})
Learn more about [Alert Variables](/docs/alerts/monitors/alert-variables).
diff --git a/docs/alerts/monitors/alert-response.md b/docs/alerts/monitors/alert-response.md
index a0b6b60ecb..fcac688944 100644
--- a/docs/alerts/monitors/alert-response.md
+++ b/docs/alerts/monitors/alert-response.md
@@ -37,7 +37,7 @@ Learn how to use alert response.
## Setting up alert response
-Email alerts automatically get a button labeled **View Alert** that opens the alert on the alert page, shown in the below image.})
If you use [Webhook connections](/docs/alerts/webhook-connections) offered by Sumo Logic for receiving notifications, you'll need to provide the [`alertResponseUrl` variable](/docs/alerts/monitors/alert-variables) in your notification payload of a monitor to receive a link that opens alert response. When your monitor is triggered, it will generate a URL and provide it in the alert notification payload, which you can use to open the alert response.
@@ -72,7 +72,7 @@ To get to your Alert List:
* From the [**New UI**](/docs/get-started/sumo-logic-ui/), select **Alerts**.
* From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), click the bell icon in the top menu.
-To search alerts, use the search bar and filters.})
To sort by category (for example, **Name**, **Severity**, **Status**), click on a column header.
@@ -115,7 +115,7 @@ To view detailed information about an alert, go to your [Alert List](#alert-list
* A history of previous occurrences of the alert.
* Key details such as the trigger time and the condition that caused the alert.
-The following images and lists describe alert element on the page.})
* **A**. Monitor name.
* **B**. Copies the link to the opened alert page.
@@ -130,11 +130,11 @@ The following images and lists describe alert element on the page.})
* **K**. The red exclamation mark indicates the alert is still active and a white exclamation in the gray circle indicates it's resolved. })
* **Related Alerts**. A panel with related alerts and the monitor History. It shows other alerts in the system that were triggered around the same time as this alert. This information is helpful to know what issues are happening in the system and whether the current problem is an isolated issue or a more systemic one. There are two types of relations that a related alert can have.})
* **Time**. Shows all the alerts that were triggered 30 minutes before or after the given alert that doesn't have another association.
- * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow  to view the alert's trigger condition and the white arrow in the square  to open the alert in its own alert page.
+ * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow }){kind=icon}
to view the alert's trigger condition and the white arrow in the square }){kind=small}
to open the alert in its own alert page.
* **Monitor History**. Shows the past 30 days of similar alerts that were triggered by the monitor (that generated the current alert). Monitor History can be helpful to determine how frequently an alert has fired in the past and if the alert is flaky. You can then quickly correlate whether the current problem is similar to a past one by comparing the information shared for the alert.
* **L**. The query of the monitor.})
* **M**. A chart that visualizes the trend of the metric that was tracked as part of the alert condition of the monitor. The visualization tracks the *before* and *during* trends of the metric.
@@ -191,7 +191,7 @@ The **Log Fluctuations** context card, available for logs monitors, detects diff
This card detects time series anomalies for entities related to the alert.
-Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitoring-distributed-systems/). Anomalies are also presented on a timeline; the length of the anomaly represents its duration. })
* **A**. Name and description of the context card.
* **B**. Count of anomalies belonging to each golden signal type.
@@ -202,15 +202,15 @@ Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitor
Only anomalies with a start time around 30 minutes before or after the alert was created show up in the card.
:::
-Hover over an EOI to view key information about the event.})
-Click on the EOI to open the **Summary View** and **Entity Inspector**.})
### Benchmark
Benchmarks refer to baselines computed from anonymized and aggregated telemetry data from Sumo Logic customers in domains such as AWS. If the telemetry values for your entity during an alert period are unusual compared to benchmarks, you may have an unusual configuration change or other backend issues.
-For example, the card below shows that `ServiceUnavailable` error is happening 32 times more often in your AWS account compared with other Sumo Logic customer’s accounts. This AWS error pertains to AWS API calls that are failing at a higher rate than what is expected based on cross-customer baselines. This particular error implies an AWS incident affecting the particular AWS resource type and API. })
* **A**. Name and description of the context card.
* **B**. Count of unusual Benchmarks by golden signal type.
diff --git a/docs/alerts/monitors/create-monitor.md b/docs/alerts/monitors/create-monitor.md
index f4ece04179..91b2779459 100644
--- a/docs/alerts/monitors/create-monitor.md
+++ b/docs/alerts/monitors/create-monitor.md
@@ -318,7 +318,7 @@ For example, when an alert is set to `greater than 10`, the recovery would be
| ` +The Alert and recovery setting affects both the alert generation logic and the alert recovery logic. `Alert and recovery require a minimum of
})
| Parameter | Description |
|:--|:--|
diff --git a/docs/alerts/monitors/monitor-faq.md b/docs/alerts/monitors/monitor-faq.md
index c32ed729ed..d2b84d951d 100644
--- a/docs/alerts/monitors/monitor-faq.md
+++ b/docs/alerts/monitors/monitor-faq.md
@@ -4,6 +4,7 @@ title: Monitors FAQ
description: Frequently asked questions about Sumo Logic monitors.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
import AlertsTimeslice from '../../reuse/alerts-timeslice.md';
## How can I optimize scan costs for monitors when using Flex Pricing?
@@ -85,9 +86,9 @@ The [Test Connection feature for webhooks](/docs/alerts/webhook-connections/se
## One of our monitors suddenly stopped sending notifications, even though I see it on the monitors page
-One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has ` +One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has `
})
-You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon: +You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon:
})
then selecting **Duplicate**. If your monitor still doesn't work, we recommend contacting [Sumo Logic support](https://support.sumologic.com/).
diff --git a/docs/alerts/scheduled-searches/create-email-alert.md b/docs/alerts/scheduled-searches/create-email-alert.md
index 806dedd5d0..6c961ce270 100644
--- a/docs/alerts/scheduled-searches/create-email-alert.md
+++ b/docs/alerts/scheduled-searches/create-email-alert.md
@@ -74,8 +74,6 @@ Do either of the following:
* To make changes to the search query before you run it again, click the saved search title link, next to **Saved Search**. This will open the query in the Sumo Logic search page.
* To see all the results of the search, under **Message Distribution**, click the **View results in Sumo Logic** link in the email. Or under **Aggregation**, click "**here**". Sumo Logic will recreate the search exactly matching the query and time parameters of the original scheduled search.
