added screenshot and revised lang step 8

Tracey Carter · Tracey Carter · commit 39301d53f36e · 2024-09-10T14:52:02.000-07:00
diff --git a/_images/logs/WorkloadMgmt.png b/_images/logs/WorkloadMgmt.png
diff --git a/logs/scp.rst b/logs/scp.rst
@@ -101,17 +101,22 @@ In Splunk Cloud Platform, follow the instructions in the guided setup for the in
          :width: 100%
          :alt: The Create user page in Splunk Cloud Platform where you can assign a user to the service account role.
 
-.. _download-certificate:
 
-8. Because Log Observer Connect impacts compute resources (CPU and memmory), add a Workload Rule in Splunk Cloud Platform to limit Log Observer Connect searches. Follow the guidance in :new-page:`Create a Workload Rule in Splunk Web <https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/Admin/CreateWLMRules#Create_a_workload_rule_in_Splunk_Web>` and configure the rule as follows:
+8. Add a Workload Rule in Splunk Cloud Platform to limit the amount of time that Log Observer Connect searches can run. This limit maintains a responsive experience for Log Observer users and reduces the chances that Log Observer Connect searches are queued. Follow the guidance in :new-page:`Create a Workload Rule in Splunk Web <https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/Admin/CreateWLMRules#Create_a_workload_rule_in_Splunk_Web>` and configure the rule as follows:
 
 .. code-block:: none
 
    Predicate: user=[your_Log_Observer_Connect_service-account_name] AND runtime>5m
    Schedule: Always on
    Action: Abort search
 
-The Workload Rule limits each Log Observer Connect search to 5 minutes.
+.. image:: /_images/logs/WorkloadMgmt.png
+         :width: 100%
+         :alt: This screenshot shows the configuration of the Workload Rule.
+
+   The Workload Rule limits each Log Observer Connect search to 5 minutes.
+
+.. _download-certificate:
 
 9. Secure a connection to your Splunk Cloud Platform instance in Splunk Observability Cloud. See :ref:`logs-scp-prereqs` for more information on the IPs to allow.
 
diff --git a/logs/set-up-logconnect.rst b/logs/set-up-logconnect.rst
@@ -100,9 +100,23 @@ In your Splunk Enterprise search head, follow the instructions in the guided set
          :width: 100%
          :alt: This screenshot shows the Create user page in Splunk Enterprise where you can assign a user to the service account role.
 
-8. Obtain certificates for securing inter-Splunk communication. See :new-page:`Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect <https://quickdraw.splunk.com/redirect/?product=Observability&location=splunk.integration.third.party&version=current>` to learn how. Copy only the first certificate in the chain and paste it on the next page of the guided setup to securely connect Log Observer Connect and your Splunk Enterprise instance.
+8. Add a Workload Rule in Splunk Enterprise to limit the amount of time that Log Observer Connect searches can run. This limit maintains a responsive experience for Log Observer users and reduces the chances that Log Observer Connect searches are queued. Follow the guidance in :new-page:`Create a Workload Rule in Splunk Web <https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/Admin/CreateWLMRules#Create_a_workload_rule_in_Splunk_Web>` and configure the rule as follows:
 
-9. Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
+.. code-block:: none
+
+   Predicate: user=[your_Log_Observer_Connect_service-account_name] AND runtime>5m
+   Schedule: Always on
+   Action: Abort search
+
+.. image:: /_images/logs/WorkloadMgmt.png
+         :width: 100%
+         :alt: This screenshot shows the configuration of the Workload Rule.
+
+   The Workload Rule limits each Log Observer Connect search to 5 minutes.
+
+9. Obtain certificates for securing inter-Splunk communication. See :new-page:`Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect <https://quickdraw.splunk.com/redirect/?product=Observability&location=splunk.integration.third.party&version=current>` to learn how. Copy only the first certificate in the chain and paste it on the next page of the guided setup to securely connect Log Observer Connect and your Splunk Enterprise instance.
+
+10. Make sure to give each connection a unique name on the final page of the Log Observer Connect guided setup.
 
 .. note:: Manage concurrent search limits using your current strategy in Splunk Enterprise. All searches initiated by Log Observer Connect users go through the service account you create in Splunk Enterprise. For each active Log Observer Connect user, four back-end searches occur when a user performs a search in the Log Observer Connect UI. For example, if there are three concurrent users accessing the Log Observer Connect UI at the same time, the service account for Log Observer Connect initiates approximately 12 searches in Splunk Enterprise.
 
