diff --git a/cid-redirects.json b/cid-redirects.json
index 60a2770d89..b39abf831b 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -1,4 +1,5 @@
{
+ "/docs": "/",
"/01Start-Here": "/docs/get-started",
"/01Start-Here/01-Welcome_to_Sumo_Logic": "/docs/get-started",
"/01Start-Here/01-Welcome_to_Sumo_Logic!": "/docs/get-started",
diff --git a/docs/alerts/webhook-connections/set-up-webhook-connections.md b/docs/alerts/webhook-connections/set-up-webhook-connections.md
index 58d73506e4..deab3c020c 100644
--- a/docs/alerts/webhook-connections/set-up-webhook-connections.md
+++ b/docs/alerts/webhook-connections/set-up-webhook-connections.md
@@ -13,20 +13,9 @@ To create a webhook connection, you need the View Connections and Manage Connect
A _webhook_ is an HTTP callback, which is an HTTP POST that occurs when something happens. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming webhooks.
-For example, once you set up a webhook connection in Sumo Logic and create a scheduled search, you can send an alert from that scheduled search as a post to a Slack channel, or integrate with third-party systems. In addition to an alert, you can include a link directly to a search and even a few search results (depending on the third party tool you're connecting to). There is no limit to the number of webhooks you can send from Sumo Logic, but your third party might impose restrictions. In addition, the payload of a webhook may be restricted by Sumo or the third party.
+For example, once you set up a webhook connection in Sumo Logic and create a scheduled search, you can send an alert from that scheduled search as a post to a Slack channel, or integrate with third-party systems. In addition to an alert, you can include a link directly to a search and even a few search results (depending on the third party tool you're connecting to). There is no limit to the number of webhooks you can send from Sumo Logic, but your third party might impose restrictions. In addition, the payload of a webhook may be restricted by Sumo Logic or the third party.
-Along with a fully customizable webhook connection, you can quickly create webhooks for:
-
-* [AWS Lambda](aws-lambda.md)
-* [Azure Functions](microsoft-azure-functions.md)
-* [Datadog](datadog.md)
-* [Jira](jira-cloud.md)
-* [Microsoft Teams](microsoft-teams.md)
-* [New Relic](new-relic.md)
-* [Opsgenie](opsgenie.md)
-* [PagerDuty](pagerduty.md)
-* [ServiceNow](/docs/alerts/webhook-connections/servicenow/set-up-connections)
-* [Slack](slack.md)
+Along with a fully customizable webhook connection, you can quickly create webhooks for Slack, PagerDuty, and more.
Most services with a REST API should allow you to create a connection using the generic webhook.
@@ -51,18 +40,20 @@ To set up a webhook connection:
:::
1. (Optional) If the third-party system requires an **Authorization Header**, enter it here. For more information, see [Example Authorization Header](#example-authorization-header) below.
1. (Optional) **Custom Headers**, enter up to five comma separated key-value pairs.
-1. (Optional) Under **Alert Payload**, which allows you to customize how the alert notification will look, enter a JSON object in the format required by the target endpoint. For details on variables that can be used as parameters within your JSON object, see [webhook payload variables](#configure-webhook-payload-variables), below.
})
+1. (Optional) Under **Alert Payload**, which allows you to customize how the alert notification will look, enter a JSON object in the format required by the target endpoint. For details on variables that can be used as parameters within your JSON object, see [webhook payload variables](#configure-webhook-payload-variables), below.
:::note
Variables are escaped according to the JSON standard, meaning that they can be used in application JSON.
:::
You can test your customized alert payload by clicking **Test Alert Payload**, which will fire a sample webhook call to the given endpoint.
-1. (Optional) Under **Recovery Payload**, which allows you to customize how the recovery notification will look, enter a JSON object in the format required by the target webhook URL.
})
Example:
})
Clicking **Test Alert + Recovery Payload** will test your recovery alert payload by firing a sample webhook call to the given endpoint.
+1. (Optional) Under **Recovery Payload**, which allows you to customize how the recovery notification will look, enter a JSON object in the format required by the target webhook URL.
Example:
Clicking **Test Alert + Recovery Payload** will test your recovery alert payload by firing a sample webhook call to the given endpoint.
1. Click **Save**.
1. When you're ready, create a [scheduled search](schedule-searches-webhook-connections.md) to send alerts to this connection.
## Configure Webhook payload variables
-Variables are used as parameters in the JSON payload object of your alert notifications. These variables are used to dynamically populate specific values from the alert configuration in the notification payload. It includes things like the TriggerType that gives the current monitor status in the notification. When a notification is sent variables are replaced with values from the alert. For example, if you specified `{{Name}}` in your JSON payload, it would be replaced with the actual name of the alert in the delivered payload.
+Variables are used as parameters in the JSON payload object of your alert notifications. These variables are used to dynamically populate specific values from the alert configuration in the notification payload. It includes things like the TriggerType that gives the current monitor status in the notification.
+
+When a notification is sent, variables are replaced with values from the alert. For example, if you specified `{{Name}}` in your JSON payload, it would be replaced with the actual name of the alert in the delivered payload.
:::note
Variables must be enclosed by double curly brackets.
@@ -77,25 +68,25 @@ All variables are case-insensitive.
| Variable | Description | Monitors | Scheduled Searches |
| :-- | :-- | :-- | :--|
-| `{{Name}}` | The name of the alert. In the delivered payload, this variable is replaced with the Name you assigned to the alert when you created it. |  |  |
-| `{{Description}}` | The description of the alert. |  |  |
-| `{{MonitorType}}` | The type of alert, either `Logs` or `Metrics`. |  |  |
-| `{{Query}}` | The query used to run the alert. |  |  |
-| `{{QueryURL}}` | The URL to the logs or metrics query within Sumo Logic. |  |  |
-| `{{ResultsJson}}` | JSON object containing the query results that triggered the alert. A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{ResultsJson.fieldName}}` | The value of the specified field name. For example, this payload specification:
`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it.
You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.
**Reserved Fields**
The following are reserved field names. They are generated by Sumo Logic during collection or search operations.- _raw
- Message
- _messagetime
- Time
- _sourceHost
- Host
- _sourceCategory
- Category
- _sourceName
- Name
- _collector
- Collector
- _timeslice
- _signature
|  |  |
-| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.
An aggregate query returns the number of aggregate results; displayed in the Aggregates tab of the Search page.
A non-aggregate query returns the number of raw results; displayed in the Messages tab of the Search page.|  |  |
-| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. |  |  |
-| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`, `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). |  |  |
-| `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`. Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. |  |  |
-| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example:
`07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` |  |  |
-| `{{TriggerTime}}` | The time the monitor was triggered. For example:
`07/13/2021 03:38:30 PM UTC.` |  |  |
-| `{{TriggerCondition}}` | The condition that triggered the alert. For example:
`Greater than or equal to 1.0 in the last 15 minutes` |  |  |
-| `{{TriggerValue}}` | The value that triggered the alert. |  |  |
-| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. |  |  |
-| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. |  |  |
-| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. |  |  |
-| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. |  |  |
+| `{{Name}}` | The name of the alert. In the delivered payload, this variable is replaced with the Name you assigned to the alert when you created it. | ✓ | ✓ |
+| `{{Description}}` | The description of the alert. | ✓ | ✓ |
+| `{{MonitorType}}` | The type of alert, either `Logs` or `Metrics`. | ✓ | ✓ |
+| `{{Query}}` | The query used to run the alert. | ✓ | ✓ |
+| `{{QueryURL}}` | The URL to the logs or metrics query within Sumo Logic. | ✓ | ✓ |
+| `{{ResultsJson}}` | JSON object containing the query results that triggered the alert. A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook. | ✓ | ✓
Not available with email notifications |
+| `{{ResultsJson.fieldName}}` | The value of the specified field name. For example, this payload specification:
`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it.
You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.
**Reserved Fields**
The following are reserved field names. They are generated by Sumo Logic during collection or search operations.- _raw
- Message
- _messagetime
- Time
- _sourceHost
- Host
- _sourceCategory
- Category
- _sourceName
- Name
- _collector
- Collector
- _timeslice
- _signature
| ✓ | ✓ |
+| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.
An aggregate query returns the number of aggregate results; displayed in the Aggregates tab of the Search page.
A non-aggregate query returns the number of raw results; displayed in the Messages tab of the Search page.| ✓ | ✓ |
+| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. | ✓ | ✓ |
+| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`, `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). | ✓ | ✓ |
+| `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`. Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. | ✓ | |
+| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example,
`07/13/2025 03:21:32 PM UTC to 07/13/2025 03:36:32 PM UTC` | ✓ | ✓ |
+| `{{TriggerTime}}` | The time the monitor was triggered. For example,
`07/13/2025 03:38:30 PM UTC.` | ✓ | ✓ |
+| `{{TriggerCondition}}` | The condition that triggered the alert. For example,
`Greater than or equal to 1.0 in the last 15 minutes` | ✓ | ✓ |
+| `{{TriggerValue}}` | The value that triggered the alert. | ✓ | ✓ |
+| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. | ✓ | ✓ |
+| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. | ✓ | ✓ |
+| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. | ✓ | |
+| `{{AlertResponseUrl}}` | When your Monitor is triggered, it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. | ✓ | ✓ |
@@ -109,22 +100,22 @@ We recommend using the new common variables instead of these legacy variables, w
| Variable | Description | Metrics Monitors | Scheduled Searches |
| :-- | :-- | :-- | :--|
-| ` {{SearchName}}` | |  |  |
-| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. |  |  |
-| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. |  |  |
-| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. |  |  |
-| `{{TimeRange}}` | The time range that triggered the alert. |  |  |
-| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. |  |  |
-| `{{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{NumRawResults}}` | Number of results returned by the search. |  |  |
-| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:
`{{Results.client_ip}} had {{Results.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it. |  |  |
-| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) |  |  |
-| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. |  |  |
-| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. |  |  |
-| `{{AlertID}}` | The ID of the triggered alert. |  |  |
-| `The ID of the triggered alert.` | Current status of the time series that triggered (for example, Critical or Warning). |  |  |
-| `{{AlertCondition}}` | The condition that triggered the alert. |  |  |
+| ` {{SearchName}}` | | ✓ | ✓ |
+| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. | ✓ | ✓ |
+| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. | ✓ | ✓ |
+| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. | ✓ | ✓ |
+| `{{TimeRange}}` | The time range that triggered the alert. | ✓ | ✓ |
+| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. | ✓ | ✓ |
+| `{{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. | | ✓
Not available with email notifications |
+| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. | | ✓
Not available with email notifications |
+| `{{NumRawResults}}` | Number of results returned by the search. | | ✓ |
+| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:
`{{Results.client_ip}} had {{Results.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it. | | ✓ |
+| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) | ✓ | |
+| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. | ✓ | |
+| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. | ✓ | |
+| `{{AlertID}}` | The ID of the triggered alert. | ✓ | |
+| `The ID of the triggered alert.` | Current status of the time series that triggered (for example, Critical or Warning). | ✓ | |
+| `{{AlertCondition}}` | The condition that triggered the alert. | | |
@@ -182,8 +173,6 @@ We recommend using the new common variables instead of these legacy variables, w
Monitor Alert: {{TriggerTimeRange}} on {{Name}}
```
-
-
#### Flat JSON
This example payload is flat JSON.