-
-
:::note
If you're a new user and someone has forwarded you an alert email, the links to the search will not work until you've completed your setup process.
:::
@@ -104,7 +102,7 @@ The Scheduled Search Email Alert template includes the following details:
* **Aggregation.** Displays the first 25 messages of the search results, and includes the complete number of results. Click "**here**" in the email to view the full results in Sumo Logic.
* **Results as CSV attachment.** If you have selected to receive your scheduled search results as a CSV file, it will be attached to the email. The maximum CSV file size allowed is 5MB or 1,000 results.
-
+})
:::note
Rarely, there may be circumstances that prevent the histogram from loading fast enough to be included with the email before it is sent. In that case, you will receive an email with all pertinent information, just without the graph.
diff --git a/docs/alerts/scheduled-searches/edit-cancel.md b/docs/alerts/scheduled-searches/edit-cancel.md
index ede6414bfd..783081872c 100644
--- a/docs/alerts/scheduled-searches/edit-cancel.md
+++ b/docs/alerts/scheduled-searches/edit-cancel.md
@@ -5,6 +5,8 @@ sidebar_label: Edit or Cancel a Scheduled Search
description: You can edit or cancel a Scheduled Search at any time.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
You can edit or cancel a Scheduled Search at any time from your [Library](/docs/get-started/library). If you cancel a scheduled search, it will revert to a saved search.
:::important
@@ -14,8 +16,8 @@ If the user who "owns" a Scheduled Search is removed from your org, the Schedule
## Cancel a Scheduled Search
1. Go to your **Library** and find the scheduled search you want to cancel. For information about finding an item in the Library, see [Search the Library](/docs/get-started/library#search-the-library).
-1. Click the more options menu to the right of the scheduled search and select **Edit**.  -1. In the **Edit Search** dialog, click **Edit this search's schedule**.
 +1. Click the more options menu to the right of the scheduled search and select **Edit**.
})
+1. In the **Edit Search** dialog, click **Edit this search's schedule**.})
1. From the **Run Frequency** menu, choose **Never** to cancel the scheduled search.
1. Click **Update**.
@@ -48,4 +50,4 @@ You have two options to resolve the issue:
If you don’t have the **Change Data Access Level** capability, your Sumo Logic administrator will need to update your role to include it.
:::
-
+})
diff --git a/docs/alerts/scheduled-searches/faq.md b/docs/alerts/scheduled-searches/faq.md
index c34d9a955e..2017087ee9 100644
--- a/docs/alerts/scheduled-searches/faq.md
+++ b/docs/alerts/scheduled-searches/faq.md
@@ -5,6 +5,8 @@ sidebar_label: FAQ
description: You can edit or cancel a Scheduled Search at any time.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
The following topics include frequently asked questions about scheduled
searches and provide troubleshooting tips.
@@ -51,7 +53,7 @@ To create a Scheduled Search:
| fields collector, gbytes, collector_pct_of_todaysvolume, todays_volume, plan_size, todaysvolume_against_plan
```
1. For the search **Time Range**, select **Today**.
-1. Click **Save As**.  +1. Click **Save As**.
})
1. In the **Save Search As** dialog, enter a name for this Scheduled Search, such as **90% Data Usage Limit Reached**.
1. Set the **Run frequency** to **Every 4 hours**.
1. Click **Schedule this search**.
@@ -160,21 +162,21 @@ A maximum of 6000 Scheduled Searches are allowed per account.
The following is an example of a temporary suspension email:
-
+})
The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a temporary suspension log:
-
+})
#### Permanent suspension
The following is an example of a permanent suspension email:
-
+})
The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a permanent suspension log:
-
+})
#### How long will the Scheduled Search be suspended?
diff --git a/docs/alerts/scheduled-searches/save-to-index.md b/docs/alerts/scheduled-searches/save-to-index.md
index 03646fb48a..a9756b6855 100644
--- a/docs/alerts/scheduled-searches/save-to-index.md
+++ b/docs/alerts/scheduled-searches/save-to-index.md
@@ -5,6 +5,8 @@ sidebar_label: Save to Index
description: When you save the results of a scheduled search to an Index you can search your data using _index=index_name with increased search performance.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
When you create a Scheduled Search, you can save the results to an Index. This way, your data can be searched at a later time using `_index=index_name` with increased search performance.
For example, you could use the following query to find successful logins on a Linux system, then save the results to an Index using the **Save to Index** alert type for your Scheduled Search.
@@ -35,7 +37,7 @@ In most cases, if you can use a [Scheduled View](/docs/manage/scheduled-views)
## Save the results of a scheduled search as an Index
1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search).
-1. Click **Schedule this search**. +1. Click **Schedule this search**.
})
1. For all configuration options, see [Schedule a Search](schedule-search.md).
1. **Alert Type**. Select **Save to Index**.
1. **Index Name**. Enter a name that you'll use to search the data in a query. Use a name that's descriptive and easy to remember. Names can be comprised of alphanumeric characters; underscores (`_`) are the only special characters allowed.
diff --git a/docs/alerts/webhook-connections/jira-cloud.md b/docs/alerts/webhook-connections/jira-cloud.md
index 5bbf05a2cd..22431f5370 100644
--- a/docs/alerts/webhook-connections/jira-cloud.md
+++ b/docs/alerts/webhook-connections/jira-cloud.md
@@ -22,7 +22,7 @@ To send webhook alerts to Jira Cloud you need to include a Basic Authentication
```bash
curl -v https://mysite.atlassian.net --user  +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
})
## Configuration in Sumo Logic
@@ -39,7 +39,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
 +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
})
1. Enter a **Name** for the Connection.
1. (Optional) Enter a **Description** for the Connection.
1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue:
diff --git a/docs/alerts/webhook-connections/jira-server.md b/docs/alerts/webhook-connections/jira-server.md
index 4483ee6122..9e368c2078 100644
--- a/docs/alerts/webhook-connections/jira-server.md
+++ b/docs/alerts/webhook-connections/jira-server.md
@@ -22,7 +22,7 @@ To send webhook alerts to Jira Server, you need to include a Basic Authenticatio
```bash
curl -v https://mysite.atlassian.net --user  +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
## Configuration in Sumo Logic
@@ -37,7 +37,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles/
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
 +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
1. Enter a **Name** for the Connection.
1. (Optional) Enter a **Description** for the Connection.
