}){kind=icon}
FAQ
-Get to know the answers to basic questions around Content Sharing.
+Get to know the answers to basic questions around content sharing.
})
-You will now see the whole file tree for your organization, as well as the **Admin Recommended** folder.
+You will now see the whole file tree for your organization, as well as the Admin Recommended folder.
## Move important content to Admin Recommended
-Important content can be dashboards that help new users get started, or common searches that your organization needs often. You can draw attention to this content by putting it into **Admin Recommended**, which appears at the top of the Library in the Left-Nav.
+Important content can be dashboards that help new users get started, or common searches that your organization needs often. You can draw attention to this content by putting it into Admin Recommended, which appears at the top of the Library in the left navigation bar.
-For example, you can content share an Audit dashboard at the top of the Library on the Left-nav with a particular role such as Administrators and move it into Admin Recommended. All Sumo Administrators will be able to see it there, but any user without that role, will not see the dashboard.
+For example, you can content share an audit dashboard at the top of the Library on the left navigation bar with a particular role such as Administrators and move it into Admin Recommended. All Sumo Logic users with the Administrators role will be able to see it there, but any user without that role, will not see the dashboard.
})
To add a dashboard or search to Admin Recommended:
-1. Select the Library Tab from the UI.
-1. Toggle to Content Administrator mode.
-1. A note loads on the Left-nav that says **Viewing as Content Administrator**. This is to help you remember why your Personal folder doesn't appear.
-1. Make sure you've [shared the search](/docs/manage/content-sharing), dashboard, or folder with the role or users that you want to be able to access it.
+1. Select the **Library** tab from the UI.
+1. Toggle to **Content Administrator** mode.
+1. A note loads on the left navigation bar that says **Viewing as Content Administrator**. This is to help you remember why your Personal folder doesn't appear.
+1. Make sure you've [shared](/docs/manage/content-sharing) the search, dashboard, or folder with the role or users that you want to be able to access it.
1. Select the options menu for the item you want to move, and choose **Move.**
-1. From the Move dialog, choose the **Admin Recommended** folder and click **Move**.
+1. From the **Move** dialog, choose the **Admin Recommended** folder and click **Move**.
:::note
Remember to switch out of Content Administrator viewing when you are done.
@@ -45,4 +45,4 @@ Remember to switch out of Content Administrator viewing when you are done.
## Track content changes in your org
-If you need to track what content has been shared in your organization, or recently changed by another Content Administrator, you can find dashboards to help you track that information in the [Audit App](/docs/integrations/sumo-apps/audit).
+If you need to track what content has been shared in your organization, or recently changed by another content administrator, you can find dashboards to help you track that information in the [Sumo Logic Audit app](/docs/integrations/sumo-apps/audit).
diff --git a/docs/manage/content-sharing/changing-alerts.md b/docs/manage/content-sharing/changing-alerts.md
index 254cfeb459..96231d99d8 100644
--- a/docs/manage/content-sharing/changing-alerts.md
+++ b/docs/manage/content-sharing/changing-alerts.md
@@ -6,13 +6,13 @@ description: You can modify or cancel alerts that are no longer valuable to your
import useBaseUrl from '@docusaurus/useBaseUrl';
-The ability to modify or turn off alerts created by another user is now possible with Content Sharing. Sometimes the need or frequency of a log alert changes while the creator is unavailable and with Content Sharing you can give that ability to another Role or user within your Organization.
+The ability to modify or turn off alerts created by another user is possible with content sharing. Sometimes the need or frequency of a log alert changes while the creator is unavailable, and with content sharing you can give that ability to another role or user within your organization.
-We strongly recommend sharing your scheduled searches with at least one Role or a user you trust to allow you more flexibility with alerts.
+We strongly recommend sharing your scheduled searches with at least one role or a user you trust to allow you more flexibility with alerts.
## Edit an alert
-If you or your role has Edit permissions on a scheduled search you can modify the frequency and type of alert as well as the query if you need to make any adjustments such as the threshold or timeslice.
+If you or your role has edit permissions on a scheduled search you can modify the frequency and type of alert as well as the query if you need to make any adjustments such as the threshold or timeslice.
:::note
If you're using a search template with your saved search, you cannot modify the query from the alert.
@@ -29,7 +29,7 @@ To edit an alert:
## Cancel alerts on a shared search
-If you have Edit permissions on the shared search, you can stop recipients from receiving alerts by setting the run frequency to **Never**. We recommend doing this when a search is no longer relevant rather than deleting the search so that it can be available to you later if you need it. Deleting the shared search is possible, if you have Manage permissions, but does not allow you the ability to restore a scheduled search later if you need it.
+If you have edit permissions on the shared search, you can stop recipients from receiving alerts by setting the run frequency to **Never**. We recommend doing this when a search is no longer relevant rather than deleting the search so that it can be available to you later if you need it. Deleting the shared search is possible if you have manage permissions, but does not allow you the ability to restore a scheduled search later if you need it.
1. Navigate to the scheduled search you want to edit, as described above in [Edit an alert](#edit-an-alert).
1. Select the edit icon in the library for the scheduled search.})
diff --git a/docs/manage/content-sharing/content-sharing-faq.md b/docs/manage/content-sharing/content-sharing-faq.md
index 48395e7eaf..eacb6deb67 100644
--- a/docs/manage/content-sharing/content-sharing-faq.md
+++ b/docs/manage/content-sharing/content-sharing-faq.md
@@ -5,63 +5,60 @@ sidebar_label: FAQ
description: This FAQ answers your basic questions around content sharing.
---
-Welcome to Content Sharing. We've provided this FAQ to answer your basic questions around the interface changes that come with Content Sharing.
+This FAQ answers your basic questions about Sumo Logic content sharing.
## When I share something with someone, how will they see it?
-When you share something directly with a user (or to their role) they will receive an email notification that they can click on to guide them to the item in Sumo.
+When you share something directly with a user (or with their role) they will receive an email notification that they can click on to guide them to the item in Sumo Logic.
* The object will also be available in their Library view.
-* They can also look in **Recent** in the left-nav to see what has been recently shared.
+* They can also look in **Recent** in the left navigation bar to see what has been recently shared.
* The share dialog associated with the item will reflect who the item is shared with and what level of access they have.
## Can I delete someone else's alerts?
-Yes, IF you have Edit permissions on that shared search. You need Edit permissions at a minimum on the shared search to make any changes to the associated alert. For details, see [Changing Alerts](changing-alerts.md).
+Yes, if you have edit permissions on that shared search. You need edit permissions at a minimum on the shared search to make any changes to the associated alert. For details, see [Changing Other Alerts](changing-alerts.md).
-## I shared something with my coworker but they can’t see it in their Library view?
+## I shared something with my coworker, but why can't they see it in their Library view?
-It is possible that you shared an item that is nested within a folder. The Library view is designed to roll-up to the highest level parent folder. Have them check their **Recently Shared with Me** dialog. Or, send your co-worker the name of the item and they can also search for it in the Library.
+It is possible that you shared an item that is nested within a folder. The Library view is designed to roll up to the highest level parent folder. Have them check their **Recently Shared with Me** dialog. Or, send your co-worker the name of the item and they can also search for it in the Library.
-## Can shared dashboards always run with viewer's role search filter instead of the creator's role search filter?
+## Can shared dashboards always run with the viewer's role search filter instead of the creator's role search filter?
Yes, for an individual dashboard, when you share the dashboard you can choose to share it with the "Viewer’s data access level", so that
viewers will see it with their own role search filter. For more information, see [Set the Data Access Level for a Dashboard](/docs/dashboards/set-data-access-level). In addition, it is possible to set a security policy that ensures that all new dashboards will run with the viewer’s role search filter when shared. For more information, see [Data Access Level for Shared Dashboards](../security/data-access-level-shared-dashboards.md).
## Can I share a folder with someone?
-Yes, you can share a folder you manage with anyone or any role in your Org. Keep in mind that when you share a folder, that person will have access to all items within that folder as well as any nested sub-folders. Try to limit sharing at the folder level and grant permissions to sub-folders or individual items.
+Yes, you can share a folder you manage with anyone or any role in your organization. Keep in mind that when you share a folder, that person will have access to all items within that folder as well as any nested sub-folders. Try to limit sharing at the folder level and grant permissions to sub-folders or individual items.
## What if I shared a folder with someone with edit access but then gave them view access on a specific dashboard in that folder?
-We also allow the most permissive set of permissions. In this case, the highest permission the user has on the dashboard is edit - so that’s how they can access it.
+We also allow the most permissive set of permissions. In this case, the highest permission the user has on the dashboard is edit, so that’s how they can access it.
-## Can I share a folder with a role with edit permissions the limit items in folder from editing?
+## Can I share a folder with a role with edit permissions that limit items in a folder from editing?
No. We do not support the concept of negative permissions. Users will always get the highest level of permissions available to them on an
item.
We recommend a strategy of providing the lowest level of access (view) to the broad group of users and limiting higher level of access to only a trusted few.
-## Can I control what objects a specific role can access using the Roles page?
+## Can I control what objects a specific role can access using the [Roles](/docs/manage/users-roles/roles/create-manage-roles/) page?
No. Access control is managed at the object level, in the Library.
## I want to create a hierarchy of folders for my company so that each team knows exactly where to put their content. How can I do this?
