From e46c954ddc47b0307186929ceb7dd22edeb04efd Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 21 Mar 2025 05:13:03 -0700 Subject: [PATCH 1/8] Copilot unstructured logs --- docs/search/copilot-unstructured-logs.md | 47 ++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 docs/search/copilot-unstructured-logs.md diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md new file mode 100644 index 0000000000..b50f69dc4c --- /dev/null +++ b/docs/search/copilot-unstructured-logs.md @@ -0,0 +1,47 @@ +--- +id: copilot-unstructured-logs +title: Sumo Logic Copilot - Unstructured Logs Support (Beta) +description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant designed to simplify log analysis by allowing you to ask questions in plain English and providing search suggestions without the need to write log queries. +keywords: + - copilot + - artificial intelligence + - ai + - machine learning + - ml +--- + +import Iframe from 'react-iframe'; +import useBaseUrl from '@docusaurus/useBaseUrl'; + + + + + +

Beta

+ +This feature is in Beta. To participate, contact your Sumo Logic account executive. + +Copilot’s Unstructured Logs Support broadens Copilot’s query translation and suggestion capabilities to raw, non-JSON text logs. By removing the need for defined fields, organizations can gain deeper insights from logs that don’t conform to a standard structure. Here are some key highlights: + +* **Broader coverage** + - Copilot now works with any text-based logs, making it ideal for heterogeneous environments or custom log formats. +* **Improved usability** + - Receive suggestions and sample searches you can adapt or refine as needed. +* **Performance and reliability** + - Thorough testing shows that query execution and response times remain consistent with Copilot’s structured log functionality. + - Our ongoing QA focuses on delivering accurate results, even in large and diverse log sets. +* **Security and compliance** + - We follow the same strict security standards used across all Sumo Logic services. + - Unstructured Logs Support leverages Copilot’s existing safe-handling mechanisms for user data. +* **Common use cases** + - **Broad keyword searches**. Find relevant entries in raw text (for example, by IP address or error keyword) without needing to define fields. + - **Error analysis & triage**. Quickly locate top errors in logs that lack a clear structure. + - **Security & threat hunting**. Identify suspicious patterns, attacker IOCs, or critical authentication failures in free-form logs. +* **Future enhancements** + - **Refined language parsing**. We plan to further improve how Copilot detects common terms like "login," "IP," and "authentication." + - **Advanced filtering**. Additional options (for example, time range, user ID, IP, and location) are planned for the final release. + + +## Feedback + +Organizations interested in participating in the Beta can coordinate with their Sumo Logic account teams. Any anomalies or performance concerns should be raised via normal Sumo Logic support channels. From 39766e77f8e9e3d9035261b0ea1356277ec5a59c Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Mon, 24 Mar 2025 15:22:31 -0700 Subject: [PATCH 2/8] merge w/main and edit using meeting slide info --- docs/search/copilot-unstructured-logs.md | 78 +++++++++++++++++------- 1 file changed, 56 insertions(+), 22 deletions(-) diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md index b50f69dc4c..3894c8a765 100644 --- a/docs/search/copilot-unstructured-logs.md +++ b/docs/search/copilot-unstructured-logs.md @@ -1,7 +1,7 @@ --- id: copilot-unstructured-logs title: Sumo Logic Copilot - Unstructured Logs Support (Beta) -description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant designed to simplify log analysis by allowing you to ask questions in plain English and providing search suggestions without the need to write log queries. +description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant that simplifies log analysis by letting you ask questions in plain English, even for logs without a well-defined structure. keywords: - copilot - artificial intelligence @@ -19,29 +19,63 @@ import useBaseUrl from '@docusaurus/useBaseUrl';

Beta

-This feature is in Beta. To participate, contact your Sumo Logic account executive. +This feature is in Beta. To participate, contact your Sumo Logic account executive or [enroll here](https://forms.gle/LozrrAppM9FM94tS9). -Copilot’s Unstructured Logs Support broadens Copilot’s query translation and suggestion capabilities to raw, non-JSON text logs. By removing the need for defined fields, organizations can gain deeper insights from logs that don’t conform to a standard structure. Here are some key highlights: +Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs—even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). -* **Broader coverage** - - Copilot now works with any text-based logs, making it ideal for heterogeneous environments or custom log formats. -* **Improved usability** - - Receive suggestions and sample searches you can adapt or refine as