -7,6 +7,7 @@ description: Learn how to write an aggregation rule. import useBaseUrl from '@docusaurus/useBaseUrl'; import CseRule from '../../reuse/cse-rule-description-links.md'; +import Iframe from 'react-iframe'; This topic has information about Cloud SIEM aggregation rules and how to write them. @@ -37,8 +38,23 @@ The screenshot below shows the **If Triggered** configuration for the example ru})
+:::sumo Micro Lesson
+
Watch this micro lesson to learn how to create an aggregation rule.
+
+
+
-import Iframe from 'react-iframe';
-
+:::
## Create an aggregation rule
diff --git a/docs/cse/rules/write-chain-rule.md b/docs/cse/rules/write-chain-rule.md
index 82ce25a376..77192fd78e 100644
--- a/docs/cse/rules/write-chain-rule.md
+++ b/docs/cse/rules/write-chain-rule.md
@@ -7,6 +7,8 @@ description: Learn how to write a chain rule.
import useBaseUrl from '@docusaurus/useBaseUrl';
import CseRule from '../../reuse/cse-rule-description-links.md';
+import Iframe from 'react-iframe';
+
This topic has information about chain rules and how to create them in the Cloud SIEM UI.
@@ -18,8 +20,23 @@ If you are new to writing rules, see [About Cloud SIEM Rules](/docs/cse/rules/
A chain rule is similar to a threshold rule. A threshold rule fires when one rule expression is matched at least a certain number times during a specified length of time. In a chain rule you configure two more rule expressions, and for each expression, the number of matches that are required for the rule to fire a signal. The interval you define within which the matches must occur applies to all of the rule expressions in the rule.
+:::sumo Micro Lesson
+
Watch this micro lesson to learn how to create a chain rule.
+
+
+
-import Iframe from 'react-iframe';
+:::
## Create a chain rule
diff --git a/docs/cse/rules/write-first-seen-rule.md b/docs/cse/rules/write-first-seen-rule.md
index cedcf686f1..de2be22bf0 100644
--- a/docs/cse/rules/write-first-seen-rule.md
+++ b/docs/cse/rules/write-first-seen-rule.md
@@ -12,7 +12,7 @@ keywords:
import useBaseUrl from '@docusaurus/useBaseUrl';
import CseRule from '../../reuse/cse-rule-description-links.md';
-
+import Iframe from 'react-iframe';
This topic has information about first seen rules and how to create them in the Cloud SIEM UI.
:::tip
@@ -37,8 +37,23 @@ Sumo Logic ensures that rule processing does not impact the reliability of produ
On the rule detail page, if you hover over the degraded message, you will usually see more details about what tripped the circuit breaker and how to resolve the problem. Generally speaking, a rule that is degraded probably needs to be tuned for your specific environment.
:::
+:::sumo Micro Lesson
+
Watch this micro lesson to learn more about first seen rules.
+
+
+
-import Iframe from 'react-iframe';
+:::
## Example rule
The screenshot below shows a first seen rule in the Cloud SIEM rules editor. For an explanation of the configuration options, see [Create a first seen rule](#create-a-first-seen-rule), below.
diff --git a/docs/cse/rules/write-match-rule.md b/docs/cse/rules/write-match-rule.md
index af1f076bd6..d50d6ede95 100644
--- a/docs/cse/rules/write-match-rule.md
+++ b/docs/cse/rules/write-match-rule.md
@@ -7,6 +7,7 @@ description: Learn how to write a match rule.
import useBaseUrl from '@docusaurus/useBaseUrl';
import CseRule from '../../reuse/cse-rule-description-links.md';
+import Iframe from 'react-iframe';
This topic has information about match rules and how to create them in the Cloud SIEM UI.
@@ -28,8 +29,23 @@ metadata_vendor = 'Amazon AWS' AND metadata_product = 'CloudTrail' AND metadata_
This rule fires a signal each time a UserPoolClient, which has permission to call unauthenticated API operations, is created.
+:::sumo Micro Lesson
+
Watch this micro lesson to learn how to create a match rule.
+
+
+
-import Iframe from 'react-iframe';
+:::
## Create a match rule
diff --git a/docs/cse/rules/write-outlier-rule.md b/docs/cse/rules/write-outlier-rule.md
index 00bc032ec0..3316970db9 100644
--- a/docs/cse/rules/write-outlier-rule.md
+++ b/docs/cse/rules/write-outlier-rule.md
@@ -12,6 +12,7 @@ keywords:
import useBaseUrl from '@docusaurus/useBaseUrl';
import CseRule from '../../reuse/cse-rule-description-links.md';
+import Iframe from 'react-iframe';
This topic has information about outlier rules and how to create them in the Cloud SIEM UI.
@@ -44,8 +45,23 @@ Sumo Logic ensures that rule processing does not impact the reliability of produ
On the rule detail page, if you hover over the degraded message, you will usually see more details about what tripped the circuit breaker and how to resolve the problem. Generally speaking, a rule that is degraded probably needs to be tuned for your specific environment.
:::
+:::sumo Micro Lesson
+
Watch this micro lesson to learn more about outlier rules.
+
+
+
-import Iframe from 'react-iframe';
+:::
## Example rule
diff --git a/docs/cse/rules/write-threshold-rule.md b/docs/cse/rules/write-threshold-rule.md
index bdaafdb9f0..53abad476f 100644
--- a/docs/cse/rules/write-threshold-rule.md
+++ b/docs/cse/rules/write-threshold-rule.md
@@ -7,6 +7,7 @@ description: Learn how to write a threshold rule.
import useBaseUrl from '@docusaurus/useBaseUrl';
import CseRule from '../../reuse/cse-rule-description-links.md';
+import Iframe from 'react-iframe';
This topic has information about the threshold rules and how to create them in the Cloud SIEM UI.
