SumoLogic · jpipkin1 · Nov 7, 2025 · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
@@ -4,6 +4,8 @@ title: Alert Response FAQ
 description: Our commonly asked questions about alert response are documented for your reference.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 ## Is alert response available in all Sumo Logic packages? 
 
 Overall, yes. Alert response is available in all the Sumo Logic packages. However, there are specific features within alert response that only work on specific packages. See the table below for details. 
@@ -41,7 +43,7 @@ For example, in Slack, you can add the following section to the **Alert Payload*
 },
 ```
 
-![alertResponseURLExample.png](/img/alerts/monitors/alertResponseURLExample.png)
+<img src={useBaseUrl('img/alerts/monitors/alertResponseURLExample.png')} alt="Alert response URL example" style={{border: '1px solid gray'}} width="800" />
 
 Learn more about [Alert Variables](/docs/alerts/monitors/alert-variables).
 

@@ -37,7 +37,7 @@ Learn how to use alert response.
 
 ## Setting up alert response
 
-Email alerts automatically get a button labeled **View Alert** that opens the alert on the alert page, shown in the below image.<br/> ![view alert from email.png](/img/alerts/monitors/view-alert-from-email.png)
+Email alerts automatically get a button labeled **View Alert** that opens the alert on the alert page, shown in the below image.<br/><img src={useBaseUrl('img/alerts/monitors/view-alert-from-email.png')} alt="View alert from email" style={{border: '1px solid gray'}} width="800" />
 
 If you use [Webhook connections](/docs/alerts/webhook-connections) offered by Sumo Logic for receiving notifications, you'll need to provide the [`alertResponseUrl` variable](/docs/alerts/monitors/alert-variables) in your notification payload of a monitor to receive a link that opens alert response. When your monitor is triggered, it will generate a URL and provide it in the alert notification payload, which you can use to open the alert response.
 
@@ -72,7 +72,7 @@ To get to your Alert List:
 * From the [**New UI**](/docs/get-started/sumo-logic-ui/), select **Alerts**.
 * From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), click the bell icon in the top menu.
 
-To search alerts, use the search bar and filters.<br/>![search alert list.png](/img/alerts/monitors/search-alert-list.png)
+To search alerts, use the search bar and filters.<br/><img src={useBaseUrl('img/alerts/monitors/search-alert-list.png')} alt="Search alert list" style={{border: '1px solid gray'}} width="800" />
 
 To sort by category (for example, **Name**, **Severity**, **Status**), click on a column header.
 
@@ -115,7 +115,7 @@ To view detailed information about an alert, go to your [Alert List](#alert-list
 * A history of previous occurrences of the alert.
 * Key details such as the trigger time and the condition that caused the alert.
 
-The following images and lists describe alert element on the page.<br/>![top of the alert response page.png](/img/alerts/monitors/top-alert-response-page.png)
+The following images and lists describe alert element on the page.<br/><img src={useBaseUrl('img/alerts/monitors/top-alert-response-page.png')} alt="Top of the alert response page" style={{border: '1px solid gray'}} width="800" />
 
 * **A**. Monitor name.
 * **B**. Copies the link to the opened alert page.
@@ -130,11 +130,11 @@ The following images and lists describe alert element on the page.<br/>![top of
    :::note
    Sumo Logic automatically resolves alerts when the monitor's recovery condition is met. This behavior cannot be modified or disabled. While you could configure a recovery condition that prevents Sumo Logic from resolving a monitor, this is not recommended, as it may suppress unrelated alerts from being triggered.
    :::
-   ![alert page sep 23.png](/img/alerts/monitors/alert-page.png)
+   <img src={useBaseUrl('img/alerts/monitors/alert-page.png')} alt="Resolves the alert" style={{border: '1px solid gray'}} width="800" />
 * **K**. The red exclamation mark indicates the alert is still active and a white exclamation in the gray circle indicates it's resolved. <br/> <img src={useBaseUrl('img/alerts/monitors/k-label.png')} alt="labels" width="300"/>
   * **Related Alerts**. A panel with related alerts and the monitor History. It shows other alerts in the system that were triggered around the same time as this alert. This information is helpful to know what issues are happening in the system and whether the current problem is an isolated issue or a more systemic one. There are two types of relations that a related alert can have.<br/> <img src={useBaseUrl('img/alerts/monitors/related-alerts.png')} alt="related alerts" width="200"/>
     * **Time**. Shows all the alerts that were triggered 30 minutes before or after the given alert that doesn't have another association.