@@ -201,13 +190,14 @@ This example payload is flat JSON.
This example payload is hierarchical JSON.
```json
-{ "event_type": "trigger",
- "description": "{{Description}}",
- "client": "Sumo Logic",
- "client_url": "{{SearchQueryUrl}}",
- "details": {
- "name: {{Name}}, time: {{TimeRange}}--{{FireTime}}, num: {{NumQueryResults}}, results: {{ResultsJson}}"
- }
+{
+ "event_type": "trigger",
+ "description": "{{Description}}",
+ "client": "Sumo Logic",
+ "client_url": "{{SearchQueryUrl}}",
+ "details": {
+ "name: {{Name}}, time: {{TimeRange}}--{{FireTime}}, num: {{NumQueryResults}}, results: {{ResultsJson}}"
+ }
}
```
@@ -227,7 +217,7 @@ For the following example message:
"user_id": "",
"user_name": "",
"web_session": "",
- "Message": "2015-10-27 10:31:15,853 -0700 INFO Partitioned 0 tokens, 2 targets into 773 assignments"
+ "Message": "2025-10-27 10:31:15,853 -0700 INFO Partitioned 0 tokens, 2 targets into 773 assignments"
}
```
@@ -243,7 +233,7 @@ the following is the payload configuration. Notice that `RawResultsJson` is enc
The following valid JSON is sent in the payload of the POST request.
```
-{"channel": "ops", "text": "{\"thread\":\"conciergePartitioner-1\",\"user_id\":\"\",\"user_name\":\"\",\"web_session\":\"\",\"Message\":\"2015-10-27 10:31:15,853 -0700 INFO Partitioned 0 tokens, 2 targets into 773 assignments\"}
+{"channel": "ops", "text": "{\"thread\":\"conciergePartitioner-1\",\"user_id\":\"\",\"user_name\":\"\",\"web_session\":\"\",\"Message\":\"2025-10-27 10:31:15,853 -0700 INFO Partitioned 0 tokens, 2 targets into 773 assignments\"}
```
### Example authorization header
@@ -252,7 +242,7 @@ Use HTTP Basic Authentication, this is a standard used across the world wide web
* Combine the username and password with a single colon.
* Encode using the [RFC2045-MIME](https://www.ietf.org/rfc/rfc2045.txt) variant of Base64. You can use any encoder, including the [base64](/docs/search/search-query-language/search-operators/base64encode) search operator to do this.
-* The authorization method and a space, such as "Basic " is then put before the encoded string.
+* The authorization method and a space, such as `Basic `, is then put before the encoded string.
For example, if the user agent uses `Aladdin` as the username and `OpenSesame` as the password then the field could be formed with a
simple bash command as follows:
@@ -264,7 +254,7 @@ echo -n "Aladdin:OpenSesame" | base64
The `-n` ensures that an extra new line is not encoded.
:::
-yielding a string 'QWxhZGRpbjpPcGVuU2VzYW1l' that is used like this:
+yielding a string `QWxhZGRpbjpPcGVuU2VzYW1l` that is used like this:
```
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
```
diff --git a/docs/cloud-soar/compared-to-automation-service.md b/docs/cloud-soar/compared-to-automation-service.md
index ee879bd811..752c240591 100644
--- a/docs/cloud-soar/compared-to-automation-service.md
+++ b/docs/cloud-soar/compared-to-automation-service.md
@@ -31,29 +31,29 @@ Cloud SOAR also offers many more features than the Automation Service, including
| Feature | Automation
Service | Cloud SOAR |
| :-- | :-- | :-- |
-| App Central
- Integrations
- Playbooks |  |  |
-| Automation (full features) |  |  |
-| Automation Bridge |  |  |
-| Integration with Cloud SIEM and Log Analytics |  |  |
-| Integrations management |  |  |
-| Open Integration Framework (OIF)
- Custom docker images for action execution
- Custom integration capabilities
- Integration Builder (almost no-code) |  |  |
-| Playbooks
- Execution in the cloud (without using an Automation Bridge)
- Execution in local network with an Automation Bridge
- Management
- Slack integration for node activation |  |  |
-| Advanced automation capabilities
- Daemons
- Triggers | |  |
-| Automation rule definition | |  |
-| Average Phase Duration | |  |
-| Cases
- Attachments
- Bulk actions
- Cloning
- Collaboration ( Notes, Slack, Task)
- Contextual hints while writing a search string
- Fields customization
- Filters with advanced search bar
- Incident attachments (files)
- Label configuration
- Manual creation
- Online/offline search
- Over time
- Overview
- Ownership and user group management
- Selection of case properties to display
- Statistics
- Template
- War Room | |  |
-| Dashboards
- Cloning
- Multiple
- Preview while customizing page
- Public/private | |  |
-| Entities
- Harvesting
- Manual creation | |  |
-| Data can be shown with:
- Filtering (with query, bookmarks, and via search bar)
- Graphs
- Placeholders/tags
- Tables
- Text | |  |
-| Flexible layout with drag and drop | |  |
-| Logo configuration | |  |
-| Metrics for usage and adoption | |  |
-| Reports
- Create starting from a case list query
- Customize format, margins, orientation, pages and page header/footer
- Flexible layout with drag and drop
- Multiple
- Public/private
- Realtime preview while customizing page
- Scheduled | |  |
-| SecOps Dashboard | |  |
-| Task Overview | |  |
-| Triage
- Configuration
- Event management
- Graphical display of the playbooks executed | |  |
-| User group management | |  |
-| Widgets
- Custom
- Public/private
- Real time preview
- Textual (with placeholder and images support) | |  |
+| App Central
- Integrations
- Playbooks | ✓ | ✓ |
+| Automation (full features) | ✓ | ✓ |
+| Automation Bridge | ✓ | ✓ |
+| Integration with Cloud SIEM and Log Analytics | ✓ | ✓ |
+| Integrations management | ✓ | ✓ |
+| Open Integration Framework (OIF)
- Custom docker images for action execution
- Custom integration capabilities
- Integration Builder (almost no-code) | ✓ | ✓ |
+| Playbooks
- Execution in the cloud (without using an Automation Bridge)
- Execution in local network with an Automation Bridge
- Management
- Slack integration for node activation | ✓ | ✓ |
+| Advanced automation capabilities
- Daemons
- Triggers | | ✓ |
+| Automation rule definition | | ✓ |
+| Average Phase Duration | | ✓ |
+| Cases
- Attachments
- Bulk actions
- Cloning
- Collaboration ( Notes, Slack, Task)
- Contextual hints while writing a search string
- Fields customization
- Filters with advanced search bar
- Incident attachments (files)
- Label configuration
- Manual creation
- Online/offline search
- Over time
- Overview
- Ownership and user group management
- Selection of case properties to display
- Statistics
- Template
- War Room | | ✓ |
+| Dashboards
- Cloning
- Multiple
- Preview while customizing page
- Public/private | | ✓ |
+| Entities
- Harvesting
- Manual creation | | ✓ |
+| Data can be shown with:
- Filtering (with query, bookmarks, and via search bar)
- Graphs
- Placeholders/tags
- Tables
- Text | | ✓ |
+| Flexible layout with drag and drop | | ✓ |
+| Logo configuration | | ✓ |
+| Metrics for usage and adoption | | ✓ |
+| Reports
- Create starting from a case list query
- Customize format, margins, orientation, pages and page header/footer
- Flexible layout with drag and drop
- Multiple
- Public/private
- Realtime preview while customizing page
- Scheduled | | ✓ |
+| SecOps Dashboard | | ✓ |
+| Task Overview | | ✓ |
+| Triage
- Configuration
- Event management
- Graphical display of the playbooks executed | | ✓ |
+| User group management | | ✓ |
+| Widgets
- Custom
- Public/private
- Real time preview
- Textual (with placeholder and images support) | | ✓ |
diff --git a/docs/get-started/sumo-logic-ui-classic.md b/docs/get-started/sumo-logic-ui-classic.md
index 35e76203e5..4c94f0d682 100644
--- a/docs/get-started/sumo-logic-ui-classic.md
+++ b/docs/get-started/sumo-logic-ui-classic.md
@@ -90,14 +90,14 @@ The following table lists the options available for the Search, Metrics, and Liv
| Option | Search tab | Metrics tab | Live Tail tab |
|:--|:--|:--|:--|
-| Pin |  | — | — |
-| Rename |  |  |  |
-| Duplicate |  |  |  |
-| Open a New Browser Tab | — | — |  |
-| Close |  |  |  |
-| Close Other Tabs |  |  |  |
-| Close All Tabs |  |  |  |
-| Close Tabs to the Right |  |  |  |
+| Pin | ✓ | — | — |
+| Rename | ✓ | ✓ | ✓ |
+| Duplicate | ✓ | ✓ | ✓ |
+| Open a New Browser Tab | — | — | ✓ |
+| Close | ✓ | ✓ | ✓ |
+| Close Other Tabs | ✓ | ✓ | ✓ |
+| Close All Tabs | ✓ | ✓ | ✓ |
+| Close Tabs to the Right | ✓ | ✓ | ✓ |
## Mastering everyday tasks
diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
index 1c62b1b4a6..9c2d80e153 100644
--- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
+++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
@@ -30,30 +30,30 @@ The following table provides a summary list of key features by package accounts.