-This can be achieved by a feature available to administrators called
-**Admin View**. Users who are in a role that has the capability Manage
-Content set, can see this view.
+This can be achieved by a feature available to administrators called *Admin View*. Users who are in a role with the [Manage Content](/docs/manage/users-roles/roles/role-capabilities/#data-management) role capability can see this view.
-* When in this view, Administrators have manage access on all objects in the org.
-* They also have access to a special folder called **Admin Recommended**. Anything that is placed in this folder and shared out to a user or role, is displayed at the top of the library, in the Admin recommended section.
+* When in this view, administrators have manage access on all objects in the org.
+* They also have access to a special folder called Admin Recommended. Anything that is placed in this folder, and shared out to a user or role, is displayed at the top of the library in the Admin Recommended section.
* Administrators can create a folder hierarchy within this view and share it out to the org with view permissions. Certain roles can have edit or manage access to the folder that is specific to the team, so they can move their content in.
## What is this Data Access setting that pops up whenever I try to edit a dashboard?
-Dashboards run with the data access level of a particular user. We wanted to prevent users from making edits to a dashboard that would enable them to see more data than they were allowed to. When a user attempts to edit a query, we compare the editor’s data access to the current Run-as user of the dashboard. If the access level is lower, we ask the editor to change the Run-as user to themselves before they can save their change.
+Dashboards run with the data access level of a particular user. We wanted to prevent users from making edits to a dashboard that would enable them to see more data than they were allowed to. When a user attempts to edit a query, we compare the editor’s data access to the current run-as user of the dashboard. If the access level is lower, we ask the editor to change the run-as user to themselves before they can save their change.
-## I'm an Admin, how do I monitor content sharing activity in my org?
+## As an admin, how do I monitor content sharing activity in my org?
-All permission updates, move, copy and delete actions in the content library are audited. All actions performed by the user while in Admin
-mode are also audited. The [Audit App](/docs/integrations/sumo-apps/audit) has been updated with several new dashboards that visualize this activity for you.
+All permission updates, move, copy and delete actions in the content library are audited. All actions performed by the user while in admin mode are also audited. The [Sumo Logic Audit app](/docs/integrations/sumo-apps/audit) has been updated with several new dashboards that visualize this activity for you.
diff --git a/docs/manage/content-sharing/index.md b/docs/manage/content-sharing/index.md
index 469f05f8bd..d8fdadaa51 100644
--- a/docs/manage/content-sharing/index.md
+++ b/docs/manage/content-sharing/index.md
@@ -108,7 +108,7 @@ In this section, we'll introduce the following concepts:
Get to know the answers to basic questions around Content Sharing.
+Get to know the answers to basic questions around content sharing.
}){kind=icon}
-1. Enter a name for the new Source. A description is optional.
+1. Enter a name for the new source. A description is optional.
1. Select an **S3 region** or keep the default value of **Others**. The S3 region must match the appropriate S3 bucket created in your Amazon account.
1. For **Bucket Name**, enter the exact name of your organization's S3 bucket. Be sure to double-check the name as it appears in AWS.
-1. For **Path Expression**, enter the wildcard pattern that matches the Archive files you'd like to collect. The pattern:
+1. For **Path Expression**, enter the wildcard pattern that matches the archive files you'd like to collect. The pattern:
* Can use one wildcard (\*).
* Can specify a [prefix](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys) so only certain files from your bucket are ingested. For example, if your filename is `prefix/dt=}){kind=small}
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- * }){kind=small}
An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
-1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step Grant Sumo Logic access to an AWS Product.
+ * A green circle with a check mark is shown when the field exists and is enabled in the fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the fields schema or is disabled it is ignored, known as dropped.
+1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step [Grant Access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product/).
* For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role.
- * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](https://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details.
-1. Create any Processing Rules you'd like for the AWS Source.
-1. When you are finished configuring the Source, click **Save**.
+ * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for details.
+1. Create any processing rules you'd like for the AWS source.
+1. When you are finished configuring the source, click **Save**.
## Archive page
:::important
-You need the Manage Collectors or View Collectors [role capability](/docs/manage/users-roles/roles/role-capabilities/) to manage or view an archive.
+You need the [Manage Collectors or View Collectors](/docs/manage/users-roles/roles/role-capabilities/#data-management) role capability to manage or view an archive.
:::
-The Archive page provides a table of all the existing [AWS S3 Archive Sources](#create-an-aws-s3-archivesource) in your account and ingestion jobs.
+The archive page provides a table of all the existing AWS S3 archive sources in your account and ingestion jobs.
-[**New UI**](/docs/get-started/sumo-logic-ui/). To access the Archive page, in the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**.
+[**New UI**](/docs/get-started/sumo-logic-ui/). To access the archive page, in the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**.
-[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the Archive page, in the main Sumo Logic menu select **Manage Data > Collection > Archive**.
+[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the archive page, in the main Sumo Logic menu select **Manage Data > Collection > Archive**.
})
### Details pane
-Click on a table row to view the Source details. This includes:
+Click on a table row to view the source details. This includes:
* **Name**
* **Description**
* **AWS S3 bucket**
-* All **Ingestion jobs** that are and have been created on the Source.
+* All **Ingestion jobs** that are and have been created on the source.
* Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon }){kind=icon}
to the right of the job name to start a search against the data that was ingested by the job.
* Hover your mouse over the information icon to view who created the job and when.})
@@ -216,14 +216,14 @@ Click on a table row to view the Source details. This includes:
A maximum of 2 concurrent jobs is supported.
:::
-An ingestion job is a request to pull data from your S3 bucket. The job begins immediately and provides statistics on its progress. To ingest from your Archive you need an AWS S3 Archive Source configured to access your AWS S3 bucket with the archived data.
+An ingestion job is a request to pull data from your S3 bucket. The job begins immediately and provides statistics on its progress. To ingest from your archive you need an AWS S3 archive source configured to access your AWS S3 bucket with the archived data.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**. })
-1. Click **Ingest Data** to begin ingestion. The status of the job is visible in the Details pane of the Source in the Archive page.
+1. Click **Ingest Data** to begin ingestion. The status of the job is visible in the details pane of the source in the archive page.
### Job status
@@ -235,19 +235,19 @@ An ingestion job will have one of the following statuses:
* **Failed**. The job has failed to complete. Partial data may have been ingested and is searchable.
* **Succeeded** The job completed ingesting and your data is searchable.
-## Search ingested Archive data
+## Search ingested archive data
-Once your Archive data is ingested with an ingestion job you can search for it as you would any other data ingested into Sumo Logic. On the Archive page find and select the Archive S3 Source that ran the ingestion job to ingest your Archive data. In the [Details pane](#details-pane), you can click the **Open in Search** link to view the data in a Search that was ingested by the job.
+Once your archive data is ingested with an ingestion job you can search for it as you would any other data ingested into Sumo Logic. On the archive page find and select the archive S3 source that ran the ingestion job to ingest your archive data. In the [details pane](#details-pane), you can click the **Open in Search** link to view the data in a search that was ingested by the job.
:::note
When you search for data in the Frequent or Infrequent Tier, you must explicitly reference the partition.
:::
-The metadata field `_archiveJob` is automatically created in your account and assigned to ingested Archive data. This field does not count against your Fields limit. Ingested Archive data has the following metadata assignments:
+The metadata field `_archiveJob` is automatically created in your account and assigned to ingested archive data. This field does not count against your fields limit. Ingested archive data has the following metadata assignments:
| Field | Description |
|:----------------|:-------------------------------------|
-| `_archiveJob` | The name of the ingestion job assigned to ingest your Archive data. |
+| `_archiveJob` | The name of the ingestion job assigned to ingest your archive data. |
| `_archiveJobId` | The unique identifier of the ingestion job. |
## Audit ingestion job requests
diff --git a/docs/manage/data-archiving/archive.md b/docs/manage/data-archiving/archive.md
index b43c8da91a..f9008c2a5e 100644
--- a/docs/manage/data-archiving/archive.md
+++ b/docs/manage/data-archiving/archive.md
@@ -1,73 +1,73 @@
---
id: archive
title: Archive Log Data to S3 using Installed Collectors
-description: Send data to an Archive that you can ingest from later.
+description: Send data to an archive that you can ingest from later.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
-Archive allows you to forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you do not need to search immediately you can archive them for later use. You can ingest from your Archive on-demand with five-minute granularity.
+Archive allows you to forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you do not need to search immediately you can archive them for later use. You can ingest from your archive on-demand with five-minute granularity.
:::important
-Do not change the name and location of the archived files in your S3 bucket, otherwise ingesting them later will not work properly.
+Do not change the name and location of the archived files in your S3 bucket. Otherwise, ingesting them later will not work properly.
:::
-To archive your data you need a Processing Rule configured to send to an AWS Archive Destination. First, [create an AWS Archive Destination](#create-an-aws-archive-destination), then [create Archive processing rules](#create-a-processing-rule) to start archiving. Any data that matches the filter expression of an Archive processing rule is not sent to Sumo Logic, instead, it is sent to your AWS Archive Destination.