-    * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow ![expand arrow.png](/img/alerts/monitors/expand-arrow.png) to view the alert's trigger condition and the white arrow in the square ![open in new tab icon.png](/img/alerts/monitors/open-new-tab.png) to open the alert in its own alert page.
+    * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow <img src={useBaseUrl('img/alerts/monitors/expand-arrow.png')} alt="Expand arrow" width="30" /> to view the alert's trigger condition and the white arrow in the square <img src={useBaseUrl('img/alerts/monitors/open-new-tab.png')} alt="Open in new tab icon" width="30" /> to open the alert in its own alert page.
   * **Monitor History**. Shows the past 30 days of similar alerts that were triggered by the monitor (that generated the current alert). Monitor History can be helpful to determine how frequently an alert has fired in the past and if the alert is flaky. You can then quickly correlate whether the current problem is similar to a past one by comparing the information shared for the alert.
 * **L**. The query of the monitor.<br/><img src={useBaseUrl('img/alerts/monitors/l-m-n-labels.png')} alt="labels" width="800"/>
 * **M**. A chart that visualizes the trend of the metric that was tracked as part of the alert condition of the monitor. The visualization tracks the *before* and *during* trends of the metric.
@@ -191,7 +191,7 @@ The **Log Fluctuations** context card, available for logs monitors, detects diff
 
 This card detects time series anomalies for entities related to the alert.
 
-Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitoring-distributed-systems/). Anomalies are also presented on a timeline; the length of the anomaly represents its duration. <br/> ![anomalies .png](/img/alerts/monitors/anomalies.png)
+Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitoring-distributed-systems/). Anomalies are also presented on a timeline; the length of the anomaly represents its duration. <br/><img src={useBaseUrl('img/alerts/monitors/anomalies.png')} alt="Anomalies" style={{border: '1px solid gray'}} width="800" />
 
 * **A**. Name and description of the context card.
 * **B**. Count of anomalies belonging to each golden signal type.
@@ -202,15 +202,15 @@ Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitor
 Only anomalies with a start time around 30 minutes before or after the alert was created show up in the card.
 :::
 
-Hover over an EOI to view key information about the event.<br/> ![eoi-stats.png](/img/alerts/monitors/eoi-stats.png)
+Hover over an EOI to view key information about the event.<br/><img src={useBaseUrl('img/alerts/monitors/eoi-stats.png')} alt="EOI stats" style={{border: '1px solid gray'}} width="300" />
 
-Click on the EOI to open the **Summary View** and **Entity Inspector**.<br/> ![entity inspector.png](/img/alerts/monitors/entity-inspector.png)
+Click on the EOI to open the **Summary View** and **Entity Inspector**.<br/><img src={useBaseUrl('img/alerts/monitors/entity-inspector.png')} alt="Entity inspector" style={{border: '1px solid gray'}} width="400" />
 
 ### Benchmark
 
 Benchmarks refer to baselines computed from anonymized and aggregated telemetry data from Sumo Logic customers in domains such as AWS. If the telemetry values for your entity during an alert period are unusual compared to benchmarks, you may have an unusual configuration change or other backend issues. 
 
-For example, the card below shows that `ServiceUnavailable` error is happening 32 times more often in your AWS account compared with other Sumo Logic customer’s accounts. This AWS error pertains to AWS API calls that are failing at a higher rate than what is expected based on cross-customer baselines. This particular error implies an AWS incident affecting the particular AWS resource type and API. <br/> ![benchmark card.png](/img/alerts/monitors/benchmark.png)
+For example, the card below shows that `ServiceUnavailable` error is happening 32 times more often in your AWS account compared with other Sumo Logic customer’s accounts. This AWS error pertains to AWS API calls that are failing at a higher rate than what is expected based on cross-customer baselines. This particular error implies an AWS incident affecting the particular AWS resource type and API. <br/><img src={useBaseUrl('img/alerts/monitors/benchmark.png')} alt="Benchmark card" style={{border: '1px solid gray'}} width="800" />
 
 * **A**. Name and description of the context card.
 * **B**. Count of unusual Benchmarks by golden signal type.