| Feature | Free | Trial | Professional | Enterprise |
|:-- | :-- | :-- | :-- | :-- |
-| Audit Index | |  |  |  |
-| Audit Event Index | |  | |  |
-| [Collector Management API](/docs/api/collector-management) |  |  |  |  |
+| Audit Index | | ✓ | ✓ | ✓ |
+| Audit Event Index | | ✓ | | ✓ |
+| [Collector Management API](/docs/api/collector-management) | ✓ | ✓ | ✓ | ✓ |
| Dashboards - Live Mode | 7 days | 30 days | 30 days | 30 days |
-| [Data Forwarding](/docs/manage/data-forwarding) |  |  |  |  |
-| [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) |  |  |  |  |
-| [Field Extraction](/docs/manage/field-extractions) |  |  |  |  |
-| [Ingest Budgets](/docs/manage/ingestion-volume/ingest-budgets) | | | |  |
-| Log Data retention (Classic Accounts) | 7 days | 30 days |  |  |
-| Log Data storage (Cloud Flex Accounts) | 4GB | 30GB |  |  |
-| Log Data volume | 500MB per day | 1GB per day* |  |  |
-| [LogReduce](/docs/search/behavior-insights/logreduce) |  |  |  |  |
+| [Data Forwarding](/docs/manage/data-forwarding) | ✓ | ✓ | ✓ | ✓ |
+| [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) | ✓ | ✓ | ✓ | ✓ |
+| [Field Extraction](/docs/manage/field-extractions) | ✓ | ✓ | ✓ | ✓ |
+| [Ingest Budgets](/docs/manage/ingestion-volume/ingest-budgets) | | | | ✓ |
+| Log Data retention (Classic Accounts) | 7 days | 30 days | ✓ | ✓ |
+| Log Data storage (Cloud Flex Accounts) | 4GB | 30GB | ✓ | ✓ |
+| Log Data volume | 500MB per day | 1GB per day* | ✓ | ✓ |
+| [LogReduce](/docs/search/behavior-insights/logreduce) | ✓ | ✓ | ✓ | ✓ |
| [Lookup Tables](/docs/search/lookup-tables) | none | Varies by the account type being trialed | 10 tables per org | 100 tables per org |
-| Metrics | |  |  |  |
-| Metrics data retention | |  |  |  |
-| Metrics data retention | |  |  |  |
-| [Partitions](/docs/manage/partitions) | |  |  |  |
-| SAML | |  |  |  |
-| Scheduled Views | |  |  |  |
-| Search Job API | |  |  |  |
-| Support | |  |  |  |
-| Sumo Logic Apps | QuickStart only |  |  |  |
-| Users (Classic Accounts) | Three users | 20 users* |  |  |
-| User and Role APIs |  |  |  |  |
+| Metrics | | ✓ | ✓ | ✓ |
+| Metrics data retention | | ✓ | ✓ | ✓ |
+| Metrics data retention | | ✓ | ✓ | ✓ |
+| [Partitions](/docs/manage/partitions) | | ✓ | ✓ | ✓ |
+| SAML | | ✓ | ✓ | ✓ |
+| Scheduled Views | | ✓ | ✓ | ✓ |
+| Search Job API | | ✓ | ✓ | ✓ |
+| Support | | ✓ | ✓ | ✓ |
+| Sumo Logic Apps | QuickStart only | ✓ | ✓ | ✓ |
+| Users (Classic Accounts) | Three users | 20 users* | ✓ | ✓ |
+| User and Role APIs | ✓ | ✓ | ✓ | ✓ |
\* Contact [Sumo Logic Sales](mailto:sales@sumologic.com) to customize your account to meet your organization's needs.
diff --git a/docs/manage/manage-subscription/fedramp-capabilities.md b/docs/manage/manage-subscription/fedramp-capabilities.md
index fd672a141d..76180719c4 100644
--- a/docs/manage/manage-subscription/fedramp-capabilities.md
+++ b/docs/manage/manage-subscription/fedramp-capabilities.md
@@ -15,93 +15,93 @@ The following table shows the capabilities included with Sumo Logic’s FedRAMP
| Category | Capability | Standard Product | FedRAMP Moderate (FED) |
| :-- | :-- | :-- | :-- |
-| Abilities - Platform | [Alert response](/docs/alerts/monitors/alert-response/) |||
-| Abilities - Platform | [App catalog](/docs/get-started/apps-integrations/) |||
-| Abilities - Platform | [Training: Learn and certification](/docs/get-started/training-certification-faq/) |||
-| Abilities - Solutions | [Application observability](/docs/observability/application-components/) |||
-| Abilities - Solutions | [AWS observability](/docs/observability/aws/) |||
-| Abilities - Solutions | [Logs for Security](/docs/security/additional-security-features/) |||
-| Abilities - Solutions | [Cloud SIEM](/docs/cse/) |||
-| Abilities - Solutions | [Cloud SOAR](/docs/cloud-soar/) / [Automation Service](/docs/platform-services/automation-service/) ||
-| Abilities - Solutions | [Software Development Optimization](/docs/observability/sdo/) |||
-| Abilities - Solutions | [Kubernetes observability](/docs/observability/kubernetes/) |||
-| Administration - Account | [Account overview](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#account-overview) |||
-| Administration - Account | [Data management](/docs/manage/users-roles/roles/role-capabilities/#data-management) |||
-| Administration - Personal | [Preferences](/docs/get-started/account-settings-preferences/) |||
-| Administration - Security | [Access keys](/docs/manage/security/access-keys/) |||
-| Administration - Security | [Installation tokens](/docs/manage/security/installation-tokens/) |||
-| Administration - Security | [Password policy](/docs/manage/security/set-password-policy/) |||
-| Administration - Security | [Policies](/docs/manage/security/) |||
-| Administration - Security | [SAML](/docs/manage/security/saml/) |||
-| Administration - Security | [Service allowlist settings](/docs/manage/security/create-allowlist-ip-cidr-addresses/) |||
-| Administration - Users and Roles | [Roles](/docs/manage/users-roles/roles/) |||
-| Administration - Users and Roles | [Users](/docs/manage/users-roles/users/) |||
-| Collection | [Hosted collectors](/docs/send-data/hosted-collectors/) |||
-| Collection | [Installed collectors](/docs/send-data/installed-collectors/) |||
-| Collection | [OpenTelemetry collector](/docs/send-data/opentelemetry-collector/) ||
*OS support: Linux only.*
*UI: No workflow to add collector.* |
-| Collection - Amazon Web Services | [Amazon CloudFront](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudfront-source/) |||
-| Collection - Amazon Web Services | [Amazon S3](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source/) |||
-| Collection - Amazon Web Services | [Amazon S3 Audit](/docs/send-data/hosted-collectors/amazon-aws/amazon-s3-audit-source/) |||
-| Collection - Amazon Web Services | [AWS CloudTrail](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/) |||
-| Collection - Amazon Web Services | [AWS CloudWatch Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics/) |||
-| Collection - Amazon Web Services | [AWS Elastic Load Balancing](/docs/send-data/hosted-collectors/amazon-aws/aws-elastic-load-balancing-source/) |||
-| Collection - Amazon Web Services | [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/) |||
-| Collection - Amazon Web Services | [AWS Kinesis Firehose for Metrics](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source/) |||
-| Collection - Amazon Web Services | [AWS Inventory](/docs/observability/aws/deploy-use-aws-observability/resources/) || |
-| Collection - Amazon Web Services | [AWS Metadata](/docs/send-data/hosted-collectors/amazon-aws/aws-metadata-tag-source/) |||
-| Collection - Amazon Web Services | [CSE AWS EC2 Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source/) || |
-| Collection - Archive | [AWS S3 archive](/docs/manage/data-archiving/archive) |||
-| Collection - Cloud APIs | [Akamai SIEM API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-siem-api-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Azure Event Hubs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/) |||
-| Collection - Cloud APIs | [Box](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Carbon Black Cloud](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Carbon Black Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source/) ||
Available upon request within 5 business days. |
-| Collection - Cloud APIs | [Cisco AMP](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Cloud Syslog](/docs/send-data/hosted-collectors/cloud-syslog-source/) |||
-| Collection - Cloud APIs | [CrowdStrike](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source/) |||
-| Collection - Cloud APIs | [Crowdstrike FDR](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source/) |||
-| Collection - Cloud APIs | [Cybereason](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Dropbox](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Duo](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source/) |||
-| Collection - Cloud APIs | [G Suite Apps Audit](/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source/) |||
-| Collection - Cloud APIs | [GCP Metrics](/docs/send-data/hosted-collectors/google-source/gcp-metrics-source/) |||
-| Collection - Cloud APIs | [Google Cloud Platform](/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source/) |||
-| Collection - Cloud APIs | [Google Workspace](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [HTTP Logs & Metrics](/docs/send-data/hosted-collectors/http-source/logs-metrics/) |||
-| Collection - Cloud APIs | [HTTP Traces](/docs/send-data/hosted-collectors/http-source/traces/) |||
-| Collection - Cloud APIs | [Microsoft Azure AD Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Microsoft Graph Security API](/docs/integrations/saas-cloud/microsoft-graph-security-v2/) ||
*Available upon request within 5 business days.*
-| Collection - Cloud APIs | [Mimecast](/docs/integrations/saas-cloud/mimecast/) |||
-| Collection - Cloud APIs | [MS Graph Azure AD Reporting](/docs/integrations/saas-cloud/microsoft-graph-azure-ad-reporting/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [MS Graph Identity Protection](/docs/integrations/microsoft-azure/microsoft-graph-identity-protection/) |||
-| Collection - Cloud APIs | [Netskope](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Netskope WebTx](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Office 365 Audit](/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source/) |||