@@ -16,8 +17,23 @@ If you are new to writing rules, see [About Cloud SIEM Rules](/docs/cse/rules/a
A threshold rule fires when its rule expression is matched at least a certain number of times during a specified length of time. For example, if there are five or more failed login attempts for the same IP address within one hour.
+:::sumo Micro Lesson
+
Watch this micro lesson to learn how to create a threshold rule.
+
+
+
-import Iframe from 'react-iframe';
+:::
## Create a threshold rule
diff --git a/docs/cse/schema/parser-editor.md b/docs/cse/schema/parser-editor.md
index b5bb23b1a5..257e14520d 100644
--- a/docs/cse/schema/parser-editor.md
+++ b/docs/cse/schema/parser-editor.md
@@ -21,8 +21,23 @@ See additional articles for more information about the Sumo Logic Cloud SIEM par
The instructions that follow assume that you have already written your parser code.
:::
+:::sumo Micro Lesson
+
Watch the following micro lesson to learn how to apply parsers to Cloud SIEM data sets.
+
+
+
+
+:::
## Check parser code for mapping hints
@@ -225,6 +243,8 @@ We provide a number of parsers to extract data for normalization (see [Parsers](
The parser templates cover common log formats and scenarios. Each template has two versions, one with verbose commentary on each component of the parser, and another without commentary that you can duplicate and use to quickly start creating a custom parser.
+:::sumo Micro Lesson
+
Watch the following video for a walkthrough of the parser templates.
+
+:::
diff --git a/docs/dashboards/create-dashboard-new.md b/docs/dashboards/create-dashboard-new.md
index 67f08c4f6e..535c8694be 100644
--- a/docs/dashboards/create-dashboard-new.md
+++ b/docs/dashboards/create-dashboard-new.md
@@ -11,8 +11,23 @@ This page demonstrates how to create a Dashboard, add a query, and then add the
Dashboard allows you to view logs and metrics data on the same dashboard in an integrated and seamless view. This gives you the same control over how your metrics and log data are visualized. Dashboard template capabilities provide for easier data scoping and intuitive chart creation.
+:::sumo Micro Lesson
+
Rather watch a short micro lesson video?
+
+
+
+:::
## Dashboard AutoSave
diff --git a/docs/dashboards/explore-view.md b/docs/dashboards/explore-view.md
index f8bd5be851..9ee9a95615 100644
--- a/docs/dashboards/explore-view.md
+++ b/docs/dashboards/explore-view.md
@@ -163,6 +163,19 @@ Navigation capabilities allow you to quickly locate the object that needs debugg
:::sumo micro lesson
+
+
+
:::
diff --git a/docs/dashboards/share-dashboard-new.md b/docs/dashboards/share-dashboard-new.md
index 70c4e518d7..cfde512979 100644
--- a/docs/dashboards/share-dashboard-new.md
+++ b/docs/dashboards/share-dashboard-new.md
@@ -5,16 +5,29 @@ description: Learn how to save a custom dashboard and then share it with others.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
-After you have created a custom Dashboard you may also want to share it with coworkers within your organization. This page walks you through these tasks.
+After you have created a custom dashboard you may also want to share it with coworkers within your organization. This page walks you through these tasks.
-Currently, you can only share a Dashboard within your organization.
+Currently, you can only share a dashboard within your organization.
import Iframe from 'react-iframe';
:::sumo Micro Lesson
-Share a Dashboard Inside Your Organization.
-
+Share a dashboard inside your organization.
+
+
+
+
+
:::
## Sharing a dashboard within your organization
diff --git a/docs/get-started/help.md b/docs/get-started/help.md
index ec0fd99e26..d0cbe5dd50 100644
--- a/docs/get-started/help.md
+++ b/docs/get-started/help.md
@@ -23,23 +23,6 @@ If you haven't found the answer to your question in our online help documentatio
On this site, you can log in with your account to access resources like Sumo Logic announcements, release notes, Knowledge Base articles, and more. You can also access the Sumo Logic Community in order to ask questions of fellow users.
-:::sumo Contacting Support
-Depending on your account type, you can also log a ticket with our support engineers.
-
-
-
-:::
-
-
### Terms and conditions
For Sumo Logic terms and conditions, see https://www.sumologic.com/support-terms.
diff --git a/docs/get-started/overview.md b/docs/get-started/overview.md
index 91251a7406..c1449dfa84 100644
--- a/docs/get-started/overview.md
+++ b/docs/get-started/overview.md
@@ -17,8 +17,22 @@ Visual displays of real-time data allow you to monitor the health, fitness, and
## Overview
+:::sumo Micro Lesson
Get to know Sumo Logic through our video, "Introduction to Sumo Logic".
+
+
+
+:::
## Benefits of using Sumo Logic
@@ -40,6 +56,19 @@ There are various factors to consider when implementing a Sumo Logic solution in
:::sumo micro lesson
Get to know more about the benefits of using Sumo Logic.
+
+
+
:::
@@ -97,8 +127,22 @@ This section describes local collection, centralized collection, and data collec
* [Local Collection](/docs/send-data/best-practices#local-and-centralized-data-collection). Review local collection and its pros and cons. Local collector installation is the concept of installing a collector agent onto each and every target machine (a 1-to-1 relationship between collectors and hosts). This concept is usually accomplished using some level of automation tooling (Chef, Puppet, Terraform, Ansible, Shell Scripting, etc.). The collectors will use the compute and memory resources from their host machines and will require outbound internet access in order to send the logs to Sumo Logic.