@@ -318,7 +318,7 @@ For example, when an alert is set to `greater than 10`, the recovery would be
 | `<threshold type>` | How you want the value compared. Select greater than, greater than or equal, less than or equal, or less than. |
 | `<threshold>` | The value against which the resolution will be evaluated. You can specify any valid numeric value. |
 
-The Alert and recovery setting affects both the alert generation logic and the alert recovery logic. `Alert and recovery require a minimum of <count> data points for "at all times" evaluation windows`. This setting only works when you choose `at all times within` as the type of occurrence for the alert. <br/>![metrics alert datapoints.png](/img/alerts/monitors/minimum-datapoints.png)
+The Alert and recovery setting affects both the alert generation logic and the alert recovery logic. `Alert and recovery require a minimum of <count> data points for "at all times" evaluation windows`. This setting only works when you choose `at all times within` as the type of occurrence for the alert. <br/><img src={useBaseUrl('img/alerts/monitors/minimum-datapoints.png')} alt="Metrics alert datapoints" style={{border: '1px solid gray'}} width="800" />
 
 | Parameter | Description |
 |:--|:--|

@@ -4,6 +4,7 @@ title: Monitors FAQ
 description: Frequently asked questions about Sumo Logic monitors.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
 import AlertsTimeslice from '../../reuse/alerts-timeslice.md';
 
 ## How can I optimize scan costs for monitors when using Flex Pricing?
@@ -85,9 +86,9 @@ The [Test Connection feature for webhooks](/docs/alerts/webhook-connections/se
 
 ## One of our monitors suddenly stopped sending notifications, even though I see it on the monitors page
 
-One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has `<User Unknown>`, you will need to re-create the monitor.  <br/>![user unknown monitors.png](/img/alerts/monitors/user-unknown-monitors.png)
+One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has `<User Unknown>`, you will need to re-create the monitor.  <br/><img src={useBaseUrl('img/alerts/monitors/user-unknown-monitors.png')} alt="User unknown monitors" style={{border: '1px solid gray'}} width="200" />
 
-You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon:<br/>![more actions menu for monitors.png](/img/alerts/monitors/more-actions-menu-for-monitors.png)  
+You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon:<br/><img src={useBaseUrl('img/alerts/monitors/more-actions-menu-for-monitors.png')} alt="More actions menu for monitors" style={{border: '1px solid gray'}} width="300" />
 
 then selecting **Duplicate**. If your monitor still doesn't work, we recommend contacting [Sumo Logic support](https://support.sumologic.com/). 
 

@@ -74,8 +74,6 @@ Do either of the following:
 * To make changes to the search query before you run it again, click the saved search title link, next to **Saved Search**. This will open the query in the Sumo Logic search page. 
 * To see all the results of the search, under **Message Distribution**, click the **View results in Sumo Logic** link in the email. Or under **Aggregation**, click "**here**". Sumo Logic will recreate the search exactly matching the query and time parameters of the original scheduled search.
 
-![Search from email](/img/alerts/search_from_email_new.png)
-
 :::note
 If you're a new user and someone has forwarded you an alert email, the links to the search will not work until you've completed your setup process.
 :::
@@ -104,7 +102,7 @@ The Scheduled Search Email Alert template includes the following details:
 * **Aggregation.** Displays the first 25 messages of the search results, and includes the complete number of results. Click "**here**" in the email to view the full results in Sumo Logic. 
 * **Results as CSV attachment.** If you have selected to receive your scheduled search results as a CSV file, it will be attached to the email. The maximum CSV file size allowed is 5MB or 1,000 results. 
 
-![Search from email](/img/alerts/search_from_email_new.png)
+<img src={useBaseUrl('img/alerts/search_from_email_new.png')} alt="Search from email" style={{border: '1px solid gray'}} width="800" />
 
 :::note
 Rarely, there may be circumstances that prevent the histogram from loading fast enough to be included with the email before it is sent. In that case, you will receive an email with all pertinent information, just without the graph.

@@ -5,6 +5,8 @@ sidebar_label: Edit or Cancel a Scheduled Search
 description: You can edit or cancel a Scheduled Search at any time.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 You can edit or cancel a Scheduled Search at any time from your [Library](/docs/get-started/library). If you cancel a scheduled search, it will revert to a saved search.
 
 :::important
@@ -14,8 +16,8 @@ If the user who "owns" a Scheduled Search is removed from your org, the Schedule
 ## Cancel a Scheduled Search
 
 1. Go to your **Library** and find the scheduled search you want to cancel. For information about finding an item in the Library, see [Search the Library](/docs/get-started/library#search-the-library). 