+To archive your data you need a processing rule configured to send to an AWS archive destination. First, [create an AWS archive destination](#create-an-aws-archive-destination), then [create archive processing rules](#create-a-processing-rule) to start archiving. Any data that matches the filter expression of an archive processing rule is not sent to Sumo Logic. Instead, it is sent to your AWS archive destination.
:::note
-Every archived log message is tagged with the metadata Fields specified by the Collector and Source.
+Every archived log message is tagged with the metadata fields specified by the collector and source.
:::
-## Create an AWS Archive Destination
+## Create an AWS archive destination
:::note
-You need the **Manage S3 data forwarding** role capability to create an AWS Archive Destination.
+You need the [Manage S3 Data Forwarding](/docs/manage/users-roles/roles/role-capabilities/#data-management) role capability to create an AWS archive destination.
:::
-1. Follow the instructions on Grant Access to an AWS Product to grant Sumo permission to send data to the destination S3 bucket.
+1. Follow the instructions in [Grant Access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product/) to grant Sumo Logic permission to send data to the destination S3 bucket.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Data Archiving**. You can also click the **Go To...** menu at the top of the screen and select **Data Archiving**. })
1. Configure the following:
* **Destination Name**. Enter a name to identify the destination.
* **Bucket Name**. Enter the exact name of the S3 bucket.
- :::note
- You can create only one destination with a particular bucket name. If you try to create a new destination with the bucket name of an existing destination, the new destination replaces the old one.
- :::
+ :::note
+ You can create only one destination with a particular bucket name. If you try to create a new destination with the bucket name of an existing destination, the new destination replaces the old one.
+ :::
* **Description**. You can provide a meaningful description of the connection.
* **Access Method**. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred. This was completed in step 1, [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product).
* For **Role-based access** enter the Role ARN that was provided by AWS after creating the role.
- * For **Key access** enter the **Access Key ID** and **Secret Access Key.** See [AWS Access Key ID](https://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details.
- * For **AWS EC2 Credentials** instance profile credentials on an EC2 instance where an installed collector will be used to archive log data to S3, see https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-roles.html.
+ * For **Key access** enter the **Access Key ID** and **Secret Access Key.** See [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for details.
+ * For **AWS EC2 Credentials** instance profile credentials on an EC2 instance where an installed collector will be used to archive log data to S3, see [Using IAM Roles to Grant Access to AWS Resources on Amazon EC2](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-roles.html).
* **S3 Region**. Select the S3 region or keep the default value of Others. The S3 region must match the appropriate S3 bucket created in your Amazon account.
1. Click **Save**.
If Sumo Logic is able to verify the S3 credentials, the destination will be added to the list of destinations and you can start archiving to the destination via processing rules.
-## Create a Processing Rule
+## Create a processing rule
-A new processing rule type named **Archive messages that match** allows you to archive log data at the Source level on Installed Collectors.
+A new processing rule type named **Archive messages that match** allows you to archive log data at the source level on Installed Collectors.
:::note
-An Archive processing rule acts like an exclude filter, functioning as a denylist filter where the matching data is not sent to Sumo Logic, and instead sends the excluded data to your AWS Archive bucket.
+An archive processing rule acts like an exclude filter, functioning as a denylist filter where the matching data is not sent to Sumo Logic, and instead sends the excluded data to your AWS archive bucket.
:::
Archive and forwarding rules are processed after all other processing rule types. When there are archive and forwarding rules they are processed in the order that they are specified in the UI, top to bottom.
-To configure processing rules for Archive using the web application follow these steps:
+To configure processing rules for archiving using the web application, follow these steps:
:::note
-You can use JSON to configure a processing rule, use the **Forward** filterType. See an example data forwarding rule.
+To use JSON to configure a processing rule, use the `Forward` filter ype. See an example data forwarding rule.
:::
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. })
+1. Select **Archive messages that match** as the rule type. This option is visible only if you have defined at least one [AWS archive bucket destination](#create-an-aws-archive-destination), as described in the previous section.
+1. Select the destination from the dropdown menu.
1. (Optional) Enter a **Prefix** that matches the location to store data in the S3 bucket. The prefix has the following requirements:
* It can not start with a forward slash `/`.
* It needs to end with a forward slash `/`.
@@ -80,7 +80,7 @@ You can use JSON to configure a processing rule, use the **Forward** filterTy
## Archive format
-Forwarded Archive files are prepended with a filename prefix based on the receipt time of your data with the following format:
+Forwarded archive files are prepended with a filename prefix based on the receipt time of your data with the following format:
```
dt=
-1. Enter a name for the new Source. A description is optional.
+1. Enter a name for the new source. A description is optional.
1. Select an **S3 region** or keep the default value of **Others**. The S3 region must match the appropriate S3 bucket created in your Amazon account.
1. For **Bucket Name**, enter the exact name of your organization's S3 bucket. Be sure to double-check the name as it appears in AWS.
-1. For **Path Expression**, enter the wildcard pattern that matches the Archive files you'd like to collect. The pattern:
+1. For **Path Expression**, enter the wildcard pattern that matches the archive files you'd like to collect. The pattern:
* can use one wildcard (\*).
* can specify a [prefix](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys) so only certain files from your bucket are ingested. For example, if your filename is `prefix/dt= A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
-1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step Grant Sumo Logic access to an AWS Product.
+ * A green circle with a check mark is shown when the field exists and is enabled in the fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the fields schema or is disabled it is ignored, known as dropped.
+1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product/).
* For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role.
- * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](https://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details.
-1. Create any Processing Rules you'd like for the AWS Source.
-1. When you are finished configuring the Source, click **Save**.
+ * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for details.
+1. Create any processing rules you'd like for the AWS source.
+1. When you are finished configuring the source, click **Save**.
## Archive page
:::important
-You need the Manage or View Collectors role capability to manage or view Archive.
+You need the [Manage Collectors or View Collectors](/docs/manage/users-roles/roles/role-capabilities/#data-management) role capability to manage or view archive.
:::
-The Archive page provides a table of all the existing [AWS S3 Archive Sources](#create-an-aws-s3-archivesource) in your account and ingestion jobs.
+The archive page provides a table of all the existing [AWS S3 archive sources](#create-an-aws-s3-archivesource) in your account and ingestion jobs.
-[**New UI**](/docs/get-started/sumo-logic-ui/). To access the Archive page, in the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**.
+[**New UI**](/docs/get-started/sumo-logic-ui/). To access the archive page, in the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**.
-[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the Archive page, in the main Sumo Logic menu select **Manage Data > Collection > Archive**.
+[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the archive page, in the main Sumo Logic menu select **Manage Data > Collection > Archive**.
### Details pane
-Click on a table row to view the Source details. This includes:
+Click on a table row to view the source details. This includes:
* **Name**
* **Description**
* **AWS S3 bucket**
-* All **Ingestion jobs** that are and have been created on the Source.
- * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon to the right of the job name to start a Search against the data that was ingested by the job.
+* All **Ingestion jobs** that are and have been created on the source.
+ * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon to the right of the job name to start a search against the data that was ingested by the job.
* Hover your mouse over the information icon to view who created the job and when.
## Create an ingestion job
@@ -193,14 +193,14 @@ Click on a table row to view the Source details. This includes:
A maximum of 2 concurrent jobs is supported.
:::
-An ingestion job is a request to pull data from your S3 bucket. The job begins immediately and provides statistics on its progress. To ingest from your Archive you need an AWS S3 Archive Source configured to access your AWS S3 bucket with the archived data.
+An ingestion job is a request to pull data from your S3 bucket. The job begins immediately and provides statistics on its progress. To ingest from your archive you need an AWS S3 archive source configured to access your AWS S3 bucket with the archived data.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Archive**. You can also click the **Go To...** menu at the top of the screen and select **Archive**.
-1. Click **Ingest Data** to begin ingestion. The status of the job is visible in the Details pane of the Source in the Archive page.
+1. Click **Ingest Data** to begin ingestion. The status of the job is visible in the details pane of the source in the archive page.
### Job status
@@ -208,23 +208,23 @@ An ingestion job will have one of the following statuses:
* **Pending**. The job is queued before scanning has started.
* **Scanning**. The job is actively scanning for objects from your S3 bucket. Your objects could be ingesting in parallel.
-* **Ingesting* The job has completed scanning for objects and is still ingesting your objects.
+* **Ingesting** The job has completed scanning for objects and is still ingesting your objects.
* **Failed**. The job has failed to complete. Partial data may have been ingested and is searchable.
* **Succeeded** The job completed ingesting and your data is searchable.
-## Search ingested Archive data
+## Search ingested archive data
-Once your Archive data is ingested with an ingestion job you can search for it as you would any other data ingested into Sumo Logic. On the Archive page find and select the Archive S3 Source that ran the ingestion job to ingest your Archive data. In the [Details pane](#details-pane), you can click the **Open in Search** link to view the data in a Search that was ingested by the job.
+Once your archive data is ingested with an ingestion job you can search for it as you would any other data ingested into Sumo Logic. On the archive page find and select the archive S3 source that ran the ingestion job to ingest your archive data. In the [details pane](#details-pane), you can click the **Open in Search** link to view the data in a search that was ingested by the job.
:::note
When you search for data in the Frequent or Infrequent Tier, you must explicitly reference the partition.