-| Collection - Cloud APIs | [Okta](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source/) ||
*Available upon request within 5 business days* |
-| Collection - Cloud APIs | [Palo Alto Cortex XDR](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Proofpoint On Demand](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Proofpoint TAP](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source/) |||
-| Collection - Cloud APIs | [RUM HTTP Traces](/docs/send-data/hosted-collectors/http-source/traces/) |||
-| Collection - Cloud APIs | [Salesforce](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [SailPoint](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [SentinelOne Mgmt API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source/) |||
-| Collection - Cloud APIs| [Sophos Central](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Symantec Web Security Service](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Tenable](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Workday](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source/) ||
*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [1Password](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source/) ||
*Available upon request within 5 business days.*
-| Dashboards | [Dashboard reports](/docs/dashboards/scheduled-report/) || |
-| Manage Data - Logs | [Data forwarding](/docs/manage/data-forwarding/) |||
-| Manage Data - Logs | [Data tiering](/docs/manage/partitions/data-tiers/) |
*Only included with Enterprise Suite License.* |
*Only included with Enterprise Suite License.* |
-| Manage Data - Logs | [Fields](/docs/manage/fields/) |||
-| Manage Data - Logs | [Field extraction rules](/docs/manage/field-extractions/) |||
-| Manage Data - Logs | [Partitions](/docs/manage/partitions/) |||
-| Manage Data - Logs | [Scheduled searches](/docs/alerts/scheduled-searches/) |||
-| Manage Data - Logs | [Scheduled views](/docs/manage/scheduled-views/) |||
-| Manage Data - Metrics | [Logs-to-Metrics](/docs/metrics/logs-to-metrics/) |||
-| Manage Data - Metrics | [Metrics Rules](/docs/metrics/metric-rules-editor/) |||
-| Manage Data - Metrics | [Metrics transformation rules](/docs/metrics/metrics-transformation-rules/) |||
-| Manage Data - Monitoring | [Connections](/docs/alerts/webhook-connections/) |||
-| Manage Data - Monitoring | [Health events](/docs/manage/health-events/) |||
-| Manage Data - Monitoring | [Monitors](/docs/alerts/monitors/) |||
-| Manage Data - Monitoring | [SLOs](/docs/observability/reliability-management-slo/) |||
+| Abilities - Platform | [Alert response](/docs/alerts/monitors/alert-response/) | ✓ | ✓ |
+| Abilities - Platform | [App catalog](/docs/get-started/apps-integrations/) | ✓ | ✓ |
+| Abilities - Platform | [Training: Learn and certification](/docs/get-started/training-certification-faq/) | ✓ | ✓ |
+| Abilities - Solutions | [Application observability](/docs/observability/application-components/) | ✓ ||
+| Abilities - Solutions | [AWS observability](/docs/observability/aws/) | ✓ ||
+| Abilities - Solutions | [Logs for Security](/docs/security/additional-security-features/) | ✓ | ✓ |
+| Abilities - Solutions | [Cloud SIEM](/docs/cse/) | ✓ | ✓ |
+| Abilities - Solutions | [Cloud SOAR](/docs/cloud-soar/) / [Automation Service](/docs/platform-services/automation-service/) | ✓ |
+| Abilities - Solutions | [Software Development Optimization](/docs/observability/sdo/) | ✓ ||
+| Abilities - Solutions | [Kubernetes observability](/docs/observability/kubernetes/) | ✓ | ✓ |
+| Administration - Account | [Account overview](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#account-overview) | ✓ | ✓ |
+| Administration - Account | [Data management](/docs/manage/users-roles/roles/role-capabilities/#data-management) | ✓ | ✓ |
+| Administration - Personal | [Preferences](/docs/get-started/account-settings-preferences/) | ✓ | ✓ |
+| Administration - Security | [Access keys](/docs/manage/security/access-keys/) | ✓ | ✓ |
+| Administration - Security | [Installation tokens](/docs/manage/security/installation-tokens/) | ✓ | ✓ |
+| Administration - Security | [Password policy](/docs/manage/security/set-password-policy/) | ✓ | ✓ |
+| Administration - Security | [Policies](/docs/manage/security/) | ✓ | ✓ |
+| Administration - Security | [SAML](/docs/manage/security/saml/) | ✓ | ✓ |
+| Administration - Security | [Service allowlist settings](/docs/manage/security/create-allowlist-ip-cidr-addresses/) | ✓ | ✓ |
+| Administration - Users and Roles | [Roles](/docs/manage/users-roles/roles/) | ✓ | ✓ |
+| Administration - Users and Roles | [Users](/docs/manage/users-roles/users/) | ✓ | ✓ |
+| Collection | [Hosted collectors](/docs/send-data/hosted-collectors/) | ✓ | ✓ |
+| Collection | [Installed collectors](/docs/send-data/installed-collectors/) | ✓ | ✓ |
+| Collection | [OpenTelemetry collector](/docs/send-data/opentelemetry-collector/) | ✓ | ✓
*OS support: Linux only.*
*UI: No workflow to add collector.* |
+| Collection - Amazon Web Services | [Amazon CloudFront](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudfront-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [Amazon S3](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [Amazon S3 Audit](/docs/send-data/hosted-collectors/amazon-aws/amazon-s3-audit-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS CloudTrail](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS CloudWatch Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS Elastic Load Balancing](/docs/send-data/hosted-collectors/amazon-aws/aws-elastic-load-balancing-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS Kinesis Firehose for Metrics](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [AWS Inventory](/docs/observability/aws/deploy-use-aws-observability/resources/) | ✓ | |
+| Collection - Amazon Web Services | [AWS Metadata](/docs/send-data/hosted-collectors/amazon-aws/aws-metadata-tag-source/) | ✓ | ✓ |
+| Collection - Amazon Web Services | [CSE AWS EC2 Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source/) | ✓ | |
+| Collection - Archive | [AWS S3 archive](/docs/manage/data-archiving/archive) | ✓ | ✓ |
+| Collection - Cloud APIs | [Akamai SIEM API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-siem-api-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Azure Event Hubs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Box](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Carbon Black Cloud](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Carbon Black Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source/) | ✓ | ✓
Available upon request within 5 business days. |
+| Collection - Cloud APIs | [Cisco AMP](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Cloud Syslog](/docs/send-data/hosted-collectors/cloud-syslog-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [CrowdStrike](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Crowdstrike FDR](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Cybereason](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Dropbox](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Duo](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [G Suite Apps Audit](/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [GCP Metrics](/docs/send-data/hosted-collectors/google-source/gcp-metrics-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Google Cloud Platform](/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Google Workspace](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [HTTP Logs & Metrics](/docs/send-data/hosted-collectors/http-source/logs-metrics/) | ✓ | ✓ |
+| Collection - Cloud APIs | [HTTP Traces](/docs/send-data/hosted-collectors/http-source/traces/) | ✓ ||
+| Collection - Cloud APIs | [Microsoft Azure AD Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Microsoft Graph Security API](/docs/integrations/saas-cloud/microsoft-graph-security-v2/) | ✓ | ✓
*Available upon request within 5 business days.*
+| Collection - Cloud APIs | [Mimecast](/docs/integrations/saas-cloud/mimecast/) | ✓ | ✓ |
+| Collection - Cloud APIs | [MS Graph Azure AD Reporting](/docs/integrations/saas-cloud/microsoft-graph-azure-ad-reporting/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [MS Graph Identity Protection](/docs/integrations/microsoft-azure/microsoft-graph-identity-protection/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Netskope](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Netskope WebTx](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Office 365 Audit](/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [Okta](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source/) | ✓ | ✓
*Available upon request within 5 business days* |
+| Collection - Cloud APIs | [Palo Alto Cortex XDR](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Proofpoint On Demand](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Proofpoint TAP](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source/) | ✓ | ✓ |
+| Collection - Cloud APIs | [RUM HTTP Traces](/docs/send-data/hosted-collectors/http-source/traces/) | ✓ ||
+| Collection - Cloud APIs | [Salesforce](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [SailPoint](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [SentinelOne Mgmt API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source/) | ✓ | ✓ |