1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue:
diff --git a/docs/alerts/webhook-connections/jira-service-desk.md b/docs/alerts/webhook-connections/jira-service-desk.md
index fb275d3f48..adb9f6173c 100644
--- a/docs/alerts/webhook-connections/jira-service-desk.md
+++ b/docs/alerts/webhook-connections/jira-service-desk.md
@@ -22,7 +22,7 @@ To send webhook alerts to Jira Service Desk you need to include a Basic Authenti
```bash
curl -v https://mysite.atlassian.net --user  +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
## Configuration in Sumo Logic
@@ -39,7 +39,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
 +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
1. Enter a **Name** for the Connection.
1. (Optional) Enter a **Description** for the Connection.
1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue:
diff --git a/docs/alerts/webhook-connections/microsoft-teams.md b/docs/alerts/webhook-connections/microsoft-teams.md
index c7afcf69aa..9f64f29c56 100644
--- a/docs/alerts/webhook-connections/microsoft-teams.md
+++ b/docs/alerts/webhook-connections/microsoft-teams.md
@@ -31,7 +31,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles
This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams using Microsoft's Workflows.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. -1. Click **+ Add** and choose **Microsoft Teams** as the connection type.
 +1. Click **+ Add** and choose **Microsoft Teams** as the connection type.
})
1. Enter a **Name** and give an optional **Description** to the connection.
1. Paste the **URL** from Microsoft Teams into the **URL** field.
1. (Optional) **Custom Headers**, enter up to five comma separated key-value pairs.
diff --git a/docs/alerts/webhook-connections/opsgenie-legacy.md b/docs/alerts/webhook-connections/opsgenie-legacy.md
index 968b0d24bf..5c642630fe 100644
--- a/docs/alerts/webhook-connections/opsgenie-legacy.md
+++ b/docs/alerts/webhook-connections/opsgenie-legacy.md
@@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following:
Your final configurations at Opsgenie should look like this:
-
+})
## Configuration on Sumo Logic
diff --git a/docs/alerts/webhook-connections/opsgenie.md b/docs/alerts/webhook-connections/opsgenie.md
index e12f1e4421..3ae268a2f4 100644
--- a/docs/alerts/webhook-connections/opsgenie.md
+++ b/docs/alerts/webhook-connections/opsgenie.md
@@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following:
:::
1. Click **Save Integration**.
-Your configuration in Opsgenie should look something like the following: +Your configuration in Opsgenie should look something like the following:
})
## Configuration in Sumo Logic
@@ -46,7 +46,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles
This section demonstrates how to create a webhook connection from Sumo Logic to Opsgenie.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. -1. Click **+ Add** and choose **Opsgenie** as the connection type.
 +1. Click **+ Add** and choose **Opsgenie** as the connection type.
})
1. Enter a **Name** and give an optional **Description** to the connection.
1. Paste the **Integration Url** from Opsgenie into the **URL** field.
1. (Optional) Enter an **Authorization Header**, which may include an authorization token.
diff --git a/docs/alerts/webhook-connections/pagerduty.md b/docs/alerts/webhook-connections/pagerduty.md
index 6efa1be1e5..e5a8b654af 100644
--- a/docs/alerts/webhook-connections/pagerduty.md
+++ b/docs/alerts/webhook-connections/pagerduty.md
@@ -98,9 +98,7 @@ The URL and supported payload are different based on the version of the PagerDut
Do not update the `routing_key`, `event_action`, and `dedup_key` fields, otherwise recovery notifications will not be generated.
:::
1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md).
-1. Click **Save**.
-
- 
+1. Click **Save**.})
### Events API v1
@@ -153,8 +151,6 @@ The URL and supported payload are different based on the version of the PagerDut
:::note
Do not update the `service_key`, `event_type`, and `incident_key` fields, otherwise recovery notifications will not be generated.
:::
-1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md).
-
- 
+1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md).})
1. Click **Save**.
diff --git a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
index 4bc05369ad..763ffc4263 100644
--- a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
+++ b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
@@ -5,6 +5,8 @@ sidebar_label: Sumo Scheduled Searches
description: Create a Scheduled Search to send alerts to a third-party tool via Webhook Connections.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
[Scheduled searches](/docs/alerts/scheduled-searches) are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to another tool using a Webhook Connection.
## Limitation
@@ -24,8 +26,8 @@ The payload for each scheduled search can be customized (depending on the tool y
To set up a scheduled search for a Webhook Connection:
1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search).
-1. On the **Save Item** page, click **Schedule this search**. -1. Change **Run Frequency** from "Never" to the desired frequency.
 +1. On the **Save Item** page, click **Schedule this search**.
})
+1. Change **Run Frequency** from "Never" to the desired frequency.})
1. For all configuration options, see [Schedule a Search](/docs/alerts/scheduled-searches).
1. **Alert Type**. Select **Webhook**.
1. Select a **Webhook** from the **Connection** list.
diff --git a/docs/alerts/webhook-connections/servicenow/set-up-connections.md b/docs/alerts/webhook-connections/servicenow/set-up-connections.md
index 51eaabcbe0..6783d65236 100644
--- a/docs/alerts/webhook-connections/servicenow/set-up-connections.md
+++ b/docs/alerts/webhook-connections/servicenow/set-up-connections.md
@@ -5,6 +5,7 @@ sidebar_label: Set Up Connections
description: Set up connections for ServiceNow integration.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
:::note
There are two ServiceNow connections available in Sumo Logic.
@@ -31,7 +32,7 @@ To set up a ServiceNow Webhook connection:
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click **Add**. -1. For **Connection Type**, select **ServiceNow**.
 +1. For **Connection Type**, select **ServiceNow**.
}){kind=icon}
1. In the **Create Connection** dialog, enter the **Name** of the connection.
1. (Optional) Enter a **Description** for the connection.
1. For **URL**, enter one of the following based on whether you want to create **Events** or **Incidents**:
@@ -83,7 +84,7 @@ The first step for integrating ServiceNow with Sumo Logic is to configure one
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the Connections page, click **Add**. -1. For **Connection Type**, select **ServiceNow (Legacy)**.
 +1. For **Connection Type**, select **ServiceNow (Legacy)**.
}){kind=icon}
1. In the Create Connection dialog box, enter the **Name** of the connection.
1. **Optional:** Enter a **Description** for the connection.