:::
-The metadata field `_archiveJob` is automatically created in your account and assigned to ingested Archive data. This field does not count against your Fields limit. Ingested Archive data has the following metadata assignments:
+The metadata field `_archiveJob` is automatically created in your account and assigned to ingested archive data. This field does not count against your fields limit. Ingested archive data has the following metadata assignments:
| Field | Description |
|:----------------|:-------------------------------------|
-| `_archiveJob` | The name of the ingestion job assigned to ingest your Archive data. |
+| `_archiveJob` | The name of the ingestion job assigned to ingest your archive data. |
| `_archiveJobId` | The unique identifier of the ingestion job. |
## Audit ingestion job requests
diff --git a/docs/manage/data-archiving/index.md b/docs/manage/data-archiving/index.md
index 17fd248740..c0b3f3af44 100644
--- a/docs/manage/data-archiving/index.md
+++ b/docs/manage/data-archiving/index.md
@@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
}){kind=icon}
-Archive allows you to forward log data from Installed Collectors to AWS S3 buckets to collect later. If you have logs that you do not need to search immediately, you can archive them for later use. You can also ingest them from your Archive on-demand with five-minute granularity.
+Archive allows you to forward log data from Installed Collectors to AWS S3 buckets to collect later. If you have logs that you do not need to search immediately, you can archive them for later use. You can also ingest them from your archive on-demand with five-minute granularity.
import DocCardList from '@theme/DocCardList';
import {useCurrentSidebarCategory} from '@docusaurus/theme-common';
diff --git a/docs/manage/data-forwarding/forward-data-from-sumologic.md b/docs/manage/data-forwarding/forward-data-from-sumologic.md
index 52d594970c..826920c6c6 100644
--- a/docs/manage/data-forwarding/forward-data-from-sumologic.md
+++ b/docs/manage/data-forwarding/forward-data-from-sumologic.md
@@ -10,13 +10,13 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
Data forwarding to Google Cloud Storage (GCS) is available and is an on-demand feature. To enable access, contact your Sumo Logic executive or [Support](https://support.sumologic.com/support/s).
:::
-This document outlines the instructions that needs to be followed to forward log data from a [partition](/docs/manage/partitions) or [Scheduled View](/docs/manage/scheduled-views) to an S3 or Google Cloud Storage (GCS) bucket. Only new data is forwarded from a partition or Scheduled View once it is set to forward data.
+This document outlines the instructions that needs to be followed to forward log data from a [partition](/docs/manage/partitions) or [scheduled view](/docs/manage/scheduled-views) to an S3 or Google Cloud Storage (GCS) bucket. Only new data is forwarded from a partition or scheduled view once it is set to forward data.
To forward data to a storage bucket:
1. [Configure forwarding destination](#configure-data-forwarding-destination).
1. [Forward data to destination](#forward-datato-forwarding-destination) from a partition or schedule view.
-After data forwarding is configured, you should start to see file objects posted within your configured bucket. If your Scheduled View conducts aggregation, which is a best practice, your aggregate fields are automatically appended to the forwarded objects.
+After data forwarding is configured, you should start to see file objects posted within your configured bucket. If your scheduled view conducts aggregation, which is a best practice, your aggregate fields are automatically appended to the forwarded objects.
:::note
Data forwarding is not currently supported for data assigned to the Infrequent Tier.
@@ -26,11 +26,11 @@ Data forwarding is not currently supported for data assigned to the Infrequent T
* An administrator role on the partition where you want to set up forwarding.
* Follow the instructions on [Grant Access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to grant Sumo Logic permission to send data to the destination S3 bucket.
-* A partition or Scheduled View to push to Amazon S3 or Google Cloud Storage (GCS).
+* A partition or scheduled view to push to Amazon S3 or Google Cloud Storage (GCS).
## Forwarding interval
-Messages are buffered during data ingest for either **approximately** five minutes or until 100MB of data is received, whichever is first. Then the buffered data is written to a new CSV file and forwarded after compression.
+Messages are buffered during data ingest for either approximately five minutes or until 100MB of data is received, whichever is first. Then the buffered data is written to a new CSV file and forwarded after compression.
The limits mentioned here are upper limits. Actual file size may vary depending on the ingestion volume in scheduled views or partitions of an account.
@@ -54,13 +54,13 @@ These file objects will contain the messages received as well as the system met
* **sourceCategory**: Is returned blank.
* **messageTime**: The parsed message time from the log message, as epoch.
* **receiptTime**: The time the service originally received the message, as epoch.
-* **sourceID**: The unique ID of the Source configured to send the message to the service.
-* **collectorId**: The unique ID of the Collector configured to send the message to the service.
-* **count**: The message number from the specific log Source Name. These should be sequential for a specific Source file.
+* **sourceID**: The unique ID of the source configured to send the message to the service.
+* **collectorId**: The unique ID of the collector configured to send the message to the service.
+* **count**: The message number from the specific log source name. These should be sequential for a specific source file.
* **format**: The timestamp format used to parse the message time from the log message.
* **view**: The scheduled view or partition that the message is forwarded from.
* **encoding**: The encoding of the original file contents.
-* **message**: The raw log message as read from the original Source.
+* **message**: The raw log message as read from the original source.
* **field**: Aggregate fields are added based on your query.
### Ordering of fields in forwarded file
@@ -94,7 +94,7 @@ Where:
## Configure data forwarding destination
-Before you can [forward data](#forward-datato-forwarding-destination) from a partition or Scheduled View, you must create a destination that indicates the S3 or GCS bucket where you want to send the forwarded data.
+Before you can [forward data](#forward-datato-forwarding-destination) from a partition or scheduled view, you must create a destination that indicates the S3 or GCS bucket where you want to send the forwarded data.
1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Manage Data**, and then under **Logs** select **Data Forwarding**. You can also click the **Go To...** menu at the top of the screen and select **Data Forwarding**.})
1. **Destination Name**. Enter a name to identify the destination.
- 1. **Bucket Name**. Enter the [exact name of the GCS bucket](https://cloud.google.com/storage/docs/buckets).
+ 1. **Bucket Name**. Enter the [exact name of the S3 or GCS bucket](https://cloud.google.com/storage/docs/buckets).
:::note
You can create only one destination with a particular bucket name. If you try to create a new destination with the bucket name of an existing destination, the new destination replaces the old one.
:::
1. (Optional) **Description**. Provide a meaningful description of the connection.
- 1. For **HMAC Access Key** and **HMAC Secret Key** enter the values collected from the Google platform service account. See [Manage HMAC keys for service account](https://cloud.google.com/storage/docs/authentication/managing-hmackeys#console_1) for details.
+ 1. For **HMAC Access Key** and **HMAC Secret Key** enter the values collected from the Google platform service account. See [Manage HMAC keys for service account](https://cloud.google.com/storage/docs/authentication/managing-hmackeys) for details.
1. **Active**. Select this check box to enable data forwarding for the entire bucket. To start forwarding data, you will also need to enable forwarding for the desired indexes, as described below.
1. Click **Save**. })
+ * **Scheduled view**:
:::tip
- In addition to forwarding data from existing partitions and Scheduled Views, you can also enable data forwarding by selecting the **Enable Data Forwarding** check box when you first [create a partition](/docs/manage/partitions/flex/create-edit-partition-flex/) or [create a Scheduled View](/docs/manage/scheduled-views/add-scheduled-view/).
+ In addition to forwarding data from existing partitions and scheduled views, you can also enable data forwarding by selecting the **Enable Data Forwarding** check box when you first [create a partition](/docs/manage/partitions/flex/create-edit-partition-flex/) or [create a scheduled view](/docs/manage/scheduled-views/add-scheduled-view/).
:::
1. Click the **Enable Data Forwarding** checkbox. More options appear.
1. **Destination Type**. You can either select **Amazon S3** or **Google Cloud Storage** as your destination type.
- For **Amazon S3** as the destination type, follow the below steps:})
1. **Forwarding Destination**. Choose one of the following:
* **Existing Amazon S3 Destination**. If you select this option, select the destination in the **Amazon S3 Destination** field below.
- * **New Amazon S3 Destination**. Follow the instructions in [Configure data forwarding destination](#forward-datato-forwarding-destination) above to create a new S3 destination.
+ * **New Amazon S3 Destination**. Follow the instructions in [Configure data forwarding destination](#configure-data-forwarding-destination) above to create a new S3 destination.
1. **Amazon S3 Destination**. If you chose **Existing Amazon S3 Destination** for the forwarding destination, select the destination here.
- For **Google Cloud Storage** as the destination type, follow the below steps:})
1. **Forwarding Destination**. Choose one of the following:
@@ -178,13 +178,13 @@ Let's say you want to take data from Sumo Logic and run additional analysis on i
Let's suppose you have an S3 or GCS bucket named `demo-bucket1` where you want to forward your Sumo Logic data. Do the following:
1. [Create a destination](/docs/manage/data-forwarding/forward-data-from-sumologic/#configure-data-forwarding-destination) that points to the `demo-bucket1` bucket. For example, name it **Test destination**.
-1. Open the partition or Scheduled View whose data you want to [forward data to the new destination](/docs/manage/data-forwarding/forward-data-from-sumologic/#configure-data-forwarding-destination).
-1. In the partition or Scheduled View, select **Enable Data Forwarding**, and fill out the fields that appear:
+1. Open the partition or scheduled view whose data you want to [forward data to the new destination](/docs/manage/data-forwarding/forward-data-from-sumologic/#configure-data-forwarding-destination).