+| Collection - Cloud APIs| [Sophos Central](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Symantec Web Security Service](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Tenable](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [Workday](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source/) | ✓ | ✓
*Available upon request within 5 business days.* |
+| Collection - Cloud APIs | [1Password](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source/) | ✓ | ✓
*Available upon request within 5 business days.*
+| Dashboards | [Dashboard reports](/docs/dashboards/scheduled-report/) | ✓ | |
+| Manage Data - Logs | [Data forwarding](/docs/manage/data-forwarding/) | ✓ | ✓ |
+| Manage Data - Logs | [Data tiering](/docs/manage/partitions/data-tiers/) | ✓
*Only included with Enterprise Suite License.* | ✓
*Only included with Enterprise Suite License.* |
+| Manage Data - Logs | [Fields](/docs/manage/fields/) | ✓ | ✓ |
+| Manage Data - Logs | [Field extraction rules](/docs/manage/field-extractions/) | ✓ | ✓ |
+| Manage Data - Logs | [Partitions](/docs/manage/partitions/) | ✓ | ✓ |
+| Manage Data - Logs | [Scheduled searches](/docs/alerts/scheduled-searches/) | ✓ | ✓ |
+| Manage Data - Logs | [Scheduled views](/docs/manage/scheduled-views/) | ✓ | ✓ |
+| Manage Data - Metrics | [Logs-to-Metrics](/docs/metrics/logs-to-metrics/) | ✓ | ✓ |
+| Manage Data - Metrics | [Metrics Rules](/docs/metrics/metric-rules-editor/) | ✓ | ✓ |
+| Manage Data - Metrics | [Metrics transformation rules](/docs/metrics/metrics-transformation-rules/) | ✓ | ✓ |
+| Manage Data - Monitoring | [Connections](/docs/alerts/webhook-connections/) | ✓ | ✓ |
+| Manage Data - Monitoring | [Health events](/docs/manage/health-events/) | ✓ | ✓ |
+| Manage Data - Monitoring | [Monitors](/docs/alerts/monitors/) | ✓ | ✓ |
+| Manage Data - Monitoring | [SLOs](/docs/observability/reliability-management-slo/) | ✓ | ✓ |
diff --git a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
index 8d34b0e497..0627f3e6a4 100644
--- a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
+++ b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
@@ -82,37 +82,37 @@ The following table provides a summary list of key features by Credits package a
| Feature | Free | Trial | Essentials | Enterprise Operations | Enterprise Security | Enterprise Suite |
|:-- | :-- | :-- | :-- | :-- | :-- | :-- |
-| Audit Index |  |  |  |  |  |  |
-| Audit Event Index | |  | |  |  |  |
+| Audit Index | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Audit Event Index | | ✓ | | ✓ | ✓ | ✓ |
| Cloud SIEM | | | | | Activation required* | Activation required* |
| Cloud SOAR | | | | | | Activation required* |
-| Threat Intel | |  |  |  |  |  |
-| Collector Management API |  |  |  |  |  |  |
-| Data Forwarding | |  |  |  |  |  |
-| Data Tiers | | | | | |  |
-| Data Volume Index | |  |  |  |  |  |
-| Field Extraction |  |  |  |  |  |  |
-| Global Intelligence | | | |  |  |  |
-| Ingest Budgets | | | |  |  |  |
-| Log Data storage |  |  |  |  |  |  |
-| Log Data Continuous Volume |  |  |  |  |  |  |
-| Log Data Frequent Tier Volume | |  |  |  |  |  |
-| LogReduce |  |  |  |  |  |  |
-| Lookup Tables | |  |  |  |  |  |
-| Metrics |  |  |  |  |  |  |
-| Metrics data retention |  |  |  |  |  |  |
-| Metrics volume |  |  |  |  |  |  |
-| Monitors |  |  |  |  |  |  |
-| Partitions |  |  |  |  |  |  |
-| PCI Compliance App | |  | |  |  |  |
-| Real User Monitoring (RUM) | |  |  |  |  |  |
-| SAML |  |  |  |  |  |  |
-| Scheduled Views |  |  |  |  |  |  |
-| Search Job API | |  | |  |  |  |
-| Support | |  |  |  |  |  |
-| Sumo Logic Apps |  |  |  |  |  |  |
-| Traces | 
Up to 1.5GB per day* | 
Up to 5GB per day | 
5GB per day |  | |  |
-| User and Role APIs |  |  |  |  |  |  |
+| Threat Intel | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Collector Management API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Data Forwarding | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Data Tiers | | | | | | ✓ |
+| Data Volume Index | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Field Extraction | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Global Intelligence | | | | ✓ | ✓ | ✓ |
+| Ingest Budgets | | | | ✓ | ✓ | ✓ |
+| Log Data storage | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Log Data Continuous Volume | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Log Data Frequent Tier Volume | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| LogReduce | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Lookup Tables | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Metrics | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Metrics data retention | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Metrics volume | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Monitors | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Partitions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| PCI Compliance App | | ✓ | | ✓ | ✓ | ✓ |
+| Real User Monitoring (RUM) | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| SAML | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Scheduled Views | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Search Job API | | ✓ | | ✓ | ✓ | ✓ |
+| Support | | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Sumo Logic Apps | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Traces | ✓
Up to 1.5GB per day* | ✓
Up to 5GB per day | ✓
5GB per day | ✓ | | ✓ |
+| User and Role APIs | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
\* Contact your account manager to customize your account to meet your organization's needs.
diff --git a/docs/manage/manage-subscription/sumo-logic-flex-accounts.md b/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
index b7a0f128cb..e9f5051e8c 100644
--- a/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
+++ b/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
@@ -64,84 +64,84 @@ The following table provides a summary list of key features by Flex package acco
| Feature | Free | Trial | Essentials | Enterprise Suite Flex |
|:------- | :--- | :---- | :------------- | :------------- |
-| Advanced Span Analytics | |  | | |
-| Anomaly Alerting | |  | |  |
-| Alerting Integrations (Slack, PagerDuty, ServiceNow, etc.) |  |  | |  |
-| Alert Response |  |  | |  |
-| Anomaly Detection | |  | | |
-| Anomaly Rules | | | |  |
-| APM and Distributed Tracing | |  | | |
-| Application Observability |  |  | | |
-| Audit Index |  |  |  |  |
-| Automated Log-level Detection | | | | |
-| Automated Playbooks |  |  | | |
-| Automated Remediation | |  | | |
-| Automation Service (playbooks for Insight enrichment, notifications, and containment actions) |  |  | | |
-| AWS CloudTrail and Amazon Guard Duty Threat Benchmarking | |  | | |
-| Case Manager | | | |  |
-| Cloud Infrastructure Security | |  | | |
-| Cloud Log Management |  |  | | |
+| Advanced Span Analytics | | ✓ | | ✓ |
+| Anomaly Alerting | | ✓ | | ✓ |
+| Alerting Integrations (Slack, PagerDuty, ServiceNow, etc.) | ✓ | ✓ | | ✓ |
+| Alert Response | ✓ | ✓ | | ✓ |
+| Anomaly Detection | | ✓ | | ✓ |
+| Anomaly Rules | | | | ✓ |
+| APM and Distributed Tracing | | ✓ | | ✓ |
+| Application Observability | ✓ | ✓ | | ✓ |
+| Audit Index | ✓ | ✓ | ✓ | ✓ |
+| Automated Log-level Detection | | | | ✓ |
+| Automated Playbooks | ✓ | ✓ | | ✓ |
+| Automated Remediation | | ✓ | | ✓ |
+| Automation Service (playbooks for Insight enrichment, notifications, and containment actions) | ✓ | ✓ | | ✓ |
+| AWS CloudTrail and Amazon Guard Duty Threat Benchmarking | | ✓ | | ✓ |
+| Case Manager | | | | ✓ |
+| Cloud Infrastructure Security | | ✓ | | ✓ |
+| Cloud Log Management | ✓ | ✓ | | ✓ |
| Cloud SIEM | | | | Activation required* |
-| Cloud Security Posture Monitoring | |  | | |
+| Cloud Security Posture Monitoring | | ✓ | | ✓ |
| Cloud SOAR | | | | Activation required* |
-| Collector Management API |  |  |  |  |
-| Compliance and Audit Logging | |  | |  |
-| Threat Intelligence | |  | |  |
-| Customizable Dashboards |  |  | |  |
-| Data Forwarding | |  |  |  |
-| Data Volume Index | |  |  |  |
-| Enterprise Audit and Logging Dashboards | |  | |  |
-| Entity Normalization | |  | | |
-| Entity Relationship Graph | | | |  |
-| Entity Timeline | | | |  |
-| Field Extraction |  |  |  |  |
-| Geo IP Lookups | |  | |  |
-| Global Intelligence Service apps | | | |  |
-| Historical and Live Streaming Dashboards |  |  | |  |
-| Ingest Budgets | |  | |  |
-| Insight Global Confidence Scores | | | |  |
-| Insight Rules Engine (including 900+ out-of-the-box rules) | | | |  |
-| Insight Trainer | | | |  |
-| Kubernetes Observability |  |  | | |
-| Live Tail for Streaming Logs |  |  | |  |
-| LogReduce©, LogCompare, and LogExplain |  |  |  |  |
-| Log Data Continuous Volume |  |  |  | |
-| Log Data Frequent Tier Volume | |  |  | |
-| Log Data storage |  |  |  |  |
-| Log Search and Visualizations |  |  | |  |
-| Log Search API | | | |  |
-| Lookup Tables | |  |  |  |
-| Management APIs |  |  | |  |
-| Metrics |  |  |  |  |
-| Metrics based SLOs | | | | |
-| Metrics data retention |  |  |  |  |
-| Metrics Predict Operators | | | | |
-| Metrics volume |  |  |  |  |
-| MITRE ATT&CK Coverage Explorer | | | |  |
-| Monitors |  |  |  |  |
-| Multi-Cloud Observability (AWS, Azure GCP) |  |  | | |
-| OTel Data Onboarding |  |  | | |
-| OTel for K8s Logs and Events | | | | |
-| Partitions |  |  |  |  |
-| PCI Compliance Apps and Dashboards for Audit Readiness | |  | |  |
-| Playbooks (including complete Sumo Logic playbook catalog) | | | |  |