-1. Click the more options menu to the right of the scheduled search and select **Edit**. <br/>![Library scheduled search edit](/img/alerts/list-of-sched-searches.png)
-1. In the **Edit Search** dialog, click **Edit this search's schedule**.<br/>![edit search](/img/alerts/edit-search.png)
+1. Click the more options menu to the right of the scheduled search and select **Edit**. <br/><img src={useBaseUrl('img/alerts/list-of-sched-searches.png')} alt="Library scheduled search edit" style={{border: '1px solid gray'}} width="800" />
+1. In the **Edit Search** dialog, click **Edit this search's schedule**.<br/><img src={useBaseUrl('img/alerts/edit-search.png')} alt="Edit search" style={{border: '1px solid gray'}} width="500" />
 1. From the **Run Frequency** menu, choose **Never** to cancel the scheduled search.
 1. Click **Update**.
 
@@ -48,4 +50,4 @@ You have two options to resolve the issue:
 If you don’t have the **Change Data Access Level** capability, your Sumo Logic administrator will need to update your role to include it.
 :::
 
-![edit search](/img/alerts/cannot-edit-scheduled-search.png)
+<img src={useBaseUrl('img/alerts/cannot-edit-scheduled-search.png')} alt="Edit search" style={{border: '1px solid gray'}} width="400" />
@@ -5,6 +5,8 @@ sidebar_label: FAQ
 description: You can edit or cancel a Scheduled Search at any time.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 The following topics include frequently asked questions about scheduled
 searches and provide troubleshooting tips. 
 
@@ -51,7 +53,7 @@ To create a Scheduled Search:
     | fields collector, gbytes, collector_pct_of_todaysvolume, todays_volume, plan_size, todaysvolume_against_plan
     ```
 1. For the search **Time Range**, select **Today**.
-1. Click **Save As**. <br/>![DataUsageBreached.png](/img/alerts/DataUsageBreached.png)
+1. Click **Save As**. <br/><img src={useBaseUrl('img/alerts/DataUsageBreached.png')} alt="Data usage breached" style={{border: '1px solid gray'}} width="500" />
 1. In the **Save Search As** dialog, enter a name for this Scheduled Search, such as **90% Data Usage Limit Reached**.
 1. Set the **Run frequency** to **Every 4 hours**.
 1. Click **Schedule this search**. 
@@ -160,21 +162,21 @@ A maximum of 6000 Scheduled Searches are allowed per account.
 
 The following is an example of a temporary suspension email:
 
-![suspension email.png](/img/alerts/suspension-email.png)
+<img src={useBaseUrl('img/alerts/suspension-email.png')} alt="Suspension email" style={{border: '1px solid gray'}} width="700" />
 
 The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a temporary suspension log:   
 
-![temp sus.png](/img/alerts/temp-sus.png)
+<img src={useBaseUrl('img/alerts/temp-sus.png')} alt="Temporary suspension" style={{border: '1px solid gray'}} width="800" />
 
 #### Permanent suspension
 
 The following is an example of a permanent suspension email:  
 
-![permanent sus.png](/img/alerts/permanentsus.png)
+<img src={useBaseUrl('img/alerts/permanentsus.png')} alt="Permanent suspension" style={{border: '1px solid gray'}} width="700" />
 
 The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a permanent suspension log:
 
-![perm sus.png](/img/alerts/perm-sus.png)
+<img src={useBaseUrl('img/alerts/perm-sus.png')} alt="Permanent suspension" style={{border: '1px solid gray'}} width="800" />
 
 #### How long will the Scheduled Search be suspended?  
 

@@ -5,6 +5,8 @@ sidebar_label: Save to Index
 description: When you save the results of a scheduled search to an Index you can search your data using _index=index_name with increased search performance.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 When you create a Scheduled Search, you can save the results to an Index. This way, your data can be searched at a later time using `_index=index_name` with increased search performance.
 
 For example, you could use the following query to find successful logins on a Linux system, then save the results to an Index using the **Save to Index** alert type for your Scheduled Search.
@@ -35,7 +37,7 @@ In most cases, if you can use a [Scheduled View](/docs/manage/scheduled-views)
 ## Save the results of a scheduled search as an Index
 
 1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search). 
-1. Click **Schedule this search**.<br/>![SaveToIndex.png](/img/alerts/SaveToIndex.png)
+1. Click **Schedule this search**.<br/><img src={useBaseUrl('img/alerts/SaveToIndex.png')} alt="Save to index" style={{border: '1px solid gray'}} width="500" />
 1. For all configuration options, see [Schedule a Search](schedule-search.md). 
 1. **Alert Type**. Select **Save to Index**.
 1. **Index Name**. Enter a name that you'll use to search the data in a query. Use a name that's descriptive and easy to remember. Names can be comprised of alphanumeric characters; underscores (`_`) are the only special characters allowed.