+1. In the partition or scheduled view, select **Enable Data Forwarding**, and fill out the fields that appear:
1. In **Destination Type** select **Amazon S3** or **Google Cloud Storage** depending on your requirement.
1. In **Forwarding Destination** select any **Existing Destination**.
1. In **Destination** select the name of the destination you created earlier, for example, **Test destination**.
1. Use the **Data Forwarding Configuration** section to specify whether to forward only log data, log data with metadata, or log data with metadata and enriched fields.
-1. Click **Save** on the partition or Scheduled View. The data will start forwarding to the selected destination bucket specified in the destination.
+1. Click **Save** on the partition or scheduled view. The data will start forwarding to the selected destination bucket specified in the destination.
## Error and alert conditions
diff --git a/docs/manage/data-forwarding/index.md b/docs/manage/data-forwarding/index.md
index 852079bb5d..5f989cce0a 100644
--- a/docs/manage/data-forwarding/index.md
+++ b/docs/manage/data-forwarding/index.md
@@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
-Data Forwarding allows you to forward log data to an external server or supported storage service. You can forward log data to an AWS S3 bucket or Google Cloud Storage (GCS) through [Partitions](/docs/manage/partitions) or [Scheduled Views](/docs/manage/scheduled-views).
+Data Forwarding allows you to forward log data to an external server or supported storage service. You can forward log data to an AWS S3 bucket or Google Cloud Storage (GCS) through [partitions](/docs/manage/partitions) or [scheduled views](/docs/manage/scheduled-views).
## Guide contents
diff --git a/docs/manage/data-forwarding/installed-collectors.md b/docs/manage/data-forwarding/installed-collectors.md
index d71dde9a78..9f098520e8 100644
--- a/docs/manage/data-forwarding/installed-collectors.md
+++ b/docs/manage/data-forwarding/installed-collectors.md
@@ -1,13 +1,13 @@
---
id: installed-collectors
title: Forward Data from an Installed Collector
-description: Learn how to set up Data Forwarding destinations for Installed Collectors.
+description: Learn how to set up data forwarding destinations for Installed Collectors.
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import useBaseUrl from '@docusaurus/useBaseUrl';
-You can set up one or more data forwarding destinations and configure an Installed Collector to send raw log data from specified Sources to those destinations. The Collector will send the raw data to external destinations at the same time it sends data to Sumo.
+You can set up one or more data forwarding destinations and configure an Installed Collector to send raw log data from specified sources to those destinations. The collector will send the raw data to external destinations at the same time it sends data to Sumo Logic.
You can forward raw log data using the following protocols.
@@ -15,9 +15,9 @@ You can forward raw log data using the following protocols.
* Generic REST API—Send log data to a web services endpoint.
* Hitachi Data Systems HTTP REST API—Send log data to Hitachi Content Platform (HCP).
-Follow the steps below to set up a Collector to forward raw log data to an external destination.
+Follow the steps below to set up a collector to forward raw log data to an external destination.
-You can set up Installed Collector data forwarding when you first configure Sources or at a later time. If you apply rules at a later time, keep in mind that they are not applied retroactively.
+You can set up Installed Collector data forwarding when you first configure sources or at a later time. If you apply rules at a later time, keep in mind that they are not applied retroactively.
:::note
Data forwarding processing rules are processed after all other [processing rules](/docs/send-data/collection/processing-rules).
@@ -25,7 +25,7 @@ Data forwarding processing rules are processed after all other [processing rules
## Step 1: Configure data forwarding destination
-You need the [Manage Collectors role capability](../users-roles/roles/role-capabilities.md) to create a data forwarding destination.
+You need the [Manage Collectors role capability](/docs/manage/users-roles/roles/role-capabilities/#data-management) to create a data forwarding destination.
To set up a data forwarding destination:
@@ -60,14 +60,14 @@ Follow the instructions for the destination type you chose.
* `{second}` Replace with second in hour.
* `{uuid}` Replace with a unique, randomly generated identifier (UUID)
- * **Username and Password**. Enter the credentials to access the destination. These are placed in a Basic Auth header in the HTTP request from the Collector. If you're sending to a Sumo Logic HTTP Source this header is simply ignored and your data is ingested. You must have administrator privileges for the Collector.
+ * **Username and Password**. Enter the credentials to access the destination. These are placed in a Basic Auth header in the HTTP request from the collector. If you're sending to a Sumo Logic HTTP source this header is simply ignored and your data is ingested. You must have administrator privileges for the collector.
})
1. Click **Apply**. The new rule is listed along with any other previously defined processing rules.
@@ -119,7 +119,7 @@ There are several methods you can use to configure processing rules:
## Configuring the size of forwarded syslog messages
-In accordance with RFC 3164, by default the Collector forwards syslog messages in 1024-byte segments, sending each segment as a separate message. To change the segment size, add the `forwarding.syslog.maxMessageSize` property to the Collector's `collector.properties` file (in the Collector's config directory) and restart the Collector. Specify the desired size in bytes. For example:
+In accordance with RFC 3164, by default the collector forwards syslog messages in 1024-byte segments, sending each segment as a separate message. To change the segment size, add the `forwarding.syslog.maxMessageSize` property to the collector's `collector.properties` file (in the collector's config directory) and restart the collector. Specify the desired size in bytes. For example:
```
forwarding.syslog.maxMessageSize = 2048
@@ -127,24 +127,23 @@ forwarding.syslog.maxMessageSize = 2048
## Configure data forwarding queue size
-In Collector version 19.216-22 and later, in-memory storage of an Installed Collector’s data forwarding queue is backed by disk storage. When the in-memory queue reaches a given size, the Collector extends the queue on disk.
+In collector version 19.216-22 and later, in-memory storage of an Installed Collector’s data forwarding queue is backed by disk storage. When the in-memory queue reaches a given size, the collector extends the queue on disk.
-Sumo allocates memory and disk storage for data to be forwarded to REST and TCP syslog destinations. By default, Sumo allocates:
+Sumo Logic allocates memory and disk storage for data to be forwarded to REST and TCP syslog destinations. By default, Sumo Logic allocates:
* 8MB of memory and 500MB of disk storage for each syslog destination.})
* **Details**
- * **Data Sources**. Indicates the list of sources (Partition or Scheduled View) from which the log data is forwarded to an S3 bucket.
+ * **Data Sources**. Indicates the list of sources (partition or scheduled view) from which the log data is forwarded to an S3 bucket.
* **Data forwarded**. Provides the breakdown information about the data forwarded and indicates the total data forwarded to the given S3 bucket for the selected time.
* **Query/Routing Expression**. Indicates the query for scheduled views and routing expression for partitions for which the data is forwarded. })
diff --git a/docs/manage/field-extractions/create-field-extraction-rule.md b/docs/manage/field-extractions/create-field-extraction-rule.md
index 69e768df89..e66110e9bf 100644
--- a/docs/manage/field-extractions/create-field-extraction-rule.md
+++ b/docs/manage/field-extractions/create-field-extraction-rule.md
@@ -61,17 +61,17 @@ To create a Field Extraction Rule:
* Rule limit - none
* Time - During a search when using **Auto Parse Mode** from [Dynamic Parsing](../../search/get-started-with-search/build-search/dynamic-parsing.md).
* **Scope**. Select either **All Data** or **Specific Data**. When specifying data the options for the scope differ depending on when the rule is applied.
- * For an **Ingest Time** rule, type a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that points to the subset of logs you'd like to parse. Think of the Scope as the first portion of an ad hoc search, before the first pipe (`|`). You'll use the Scope to run a search against the rule. Custom metadata fields are not supported here, they have not been indexed to your data yet at this point in collection.
- * For a **Run Time** rule, define the scope of your JSON data. You can define your JSON data source as a [Partition](/docs/manage/partitions) Name(index), sourceCategory, Host Name, Collector Name, or any other [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) that describes your JSON data. Think of the Scope as the first portion of an ad hoc search, before the first pipe (`|`). You'll use the Scope to run a search against the rule. You cannot use keywords like “info” or “error” in your scope.
+ * For an **Ingest Time** rule, type a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that points to the subset of logs you'd like to parse. Think of the scope as the first portion of an ad hoc search, before the first pipe (`|`). You'll use the scope to run a search against the rule. Custom metadata fields are not supported here, they have not been indexed to your data yet at this point in collection.
+ * For a **Run Time** rule, define the scope of your JSON data. You can define your JSON data source as a [partition](/docs/manage/partitions) Name(index), sourceCategory, Host Name, Collector Name, or any other [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) that describes your JSON data. Think of the scope as the first portion of an ad hoc search, before the first pipe (`|`). You'll use the scope to run a search against the rule. You cannot use keywords like “info” or “error” in your scope.
:::note
- Always set up JSON auto extraction (Run Time field extraction) on a specific Partition name (recommended) or a particular Source. Failing to do so might cause the auto parsing logic to run on data sources where it is not applicable and will add additional overhead that might deteriorate the performance of your queries.
+ Always set up JSON auto extraction (Run Time field extraction) on a specific partition name (recommended) or a particular Source. Failing to do so might cause the auto parsing logic to run on data sources where it is not applicable and will add additional overhead that might deteriorate the performance of your queries.