* [Centralized Collection](/docs/send-data/best-practices#local-and-centralized-data-collection). Review centralized collection and its pros and cons. Centralized collector installation involves dedicated collection machines that run the collector agent and collect logs from many different target machines at once (a 1-to-many relationship between collectors and hosts). This concept prevents resource usage on the target machines and removes the need for outbound internet access on the target machines.
-Get to know the Collection process through our video, "Data Collection Strategy".
-
+:::sumo Micro Lesson
+Get to know the collection process through our video, "Data Collection Strategy".
+
+
+
+
+:::
## Account configuration
diff --git a/docs/get-started/sumo-logic-ui.md b/docs/get-started/sumo-logic-ui.md
index bf9ba02f0c..1650163771 100644
--- a/docs/get-started/sumo-logic-ui.md
+++ b/docs/get-started/sumo-logic-ui.md
@@ -34,6 +34,19 @@ To opt in the new UI, log in to Sumo Logic, go to the Classic UI left navigation
:::sumo quickstart
Check out this overview video to get familiar with the New UI.
+
+
+
:::
## Home
diff --git a/docs/integrations/index.md b/docs/integrations/index.md
index d31be37bb2..caf73c7d83 100644
--- a/docs/integrations/index.md
+++ b/docs/integrations/index.md
@@ -28,9 +28,23 @@ To check if an app is supported by your pricing plan, see [Apps and Sumo Logic A
Learn the difference between our [Next-Gen Apps and Classic Apps](/docs/get-started/apps-integrations/#next-gen-apps).
:::
-:::sumo
+:::sumo Micro Lesson
Watch this tutorial to learn how to use our **App Catalog**.
+
+
+
+
+
:::
diff --git a/docs/integrations/sumo-apps/cse.md b/docs/integrations/sumo-apps/cse.md index 7f15a90769..b03badfdc8 100644 --- a/docs/integrations/sumo-apps/cse.md +++ b/docs/integrations/sumo-apps/cse.md @@ -6,11 +6,27 @@ description: The Enterprise Audit - Cloud SIEM app gives you visibility into wha --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; The Enterprise Audit - Cloud SIEM app gives you visibility into what’s going on in Cloud SIEM. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by Cloud SIEM. You can also get insight in Cloud SIEM rules, including rule management activity, and which rules have fired. +:::sumo Micro Lesson + Watch this micro lesson to learn more about the Enterprise Audit - Cloud SIEM app. + + + +::: ## Log types diff --git a/docs/integrations/sumo-apps/flex.md b/docs/integrations/sumo-apps/flex.md index 70f3a764ea..1a9e05c317 100644 --- a/docs/integrations/sumo-apps/flex.md +++ b/docs/integrations/sumo-apps/flex.md @@ -11,8 +11,22 @@ import Iframe from 'react-iframe'; With Sumo Logic Flex, you gain an efficient and centralized log analytics framework capable of managing enterprise-wide cloud-scale log ingestion without cost concerns. It aligns cost to business value and overcomes today’s ever-growing data challenge by only charging customers for data storage and analytics executed. This revolutionary new consumption model provides customers with a scalable and efficient log analytics architecture that grows to manage enterprise-wide and cloud-scale log ingestion without the risk of runaway costs. -
-})
:::
-
:::sumo Micro lesson
-Video: Quick Onboarding with Kubernetes.
-
+
+
+
:::
diff --git a/docs/observability/kubernetes/troubleshoot-with-explore.md b/docs/observability/kubernetes/troubleshoot-with-explore.md
index 1024cf1e57..642c5582a9 100644
--- a/docs/observability/kubernetes/troubleshoot-with-explore.md
+++ b/docs/observability/kubernetes/troubleshoot-with-explore.md
@@ -5,8 +5,25 @@ sidebar_label: Troubleshooting
description: Kubernetes views allow you to quickly locate the object in a physical stack that needs to be debugged.
---
+import Iframe from 'react-iframe';
+
[Kubernetes views](/docs/dashboards/explore-view/#kubernetes-views) allow you to quickly locate the object in a physical stack that needs to be debugged. This page walks you through a high-level troubleshooting scenario to illustrate the possibilities.
+:::sumo Micro Lesson
+
+
+
+
+
+:::
-import Iframe from 'react-iframe';
## Step 1: Analyze a cluster
diff --git a/docs/observability/reliability-management-slo/index.md b/docs/observability/reliability-management-slo/index.md
index 6f2e6d2439..4974f8d155 100644
--- a/docs/observability/reliability-management-slo/index.md
+++ b/docs/observability/reliability-management-slo/index.md
@@ -10,16 +10,27 @@ keywords:
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
A reliable end user experience is the key goal for observability. In complex systems, apps, service, and infrastructure can fail in unpredictable ways, resulting in a storm of potentially meaningless alerts. Reliability, as formalized in Service Level Objectives (SLOs), helps developers focusing on monitoring and troubleshooting user experience by measuring what matters to end users.
This guide provides an overview of Sumo Logic Reliability Management using Service-Level Objectives (SLO). This feature helps site reliability engineers (SREs) and product teams define and monitor SLOs through alerts and dashboards.
-import Iframe from 'react-iframe';
-
:::sumo Micro Lesson
-Reliability Management Using SLOs.
+
+
+
:::
diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md
index 472dc1da2f..91260ca39a 100644
--- a/docs/reuse/apps/create-aws-s3-source.md
+++ b/docs/reuse/apps/create-aws-s3-source.md
@@ -21,12 +21,6 @@ Enabling event-based notifications is an S3 bucket-level operation that subscrib
You can adjust the configuration of when and how AWS handles communication attempts with Sumo Logic. See [Setting Amazon SNS Delivery Retry Policies](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for details.