1. Enter the **Username** and **Password** used to log in to **ServiceNow**.
diff --git a/docs/alerts/webhook-connections/servicenow/set-up-searches.md b/docs/alerts/webhook-connections/servicenow/set-up-searches.md
index 4cd58474c9..3801b8a28f 100644
--- a/docs/alerts/webhook-connections/servicenow/set-up-searches.md
+++ b/docs/alerts/webhook-connections/servicenow/set-up-searches.md
@@ -5,6 +5,8 @@ sidebar_label: Set Up Searches
description: You can set up scheduled searches for ServiceNow integration.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
[Scheduled searches](/docs/alerts/scheduled-searches) are saved searches that run automatically at specified intervals. When a scheduled search is set to upload search results to ServiceNow, you can combine services for round-trip investigations.
You can create a brand new search, or you can base a search on an existing saved or scheduled search. If you'd like to use an existing search, you'll need to save the query as a new search to not override the search's current schedule.
@@ -13,25 +15,19 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi
**To set up a search for ServiceNow integration**
-1. Create the search that you would like to integrate with ServiceNow. Click **Save As** under the query currently displayed in the search box.
-
- 
-
+1. Create the search that you would like to integrate with ServiceNow. Click **Save As** under the query currently displayed in the search box.})
1. In the **Save Item** dialog box, enter a **Name** for the search and an optional description.
1. Choose an option from the **Time Range** menu.
1. Click **Schedule this search**.
1. Choose an option from the **Run Frequency** menu:
-
* **Never.** Choose this option to temporarily **turn off a scheduled search**.
* **Every 15 Minutes.** The search will run for the first time when you save the schedule, and then every 15 minutes after that.
* **Hourly.** The search will run for the first time at the top of the next hour after you save the schedule, and then every hour after that. * **Every 2, 4, 6, 8, or 12 Hours.** The search will run for the first time at the top of the hour you choose.
* **Daily.** Choose the time you'd like to run the search every day. A Daily search will cover exactly 24 hours of activity. You can change the schedule whenever you'd like.
-
1. Choose a **Time Range** option to set the default range the scheduled search is run against. Alternately type a time range; for example, -15m to run the search against data generated in the past 15 minutes.
1. Select a **Timezone** you would like your scheduled search to use. If you do not make a selection, the scheduled search will use the timezone from your browser, which is the default selection.
1. For **Alert Condition**, choose one of the following for **Send Notification**:
You can set up to a maximum of 1000 alerts per search. For either Alert Condition option, if no search results are generated by the search, no data is uploaded to ServiceNow.
-
* **Notify me every time upon search completion** if you want be alerted with search results every time the search is run (depending on the frequency, you could get an email every 15 minutes, every hour, or once a day).
* **Notify me only if the condition below is satisfied** if you'd like to set up a scheduled search that alerts you to specific events, and then set any of the following conditions before typing a value in the text box:
@@ -40,13 +36,11 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi
:::
1. Choose an option for **Number of Results.** Depending on the search, set a condition to receive an alert by the number of results. If your saved search returns log messages, then the alert will use the number messages you specify; if your query produces aggregate results, the alert will use the number of aggregates (or groups).
-
* **Equal to.** Choose if there is an exact number of records in a search result at which you want to be notified.
* **Greater than.** Choose if you want to be notified only if the search results include greater than that number of messages or groups you set in the text box.
* **Greater than or equal to**. Choose if you want to be notified if the search results include greater than or equal to the number of messages or groups you set in the text box.
* **Fewer than**. Choose if you want to be notified only if the search results include fewer than the number of messages or groups you set in the text box.
* **Fewer than or equal to**. Choose if you want to be notified if the search results include fewer than or equal to the number of messages or groups you set in the text box.
-
1. Choose an option:
* **For Legacy ServiceNow Connections only**:
1. For Alert Type, choose ServiceNow Connection to upload search results to ServiceNow.
@@ -57,5 +51,4 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi
* **For ServiceNow Connections only**:
1. For Alert Type, choose Webhook.
2. Choose connection name from the dropdown and customize the payload, if needed.
-
1. Click **Save**.
diff --git a/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md b/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md
index 711d0f88d4..9e241adcd8 100644
--- a/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md
+++ b/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md
@@ -6,6 +6,8 @@ description: This page shows you how to set up a ServiceNow Incident Webhook con
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
This page shows you how to set up a ServiceNow Security Incident Webhook connection and create scheduled searches for the connection.
If you want to create **Events** or **ITSM Incidents** see [Set Up ServiceNow Connections](set-up-connections.md) for instructions.
@@ -57,7 +59,7 @@ To set up a ServiceNow Security Incident Webhook connection:
For a complete list of fields that can be sent in the payload, see the [Webhook payload variables](#webhook-payload-variables) section that follows.
- 
+ })
1. Click **Save**.
1. After configuring the connection, continue with [Testing the connection](#testing-the-connection), then [create a scheduled search](/docs/alerts/webhook-connections/schedule-searches-webhook-connections) to send alerts to this connection.
diff --git a/docs/alerts/webhook-connections/set-up-webhook-connections.md b/docs/alerts/webhook-connections/set-up-webhook-connections.md
index fd5a43755a..bd14510427 100644
--- a/docs/alerts/webhook-connections/set-up-webhook-connections.md
+++ b/docs/alerts/webhook-connections/set-up-webhook-connections.md
@@ -278,7 +278,7 @@ After configuring the connection, click the **Test Connection** button at the
This test does not use the same static IP addresses that send notifications, it uses different temporary IP addresses.
-
+})
If the connection is successful, you'll see a message appearing in the third-party tool. This won't contain any information from the scheduled search, it will just have the text in the payload.
diff --git a/docs/manage/content-sharing/changing-alerts.md b/docs/manage/content-sharing/changing-alerts.md
index f3ca0bec48..254cfeb459 100644
--- a/docs/manage/content-sharing/changing-alerts.md
+++ b/docs/manage/content-sharing/changing-alerts.md
@@ -21,21 +21,10 @@ If you're using a search template with your saved search, you cannot modify the
To edit an alert:
1. Go to the Sumo Logic library by clicking the folder icon in the main Sumo Logic menu: }){kind=icon}
-
1. Click in the search area to display a list of library object types, and choose **Scheduled Searches**.
-
-1. Select the edit icon in the library for the scheduled search you'd like to edit.
-
- 
-
-1. Click **Edit this search's schedule**.
-
- 
-
-1. Modify the frequency, time range, and alert type as needed.