:::
:::sumo Best Practices
- If you are not using Partitions we recommend using [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields like `_sourceCategory`, `_sourceHost` or `_collector` to define the scope.
+ If you are not using partitions we recommend using [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields like `_sourceCategory`, `_sourceHost` or `_collector` to define the scope.
- We recommend creating a separate Partition for your JSON dataset and use that Partition as the scope for run time field extraction. For example, let's say you have AWS CloudTrail logs, and they are stored in `_view=cloudtrail` Partition in Sumo. You can create a Run Time FER with the scope `_view=cloudtrail`. Creating a separate Partition and using it as scope for a run time field extraction ensures that auto parsing logic only applies to necessary Partitions.
+ We recommend creating a separate partition for your JSON dataset and use that partition as the scope for run time field extraction. For example, let's say you have AWS CloudTrail logs, and they are stored in `_view=cloudtrail` partition in Sumo. You can create a Run Time FER with the scope `_view=cloudtrail`. Creating a separate partition and using it as scope for a run time field extraction ensures that auto parsing logic only applies to necessary partitions.
:::
* **Parsed template** (Optional for Ingest Time rules).
@@ -111,7 +111,7 @@ parse "user=\"*\" action=\"*\" sessionId=\"*\"" as user, action, sessionid
| action | Action performed by the user | Delete |
| sessionId | Session ID for user action | 145623 |
-## Best practices for designing Rules
+## Best practices for designing rules
**Include the most accurate keywords to identify the subset of data from which you want to extract data.** Lock down the scope as tightly as possible to make sure it's extracting just the data you want, nothing more. Using a broader scope means that Sumo Logic will inspect more data for the fields you'd like to parse, which may mean that fields are extracted when you do not actually need them.
@@ -123,7 +123,7 @@ parse "user=\"*\" action=\"*\" sessionId=\"*\"" as user, action, sessionid
**Test the scope before creating the rule.** Make sure that you can extract fields from all messages you need to be returned in search results. Test them by running a potential rule as a search.
-**Make sure all fields appear in the Scope you define.** When Field Extraction is applied to data, all fields must be present to have any fields indexed; even if one field isn't found in a message, that message is dropped from the results. In other words, it's all or nothing. For multiple sets of fields that are somewhat independent, make two rules.
+**Make sure all fields appear in the scope you define.** When Field Extraction is applied to data, all fields must be present to have any fields indexed; even if one field isn't found in a message, that message is dropped from the results. In other words, it's all or nothing. For multiple sets of fields that are somewhat independent, make two rules.
**Reuse field names in multiple FERs if scope is distinct and separate and not matching same messages.** To save space and allow for more FERs within your 200 field limit, you can reuse the field names as long as they are used in non-overlapping FERs.
diff --git a/docs/manage/field-extractions/edit-field-extraction-rules.md b/docs/manage/field-extractions/edit-field-extraction-rules.md
index 476f7f7b57..94e7a2cdf6 100644
--- a/docs/manage/field-extractions/edit-field-extraction-rules.md
+++ b/docs/manage/field-extractions/edit-field-extraction-rules.md
@@ -1,15 +1,15 @@
---
id: edit-field-extraction-rules
title: Edit Field Extraction Rules
-description: You can change Field Extraction Rules.
+description: You can change field extraction rules.
---
:::important
You need the **Manage field extraction rules** [role capability](../users-roles/roles/role-capabilities.md) to edit a field extraction rule.
:::
-Changes to Field Extraction Rules are implemented immediately. Additionally, you can save a copy of a rule and make edits to the new version of the rule without making any changes to the original rule.
+Changes to field extraction rules are implemented immediately. Additionally, you can save a copy of a rule and make edits to the new version of the rule without making any changes to the original rule.
-1. [**New UI**](/docs/get-started/sumo-logic-ui). To access the Field Extraction Rules page, in the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Field Extraction Rules**. You can also click the **Go To...** menu at the top of the screen and select **Field Extraction Rules**. })
diff --git a/docs/manage/field-extractions/field-naming-convention.md b/docs/manage/field-extractions/field-naming-convention.md
index 99887b0620..e911ef0715 100644
--- a/docs/manage/field-extractions/field-naming-convention.md
+++ b/docs/manage/field-extractions/field-naming-convention.md
@@ -5,26 +5,26 @@ description: Sumo Logic recommends using the following naming convention for sta
---
-Sumo Logic recommends using the following naming convention for standard fields. This best practice creates standardization across your deployment for use with Field Extraction Rules (FER), Searches and Dashboards, makes it easier for users to recognize fields by their names, and can even improve search performance.
+Sumo Logic recommends using the following naming convention for standard fields. This best practice creates standardization across your deployment for use with Field Extraction Rules (FER), searches and dashboards, makes it easier for users to recognize fields by their names, and can even improve search performance.
-For example, if you create your own FER for Source IP, and at some point you want to count by Source IPs across multiple Sources, you can easily do so because you've used the same name for the field across all Sources. In your query, simply use:
+For example, if you create your own FER for source IP, and at some point you want to count by source IPs across multiple sources, you can easily do so because you've used the same name for the field across all sources. In your query, simply use:
```sql
| count by src_ip
```
-Another benefit of using the standard field naming convention is that [Sumo Logic Apps](/docs/get-started/apps-integrations) are created using this naming convention. So if you use it too, your queries will match those of the Sumo Logic Apps’ pre-configured searches and Dashboards.
+Another benefit of using the standard field naming convention is that [Sumo Logic apps](/docs/get-started/apps-integrations) are created using this naming convention. So if you use it too, your queries will match those of the Sumo Logic apps’ pre-configured searches and dashboards.
If you cannot use all the naming conventions for standard fields, we recommend that you at least use the field name conventions for the following:
* Source Hosts
* Destination Hosts
* IP address
-* user
+* User
-## Source Information
+## Source information
-| Field Name | Description |
+| Field name | Description |
|:--|:--|
| src_host | Source Host (name or IP) |
| src_interface | Source Interface |
diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md
index 9bf5a08c4a..71fe250775 100644
--- a/docs/manage/field-extractions/index.md
+++ b/docs/manage/field-extractions/index.md
@@ -33,7 +33,7 @@ The Field Extraction Rules page displays the following information:
When hovering over a row in the table there are icons that appear on the far right for editing, disabling and deleting the rule.
-* **Status** shows a checkmark in a green circle to indicate if the Rule is actively being applied or an exclamation mark in a red circle }){kind=small}
to indicate if the Rule is disabled.
+* **Status** shows a checkmark in a green circle to indicate if the rule is actively being applied or an exclamation mark in a red circle to indicate if the rule is disabled.
* **Rule Name**
* **Applied At** indicates when the field extraction process occurs, either at Ingest or Run time.
* **Scope**
diff --git a/docs/manage/fields.md b/docs/manage/fields.md
index effa6fe6ca..51d27fb275 100644
--- a/docs/manage/fields.md
+++ b/docs/manage/fields.md
@@ -7,9 +7,9 @@ description: Manage fields in Sumo Logic to control how log data is parsed and o
import useBaseUrl from '@docusaurus/useBaseUrl';
-Fields allow you to reference log data based on meaningful associations. They act as metadata tags that are assigned to your logs so you can search with them. Each field contains a key-value pair, where the field name is the key. Fields may be referred to as Log Metadata Fields.
+Fields allow you to reference log data based on meaningful associations. They act as metadata tags that are assigned to your logs so you can search with them. Each field contains a key-value pair, where the field name is the key. Fields may be referred to as *log metadata fields*.
-In addition to defining fields through [Field Extraction Rules](/docs/manage/field-extractions), you can define fields on data sent to Sumo by manually defining them on Sources and Collectors, as well as dynamically through HTTP headers and tags from Amazon EC2.
+In addition to defining fields through [Field Extraction Rules](/docs/manage/field-extractions), you can define fields on data sent to Sumo Logic by manually defining them on sources and collectors, as well as dynamically through HTTP headers and tags from Amazon EC2.
The order of precedence for field assignment from highest to lowest is:
@@ -20,13 +20,13 @@ The order of precedence for field assignment from highest to lowest is:
1. Source
1. Collector
-So, if you have a field defined at the Collector or Source level, and you create a FER against the same source of data with the same field name, the FER will win the field assignment.
+So, if you have a field defined at the collector or source level, and you create a FER against the same source of data with the same field name, the FER will win the field assignment.
-Any fields you want assigned to log data need to exist in a Fields schema. Each account has its own Fields schema that is available to manage in the Sumo web interface. When a field is defined and enabled in the Fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
+Any fields you want assigned to log data need to exist in a fields schema. Each account has its own fields schema that is available to manage in the Sumo Logic web interface. When a field is defined and enabled in the fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
-Fields specified in field extraction rules are automatically added and enabled in your Fields schema.
+Fields specified in field extraction rules are automatically added and enabled in your fields schema.
-Field management is important to ensure search performance is maintained and you continue to have meaningful fields assigned to your data. You can manage fields defined through any of these methods at any time, to include deleting unneeded fields, see [manage fields](#manage-fields) for details.