-:::sumo Micro Lesson
-
-[Watch this micro lesson video](https://www.youtube.com/embed/2vtjPfHQK1Q?rel=0) to learn more about our S3 event notifications integration, which combines scan based discovery and event-based discovery into a unified integration that gives you the ability to maintain a low latency integration for new content and provide assurances that no data was missed or dropped.
-
-:::
-
#### Create an AWS Source
These configuration instructions apply to log collection from all AWS Source types.
diff --git a/docs/search/behavior-insights/logreduce/index.md b/docs/search/behavior-insights/logreduce/index.md
index c1f6ea1352..f39edaf6a1 100644
--- a/docs/search/behavior-insights/logreduce/index.md
+++ b/docs/search/behavior-insights/logreduce/index.md
@@ -13,8 +13,23 @@ The LogReduce® algorithm uses fuzzy logic to cluster messages together based
The `summarize` operator has been renamed to `logreduce` to match the **LogReduce** button on the **Messages** tab. Both operators will continue to work in search queries as synonyms for a limited time. We recommend that you rewrite saved queries replacing summarize with LogReduce.
:::
+:::sumo Micro Lesson
+
Watch our video on LogReduce.
+
+
+
+:::
In this section, we'll introduce the following concepts:
diff --git a/docs/search/get-started-with-search/index.md b/docs/search/get-started-with-search/index.md
index 4fdc797d53..39a526ce09 100644
--- a/docs/search/get-started-with-search/index.md
+++ b/docs/search/get-started-with-search/index.md
@@ -5,13 +5,26 @@ description: Start here to begin exploring your data in Sumo Logic.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
-
import Iframe from 'react-iframe';
Learn how to build and run searches, review logs, and more.
+:::sumo Micro Lesson
Watch this micro lesson to get an introduction to search.
+
+
+
+:::
In this section, we'll introduce the following concepts:
diff --git a/docs/search/get-started-with-search/search-basics/about-search-basics.md b/docs/search/get-started-with-search/search-basics/about-search-basics.md
index 4065c74a6b..95ee9a7b3d 100644
--- a/docs/search/get-started-with-search/search-basics/about-search-basics.md
+++ b/docs/search/get-started-with-search/search-basics/about-search-basics.md
@@ -12,6 +12,19 @@ import Iframe from 'react-iframe';
How to search data using the Basic Search Mode in Sumo Logic.
+
+
+
:::
diff --git a/docs/search/get-started-with-search/search-basics/built-in-metadata.md b/docs/search/get-started-with-search/search-basics/built-in-metadata.md
index b47a26632a..f880fccad5 100644
--- a/docs/search/get-started-with-search/search-basics/built-in-metadata.md
+++ b/docs/search/get-started-with-search/search-basics/built-in-metadata.md
@@ -5,10 +5,26 @@ description: Metadata tags are attached to your log messages at ingest, which is
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
Sumo Logic has several metadata fields that are automatically tagged to ingested data. These metadata fields are referenced by the service in
many ways, such as the user interface when managing Collection, and can be referenced in search queries.
+:::sumo Micro Lesson
+
+
+
+
-import Iframe from 'react-iframe';
+:::
#### Built-in metadata fields
diff --git a/docs/search/get-started-with-search/search-page/log-level.md b/docs/search/get-started-with-search/search-page/log-level.md
index 698c1f7dc5..33120f60be 100644
--- a/docs/search/get-started-with-search/search-page/log-level.md
+++ b/docs/search/get-started-with-search/search-page/log-level.md
@@ -15,8 +15,22 @@ When performing **Log Search** queries, you can visualize and filter log-level d
* Navigate through a large volume of logs
* Filter the relevant logs in their troubleshooting workflows
+:::sumo Micro Lesson
Watch the following micro lesson to learn about log level detection.
+
+
+
+
+:::
- -:::sumo -For step-by-step videos on creating Sumo Logic queries, see our [Micro Lessons](https://www.youtube.com/playlist?list=PLuHsjJUxgM1fRFUzFZuQcZ2GCW-jtiOxa) and [Tutorials](https://www.youtube.com/watch?v=_5JHkxG7ZMo&list=PLuHsjJUxgM1cmKQk1UjDUbiUcTnfgNwFl). - -::: diff --git a/docs/search/search-cheat-sheets/log-operators.md b/docs/search/search-cheat-sheets/log-operators.md index 42396d809e..d5043d41cb 100644 --- a/docs/search/search-cheat-sheets/log-operators.md +++ b/docs/search/search-cheat-sheets/log-operators.md @@ -5,7 +5,7 @@ sidebar_label: Log Operators description: The Search Operators cheat sheet provides a list of available Sumo Logic parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. --- -The Log Operators cheat sheet provides a list of available parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. For a step-by-step video and tutorial about creating queries, see the [Quickstart Tutorial](https://www.youtube.com/watch?v=ajuNTQeOYaI). For a complete list of Sumo Logic Search operators, download the PDF version. +The Log Operators cheat sheet provides a list of available parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. For a complete list of Sumo Logic Search operators, download the PDF version. The following tables provide a list of available Sumo Logic parsers, aggregators, search operators, and mathematical expressions. diff --git a/docs/search/search-query-language/index.md b/docs/search/search-query-language/index.md index ba36598a1a..6015f99f90 100644 --- a/docs/search/search-query-language/index.md +++ b/docs/search/search-query-language/index.md @@ -84,21 +84,6 @@ Example: concat(, [, , ...]) as
```
-:::sumo Micro Lesson
-Here's a step-by-step tutorial about creating Sumo Logic queries.
-
-
-:::
-
:::sumo
For a collection of customer-created search queries and their use cases, see the [Community Query Library](https://support.sumologic.com/support/s/topiccatalog).