-
- 
-
+1. Select the edit icon in the library for the scheduled search you'd like to edit.})
+1. Click **Edit this search's schedule**.})
+1. Modify the frequency, time range, and alert type as needed.})
1. Click **Update** to save your changes.
## Cancel alerts on a shared search
@@ -43,10 +32,7 @@ To edit an alert:
If you have Edit permissions on the shared search, you can stop recipients from receiving alerts by setting the run frequency to **Never**. We recommend doing this when a search is no longer relevant rather than deleting the search so that it can be available to you later if you need it. Deleting the shared search is possible, if you have Manage permissions, but does not allow you the ability to restore a scheduled search later if you need it.
1. Navigate to the scheduled search you want to edit, as described above in [Edit an alert](#edit-an-alert).
-1. Select the edit icon in the library for the scheduled search.
-
- 
-
+1. Select the edit icon in the library for the scheduled search.
1. In the **Edit Search** dialog, click **Edit this search's schedule**.
1. From the **Run Frequency** menu, choose **Never** to cancel the scheduled search.
1. Click **Update** to save your changes.
diff --git a/docs/manage/content-sharing/index.md b/docs/manage/content-sharing/index.md
index a4457bf42f..469f05f8bd 100644
--- a/docs/manage/content-sharing/index.md
+++ b/docs/manage/content-sharing/index.md
@@ -41,10 +41,8 @@ To find content in the library that has been shared with you, click the clock i
To share content from the left navigation bar or the library:
-1. Click the details icon  for the content you want to share.
-1. Select **Share** from the dropdown menu.
-
- })
+1. Click the details icon }){kind=small}
for the content you want to share.
+1. Select **Share** from the dropdown menu.
:::note
* The **Share** option appears on the dropdown menu only if you have permissions to grant access. See [Available permission levels](#available-permission-levels).
diff --git a/docs/manage/data-archiving/archive.md b/docs/manage/data-archiving/archive.md
index 0480887cac..1d97f1932f 100644
--- a/docs/manage/data-archiving/archive.md
+++ b/docs/manage/data-archiving/archive.md
@@ -184,7 +184,7 @@ Click on a table row to view the Source details. This includes:
* **Description**
* **AWS S3 bucket**
* All **Ingestion jobs** that are and have been created on the Source.
- * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon  to the right of the job name to start a Search against the data that was ingested by the job.
+ * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon }){kind=icon}
to the right of the job name to start a Search against the data that was ingested by the job.
* Hover your mouse over the information icon to view who created the job and when.})
## Create an ingestion job
diff --git a/docs/manage/field-extractions/create-field-extraction-rule.md b/docs/manage/field-extractions/create-field-extraction-rule.md
index 2c483e25ea..69e768df89 100644
--- a/docs/manage/field-extractions/create-field-extraction-rule.md
+++ b/docs/manage/field-extractions/create-field-extraction-rule.md
@@ -4,6 +4,7 @@ title: Create a Field Extraction Rule
description: Field Extraction Rules (FER) tell Sumo Logic which fields to parse out automatically.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
import Iframe from 'react-iframe';
import FerLimit from '../../reuse/fer-limitations.md';
@@ -47,7 +48,7 @@ To create a Field Extraction Rule:
1. [**New UI**](/docs/get-started/sumo-logic-ui). To access the Field Extraction Rules page, in the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Field Extraction Rules**. You can also click the **Go To...** menu at the top of the screen and select **Field Extraction Rules**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Field Extraction Rules**. 1. Click the **+ Add** button on the top right of the table. -1. The **Add Field Extraction Rule** form will appear:
 +1. The **Add Field Extraction Rule** form will appear:
})
1. Enter the following options:
* **Rule Name**. Type a name that makes it easy to identify the rule.
* **Applied At**. There are two types available, Ingest Time and Run Time. The main differences are Run Time only supports JSON data and the time that Sumo parses the fields. The following is an overview of the differences:
diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md
index ff0ec376af..9bf5a08c4a 100644
--- a/docs/manage/field-extractions/index.md
+++ b/docs/manage/field-extractions/index.md
@@ -33,7 +33,7 @@ The Field Extraction Rules page displays the following information:
When hovering over a row in the table there are icons that appear on the far right for editing, disabling and deleting the rule.
-* **Status** shows a checkmark in a green circle  to indicate if the Rule is actively being applied or an exclamation mark in a red circle  to indicate if the Rule is disabled.
+* **Status** shows a checkmark in a green circle }){kind=small}
to indicate if the Rule is actively being applied or an exclamation mark in a red circle }){kind=small}
to indicate if the Rule is disabled.
* **Rule Name**
* **Applied At** indicates when the field extraction process occurs, either at Ingest or Run time.
* **Scope**
diff --git a/docs/manage/fields.md b/docs/manage/fields.md
index 04fa887d6b..8baa6df1fe 100644
--- a/docs/manage/fields.md
+++ b/docs/manage/fields.md
@@ -86,13 +86,13 @@ Fields can be assigned to a Collector and Source using the **Fields** input ta
1. Click **Save**.
-
+})
In the above example, we have created a new field called `cluster` and set the value to `k8s.dev`. With this configuration, any logs sent to this Collector will now have this key-value pair associated with it.
With this association, you can search for `cluster=k8s.dev` to return your logs.
-
+})
### Using Collector API
@@ -181,7 +181,7 @@ curl -v -X POST -H 'X-Sumo-Fields:environment=dev,cluster=k8s' -T /file.txt to indicate if the field is actively being applied or an exclamation mark in a red circle  to indicate if the field is disabled and being dropped.
+* **Status** shows a checkmark in a green circle to indicate if the field is actively being applied or an exclamation mark in a red circle }){kind=small}
to indicate if the field is disabled and being dropped.
* **Field Name** is the name of the field, known as the key in the key-value pair.
* **Data Type** shows the data type of the field.
* **Field Extraction Rules** shows the number of Field Extraction Rules that reference the field.
@@ -263,8 +263,6 @@ When hovering over a row in the table there are icons that appear on the far ri
For the fields listed, select a row to view its details. A details pane appears to the right of the table where you can disable and delete the field.})
-
-
#### Add field
Adding a field will define it in the Fields schema allowing it to be assigned as metadata to your logs.
@@ -272,7 +270,7 @@ Adding a field will define it in the Fields schema allowing it to be assigned a
1. Click the **+ Add** button on the top right of the table. A panel named **Add Field** appears to the right of the fields table.