+Field management is important to ensure search performance is maintained and you continue to have meaningful fields assigned to your data. You can manage fields defined through any of these methods at any time, to include deleting unneeded fields, see [Manage fields](#manage-fields) for details.
import TerraformLink from '../reuse/terraform-link.md';
@@ -38,11 +38,11 @@ You can use Terraform to provide a field with the [`sumologic_field`](https://re
## About metrics sources, fields, and metadata
-Sumo Logic metrics sources also support tagging with fields defined in your Fields schema or other metadata that hasn’t been added to your schema. Here’s how it works:
+Sumo Logic metrics sources also support tagging with fields defined in your fields schema or other metadata that hasn’t been added to your schema.
-When creating or updating the configuration of an HTTP Source or a Collector that has an HTTP source, you assign it a field on the configuration page. If the field doesn’t exist in the schema, you are prompted whether or not you want to **Automatically activate all fields on save**. If you select that option, the field will be added to the schema and be applied to the logs collected by the Collector, and to metrics and logs collected by the HTTP Source. If you do not select **Automatically activate all fields on save**, the field will not be saved to your Fields schema, and the field will be applied only to the metrics collected by the HTTP Source.
+When creating or updating the configuration of an HTTP source or a collector that has an HTTP source, you assign it a field on the configuration page. If the field doesn’t exist in the schema, you are prompted whether or not you want to **Automatically activate all fields on save**. If you select that option, the field will be added to the schema and be applied to the logs collected by the collector, and to metrics and logs collected by the HTTP source. If you do not select **Automatically activate all fields on save**, the field will not be saved to your fields schema, and the field will be applied only to the metrics collected by the HTTP source.
-When creating or updating the configuration of a Streaming Metrics Source, a Host Metrics Source, or a Docker Source, you can assign it metadata on the source configuration page. Metadata fields you assign in this fashion to these metrics sources do not need to exist in your Fields schema and will not be added to the schema.
+When creating or updating the configuration of a Streaming Metrics source, a Host Metrics source, or a Docker source, you can assign it metadata on the source configuration page. Metadata fields you assign in this fashion to these metrics sources do not need to exist in your fields schema and will not be added to the schema.
## Limitations
@@ -52,55 +52,55 @@ When creating or updating the configuration of a Streaming Metrics Source, a Hos
:::
})
* It can take up to 10 minutes for fields to start being assigned to your data.
-* A Collector can have up to 10 fields.
-* A Source can have up to 10 fields.
+* A collector can have up to 10 fields.
+* A source can have up to 10 fields.
* An HTTP request is limited to 30 fields.
* A field name (key) is limited to a maximum length of 255 characters.
* A value is limited to a maximum length of 200 characters.
* Fields cannot be used with [Live Tail](/docs/search/live-tail).
-## Collector and Source fields
+## Collector and source fields
-Fields can be assigned to a Collector and Source using the **Fields** input table in the Sumo user interface when creating or editing a Collector or Source.
+Fields can be assigned to a collector and source using the **Fields** input table in the Sumo Logic user interface when creating or editing a collector or source.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
+ * A green circle with a check mark is shown when the field exists and is enabled in the fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Automatically activate all fields on save**.
If you click **Automatically activate all fields on save**:
- * The field will be saved to your Fields schema.
- * The field will be applied to logs collected by the Collector or Source.
- * If you are adding the field to an HTTP Source, or to a Collector that has an HTTP Source, the field will be applied to the metrics collected by the source.
+ * The field will be saved to your fields schema.
+ * The field will be applied to logs collected by the collector or source.
+ * If you are adding the field to an HTTP source, or to a collector that has an HTTP source, the field will be applied to the metrics collected by the source.
If you do not click **Automatically activate all fields on save**:
- * The field will be *not* be saved to your Fields schema
- * The field will be applied to logs collected by the Collector or Source, but because the field won’t be added to your Fields schema, it will be dropped by Sumo Logic when logs with that field are ingested.
- * If you are adding the field to an HTTP Source, or to a Collector that has an HTTP Source, the field will be applied to the metrics collected by the source.
+ * The field will be *not* be saved to your fields schema
+ * The field will be applied to logs collected by the collector or source, but because the field won’t be added to your fields schema, it will be dropped by Sumo Logic when logs with that field are ingested.
+ * If you are adding the field to an HTTP source, or to a collector that has an HTTP source, the field will be applied to the metrics collected by the source.
1. Click **Save**.
})
-In the above example, we have created a new field called `cluster` and set the value to `k8s.dev`. With this configuration, any logs sent to this Collector will now have this key-value pair associated with it.
+In the above example, we have created a new field called `cluster` and set the value to `k8s.dev`. With this configuration, any logs sent to this collector will now have this key-value pair associated with it.
With this association, you can search for `cluster=k8s.dev` to return your logs. })
-### Using Collector API
+### Using collector API
-Use the `fields` parameter with the [Collector API](/docs/api/collector-management) to define fields on a Collector or Source.
+Use the `fields` parameter with the [Collector API](/docs/api/collector-management) to define fields on a collector or source.
| Parameter | Type | Required? | Description | Access |
|:--|:--|:--|:--|:--|
-| fields | JSON Object | No | JSON map of key-value fields (metadata) to apply to the Collector or Source. | Modifiable |
+| fields | JSON Object | No | JSON map of key-value fields (metadata) to apply to the collector or source. | Modifiable |
-The following JSON is an example configuration of a Hosted Collector with the fields parameter:
+The following JSON is an example configuration of a Hosted collector with the fields parameter:
```json
{
@@ -116,15 +116,15 @@ The following JSON is an example configuration of a Hosted Collector with the fi
}
```
-### Using Local Configuration
+### Using local configuration
-Installed Collectors can use JSON files to configure their Sources when using [Local Configuration File Management](/docs/send-data/use-json-configure-sources/local-configuration-file-management). Use the `fields` parameter in your JSON configuration to define fields on a Source.
+Installed collectors can use JSON files to configure their sources when using [local configuration file management](/docs/send-data/use-json-configure-sources/local-configuration-file-management). Use the `fields` parameter in your JSON configuration to define fields on a source.
| Parameter | Type | Required? | Description | Access |
|:--|:--|:--|:--|:--|
-| fields | JSON Object | No | JSON map of key-value fields (metadata) to apply to the Collector or Source. | Modifiable |
+| fields | JSON Object | No | JSON map of key-value fields (metadata) to apply to the collector or source. | Modifiable |
-The following JSON is an example configuration of a Local File Source with the fields parameter:
+The following JSON is an example configuration of a Local File source with the fields parameter:
```json
{
@@ -153,19 +153,19 @@ The following JSON is an example configuration of a Local File Source with the f
}
```
-### HTTP Source fields
+### HTTP source fields
-When uploading log data with HTTP Sources you can pass fields in two
+When uploading log data with HTTP sources you can pass fields in two
ways,
* with the [X-Sumo-Fields HTTP header](#x-sumo-fields-http-header).
-* enabling [Extended HTTP Metadata Collection](#extended-http-metadata-collection) on your Source.
+* enabling [Extended HTTP Metadata Collection](#extended-http-metadata-collection) on your source.
You can use both methods together. If there is a name collision between a given header and a value passed in X-Sumo-Fields, X-Sumo-Fields takes precedence.
-Any fields passed with your data need to exist in your Fields schema defined in Sumo. Any fields not defined in Sumo that are passed through a header are dropped. See how to define fields in the [manage fields](#manage-fields) section.
+Any fields passed with your data need to exist in your fields schema defined in Sumo Logic. Any fields not defined in Sumo Logic that are passed through a header are dropped. See how to define fields in the [Manage fields](#manage-fields) section.
-See [how to upload logs to an HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics).
+See [how to upload logs to an HTTP source](/docs/send-data/hosted-collectors/http-source/logs-metrics).
#### X-Sumo-Fields HTTP header
@@ -175,13 +175,13 @@ Your fields need to be in a comma separated list of key-value pairs. For example
curl -v -X POST -H 'X-Sumo-Fields:environment=dev,cluster=k8s' -T /file.txt })
-With this field set on your Source, headers are processed as metadata fields. For example, a cURL command posting data with custom fields would look like:
+With this field set on your source, headers are processed as metadata fields. For example, a cURL command posting data with custom fields would look like:
```bash
curl -v -X POST -H 'environment: dev' -H 'cluster: k8s' -T /file.txt })
1. Click on the required row to view the details of a health event. })
- - **Create Scheduled Search**. Click this button to get alerts for specific health events. The unique identifier of the resource type is used in the query. See [Schedule a Search](../alerts/scheduled-searches/schedule-search.md) for details.
+ - **Create Scheduled Search**. Click this button to get alerts for specific health events. The unique identifier of the resource type is used in the query. See [Create a Scheduled Search](../alerts/scheduled-searches/schedule-search.md) for details.
- Under the **More Actions** menu you can select:
* **Event History** to run a search against the **sumologic_system_events** partition to view all of the related event logs.
* **View Object** to view the resource in detail related to the event.
@@ -131,7 +131,7 @@ It may take up to 15 minutes for a 90% usage breach for Lookup Tables, Partition
- **Error Info**. Detailed information about the event. This may include error context and suggested corrective actions.
- **Minutes Since Last Heartbeat**. The number of minutes that have elapsed since the system last received a heartbeat signal from the resource. A higher number may indicate the resource is offline or unresponsive. This field is only available for *Collector* resource type.