:::
diff --git a/docs/search/search-query-language/transaction-analytics/transaction-operator.md b/docs/search/search-query-language/transaction-analytics/transaction-operator.md
index 459d38350e..23ea2a7864 100644
--- a/docs/search/search-query-language/transaction-analytics/transaction-operator.md
+++ b/docs/search/search-query-language/transaction-analytics/transaction-operator.md
@@ -14,21 +14,6 @@ The transaction operator requires:
* **One or more transaction IDs to group related log messages together.** You could use session IDs, IPs, username, email, or any other unique IDs that are relevant to your query. You will define transaction IDs in a query. The transaction IDs are extracted using operators such as [parse](/docs/search/search-query-language/parse-operators/parse-predictable-patterns-using-an-anchor) and [parse regex](/docs/search/search-query-language/parse-operators/parse-variable-patterns-using-regex).
* **Mapping from a log message to a state.** Specify the mapping from a log message to a state through the syntax of the [matches](/docs/search/search-query-language/search-operators/matches) operator, or through fields that are already parsed.
-Check out the following overview video. It reviews a search provided in the Google Workspace App for building a document flow diagram.
-
-
-
-import Iframe from 'react-iframe';
-
## Syntax
```sql
diff --git a/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md b/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
index 3b1344e50c..401309e7be 100644
--- a/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
+++ b/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
@@ -26,8 +26,22 @@ Use Sumo Logic’s [monitoring](/docs/alerts/monitors/) to receive alerts from t
* If you have already installed the [Amazon Security Quickstart](/docs/integrations/amazon-aws/security-quickstart/), collectors may be duplicated to collect from the same sources. To prevent this, use the existing source category for collection.
:::
+:::sumo Micro Lesson
Watch the following micro lesson to learn about Cloud Infrastructure Security for AWS.
+
+
+
+
+:::
## Log types
diff --git a/docs/send-data/best-practices.md b/docs/send-data/best-practices.md
index 4fa5888523..4bc1fc83e7 100644
--- a/docs/send-data/best-practices.md
+++ b/docs/send-data/best-practices.md
@@ -5,6 +5,7 @@ sidebar_label: Best Practices
description: Best practices for creating a naming convention for good Source Category values and choosing the right installed data collector for your environment.
---
+import Iframe from 'react-iframe';
## Good and Bad Source Categories
@@ -33,6 +34,21 @@ Following the naming convention described previously, you could set the followin
While the components at the beginning of the value do not add any obvious value, they do provide a high-level grouping of this data. This allows us to fulfill the three purposes of Source Categories.
+:::sumo Micro Lesson
+
+
+
+
-import Iframe from 'react-iframe';
+:::
### Define the Scope of Searches
diff --git a/docs/send-data/choose-collector-source.md b/docs/send-data/choose-collector-source.md
index 7f155795a4..51a20ba80a 100644
--- a/docs/send-data/choose-collector-source.md
+++ b/docs/send-data/choose-collector-source.md
@@ -162,6 +162,21 @@ If you have additional questions, a [Sumo Logic sales representative](https://w
Depending on the method you'd like to collect logs, and the types of logs you'd like to collect, Sumo Logic has two types of Collectors you can choose from. Learn how to choose your collector that's right for your environment through our video, "Choosing Your Collector Type".
+:::sumo Micro Lesson
+
+
+
+
+
+:::
The following table shows the major differences between them.
@@ -196,6 +214,21 @@ When registering a Collector, you also have the option of [configuring the Coll
The maximum number of Sources allowed on a Collector is 1,000.
:::
+:::sumo Micro Lesson
+
+
+
+
+
+:::
### Allowlisting Sources that collect from AWS
diff --git a/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs.md b/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs.md
index aaae271e90..2b14a39c17 100644
--- a/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs.md
+++ b/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs.md
@@ -18,8 +18,23 @@ This section has instructions for configuring a pipeline for shipping logs avail
* This solution supports only log files from Blob storage that have file extensions of .csv, .json, .blob, or .log.
* You also need to have Microsoft Authorization/role Assignments/write permissions, so they should be a "User Access Administrator" or "Owner".
+:::sumo Micro Lesson
+
Watch this tutorial to learn how to collect logs from Azure Blob Storage.
+
+
+
+
+:::
## Functional overview
diff --git a/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/index.md b/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/index.md
index 5a08d99935..e9c7614b69 100644
--- a/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/index.md
+++ b/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/index.md
@@ -18,8 +18,23 @@ This solution is for newly created blobs only (not for existing blobs).
For step-by-step instructions for configuring the Azure-Sumo Logic pipeline, see [Collect Logs from Azure Blob Storage (block blobs)](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs).
+:::sumo Micro Lesson
+
Watch this tutorial for an overview of collecting logs from Azure Blob Storage.
+
+
+
+
+:::
## Azure information resources
diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md
index 5f104d0463..4843df501c 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md
@@ -6,6 +6,7 @@ description: Add an AWS CloudTrail Source to upload messages to Sumo Logic.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
})
@@ -15,12 +16,21 @@ AWS CloudTrail records API calls made to AWS. This includes calls made using the
You need to know where your CloudTrail log files are stored so you can provide the path to the AWS CloudTrail Source. Refer to AWS Documentation for [finding your CloudTrail log files](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html).
:::
-
-import Iframe from 'react-iframe';
-
-:::sumo Micro Lesson
-Tutorial: Set up an AWS CloudTrail Source.
-
+:::sumo Tutorial
+
+
+
+
:::
diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
index 4b91146b66..a7c4f87f25 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
@@ -79,19 +79,6 @@ Enabling event based notifications is an S3 bucket-level operation that subscrib
You can adjust the configuration of when and how AWS handles communication attempts with Sumo Logic. See [Setting Amazon SNS Delivery Retry Policies](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for details.