-| Predictive Analytics and Outlier Detection |  |  | |  |
-| Progressive Automation | | | |  |
-| Real User Monitoring (RUM) | |  |  | |
-| Reliability Management (SLIs/SLOs) | | | | |
-| Risk Assessment | |  | | |
-| Scheduled Alert Muting | | | | |
-| Scheduled Views |  |  |  |  |
-| Service Maps | |  | | |
-| Single sign-on (SSO) with SAML |  |  |  |  |
-| Software Development Optimization |  |  | |  |
-| Sumo Logic Apps |  |  |  |  |
-| Support |  |  |  |  |
-| Traces | 
Up to 1.5GB per day* | 
Up to 5GB per day | 
5GB per day| 
Up to 5GB per day |
-| Usage Management - Advanced | | | |  |
-| Usage Management - Basic |  |  | |  |
-| User and Role APIs |  |  |  |
Up to 5GB per day |
-| War Room | | | |  |
+| Collector Management API | ✓ | ✓ | ✓ | ✓ |
+| Compliance and Audit Logging | | ✓ | | ✓ |
+| Threat Intelligence | | ✓ | | ✓ |
+| Customizable Dashboards | ✓ | ✓ | | ✓ |
+| Data Forwarding | | ✓ | ✓ | ✓ |
+| Data Volume Index | | ✓ | ✓ | ✓ |
+| Enterprise Audit and Logging Dashboards | | ✓ | | ✓ |
+| Entity Normalization | | ✓ | |✓ |
+| Entity Relationship Graph | | | | ✓ |
+| Entity Timeline | | | | ✓ |
+| Field Extraction | ✓ | ✓ | ✓ | ✓ |
+| Geo IP Lookups | | ✓ | | ✓ |
+| Global Intelligence Service apps | | | | ✓ |
+| Historical and Live Streaming Dashboards | ✓ | ✓ | | ✓ |
+| Ingest Budgets | | ✓ | | ✓ |
+| Insight Global Confidence Scores | | | | ✓ |
+| Insight Rules Engine (including 900+ out-of-the-box rules) | | | | ✓ |
+| Insight Trainer | | | | ✓ |
+| Kubernetes Observability | ✓ | ✓ | |✓ |
+| Live Tail for Streaming Logs | ✓ | ✓ | | ✓ |
+| LogReduce©, LogCompare, and LogExplain | ✓ | ✓ | ✓ | ✓ |
+| Log Data Continuous Volume | ✓ | ✓ | ✓ | |
+| Log Data Frequent Tier Volume | | ✓ | ✓ | |
+| Log Data storage | ✓ | ✓ | ✓ | ✓ |
+| Log Search and Visualizations | ✓ | ✓ | | ✓ |
+| Log Search API | | | | ✓ |
+| Lookup Tables | | ✓ | ✓ | ✓ |
+| Management APIs | ✓ | ✓ | | ✓ |
+| Metrics | ✓ | ✓ | ✓ | ✓ |
+| Metrics based SLOs | | | |✓ |
+| Metrics data retention | ✓ | ✓ | ✓ | ✓ |
+| Metrics Predict Operators | | | |✓ |
+| Metrics volume | ✓ | ✓ | ✓ | ✓ |
+| MITRE ATT&CK Coverage Explorer | | | | ✓ |
+| Monitors | ✓ | ✓ | ✓ | ✓ |
+| Multi-Cloud Observability (AWS, Azure GCP) | ✓ | ✓ | |✓ |
+| OTel Data Onboarding | ✓ | ✓ | |✓ |
+| OTel for K8s Logs and Events | | | |✓ |
+| Partitions | ✓ | ✓ | ✓ | ✓ |
+| PCI Compliance Apps and Dashboards for Audit Readiness | | ✓ | | ✓ |
+| Playbooks (including complete Sumo Logic playbook catalog) | | | | ✓ |
+| Predictive Analytics and Outlier Detection | ✓ | ✓ | | ✓ |
+| Progressive Automation | | | | ✓ |
+| Real User Monitoring (RUM) | | ✓ | ✓ |✓ |
+| Reliability Management (SLIs/SLOs) | | | |✓ |
+| Risk Assessment | | ✓ | |✓ |
+| Scheduled Alert Muting | | | |✓ |
+| Scheduled Views | ✓ | ✓ | ✓ | ✓ |
+| Service Maps | | ✓ | |✓ |
+| Single sign-on (SSO) with SAML | ✓ | ✓ | ✓ | ✓ |
+| Software Development Optimization | ✓ | ✓ | | ✓ |
+| Sumo Logic Apps | ✓ | ✓ | ✓ | ✓ |
+| Support | ✓ | ✓ | ✓ | ✓ |
+| Traces | ✓
Up to 1.5GB per day* | ✓
Up to 5GB per day | ✓
5GB per day| ✓
Up to 5GB per day |
+| Usage Management - Advanced | | | | ✓ |
+| Usage Management - Basic | ✓ | ✓ | | ✓ |
+| User and Role APIs | ✓ | ✓ | ✓ |
Up to 5GB per day |
+| War Room | | | | ✓ |
\* Contact your account manager to customize your account to meet your organization's needs.
diff --git a/docs/manage/partitions/data-tiers/index.md b/docs/manage/partitions/data-tiers/index.md
index c32b3ae147..4d83e3e48e 100644
--- a/docs/manage/partitions/data-tiers/index.md
+++ b/docs/manage/partitions/data-tiers/index.md
@@ -56,21 +56,21 @@ How you can search and use your ingested data varies by the Data Tier it resides
| Feature support | Continuous Tier | Frequent Tier | Infrequent Tier |
| :-- | :-- | :-- | :-- |
-| Centralized, secure, multi-tenant cloud-native platform |  | | |
-| Data replication across availability zones, data encryption |  | | |
-| Interactive queries (UI) | 
Partitions can be specified, but are optional. |
Partition or `_dataTier` must be specified. |
Partition or `_dataTier` must be specified. |
-| Support for Installed and Hosted Collectors |  | | |
-| RBAC support |  | | |
-| Support for search operators |  | | |
-| Field Extraction Rules |  | | |
-| Logs to Metrics |  | | |
-| Data Forwarding |  | | |
-| Live Tail |  | | |
-| Dashboards |  | | |
-| Monitors |  | | |
-| Scheduled Searches |  | | |
-| Scheduled Views |  | | |
-| API Queries |  | | |
+| Centralized, secure, multi-tenant cloud-native platform | ✓ | ✓ | ✓ |
+| Data replication across availability zones, data encryption | ✓ | ✓ | ✓ |
+| Interactive queries (UI) | ✓
Partitions can be specified, but are optional. | ✓
Partition or `_dataTier` must be specified. | ✓
Partition or `_dataTier` must be specified. |
+| Support for Installed and Hosted Collectors | ✓ | ✓ | ✓ |
+| RBAC support | ✓ | ✓ | ✓ |
+| Support for search operators | ✓ | ✓ | ✓ |
+| Field Extraction Rules | ✓ | ✓ | ✓ |
+| Logs to Metrics | ✓ | ✓ | ✓ |
+| Data Forwarding | ✓ | ✓ | |
+| Live Tail | ✓ | ✓ | ✓ |
+| Dashboards | ✓ | | |
+| Monitors | ✓ | | |
+| Scheduled Searches | ✓ | | |
+| Scheduled Views | ✓ | | |
+| API Queries | ✓ | ✓ | ✓ |
## Assigning data to a Data Tier
diff --git a/docs/manage/partitions/flex/index.md b/docs/manage/partitions/flex/index.md
index fc693a7571..cc1ae1c507 100644
--- a/docs/manage/partitions/flex/index.md
+++ b/docs/manage/partitions/flex/index.md
@@ -25,21 +25,21 @@ Flex Pricing delivers a new financial model for log management in which you can
| Feature support | Flex Pricing |
| :-- | :-- |
-| Centralized, secure, multi-tenant cloud-native platform |  |
-| Data replication across availability zones, data encryption |  |
-| Interactive queries (UI) | |
-| Support for Installed and Hosted Collectors |  |
-| RBAC support |  |
-| Support for search operators |  |
-| Field Extraction Rules |  |
-| Logs to Metrics |  |
-| Data Forwarding |  |
-| Live Tail |  |
-| Dashboards |  |
-| Monitors |  |
-| Scheduled Searches |  |
-| Scheduled Views |  |
-| API Queries |  |
+| Centralized, secure, multi-tenant cloud-native platform | ✓ |
+| Data replication across availability zones, data encryption | ✓ |
+| Interactive queries (UI) | ✓ |
+| Support for Installed and Hosted Collectors | ✓ |
+| RBAC support | ✓ |
+| Support for search operators | ✓ |
+| Field Extraction Rules | ✓ |
+| Logs to Metrics | ✓ |
+| Data Forwarding | ✓ |
+| Live Tail | ✓ |
+| Dashboards | ✓ |
+| Monitors | ✓ |
+| Scheduled Searches | ✓ |
+| Scheduled Views | ✓ |
+| API Queries | ✓ |
## Guides
diff --git a/docs/reuse/alert-variables.md b/docs/reuse/alert-variables.md
deleted file mode 100644
index 77c85c347c..0000000000
--- a/docs/reuse/alert-variables.md
+++ /dev/null
@@ -1,114 +0,0 @@
-Variables are used as parameters in the JSON payload object of your alert notifications. These variables are used to dynamically populate specific values from the alert configuration in the notification payload. It includes things like the TriggerType that gives the current monitor status in the notification. When a notification is sent variables are replaced with values from the alert. For example, if you specified `{{Name}}` in your JSON payload, it would be replaced with the actual name of the alert in the delivered payload.
-
-:::note
-Variables must be enclosed by double curly brackets.
-:::
-
-### Common variables for alerts
-You can use variables to customize your notification payload from Monitors and Scheduled Searches. The table below shows a list of variables along with information on which area of the product these are supported. We have also provided a brief description of each of the variables.
-
-:::note
-All variables are case-insensitive.
-:::
-
-| Variable | Description | Monitors | Scheduled Searches |
-| :-- | :-- | :-- | :--|
-| `{{Name}}` | The name of the alert. In the delivered payload, this variable is replaced with the Name you assigned to the alert when you created it. |  |  |
-| `{{Description}}` | The description of the alert. |  |  |
-| `{{MonitorType}}` | The type of alert, either `Logs` or `Metrics`. |  |  |
-| `{{Query}}` | The query used to run the alert. |  |  |
-| `{{QueryURL}}` | The URL to the logs or metrics query within Sumo Logic. |  |  |
-| `{{ResultsJson}}` | JSON object containing the query results that triggered the alert. A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{ResultsJson.fieldName}}` | The value of the specified field name. For example, this payload specification:
`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it.
You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.
**Reserved Fields**
The following are reserved field names. They are generated by Sumo Logic during collection or search operations.- _raw
- Message
- _messagetime
- Time
- _sourceHost
- Host
- _sourceCategory
- Category
- _sourceName
- Name
- _collector
- Collector
- _timeslice
- _signature
|  |  |
-| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.
An aggregate query returns the number of aggregate results; displayed in the Aggregates tab of the Search page.
A non-aggregate query returns the number of raw results; displayed in the Messages tab of the Search page. |  |  |
-| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. |  |  |
-| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`, `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). |  |  |
-| `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`.
-Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. |  |  |
-| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example:
`07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` |  |  |
-| `{{TriggerTime}}` | The time the monitor was triggered. For example:
`07/13/2021 03:38:30 PM UTC.` |  |  |
-| `{{TriggerCondition}}` | The condition that triggered the alert. For example:
`Greater than or equal to 1.0 in the last 15 minutes` |  |  |
-| `{{TriggerValue}}` | The value that triggered the alert. |  |  |
-| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. |  |  |
-| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. |  |  |
-| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. |  |  |
-| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. |  |  |
-
-### Examples
-
-#### Slack payload
-
-```json
-{
- "attachments": [
- {
- "pretext": "Sumo Logic Alert for: *{{Name}}* by user USERNAME",
- "fields": [
- {
- "title": "Description",
- "value": "{{Description}} {{TriggerTimeStart}}"
- },
- {
- "title": "Query",
- "value": "<{{QueryURL}}|{{Query}}>"
- },
- {
- "title": "Time Range",
- "value": "{{TriggerTimeRange}}"
- }
- ],
- "mrkdwn_in": ["text", "pretext"],
- "color": "#29A1E6"
- }
- ]
-}
-```
-
-#### PagerDuty payload
-
-```json
-{
- "service_key": "xxxxx",
- "event_type": "trigger",
- "description": "Monitor Alert on {{Name}}",
- "client": "Sumo Logic",
- "details": {
- "name": "{{Name}}",
- "query": "<{{QueryURL}} | {{Query}}>",
- "time": "{{TriggerTimeRange}} -- {{TriggerTime}} --"
- }
-}
-```
-
-#### Email message
-
-```
-Monitor Alert: {{TriggerTimeRange}} on {{Name}}
-```
-
-## Legacy Variables
-
-This section provides the old variables available for alert notifications from Metrics Monitors and Scheduled Searches. The following table shows where the old variables are supported.
-
-:::tip
-We recommend you use the new [common variables](/docs/alerts/webhook-connections/set-up-webhook-connections) instead of these legacy variables. In the future, legacy variables will be deprecated.
-:::
-
-| Variable | Description | Metrics Monitors | Scheduled Searches |
-| :-- | :-- | :-- | :--|
-| ` {{SearchName}}` | |  |  |
-| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. |  |  |
-| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. |  |  |
-| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. |  |  |
-| `{{TimeRange}}` | The time range that triggered the alert. |  |  |
-| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. |  |  |
-| `{{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{NumRawResults}}` | Number of results returned by the search. |  |  |
-| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:
`{{Results.client_ip}} had {{Results.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it. |  |  |
-| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) |  |  |
-| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. |  |  |
-| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. |  |  |
-| `{{AlertID}}` | The ID of the triggered alert. |  |  |
-| `The ID of the triggered alert.` | Current status of the time series that triggered (for example, Critical or Warning). |  |  |
-| `{{AlertCondition}}` | The condition that triggered the alert. |  |  |
\ No newline at end of file
diff --git a/docs/security/index.md b/docs/security/index.md
index 4864cbb819..c6b5bf56b5 100644
--- a/docs/security/index.md
+++ b/docs/security/index.md
@@ -19,35 +19,34 @@ Following are features available with our security solutions. If you have any qu
| Feature | Logs for Security | Cloud SIEM | Cloud SOAR |
| :-- | :-- | :-- | :-- |
-| Log collection |  |  |  |
-| App catalog (out-of-the-box analytics) |  |  |  |
-| Dashboard |  |  |  |
-| Deep search (Sumo Logic Search Query Language) |  |  |  |
-| Advanced analytics with machine learning (GIS for GuardDuty and CloudTrail) |  |  |  |
-| Monitoring |  |  |  |
-| Alerts |  |  |  |
-| Threat Intelligence (threat intel feed and threat analysis app) |  |  |  |
-| Normalization with parsing of unstructured data and Field Extraction Rules |  |  |  |
-| Normalization with parsing, mapping, and enrichment | |  | |
-| Streaming processing | |  | |
-| Out-of-the-box detection contents | |  | |
-| Advanced analytics for user behavior | |  | |
-| Rules Engine (built-in, types, custom, criticality, Rule Expression tuning) | |  | |
-| Correlation of Signals to an Entity | |  | |
-| Insight Engine (including case management) | |  | |
-| Entity Types (Entity Normalization, Related Entities, Entity Criticality) | |  | |
-| Entity Relationship Graph | |  | |
-| Entity Timeline | |  | |
-| Machine learning capabilities (Global Confidence Score for Insights, Insight Trainer) | |  | |
-| Tags (MITRE ATT&CK, custom tag schema, network blocks) | |  | |
-| Automation Service |  |  | |
-| Open Integration Framework (OIF) |  |  |  |
-| App Central |  |  |  |
-| Playbook | |  |  |
-| SecOps dashboard | | |  |
-| Case Manager | | |  |
-| War Room | | |  |
-| Progressive automation | | |  |
-| Highly customizable dashboards and KPIs | | |  |
-| Automatic incident reports | | |  |
-
+| Log collection | ✓ | ✓ | ✓ |
+| App catalog (out-of-the-box analytics) | ✓ | ✓ | ✓ |
+| Dashboard | ✓ | ✓ | ✓ |
+| Deep search (Sumo Logic Search Query Language) | ✓ | ✓ | ✓ |
+| Advanced analytics with machine learning (GIS for GuardDuty and CloudTrail) | ✓ | ✓ | ✓ |
+| Monitoring | ✓ | ✓ | ✓ |
+| Alerts | ✓ | ✓ | ✓ |
+| Threat Intelligence (threat intel feed and threat analysis app) | ✓ | ✓ | ✓ |
+| Normalization with parsing of unstructured data and Field Extraction Rules | ✓ | ✓ | ✓ |
+| Normalization with parsing, mapping, and enrichment | | ✓ | |
+| Streaming processing | | ✓ | |
+| Out-of-the-box detection contents | | ✓ | |
+| Advanced analytics for user behavior | | ✓ | |
+| Rules Engine (built-in, types, custom, criticality, Rule Expression tuning) | | ✓ | |
+| Correlation of Signals to an Entity | | ✓ | |
+| Insight Engine (including case management) | | ✓ | |
+| Entity Types (Entity Normalization, Related Entities, Entity Criticality) | | ✓ | |
+| Entity Relationship Graph | | ✓ | |
+| Entity Timeline | | ✓ | |
+| Machine learning capabilities (Global Confidence Score for Insights, Insight Trainer) | | ✓ | |
+| Tags (MITRE ATT&CK, custom tag schema, network blocks) | | ✓ | |
+| Automation Service | ✓ | ✓ | |
+| Open Integration Framework (OIF) | ✓ | ✓ | ✓ |
+| App Central | ✓ | ✓ | ✓ |
+| Playbook |✓ | ✓ | ✓ |
+| SecOps dashboard | | | ✓ |
+| Case Manager | | | ✓ |
+| War Room | | | ✓ |
+| Progressive automation | | | ✓ |
+| Highly customizable dashboards and KPIs | | | ✓ |
+| Automatic incident reports | | | ✓ |
diff --git a/docs/send-data/collect-from-other-data-sources/docker-collection-methods.md b/docs/send-data/collect-from-other-data-sources/docker-collection-methods.md
index beb1126100..4b9ee42392 100644
--- a/docs/send-data/collect-from-other-data-sources/docker-collection-methods.md
+++ b/docs/send-data/collect-from-other-data-sources/docker-collection-methods.md
@@ -5,7 +5,6 @@ sidebar_label: Docker
description: Learn about methods for collecting logs and metrics from Docker.
---
-
This page describes and compares alternative methods for collecting Docker logs and metrics. You can employ these methods in self-managed Docker environments or with managed Docker services like ECS and Swarm.
:::important
@@ -18,9 +17,9 @@ The following table summarizes what you can collect with each collection method.
| Collection Methods | Logs | Metrics |
|:--|:--|:--|
-| Docker Logging Driver |  | |
-| Installed Collector on Docker Host
(with Docker Log source and Docker Stats source)|  |  |
-| Collector as a Container
(with Docker Log source and Docker Stats source) |  |  |
+| Docker Logging Driver | ✓ | |
+| Installed Collector on Docker Host
(with Docker Log source and Docker Stats source)| ✓ | ✓ |
+| Collector as a Container
(with Docker Log source and Docker Stats source) | ✓ | ✓ |
## Docker collection options
@@ -85,10 +84,10 @@ The Docker Logging Driver is supported with Docker Version 18.03.0-ce or higher
| Platform | Installed Collector On Docker Host | Collector As Container | Docker Logging Driver |
|:--|:--|:--|:--|
-| Docker
(not managed service) |  | |  |
-| ECS |  | |  |
-| Docker Swarm |  | |  |
-| Rancher
(non-Kubernetes) |  | |  |
+| Docker
(not managed service) | ✓ | ✓ | ✓ |
+| ECS | ✓ | ✓ | ✓ |
+| Docker Swarm | ✓ | ✓ | ✓ |
+| Rancher
(non-Kubernetes) | ✓ | ✓ | ✓ |
### Sumo Logic apps for Docker
diff --git a/docs/send-data/collect-from-other-data-sources/kubernetes-fluentd-plugin.md b/docs/send-data/collect-from-other-data-sources/kubernetes-fluentd-plugin.md
index 2afefdc7a2..5727fef0f8 100644
--- a/docs/send-data/collect-from-other-data-sources/kubernetes-fluentd-plugin.md
+++ b/docs/send-data/collect-from-other-data-sources/kubernetes-fluentd-plugin.md
@@ -127,15 +127,15 @@ Fluentd sources.