1. Input a field name and click **Save**.
-
+})
#### Disable field
@@ -290,7 +288,7 @@ In the details pane of the field, click the **Disable** button.}){kind=icon}
+
You will see the following prompt and you must remove the field reference before you can delete it.
@@ -308,11 +306,11 @@ Built-in fields cannot be deleted.
For example, if the field is used by a Field Extraction Rule, you must first delete the Field Extraction Rule before you can delete the field.
-
+})
If the field is not used by those features you will see the following prompt.
-
+})
#### View dropped fields
diff --git a/docs/manage/health-events.md b/docs/manage/health-events.md
index ade43f0fa1..c9fc2708ec 100644
--- a/docs/manage/health-events.md
+++ b/docs/manage/health-events.md
@@ -4,6 +4,8 @@ title: Health Events
description: Monitor the health of your Collectors and Sources.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
## Availability
| Account Type | Account Level |
@@ -40,11 +42,11 @@ On the health events table, you can search, filter, and sort incidents by ke
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the health events table, in the main Sumo Logic menu select **Manage Data > Monitoring > Health Events**.
-
+})
Click on a row to view the details of a health event.
-
+})
Click the **Create Scheduled Search** button on the details pane to get alerts for specific health events. The unique identifier of the resource, such as the Source or Collector, is used in the query. See [Schedule a Search](../alerts/scheduled-searches/schedule-search.md) for details.
@@ -57,8 +59,8 @@ Under the **More Actions** menu you can select:
Events are categorized by two severity levels, warning and error. The severity column has color-coded error and warning events so you can quickly determine the severity of a given issue.
-*  A warning indicates the Collector or Source has a configuration issue or is operating in a degraded state.
-*  An error indicates the Collector or Source is unable to collect data as expected.
+* })
A warning indicates the Collector or Source has a configuration issue or is operating in a degraded state.
+* })
An error indicates the Collector or Source is unable to collect data as expected.
### Common parameters
@@ -138,12 +140,7 @@ A **Health** column on the Collection page shows color-coded healthy, error, a
The **status** column now shows the status of Sources manually paused by users.
-
-
-* Hover your mouse over a Collector or Source to view a tooltip that provides the number of health events detected on the Collector or Source.
-
- 
-
-* Click on the **Health** status in a row to view a pop-up displaying a list of related events.
+})
- 
+* Hover your mouse over a Collector or Source to view a tooltip that provides the number of health events detected on the Collector or Source.})
+* Click on the **Health** status in a row to view a pop-up displaying a list of related events.})
diff --git a/docs/manage/ingestion-volume/collection-status-page.md b/docs/manage/ingestion-volume/collection-status-page.md
index e0ad79f811..970552ca0c 100644
--- a/docs/manage/ingestion-volume/collection-status-page.md
+++ b/docs/manage/ingestion-volume/collection-status-page.md
@@ -4,12 +4,13 @@ title: Collection Status Page
description: Provides a visual snapshot of the message history for your deployment, and a message volume histogram for each Collector.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
The Status page provides a message volume history for your account, as well as a message volume histogram for each Collector, giving you immediate visual feedback about traffic spikes or collection issues. To see statistics for any bar in the histogram, hover your mouse pointer over the area of interest.
When you first install a Collector it is common to configure Sources to collect some historical data, rather than from the moment of installation. In this case, the status page shows a spike in message volume and then levels out as collection reaches a steady state. For example, a local log file can contain millions of log messages. When the Collector is initialized, it quickly gathers all those logs and sends them to Sumo Logic resulting in a traffic spike. After the initial collection, the Collector continues to tail the file, reading from the end of the file as new entries are created, and sends a smaller number of new log messages.
-
+})
* **A.** Select to show all, running, or stopped Collectors.
* **B.** Select how many columns of Collectors are displayed.
diff --git a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
index 6461439a28..2ed4014f7d 100644
--- a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
+++ b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
@@ -4,6 +4,8 @@ title: Log and Tracing Data Volume Index
description: The Data Volume Index is populated with a set of log messages that contain information on how much data (by bytes and messages count) your account is ingesting.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
The data volume index is populated with a set of log messages every five minutes. The messages contain information on how much data (by bytes and messages count) your account is ingesting. Your data volume is calculated based on when your logs were received, in Sumo this timestamp is stored with the `_receiptTime` [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field. Each log message includes information based on one of the following index source categories.
| Index Log Type | Index Source Category |
@@ -97,7 +99,7 @@ _index=sumologic_volume _sourceCategory = "sourcecategory_and_tier_volume"
would produce results such as:
-
+})
**Volume for Each Collector by Tier**
@@ -223,7 +225,7 @@ _index=sumologic_volume _sourceCategory="sourcecategory_tracing_volume"
This query produces results like these:
-
+})
#### Tracing volume by collector
@@ -238,7 +240,7 @@ _index=sumologic_volume _sourceCategory="collector_tracing_volume"
This query produces results like these:
-
+
#### Tracing volume for a specific collector
diff --git a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
index 32f1729111..24a1714355 100644
--- a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
+++ b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
@@ -4,6 +4,8 @@ title: Metrics Data Volume Index
description: The Metrics Data Volume Index contains JSON formatted messages that contain parent objects for each source data point, and child objects that detail the data points for each parent.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
Sumo Logic populates the Metrics Data Volume Index with a set of JSON-formatted messages every five minutes. The messages contain the volume of metric data points your account is ingesting.
You can query the index to:
@@ -65,7 +67,7 @@ _index=sumologic_volume _sourceCategory="sourcecategory_metrics_volume"
It returns results like these:
-
+})
### Metric volume by collector
@@ -80,7 +82,7 @@ _index=sumologic_volume _sourceCategory="collector_metrics_volume"
It returns results like these:
-
+})
### Metric volume for a specific collector
diff --git a/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md b/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md
index c8d6c927e6..c2530f25ff 100644
--- a/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md
+++ b/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md
@@ -79,7 +79,7 @@ Use the **Ingest Budgets** page to manage your ingest budgets.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the Ingest Budgets page, in the main Sumo Logic menu select **Manage Data > Collection > Ingest Budgets**.
-
+})
The page displays the following information:
@@ -94,7 +94,7 @@ At the top of the page, you can click **+ Add Budget** to [create a new ingest
For the ingest budgets listed, select a row to view its details. A details pane appears to the right of the table.