-
-
-import Iframe from 'react-iframe';
-
## Create an Amazon S3 Source
1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**.
[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. diff --git a/docs/send-data/hosted-collectors/index.md b/docs/send-data/hosted-collectors/index.md index 8d27f1ba0e..cee2361155 100644 --- a/docs/send-data/hosted-collectors/index.md +++ b/docs/send-data/hosted-collectors/index.md @@ -24,9 +24,21 @@ Just as Installed Collectors, you can monitor the activity of Hosted Collectors The maximum number of Collectors allowed per organization is 10,000. ::: +:::sumo Micro Lesson -:::sumo Hosted Collector Overview + + ::: diff --git a/docs/send-data/installed-collectors/configuration.md b/docs/send-data/installed-collectors/configuration.md index 586e930a65..1ba0327051 100644 --- a/docs/send-data/installed-collectors/configuration.md +++ b/docs/send-data/installed-collectors/configuration.md @@ -4,6 +4,9 @@ title: Configure an Installed Collector description: Learn how to install and configure an Installed Collector to gather data to send to Sumo Logic, and read about deployment options and volume limitations. --- + +import Iframe from 'react-iframe'; + An Installed Collector is a Java agent that receives logs and metrics from its Sources and then encrypts, compresses, and sends the data to the Sumo service. As the name implies, an Installed Collector is installed in your environment, as opposed to a Hosted Collector, which resides on the Sumo service. After installing a Collector, you add Sources, to which the Collector connects to obtain data to send to the Sumo service. @@ -16,6 +19,21 @@ See [Choosing a Sumo Logic Collector and Source](/docs/send-data/choose-collecto The maximum number of Collectors allowed per organization is 10,000. ::: +:::sumo Micro Lesson + + + + -import Iframe from 'react-iframe'; +::: ## CPU usage guidelines
Micro Lesson: Viewing the Flex App Dashboards
+:::sumo Micro Lesson +Learn how to view the Flex app dashboards. + + + + + +::: ## Log types diff --git a/docs/integrations/web-servers/nginx.md b/docs/integrations/web-servers/nginx.md index 6e9bdf500d..6f9dc59059 100644 --- a/docs/integrations/web-servers/nginx.md +++ b/docs/integrations/web-servers/nginx.md @@ -19,9 +19,22 @@ This app is tested with the following Nginx versions: import Iframe from 'react-iframe'; -:::sumo Micro Lesson -Tutorial: Set up NGINX for non-Kubernetes Sources. - +:::sumo Tutorial +Learn to set up NGINX for non-Kubernetes Sources. + + + + ::: diff --git a/docs/manage/content-sharing/admin-mode.md b/docs/manage/content-sharing/admin-mode.md index 617adc01d7..25fe7dc745 100644 --- a/docs/manage/content-sharing/admin-mode.md +++ b/docs/manage/content-sharing/admin-mode.md @@ -11,19 +11,6 @@ As a Content Administrator, you can assume a super user role within Sumo. When y In this mode, you can migrate content from one location to another, as well as highlight important content in the Admin Recommended folder. - - -import Iframe from 'react-iframe'; - ## Switch to Admin Mode As a Content Administrator, you can switch to Admin mode at any time in order to move content from one folder to another for anyone in your organization. diff --git a/docs/manage/field-extractions/create-field-extraction-rule.md b/docs/manage/field-extractions/create-field-extraction-rule.md index 3502f49f70..1363937f5d 100644 --- a/docs/manage/field-extractions/create-field-extraction-rule.md +++ b/docs/manage/field-extractions/create-field-extraction-rule.md @@ -18,6 +18,19 @@ Fields specified in field extraction rules are automatically added and enabled i Learn how to create a FER through our video, "Creating a Field Extraction Rule". + + + ::: ## Creating a new Field Extraction Rule diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md index d0da226bb9..f156614b77 100644 --- a/docs/manage/field-extractions/index.md +++ b/docs/manage/field-extractions/index.md @@ -5,6 +5,7 @@ description: Field Extraction speeds the search process by parsing fields as log --- import useBaseUrl from '@docusaurus/useBaseUrl'; +import Iframe from 'react-iframe'; Field extractions allow you to parse [fields](/docs/manage/fields) from your log messages at the time the messages are ingested, which eliminates the need to parse fields at the query level. With Field Extraction Rules (FERs) in place, users can use the pre-parsed fields for ad hoc searches, scheduled searches, real-time alerts, and dashboards. In addition, field extraction rules help standardize field names and searches, simplify the search syntax and scope definition, and improve search performance. @@ -57,8 +58,23 @@ import FerLimit from '../../reuse/fer-limitations.md';
:::
-
:::sumo Micro lesson
-Video: Quick Onboarding with Kubernetes.
-
+
+
+
:::
diff --git a/docs/observability/kubernetes/troubleshoot-with-explore.md b/docs/observability/kubernetes/troubleshoot-with-explore.md
index 1024cf1e57..642c5582a9 100644
--- a/docs/observability/kubernetes/troubleshoot-with-explore.md
+++ b/docs/observability/kubernetes/troubleshoot-with-explore.md
@@ -5,8 +5,25 @@ sidebar_label: Troubleshooting
description: Kubernetes views allow you to quickly locate the object in a physical stack that needs to be debugged.
---
+import Iframe from 'react-iframe';
+
[Kubernetes views](/docs/dashboards/explore-view/#kubernetes-views) allow you to quickly locate the object in a physical stack that needs to be debugged. This page walks you through a high-level troubleshooting scenario to illustrate the possibilities.