needed. -* **Performance and reliability** - - Thorough testing shows that query execution and response times remain consistent with Copilot’s structured log functionality. - - Our ongoing QA focuses on delivering accurate results, even in large and diverse log sets. -* **Security and compliance** - - We follow the same strict security standards used across all Sumo Logic services. - - Unstructured Logs Support leverages Copilot’s existing safe-handling mechanisms for user data. -* **Common use cases** - - **Broad keyword searches**. Find relevant entries in raw text (for example, by IP address or error keyword) without needing to define fields. - - **Error analysis & triage**. Quickly locate top errors in logs that lack a clear structure. - - **Security & threat hunting**. Identify suspicious patterns, attacker IOCs, or critical authentication failures in free-form logs. -* **Future enhancements** - - **Refined language parsing**. We plan to further improve how Copilot detects common terms like "login," "IP," and "authentication." - - **Advanced filtering**. Additional options (for example, time range, user ID, IP, and location) are planned for the final release. +## What's new +Previously, Copilot worked best on structured (JSON) logs. Now, it automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box. -## Feedback +Copilot learns from usage patterns—if a log source is already used in dashboards or commonly queried, it’s more likely to produce strong results. -Organizations interested in participating in the Beta can coordinate with their Sumo Logic account teams. Any anomalies or performance concerns should be raised via normal Sumo Logic support channels. +* **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types. +* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches—even for raw, non-JSON logs. +* **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. +* **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. +* **Common use cases**. + * **Keyword-based search**. Search for IP addresses, error codes, or other patterns without needing a predefined schema. + * **Error triage**. Quickly identify the most common error messages in raw logs to speed up troubleshooting. + * **Threat hunting**. Detect suspicious activity, failed logins, or unusual patterns in plain-text logs. +* **Smarter prioritization**. Frequently used data sources (such as those in dashboards or frequent queries) are prioritized for deeper insights. + +## Tips and best practices + +* Start with common natural language queries, like: + - “Show failed login attempts for the past 24 hours” + - “Find logs with IP 192.0.2.0” + - “What are the top 5 errors from nginx logs today?” +* Use dashboards to monitor your log sources. Copilot performs better when logs are part of existing queries and visualizations. +* Logs with clear timestamps, separators (like commas or tabs), and consistent patterns tend to yield better results. + +## Related updates + +These recent Copilot enhancements make it even easier to work with unstructured logs: + +* **Dynamic conversation titles**. Your queries are automatically named for easy organization and retrieval. +* **"Open in Copilot" for alerts**. Investigate alerts directly in Copilot without losing context. +* **Suggestion pinning**. Pin suggestions inside a conversation to revisit them during your investigation. + +## FAQ + +**Does this replace Field Extraction Rules (FERs)?**
+No. Copilot works with or without FERs. While FERs are useful for structured analysis, they're no longer required for Copilot to interpret unstructured logs. + +**Will Copilot interpret all my logs?**
+Copilot prioritizes data sources that are already used in dashboards or frequent queries. This improves the relevance of insights and helps focus on high-value logs. + +**How is this different from structured log support?**
+Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. + + +## Feedback and support + +We’re actively looking for customers to participate in the beta and provide feedback. Ideal participants: + +* Use dashboards for monitoring across most of their data sources +* Have some hands-on experience with Copilot +* Are willing to provide detailed feedback during the beta + +👉 [Click here to enroll](https://forms.gle/LozrrAppM9FM94tS9) + +To report issues or share feedback, reach out through your Sumo Logic account team. From b23dd2ff872eb49808665769f5aa63e8f7924174 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Thu, 27 Mar 2025 17:39:48 -0700 Subject: [PATCH 3/8] add rn --- blog-service/2025-04-01-copilot.md | 17 +++++++++++++++++ docs/search/copilot-unstructured-logs.md | 14 +++++++------- 2 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 blog-service/2025-04-01-copilot.md diff --git a/blog-service/2025-04-01-copilot.md b/blog-service/2025-04-01-copilot.md new file mode 100644 index 0000000000..bdf1e32496 --- /dev/null +++ b/blog-service/2025-04-01-copilot.md @@ -0,0 +1,17 @@ +--- +title: Now in Beta - Copilot Supports Unstructured Logs (Copilot) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - copilot + - log-search + - search +hide_table_of_contents: true +--- + +You can now use Copilot to analyze raw, unstructured log data, even if it’s not in JSON or lacks Field Extraction Rules (FERs). This Beta expands Copilot’s reach to custom, legacy, and inconsistent log formats with no setup required. + +* Ask questions in plain English—no schema or FERs needed. +* Works with raw logs like firewalls, syslog, and homegrown formats. +* Ideal for error triage, threat hunting, and exploratory analysis. + +To join the Beta, [enroll here](https://forms.gle/LozrrAppM9FM94tS9) or reach out to your Sumo Logic account team. diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md index 3894c8a765..c4696d69a1 100644 --- a/docs/search/copilot-unstructured-logs.md +++ b/docs/search/copilot-unstructured-logs.md @@ -21,16 +21,16 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; This feature is in Beta. To participate, contact your Sumo Logic account executive or [enroll here](https://forms.gle/LozrrAppM9FM94tS9). -Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs—even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). +Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). ## What's new -Previously, Copilot worked best on structured (JSON) logs. Now, it automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box. +Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box and enables support for a broader range of log types. -Copilot learns from usage patterns—if a log source is already used in dashboards or commonly queried, it’s more likely to produce strong results. +Copilot learns from usage patterns; if a log source is already used in dashboards or commonly queried, it’s more likely to produce accurate, actionable results. * **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types. -* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches—even for raw, non-JSON logs. +* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs. * **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. * **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. * **Common use cases**. @@ -46,15 +46,15 @@ Copilot learns from usage patterns—if a log source is already used in dashboar - “Find logs with IP 192.0.2.0” - “What are the top 5 errors from nginx logs today?” * Use dashboards to monitor your log sources. Copilot performs better when logs are part of existing queries and visualizations. -* Logs with clear timestamps, separators (like commas or tabs), and consistent patterns tend to yield better results. +* Logs with consistent formats, clear timestamps, and standard separators (like commas or tabs) yield better results. ## Related updates These recent Copilot enhancements make it even easier to work with unstructured logs: -* **Dynamic conversation titles**. Your queries are automatically named for easy organization and retrieval. +* **Dynamic conversation titles**. Your queries are automatically titled for easy organization and retrieval. * **"Open in Copilot" for alerts**. Investigate alerts directly in Copilot without losing context. -* **Suggestion pinning**. Pin suggestions inside a conversation to revisit them during your investigation. +* **Suggestion pinning**. Pin suggestions inside a conversation to revisit them later. ## FAQ From f68d386d9e070e8e23a5dd1595e7bde95b5838e5 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 18 Apr 2025 07:57:31 -0700 Subject: [PATCH 4/8] refine doc, rn, x-link intelliparse --- ...04-01-copilot.md => 2025-04-30-copilot.md} | 0 docs/search/copilot-unstructured-logs.md | 39 ++++++++++++++----- 2 files changed, 29 insertions(+), 10 deletions(-) rename blog-service/{2025-04-01-copilot.md => 2025-04-30-copilot.md} (100%) diff --git a/blog-service/2025-04-01-copilot.md b/blog-service/2025-04-30-copilot.md similarity index 100% rename from blog-service/2025-04-01-copilot.md rename to blog-service/2025-04-30-copilot.md diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md index c4696d69a1..b0b86a7bce 100644 --- a/docs/search/copilot-unstructured-logs.md +++ b/docs/search/copilot-unstructured-logs.md @@ -2,12 +2,6 @@ id: copilot-unstructured-logs title: Sumo Logic Copilot - Unstructured Logs Support (Beta) description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant that simplifies log analysis by letting you ask questions in plain English, even for logs without a well-defined structure. -keywords: - - copilot - - artificial intelligence - - ai - - machine learning - - ml --- import Iframe from 'react-iframe'; @@ -33,10 +27,30 @@ Copilot learns from usage patterns; if a log source is already used in dashboard * **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs. * **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. * **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. -* **Common use cases**. - * **Keyword-based search**. Search for IP addresses, error codes, or other patterns without needing a predefined schema. - * **Error triage**. Quickly identify the most common error messages in raw logs to speed up