-
+})
In the details pane you can do the following to the selected ingest
budget:
@@ -143,13 +143,13 @@ You can manually reset a budget at any time to set its capacity utilization tra
#### Edit ingest budget
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Ingest Budget**. You can also click the **Go To...** menu at the top of the screen and select **Ingest Budget**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Ingest Budgets**. -1. In the table find the ingest budget you want to edit and click the edit icon  on the right of the row or click the row and then click the edit icon in the details panel. +1. In the table find the ingest budget you want to edit and click the edit icon
}){kind=icon}
on the right of the row or click the row and then click the edit icon in the details panel.
1. Make your changes and click **Update**.
#### Delete ingest budget
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Ingest Budget**. You can also click the **Go To...** menu at the top of the screen and select **Ingest Budget**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Ingest Budgets**. -1. In the table find the ingest budget you want to delete and click the delete icon  on the right of the row or click the row and then click the delete icon in the details panel. +1. In the table find the ingest budget you want to delete and click the delete icon
}){kind=icon}
on the right of the row or click the row and then click the delete icon in the details panel.
1. You will get a confirmation prompt, ensure that you are deleting the desired ingest budget and then click **Delete**.
### Budget assignment examples
diff --git a/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md b/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md
index d03897c566..668da0f8a0 100644
--- a/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md
+++ b/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md
@@ -81,7 +81,7 @@ After completing the setup, schedule the search to run:
1. Schedule Query you created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Daily**.
-1. Enter **-32d** for the time range. +1. Enter **-32d** for the time range.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
@@ -102,7 +102,7 @@ You must update the indicated field for the search to be successfully saved.
```
The correct value is on the Account page.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**. -
For example, the daily plan size in the following figure is 100.
 +
For example, the daily plan size in the following figure is 100.
})
#### Query
@@ -126,7 +126,7 @@ After completing the setup steps above, schedule the search to run, as follows.
1. Schedule the query you created in the previous step (**Query**). For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Daily**.
-1. Set time range value to **Last 24 Hours**. +1. Set time range value to **Last 24 Hours**.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
## Usage spike alert
@@ -175,7 +175,7 @@ After completing the setup steps above, schedule the search to run, as follows.
1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Hourly**.
-1. Enter **-65m -5m** for the time range. +1. Enter **-65m -5m** for the time range.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
@@ -229,7 +229,7 @@ After completing the setup steps, you'll need to create a monitor.
1. Create a monitor corresponding to the query you've created above ([learn more](/docs/alerts/monitors/create-monitor)).
1. Set the **Run frequency** to **Hourly**.
-1. Set a time range. The default is **Last 24 hours**. If you need to allow for more time because some collectors do not typically ingest data that often, specify a longer time range. For example, seven days. +1. Set a time range. The default is **Last 24 hours**. If you need to allow for more time because some collectors do not typically ingest data that often, specify a longer time range. For example, seven days.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**.
1. (Optional) You can test your new alert in one of the following ways.
* Limit the results to monitor just two collectors by adding this extra line to the end of the query:
@@ -266,5 +266,5 @@ After completing the setup steps above, schedule the search to run, as follows.
1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Every 15 Minutes**.
-1. Set the time range to the **Last 15 Minutes**. +1. Set the time range to the **Last 15 Minutes**.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**.
diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
index b6792f5671..326e69bc03 100644
--- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
+++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
@@ -4,6 +4,8 @@ title: Cloud Flex Legacy Accounts
description: Learn how to view information on Cloud Flex legacy accounts and intuitively monitor usage and manage account costs.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
:::note legacy account type
We recommend transitioning to a our newer [Flex Plan](/docs/manage/manage-subscription/sumo-logic-flex-accounts/) for the newest features and enhanced functionality.
:::
@@ -130,14 +132,18 @@ To view the Account page, do the following:
1. Log in to your account.
1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account Overview tab of the Account page is shown by default. + :::note You must have a role that grants you the [Account Overview capability](/docs/manage/users-roles/roles/role-capabilities/) to view the Account Overview tab. ::: - + +
})
+
:::note
If you are your Sumo Logic account owner, your Account page also displays a **Manage Organization** section. For information on these options, see [Manage Organization](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings).
:::
-
+
+})
## Monitoring account usage
@@ -165,9 +171,9 @@ The following visual indicators apply:
To switch between views and time interval displays, do the following:
1. Sign in to Sumo Logic.
-1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics.
 +1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics.
})
1. To change the type of analytics you are viewing, in the **Usage (Daily Capacity)** panel click the arrow next to the view name and select the analytics type from the dropdown list. The display data changes accordingly. Repeat as needed to monitor all the areas of your account usage.
-1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list. +1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.
})
The data display changes accordingly. ### Drilling into usage data @@ -176,21 +182,11 @@ You can easily drill into usage graph data for a more granular view, with the a To drill into usage data, do the following: -1. In the Usage panel, drag your cursor over the graph intervals you want to analyze in greater detail. As you drag your cursor, the bars on the chart will be highlighted. - -  - - When you release the cursor, the display changes accordingly. - -  - -1. To scroll through the data, click the Zoom icon to toggle On the Pan feature, then select the background and drag your cursor to the left and right. - -  +1. In the Usage panel, drag your cursor over the graph intervals you want to analyze in greater detail. As you drag your cursor, the bars on the chart will be highlighted.
})
+ When you release the cursor, the display changes accordingly.})
+1. To scroll through the data, click the Zoom icon to toggle On the Pan feature, then select the background and drag your cursor to the left and right.})
1. To drill down further, repeat step 1 and 2 as needed.
-1. To return to the original data display, click the Reset icon.
-
- 
+1. To return to the original data display, click the Reset icon.}){kind=icon}
The display changes accordingly.
diff --git a/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md b/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md
index fd1d63466a..98a6191a48 100644
--- a/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md
+++ b/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md
@@ -4,6 +4,8 @@ title: Upgrade a Cloud Flex Account (Legacy)
description: Learn how to upgrade Cloud Flex (Legacy) account.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
:::note legacy account type
We recommend transitioning to a our newer [Flex Plan](/docs/manage/manage-subscription/sumo-logic-flex-accounts/) for the newest features and enhanced functionality.
:::
@@ -30,7 +32,7 @@ It depends on your current account type:
## Upgrade an account
-1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Manage Plan**. You can also click the **Go To...** menu at the top of the screen and select **Manage Plan**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Manage Plan**.