+:::sumo Micro Lesson
+
+
+
+
+
+:::
-import Iframe from 'react-iframe';
## Step 1: Analyze a cluster
diff --git a/docs/observability/reliability-management-slo/index.md b/docs/observability/reliability-management-slo/index.md
index 6f2e6d2439..4974f8d155 100644
--- a/docs/observability/reliability-management-slo/index.md
+++ b/docs/observability/reliability-management-slo/index.md
@@ -10,16 +10,27 @@ keywords:
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
A reliable end user experience is the key goal for observability. In complex systems, apps, service, and infrastructure can fail in unpredictable ways, resulting in a storm of potentially meaningless alerts. Reliability, as formalized in Service Level Objectives (SLOs), helps developers focusing on monitoring and troubleshooting user experience by measuring what matters to end users.
This guide provides an overview of Sumo Logic Reliability Management using Service-Level Objectives (SLO). This feature helps site reliability engineers (SREs) and product teams define and monitor SLOs through alerts and dashboards.
-import Iframe from 'react-iframe';
-
:::sumo Micro Lesson
-Reliability Management Using SLOs.
+
+
+
:::
diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md
index 472dc1da2f..91260ca39a 100644
--- a/docs/reuse/apps/create-aws-s3-source.md
+++ b/docs/reuse/apps/create-aws-s3-source.md
@@ -21,12 +21,6 @@ Enabling event-based notifications is an S3 bucket-level operation that subscrib
You can adjust the configuration of when and how AWS handles communication attempts with Sumo Logic. See [Setting Amazon SNS Delivery Retry Policies](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for details.
-:::sumo Micro Lesson
-
-[Watch this micro lesson video](https://www.youtube.com/embed/2vtjPfHQK1Q?rel=0) to learn more about our S3 event notifications integration, which combines scan based discovery and event-based discovery into a unified integration that gives you the ability to maintain a low latency integration for new content and provide assurances that no data was missed or dropped.
-
-:::
-
#### Create an AWS Source
These configuration instructions apply to log collection from all AWS Source types.
diff --git a/docs/search/behavior-insights/logreduce/index.md b/docs/search/behavior-insights/logreduce/index.md
index c1f6ea1352..f39edaf6a1 100644
--- a/docs/search/behavior-insights/logreduce/index.md
+++ b/docs/search/behavior-insights/logreduce/index.md
@@ -13,8 +13,23 @@ The LogReduce® algorithm uses fuzzy logic to cluster messages together based
The `summarize` operator has been renamed to `logreduce` to match the **LogReduce** button on the **Messages** tab. Both operators will continue to work in search queries as synonyms for a limited time. We recommend that you rewrite saved queries replacing summarize with LogReduce.
:::
+:::sumo Micro Lesson
+
Watch our video on LogReduce.
+
+
+
+:::
In this section, we'll introduce the following concepts:
diff --git a/docs/search/get-started-with-search/index.md b/docs/search/get-started-with-search/index.md
index 4fdc797d53..39a526ce09 100644
--- a/docs/search/get-started-with-search/index.md
+++ b/docs/search/get-started-with-search/index.md
@@ -5,13 +5,26 @@ description: Start here to begin exploring your data in Sumo Logic.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
-
import Iframe from 'react-iframe';
Learn how to build and run searches, review logs, and more.
+:::sumo Micro Lesson
Watch this micro lesson to get an introduction to search.
+
+
+
+:::
In this section, we'll introduce the following concepts:
diff --git a/docs/search/get-started-with-search/search-basics/about-search-basics.md b/docs/search/get-started-with-search/search-basics/about-search-basics.md
index 4065c74a6b..95ee9a7b3d 100644
--- a/docs/search/get-started-with-search/search-basics/about-search-basics.md
+++ b/docs/search/get-started-with-search/search-basics/about-search-basics.md
@@ -12,6 +12,19 @@ import Iframe from 'react-iframe';
How to search data using the Basic Search Mode in Sumo Logic.
+
+
+
:::
diff --git a/docs/search/get-started-with-search/search-basics/built-in-metadata.md b/docs/search/get-started-with-search/search-basics/built-in-metadata.md
index b47a26632a..f880fccad5 100644
--- a/docs/search/get-started-with-search/search-basics/built-in-metadata.md
+++ b/docs/search/get-started-with-search/search-basics/built-in-metadata.md
@@ -5,10 +5,26 @@ description: Metadata tags are attached to your log messages at ingest, which is
---
import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
Sumo Logic has several metadata fields that are automatically tagged to ingested data. These metadata fields are referenced by the service in
many ways, such as the user interface when managing Collection, and can be referenced in search queries.
+:::sumo Micro Lesson
+
+
+
+
-import Iframe from 'react-iframe';
+:::
#### Built-in metadata fields
diff --git a/docs/search/get-started-with-search/search-page/log-level.md b/docs/search/get-started-with-search/search-page/log-level.md
index 698c1f7dc5..33120f60be 100644
--- a/docs/search/get-started-with-search/search-page/log-level.md
+++ b/docs/search/get-started-with-search/search-page/log-level.md
@@ -15,8 +15,22 @@ When performing **Log Search** queries, you can visualize and filter log-level d
* Navigate through a large volume of logs
* Filter the relevant logs in their troubleshooting workflows
+:::sumo Micro Lesson
Watch the following micro lesson to learn about log level detection.