troubleshooting. - * **Threat hunting**. Detect suspicious activity, failed logins, or unusual patterns in plain-text logs. + + + +### Common use cases + +* **Keyword-based search**. Search for IP addresses, error codes, or other patterns without needing a predefined schema. +* **Error triage**. Quickly identify the most common error messages in raw logs to speed up troubleshooting. +* **Threat hunting**. Detect suspicious activity, failed logins, or unusual patterns in plain-text logs. * **Smarter prioritization**. Frequently used data sources (such as those in dashboards or frequent queries) are prioritized for deeper insights. ## Tips and best practices @@ -67,6 +81,11 @@ Copilot prioritizes data sources that are already used in dashboards or frequent **How is this different from structured log support?**
Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. + ## Feedback and support From 47e056e0b5803631113753bf2b918cb1378886ea Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Mon, 21 Apr 2025 12:58:35 -0700 Subject: [PATCH 5/8] updates per CP --- docs/search/copilot-unstructured-logs.md | 57 +++++------------------- 1 file changed, 11 insertions(+), 46 deletions(-) diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md index b0b86a7bce..56efb681ce 100644 --- a/docs/search/copilot-unstructured-logs.md +++ b/docs/search/copilot-unstructured-logs.md @@ -13,7 +13,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';

Beta

-This feature is in Beta. To participate, contact your Sumo Logic account executive or [enroll here](https://forms.gle/LozrrAppM9FM94tS9). +This feature is in Beta. For more information, contact your Sumo Logic account executive. Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). @@ -21,46 +21,27 @@ Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured. This allows Copilot to interpret logs from many popular data sources out-of-the-box and enables support for a broader range of log types. -Copilot learns from usage patterns; if a log source is already used in dashboards or commonly queried, it’s more likely to produce accurate, actionable results. - * **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types. * **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs. * **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. * **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. - +Copilot uses a hidden `intelliparse` operator behind the scenes. It’s injected into relevant queries to extract fields, making unstructured logs easier to work with—no UI changes required.--> ### Common use cases -* **Keyword-based search**. Search for IP addresses, error codes, or other patterns without needing a predefined schema. -* **Error triage**. Quickly identify the most common error messages in raw logs to speed up troubleshooting. -* **Threat hunting**. Detect suspicious activity, failed logins, or unusual patterns in plain-text logs. -* **Smarter prioritization**. Frequently used data sources (such as those in dashboards or frequent queries) are prioritized for deeper insights. - -## Tips and best practices - -* Start with common natural language queries, like: - - “Show failed login attempts for the past 24 hours” - - “Find logs with IP 192.0.2.0” - - “What are the top 5 errors from nginx logs today?” -* Use dashboards to monitor your log sources. Copilot performs better when logs are part of existing queries and visualizations. -* Logs with consistent formats, clear timestamps, and standard separators (like commas or tabs) yield better results. +* **General log exploration**. Ask questions about logs used in your dashboards—even if they don’t have predefined structure. +* **Error triage**. Identify frequent errors in raw logs that already support visualizations in your environment. +* **Security insights**. Surface signs of failed logins or anomalies from frequently queried log sources. +* **Smarter prioritization**. Copilot focuses on unstructured logs that are already actively used, helping maximize relevance and value. ## Related updates @@ -72,29 +53,13 @@ These recent Copilot enhancements make it even easier to work with unstructured ## FAQ -**Does this replace Field Extraction Rules (FERs)?**
-No. Copilot works with or without FERs. While FERs are useful for structured analysis, they're no longer required for Copilot to interpret unstructured logs. - **Will Copilot interpret all my logs?**
Copilot prioritizes data sources that are already used in dashboards or frequent queries. This improves the relevance of insights and helps focus on high-value logs. **How is this different from structured log support?**
Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. - - -## Feedback and support - -We’re actively looking for customers to participate in the beta and provide feedback. Ideal participants: - -* Use dashboards for monitoring across most of their data sources -* Have some hands-on experience with Copilot -* Are willing to provide detailed feedback during the beta - -👉 [Click here to enroll](https://forms.gle/LozrrAppM9FM94tS9) - -To report issues or share feedback, reach out through your Sumo Logic account team. From c0baebfb26267754dd4c82402427754a4794e4cc Mon Sep 17 00:00:00 2001 From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com> Date: Mon, 21 Apr 2025 16:00:05 -0400 Subject: [PATCH 6/8] Update blog-service/2025-04-30-copilot.md --- blog-service/2025-04-30-copilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-04-30-copilot.md b/blog-service/2025-04-30-copilot.md index bdf1e32496..952b488a69 100644 --- a/blog-service/2025-04-30-copilot.md +++ b/blog-service/2025-04-30-copilot.md @@ -14,4 +14,4 @@ You can now use Copilot to analyze raw, unstructured log data, even if it’s no * Works with raw logs like firewalls, syslog, and homegrown formats. * Ideal for error triage, threat hunting, and exploratory analysis. -To join the Beta, [enroll here](https://forms.gle/LozrrAppM9FM94tS9) or reach out to your Sumo Logic account team. +[Learn more](/docs/search/copilot-unstructured-logs). From 1d44aac1a5dd2411a740704f47c52ffeaf42226f Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Thu, 24 Apr 2025 22:29:02 -0700 Subject: [PATCH 7/8] edit per CP --- docs/search/copilot-unstructured-logs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/search/copilot-unstructured-logs.md b/docs/search/copilot-unstructured-logs.md index 56efb681ce..fbe69a2a12 100644 --- a/docs/search/copilot-unstructured-logs.md +++ b/docs/search/copilot-unstructured-logs.md @@ -38,7 +38,7 @@ Copilot uses a hidden `intelliparse` operator behind the scenes. It’s injected ### Common use cases -* **General log exploration**. Ask questions about logs used in your dashboards—even if they don’t have predefined structure. +* **General log exploration**. Ask questions about logs used in your dashboards, even if they don’t have predefined structure. * **Error triage**. Identify frequent errors in raw logs that already support visualizations in your environment. * **Security insights**. Surface signs of failed logins or anomalies from frequently queried log sources. * **Smarter prioritization**. Copilot focuses on unstructured logs that are already actively used, helping maximize relevance and value. @@ -54,7 +54,7 @@ These recent Copilot enhancements make it even easier to work with unstructured ## FAQ **Will Copilot interpret all my logs?**
-Copilot prioritizes data sources that are already used in dashboards or frequent queries. This improves the relevance of insights and helps focus on high-value logs. +Copilot prioritizes unstructured logs that are already used in dashboards. This improves the relevance of insights and helps focus on high-value logs. **How is this different from structured log support?**
Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. From 81546789dc1c098ad31731e7fad4c525b7936973 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Thu, 24 Apr 2025 22:48:12 -0700 Subject: [PATCH 8/8] Copilot billing/search behavior --- docs/search/copilot.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/search/copilot.md b/docs/search/copilot.md index c8b9d5e2c9..0d16f9fcf0 100644 --- a/docs/search/copilot.md +++ b/docs/search/copilot.md @@ -315,6 +315,24 @@ To summarize, you conclude there is malicious activity originating from certain Role Based Access Control is not supported for contextual suggestions and autocompletions. It is possible for a user who is blocked by [log search RBAC](/docs/manage/users-roles/roles/construct-search-filter-for-role/) to view suggestions or completions for unpermitted source expressions. However, they will not be executed by the search. +## Search behavior and data tier access + +Copilot follows the same search behavior as standard log search and respects your account’s data configuration, whether you're on classic tiered pricing or Flex pricing. + +### Flex pricing + +For customers on [Flex pricing](/docs/manage/partitions/flex), all data is stored in a single intelligent layer and pricing is based on the volume of data scanned. + +### Tiered pricing (legacy) + +If you're on [classic tiered pricing](/docs/manage/partitions/data-tiers/searching-data-tiers/), Copilot by default searches across continuous data tiers only, unless otherwise specified. + +To direct Copilot to search the Infrequent tier, for example, use: + +```sql +_dataTier=Infrequent +``` + ## FAQ
@@ -421,4 +439,4 @@ You can also leave feedback on specific errors. * [Designing Sumo Logic Mo Copilot for success](https://www.sumologic.com/blog/designing-mo-copilot-success/) * [Differentiating Sumo Logic Mo Copilot using Amazon Bedrock](https://www.sumologic.com/blog/copilot-amazon-bedrock/) * Brief: [Sumo Logic's Mo Copilot speeds up response](https://www.sumologic.com/brief/sumo-logics-mo-copilot-speeds-up-response/) -* Webinar: [Revolutionizing Incident Management with AI: Meet Mo Copilot](https://www.sumologic.com/webinar/revolutionizing-incident-management-with-ai-meet-mo-copilot/) \ No newline at end of file +* Webinar: [Revolutionizing Incident Management with AI: Meet Mo Copilot](https://www.sumologic.com/webinar/revolutionizing-incident-management-with-ai-meet-mo-copilot/)