 +1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Manage Plan**. You can also click the **Go To...** menu at the top of the screen and select **Manage Plan**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Manage Plan**.
})
1. The left side of the page displays your current account type.
1. **Choose a New Plan**. Click the radio button next to **Professional** or **Enterprise**. If you just want to increase product variable levels for your current account type, do not select a new plan type.
1. **Select New Log and Metric Data Volume**. As you change the values, the upgrade cost shown to the right will adjust.
@@ -39,8 +41,8 @@ It depends on your current account type:
1. **Billing Frequency.** Click the radio button next to **Annually** or **Monthly**.
1. Click **Upgrade**.
1. The page refreshes to display the **Payment Method** step.If you've previously upgraded you may choose to use the existing payment method and click **Next**.
-1. To add a new payment method, click **Use a New Credit Card**, enter the credit card information you'd like Sumo Logic to bill, and click **Submit**.  -1. The page refreshes to show the **Confirm Upgrade** step.
 +1. To add a new payment method, click **Use a New Credit Card**, enter the credit card information you'd like Sumo Logic to bill, and click **Submit**.
})
+1. The page refreshes to show the **Confirm Upgrade** step.})
1. Read the Service Level Agreements, then click **I have read and agree to the Service Level Agreements** to continue.
1. Click **Confirm** to complete the upgrade. After you click **Confirm**, the credit card you provided to Sumo Logic is charged.
1. The upgrade is processed, then a **Congratulations** screen appears. Click **Finish**.
diff --git a/docs/manage/partitions/data-tiers/faq.md b/docs/manage/partitions/data-tiers/faq.md
index 60ae6f6ceb..b3ae3bffef 100644
--- a/docs/manage/partitions/data-tiers/faq.md
+++ b/docs/manage/partitions/data-tiers/faq.md
@@ -61,15 +61,15 @@ The table below shows how many credits would be consumed for the same query over
Your **Account Overview** page shows the credits your org has consumed for Infrequent searches.
-
+})
In addition, when you enter an Infrequent query in a [Log Search](/docs/search), before you run it, you'll see an estimate of the amount of data that will be scanned for that query.
-
+})
-After you run an Infrequent query, you can see the volume of data that was actually scanned.
+After you run an Infrequent query, you can see the volume of data that was actually scanned.
-
+})
## How do I create partitions to reroute data to a different tier later?
diff --git a/docs/manage/partitions/data-tiers/index.md b/docs/manage/partitions/data-tiers/index.md
index 07d5f12117..e296f319aa 100644
--- a/docs/manage/partitions/data-tiers/index.md
+++ b/docs/manage/partitions/data-tiers/index.md
@@ -84,7 +84,7 @@ For information about searching data tiers, see [Searching Data Tiers](searchin
This section describes the most common error messages for Data Tiers.
-* If you try to add a panel to a dashboard that uses data from the Frequent or Infrequent Tiers, you'll receive the following error message, because you can only use data from the Continuous Tier in a dashboard: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.` +* If you try to add a panel to a dashboard that uses data from the Frequent or Infrequent Tiers, you'll receive the following error message, because you can only use data from the Continuous Tier in a dashboard: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`
})
* If you try to specify the scope of a Scheduled View or a Scheduled Search using a partition in the Frequent or Infrequent Data tiers, you'll receive this error message: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`
## Guides
diff --git a/docs/manage/scheduled-views/scheduled-views-best-practices.md b/docs/manage/scheduled-views/scheduled-views-best-practices.md
index 2ecda53112..efecbeab8b 100644
--- a/docs/manage/scheduled-views/scheduled-views-best-practices.md
+++ b/docs/manage/scheduled-views/scheduled-views-best-practices.md
@@ -4,6 +4,8 @@ title: Scheduled Views Best Practices and Examples
description: A Scheduled View is a query that runs on a schedule. This topic has some tips for setting up Scheduled View queries.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
A Scheduled View reduces aggregate data down to the bare minimum, so they contain only the results that you need to generate your data. Queries that run against Scheduled Views return search results much faster because the data is pre-aggregated before the query is run. Scheduled Views process queries once per minute.
These items are required in Scheduled View queries:
@@ -202,7 +204,7 @@ _sourceCategory=prod/web/iis | timeslice 1m | count by _timeslice
which would produce results like:
-
+})
Compared to this Scheduled View query, which is more robust, but five times heavier with one additional column:
@@ -212,7 +214,7 @@ _sourceCategory=prod/web/iis | timeslice 1m | count by _timeslice, status_code
This would produce results like:
-
+})
Now you can use **sum** on your records, because the counts are broken out. For example, use the sum operator to aggregate the aggregation in the following query:
diff --git a/docs/manage/security/installation-tokens.md b/docs/manage/security/installation-tokens.md
index 423e65959f..10f79d0098 100644
--- a/docs/manage/security/installation-tokens.md
+++ b/docs/manage/security/installation-tokens.md
@@ -44,7 +44,7 @@ Managing Installation Tokens requires the **Manage Tokens** role capability.
The Installation Tokens page displays the following information:
-* **Status** shows a green checkmark  to indicate if the Installation Token is active and available for use or an exclamation mark in a red circle  to indicate if the Installation Token is deactivated and not available for use.
+* **Status** shows a green checkmark }){kind=small}
to indicate if the Installation Token is active and available for use or an exclamation mark in a red circle }){kind=small}
to indicate if the Installation Token is deactivated and not available for use.
* **Token Name** is the name of the Installation Token, these must be unique.
* **Description** shows the optional description of the Installation Token.
diff --git a/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md b/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
index a3055696b9..a6d12dd153 100644
--- a/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
+++ b/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md
@@ -310,7 +310,7 @@ If you selected **Create New Source** for any source on the [**Configure Sources
1. Click **Create Stack.**
1. Verify that the AWS CloudFormation template has executed successfully in a `CREATE_COMPLETE` status.
* This indicates that you have all the right permissions on both the Sumo Logic and the AWS side to proceed with the installation of the solution.
- * All the resources (Sumo Logic and AWS) created by template are also deleted. + * All the resources (Sumo Logic and AWS) created by template are also deleted.
})
1. If the AWS CloudFormation template has not executed successfully, identify and fix any permission errors until the stack completes with a `CREATE_COMPLETE` status.
1. Once the AWS CloudFormation stack has executed successfully, delete the AWS CloudFormation Stack.