+
+
+
+
+:::
What are log levels?
diff --git a/docs/search/index.md b/docs/search/index.md index bc3b0e028c..81612140c8 100644 --- a/docs/search/index.md +++ b/docs/search/index.md @@ -99,8 +99,23 @@ To interact with other Sumo Logic users, post feedback, or ask a question, visit ## Journey of a log +:::sumo Micro Lesson + In this micro lesson, learn about the ingestion pipeline and the journey that a log message takes from collection into the Sumo Logic platform. The video covers key considerations for administrators around the ingestion pipeline and demonstrates how this process translates into a search, turning a raw event into a schema and then into actionable insights. + + + + +::: ## Partitions and Views diff --git a/docs/search/search-cheat-sheets/general-search-examples.md b/docs/search/search-cheat-sheets/general-search-examples.md index 14c850a964..237efe2a1c 100644 --- a/docs/search/search-cheat-sheets/general-search-examples.md +++ b/docs/search/search-cheat-sheets/general-search-examples.md @@ -5,10 +5,6 @@ sidebar_label: General Search Examples description: The General Search Examples cheat sheet provides examples of useful search queries for different use cases. --- -:::note -For a step-by-step video and tutorial about creating Sumo Logic queries, see the [Quickstart Tutorial](https://www.youtube.com/watch?v=ajuNTQeOYaI). -::: - The examples use this sample Apache log message where applicable: ```sh diff --git a/docs/search/search-cheat-sheets/index.md b/docs/search/search-cheat-sheets/index.md index 20ec191352..83c2a217df 100644 --- a/docs/search/search-cheat-sheets/index.md +++ b/docs/search/search-cheat-sheets/index.md @@ -36,8 +36,3 @@ Use cheat sheets as a quick reference guide or get up to speed quickly with our- -:::sumo -For step-by-step videos on creating Sumo Logic queries, see our [Micro Lessons](https://www.youtube.com/playlist?list=PLuHsjJUxgM1fRFUzFZuQcZ2GCW-jtiOxa) and [Tutorials](https://www.youtube.com/watch?v=_5JHkxG7ZMo&list=PLuHsjJUxgM1cmKQk1UjDUbiUcTnfgNwFl). - -::: diff --git a/docs/search/search-cheat-sheets/log-operators.md b/docs/search/search-cheat-sheets/log-operators.md index 42396d809e..d5043d41cb 100644 --- a/docs/search/search-cheat-sheets/log-operators.md +++ b/docs/search/search-cheat-sheets/log-operators.md @@ -5,7 +5,7 @@ sidebar_label: Log Operators description: The Search Operators cheat sheet provides a list of available Sumo Logic parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. --- -The Log Operators cheat sheet provides a list of available parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. For a step-by-step video and tutorial about creating queries, see the [Quickstart Tutorial](https://www.youtube.com/watch?v=ajuNTQeOYaI). For a complete list of Sumo Logic Search operators, download the PDF version. +The Log Operators cheat sheet provides a list of available parsers, aggregators, search operators, and mathematical expressions with links to full details for each item. For a complete list of Sumo Logic Search operators, download the PDF version. The following tables provide a list of available Sumo Logic parsers, aggregators, search operators, and mathematical expressions. diff --git a/docs/search/search-query-language/index.md b/docs/search/search-query-language/index.md index ba36598a1a..6015f99f90 100644 --- a/docs/search/search-query-language/index.md +++ b/docs/search/search-query-language/index.md @@ -84,21 +84,6 @@ Example: concat(
@@ -15,12 +16,21 @@ AWS CloudTrail records API calls made to AWS. This includes calls made using the
You need to know where your CloudTrail log files are stored so you can provide the path to the AWS CloudTrail Source. Refer to AWS Documentation for [finding your CloudTrail log files](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html).
:::
-
-import Iframe from 'react-iframe';
-
-:::sumo Micro Lesson
-Tutorial: Set up an AWS CloudTrail Source.
-
+:::sumo Tutorial
+
+
+
+
:::
diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
index 4b91146b66..a7c4f87f25 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
@@ -79,19 +79,6 @@ Enabling event based notifications is an S3 bucket-level operation that subscrib
You can adjust the configuration of when and how AWS handles communication attempts with Sumo Logic. See [Setting Amazon SNS Delivery Retry Policies](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for details.
-
-
-import Iframe from 'react-iframe';
-
## Create an Amazon S3 Source
1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. diff --git a/docs/send-data/hosted-collectors/index.md b/docs/send-data/hosted-collectors/index.md index 8d27f1ba0e..cee2361155 100644 --- a/docs/send-data/hosted-collectors/index.md +++ b/docs/send-data/hosted-collectors/index.md @@ -24,9 +24,21 @@ Just as Installed Collectors, you can monitor the activity of Hosted Collectors The maximum number of Collectors allowed per organization is 10,000. ::: +:::sumo Micro Lesson -:::sumo Hosted Collector Overview + + ::: diff --git a/docs/send-data/installed-collectors/configuration.md b/docs/send-data/installed-collectors/configuration.md index 586e930a65..1ba0327051 100644 --- a/docs/send-data/installed-collectors/configuration.md +++ b/docs/send-data/installed-collectors/configuration.md @@ -4,6 +4,9 @@ title: Configure an Installed Collector description: Learn how to install and configure an Installed Collector to gather data to send to Sumo Logic, and read about deployment options and volume limitations. --- + +import Iframe from 'react-iframe'; + An Installed Collector is a Java agent that receives logs and metrics from its Sources and then encrypts, compresses, and sends the data to the Sumo service. As the name implies, an Installed Collector is installed in your environment, as opposed to a Hosted Collector, which resides on the Sumo service. After installing a Collector, you add Sources, to which the Collector connects to obtain data to send to the Sumo service. @@ -16,6 +19,21 @@ See [Choosing a Sumo Logic Collector and Source](/docs/send-data/choose-collecto The maximum number of Collectors allowed per organization is 10,000. ::: +:::sumo Micro Lesson + + + + -import Iframe from 'react-iframe'; +::: ## CPU usage guidelines