| **Environment Variable** | **Containers** | **Docker** | **Kubernetes** | **Systemd** |
|:--------------------------|:----------------|:----------------|:----------------|:-------------|
-| `EXCLUDE_CONTAINER_REGEX` |  |  |  |  |
-| `EXCLUDE_FACILITY_REGEX` |  |  |  |  |
-| `EXCLUDE_HOST_REGEX` |  |  |  |  |
-| `EXCLUDE_NAMESPACE_REGEX` |  |  |  |  |
-| `EXCLUDE_PATH` |  |  |  |  |
-| `EXCLUDE_PRIORITY_REGEX` |  |  |  |  |
-| `EXCLUDE_POD_REGEX` |  |  |  |  |
-| `EXCLUDE_UNIT_REGEX` |  |  |  |  |
-| `TIME_KEY` |  |  |  |  |
+| `EXCLUDE_CONTAINER_REGEX` | ✓ | | | |
+| `EXCLUDE_FACILITY_REGEX` | | | | ✓ |
+| `EXCLUDE_HOST_REGEX` | ✓ | | | ✓ |
+| `EXCLUDE_NAMESPACE_REGEX` | ✓ | | ✓ | |
+| `EXCLUDE_PATH` | ✓ | ✓ | ✓ | |
+| `EXCLUDE_PRIORITY_REGEX` | | | | ✓ |
+| `EXCLUDE_POD_REGEX` | ✓ | | | |
+| `EXCLUDE_UNIT_REGEX` | | | | ✓ |
+| `TIME_KEY` | ✓ | | | |
### Override environment variables using annotations
diff --git a/i18n/ja/alerts/alerts/alert-variables.md b/i18n/ja/alerts/alerts/alert-variables.md
index 057ddd309a..bf9f260c77 100644
--- a/i18n/ja/alerts/alerts/alert-variables.md
+++ b/i18n/ja/alerts/alerts/alert-variables.md
@@ -19,27 +19,27 @@ description: アラートは変数をサポートしているため、必要な
|変数|説明|モニター|スケジュールされた検索|
| -- | -- | -- | -- |
-| `{{Name}}` | アラートの名前。配信されたペイロードでは、この変数は、アラートの作成時にアラートに割り当てた名前に置き換えられます。|  |  |
+| `{{Name}}` | アラートの名前。配信されたペイロードでは、この変数は、アラートの作成時にアラートに割り当てた名前に置き換えられます。| ✓ | ✓ |
| `{{Description}}` |
-アラートの名前。配信されたペイロードでは、この変数は、アラートの作成時にアラートに割り当てた名前に置き換えられます。|  |  |
-| `{{MonitorType}}` | アラートのタイプ。`Logs`または`Metrics`のいずれか。 |  |  |
+アラートの名前。配信されたペイロードでは、この変数は、アラートの作成時にアラートに割り当てた名前に置き換えられます。| ✓ | ✓ |
+| `{{MonitorType}}` | アラートのタイプ。`Logs`または`Metrics`のいずれか。 | ✓ | ✓ |
| `{{Query}}` |
-アラートの実行に使用されるクエリ。 |  |  |
-| `{{QueryURL}}` | SumoLogic内のログまたはメトリッククエリへのURL |  |  |
+アラートの実行に使用されるクエリ。 | ✓ | ✓ |
+| `{{QueryURL}}` | SumoLogic内のログまたはメトリッククエリへのURL | ✓ | ✓ |
| `{{ResultsJson}}` |
-アラートをトリガーしたクエリ結果を含むJSONオブジェクト。このフィールドの最大200の集計結果または10の生メッセージをWebhook経由で送信できます。|  | 
Not available with Email notifications |
-| `{{ResultsJson.fieldName}}` | 指定されたフィールド名の値。たとえば、このペイロード仕様は次のとおりです。
`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`
次のような件名になります。
`70.69.152.165 had 391 errors`
このフィールドの最大200の集計結果または10の生メッセージをWebhook経由で送信できます。
フィールド名は検索のフィールドと一致する(大文字と小文字を区別しない)必要があり、英数字、アンダースコア、スペースである必要があります。サポートされていない文字を含むフィールド名がある場合は、[as](../ search/ search-query-language / search-operators / as-operator)演算子を使用して名前を変更します。
ブラケット表記で配列インデックス値を提供することによる特定の結果。そのような、
You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.
**Reserved Fields**
The following are reserved field names. They are generated by Sumo Logic during collection or search operations.- _raw
- Message
- _messagetime
- Time
- _sourceHost
- Host
- _sourceCategory
- Category
- _sourceName
- Name
- _collector
- Collector
- _timeslice
- _signature
|  | 
Email notifications only return the first result. |
-| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.
An aggregate query returns the number of aggregate results; displayed in the **Aggregates** tab of the [Search page](/docs/search).
A non-aggregate query returns the number of raw results; displayed in the **Messages** tab of the [Search page](/docs/search). |  |  |
-| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. |  |  |
-| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`, `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). |  |  |
-| `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`. Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. |  |  |
-| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example, `07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` |  |  |
-| `{{TriggerCondition}}` | The condition that triggered the alert. For example, `Greater than or equal to 1.0 in the last 15 minutes` |  |  |
-| `{{TriggerValue}}` | The value that triggered the alert. |  |  |
-| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. |  |  |
-| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. |  |  |
-| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. |  |  |
-| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. |  |  |
+アラートをトリガーしたクエリ結果を含むJSONオブジェクト。このフィールドの最大200の集計結果または10の生メッセージをWebhook経由で送信できます。| ✓ | ✓
Not available with Email notifications |
+| `{{ResultsJson.fieldName}}` | 指定されたフィールド名の値。たとえば、このペイロード仕様は次のとおりです。
`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`
次のような件名になります。
`70.69.152.165 had 391 errors`
このフィールドの最大200の集計結果または10の生メッセージをWebhook経由で送信できます。
フィールド名は検索のフィールドと一致する(大文字と小文字を区別しない)必要があり、英数字、アンダースコア、スペースである必要があります。サポートされていない文字を含むフィールド名がある場合は、[as](../ search/ search-query-language / search-operators / as-operator)演算子を使用して名前を変更します。
ブラケット表記で配列インデックス値を提供することによる特定の結果。そのような、
You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.
**Reserved Fields**
The following are reserved field names. They are generated by Sumo Logic during collection or search operations.- _raw
- Message
- _messagetime
- Time
- _sourceHost
- Host
- _sourceCategory
- Category
- _sourceName
- Name
- _collector
- Collector
- _timeslice
- _signature
| ✓ | ✓
Email notifications only return the first result. |
+| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.
An aggregate query returns the number of aggregate results; displayed in the **Aggregates** tab of the [Search page](/docs/search).
A non-aggregate query returns the number of raw results; displayed in the **Messages** tab of the [Search page](/docs/search). | ✓ | ✓ |
+| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. | ✓ | ✓ |
+| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`, `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). | ✓ | ✓ |
+| `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`. Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. | ✓ | |
+| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example, `07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` | ✓ | ✓ |
+| `{{TriggerCondition}}` | The condition that triggered the alert. For example, `Greater than or equal to 1.0 in the last 15 minutes` | ✓ | ✓ |
+| `{{TriggerValue}}` | The value that triggered the alert. | ✓ | ✓ |
+| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. | ✓ | ✓ |
+| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. | ✓ | ✓ |
+| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. | ✓ | |
+| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. | ✓ | |
## Examples
@@ -104,19 +104,19 @@ We recommend you use the new [common variables](alert-variables.md) instead of t
| Variables | Description | Metrics Monitors | Scheduled Searches |
| -- | -- | -- | -- |
-| `{{SearchName}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. |  |  |
-| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced by the Description you assigned to the search or Monitor when you created it. |  |  |
-| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. |  |  |
-| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. |  |  |
-| `{{TimeRange}}` | The time range that triggered the alert. |  |  |
-| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. |  |  |
-| ` {{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. |  | 
Not available with Email notifications |
-| `{{NumRawResults}}` | Number of results returned by the search. |  |  |
-| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:
`{{Results.client_ip}} had {{Results.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be **alphanumeric characters**, **underscores**, and b. If you have a field name that has an unsupported character use the [as](../../search/search-query-language/search-operators/as.md) operator to rename it. |  |  |
-| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) |  |  |
-| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. |  |  |
-| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. |  |  |
-| `{{AlertID}}` | The ID of the triggered alert. |  |  |
-| `{{AlertStatus}}` | Current status of the time series that triggered (for example, Critical or Warning). |  |  |
-| `{{AlertCondition}}` | The condition that triggered the alert. |  |  |
+| `{{SearchName}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. | ✓ | ✓ |
+| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced by the Description you assigned to the search or Monitor when you created it. | ✓ | ✓ |
+| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. | ✓ | ✓ |
+| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. | ✓ | ✓ |
+| `{{TimeRange}}` | The time range that triggered the alert. | ✓ | ✓ |
+| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. | ✓ | ✓ |
+| ` {{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. | | ✓
Not available with Email notifications |
+| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. | | ✓
Not available with Email notifications |
+| `{{NumRawResults}}` | Number of results returned by the search. | | ✓ |
+| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:
`{{Results.client_ip}} had {{Results.errors}} errors`
Results in a subject line like this:
`70.69.152.165 had 391 errors`
A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.
A field name must match (case-insensitive) the field from your search and must be **alphanumeric characters**, **underscores**, and b. If you have a field name that has an unsupported character use the [as](../../search/search-query-language/search-operators/as.md) operator to rename it. | ✓ | ✓ |
+| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) | ✓ | |
+| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. | ✓ | |
+| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. | ✓ | |
+| `{{AlertID}}` | The ID of the triggered alert. | ✓ | |
+| `{{AlertStatus}}` | Current status of the time series that triggered (for example, Critical or Warning). | ✓ | ✓ |
+| `{{AlertCondition}}` | The condition that triggered the alert. | | ✓ |
diff --git a/static/img/reuse/check.png b/static/img/reuse/check.png
deleted file mode 100644
index c25aba1319..0000000000
Binary files a/static/img/reuse/check.png and /dev/null differ
diff --git a/static/img/reuse/x.png b/static/img/reuse/x.png
deleted file mode 100644
index 8af5f5c6bb..0000000000
Binary files a/static/img/reuse/x.png and /dev/null differ