-## View Health Events in Collection page
+## View health events in collection page
A **Health** column on the Collection page shows color-coded healthy, error, and warning states for Collectors and Sources to quickly determine the health of your Collectors and Sources.})
diff --git a/docs/manage/index.md b/docs/manage/index.md
index 6c422b449c..7a77e21206 100644
--- a/docs/manage/index.md
+++ b/docs/manage/index.md
@@ -1,7 +1,7 @@
---
slug: /manage
title: Manage Account
-description: Manage user accounts, Collectors and Sources, security, SEO, and other administrative details.
+description: Manage user accounts, collectors and sources, security, SEO, and other administrative details.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
}){kind=icon}
:::tip
-See [Collection](/docs/send-data/collection) to learn about Collectors, Sources, and processing rules.
+See [Collection](/docs/send-data/collection) to learn about collectors, sources, and processing rules.
:::
This topic describes features and options that give you administration over accounts, roles, collectors, content sharing, field extraction rules, and much more.
@@ -30,7 +30,7 @@ This topic describes features and options that give you administration over acco
}){kind=icon}
Accelerate the search process by allowing Admins to filter a subset of the log messages in an index.
+Accelerate the search process by allowing admins to filter a subset of the log messages in an index.
Monitor the health of your Collectors and Sources.
+Monitor the health of your collectors and sources.
})
-* **A.** Select to show all, running, or stopped Collectors.
-* **B.** Select how many columns of Collectors are displayed.
+* **A.** Select to show all, running, or stopped collectors.
+* **B.** Select how many columns of collectors are displayed.
* **C.** Select the time range of data volume to view.
[**New UI**](/docs/get-started/sumo-logic-ui). To view the status page, In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Status**. You can also click the **Go To...** menu at the top of the screen and select **Status**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To view the status page, in the main Sumo Logic menu select **Manage Data > Collection > Status**.
-## Change the scale or timeframe for a Collector
+## Change the scale or timeframe for a collector
-For each Collector, you can change the message volume scale so that variations in volume are easier to see. You can also change the time range for each Collector to investigate the stream volume for a single Collector. When a Collector x or y axis is not aligned with all others, the background color changes to blue.
+For each collector, you can change the message volume scale so that variations in volume are easier to see. You can also change the time range for each collector to investigate the stream volume for a single collector. When a collector x or y axis is not aligned with all others, the background color changes to blue.
-To return to an aligned scale across all Collectors, in the total message volume area, click the link to **Align all views below**. To return an individual view to the same scale as other Collectors, select the **Same scale across view** check box.
+To return to an aligned scale across all collectors, in the total message volume area, click the link to **Align all views below**. To return an individual view to the same scale as other collectors, select the **Same scale across view** check box.
diff --git a/docs/manage/ingestion-volume/data-volume-index/index.md b/docs/manage/ingestion-volume/data-volume-index/index.md
index 3f3f2358ff..15b0d5eb1d 100644
--- a/docs/manage/ingestion-volume/data-volume-index/index.md
+++ b/docs/manage/ingestion-volume/data-volume-index/index.md
@@ -11,7 +11,7 @@ The Data Volume Index gives you visibility into how much data you are sending to
The Data Volume Index provides data for logs and metrics:
* **Logs and Tracing.** Ingest volume in bytes and the number of log messages. Tracing ingest volume in billed bytes and spans count. See [Log and Tracing Data Volume Index](log-tracing-data-volume-index.md) for details.
-* **Metrics.** Ingest volume measured in data points. See [Metrics Ingest Data Volume Index](metrics-data-volume-index.md) for details.
+* **Metrics.** Ingest volume measured in data points. See [Metrics Data Volume Index](metrics-data-volume-index.md) for details.
If you are a user of Credits package accounts, the Data Volume Index should be manually enabled by an administrator by toggling the **Enable Granular Data Tracking** button. The index then begins populating. A set of messages within the index is created every five minutes. The data does not backfill and is provided to the index only when the option is enabled.
@@ -28,14 +28,14 @@ _index=sumologic_volume
```
:::important
-Creating an Index typically adds a nominal amount of data to your overall volume (approximately one to two percent) when pre-aggregated. Depending on your Sumo Logic account type and subscription, this data will count against your data volume quota.
+Creating an index typically adds a nominal amount of data to your overall volume (approximately one to two percent) when pre-aggregated. Depending on your Sumo Logic account type and subscription, this data will count against your data volume quota.
:::
-## Granular Data Tracking
+## Granular data tracking
-Granular Data Tracking is a part of usage management that allows you to proactively manage your systems’ behavior and to fine tune your data ingest with respect to the data plan for your Sumo Logic subscription. This should be manually enabled by an administrator if you are a user of Credits package accounts and this will be enabled by default for Flex package accounts. A set of messages within the index is created every five minutes. The data does not backfill and is provided to the index only when the option is enabled.
+Granular data tracking is a part of usage management that allows you to proactively manage your systems’ behavior and to fine tune your data ingest with respect to the data plan for your Sumo Logic subscription. This should be manually enabled by an administrator if you are a user of Credits package accounts and this will be enabled by default for Flex package accounts. A set of messages within the index is created every five minutes. The data does not backfill and is provided to the index only when the option is enabled.
-### Disable Granular Data Tracking
+### Disable granular data tracking
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. }){kind=icon}
in the top left panel of the **Account Overview** page.
diff --git a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
index 2ed4014f7d..1c4a681aab 100644
--- a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
+++ b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md
@@ -6,7 +6,7 @@ description: The Data Volume Index is populated with a set of log messages that
import useBaseUrl from '@docusaurus/useBaseUrl';
-The data volume index is populated with a set of log messages every five minutes. The messages contain information on how much data (by bytes and messages count) your account is ingesting. Your data volume is calculated based on when your logs were received, in Sumo this timestamp is stored with the `_receiptTime` [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field. Each log message includes information based on one of the following index source categories.
+The Data Volume Index is populated with a set of log messages every five minutes. The messages contain information on how much data (by bytes and messages count) your account is ingesting. Your data volume is calculated based on when your logs were received. In Sumo Logic this timestamp is stored with the `_receiptTime` [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field. Each log message includes information based on one of the following index source categories.
| Index Log Type | Index Source Category |
|:--------------------|:--------------------------------|
@@ -24,15 +24,15 @@ The data volume index is populated with a set of log messages every five minutes
| View | `view_volume` |
| SourceCategory | `view_and_extractedAndCollectedFieldSize_volume` |
-You can query the data volume index just like any other message using the Sumo Logic search page. To see the data created within the data volume index, when you search, specify the `_index` metadata field with a value of `sumologic_volume`. For more information, see [Search Metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata).
+You can query the data volume index just like any other message using the Sumo Logic search page. To see the data created within the data volume index, when you search, specify the `_index` metadata field with a value of `sumologic_volume`. For more information, see [Built-in Metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata).
-## Sumo Logic App for Data Volume
+## Sumo Logic app for data volume
-Sumo Logic provides an application that utilizes the data volume index to see your account's volume usage as a glance. For details, see [Data Volume app](/docs/integrations/sumo-apps/data-volume).
+Sumo Logic provides an application that utilizes the data volume index to see your account's volume usage as a glance. For details, see [Sumo Logic Data Volume App](/docs/integrations/sumo-apps/data-volume).
-## Known Issue
+## Known issue
-There is a known issue when searching against `_sourceCategory` values where scheduled views show up blank. This causes results to be returned with numbers as the _sourceCategory values.
+There is a known issue when searching against `_sourceCategory` values where scheduled views show up blank. This causes results to be returned with numbers as the `_sourceCategory` values.
For example, you would see:
@@ -41,7 +41,7 @@ For example, you would see:
"count":353325
```
-In this case, the _sourceCategory returns `2862`, which is the actual size of the default index from the scheduled view.
+In this case, the `_sourceCategory` returns `2862`, which is the actual size of the default index from the scheduled view.
## Query the Data Volume Index
@@ -64,7 +64,7 @@ _index=sumologic_volume AND _sourceCategory=collector_and_tier_volume
If the data volume index is not enabled, a search will not produce any results.
:::
-## Data Volume Index Message Format
+## Data Volume Index message format
The data volume index messages are JSON formatted messages that contain parent objects for each source data point, and child objects that detail the message size and count for each parent.
@@ -84,7 +84,7 @@ For example, a single message for the "Collector" volume data may look similar t
## Examples
-**Volume for Each Category**
+### Volume for each category
This example query will return the volume for each Source Category by
data tier.
@@ -101,9 +101,9 @@ would produce results such as:
})
-**Volume for Each Collector by Tier**
+### Volume for each collector by tier
-This example query will return the volume for each Collector.
+This example query will return the volume for each collector.
```sql
_index=sumologic_volume _sourceCategory = "collector_and_tier_volume"
@@ -113,9 +113,9 @@ _index=sumologic_volume _sourceCategory = "collector_and_tier_volume"
| sum(gbytes) as gbytes by collector,dataTier
```
-**Volume for a Specific Source**
+### Volume for a specific source
-The following query returns the message volume for a specific Source. The Source name and Data tier can be supplied within a JSON operation to get the data for that Source.
+The following query returns the message volume for a specific source. The source name and data tier can be supplied within a JSON operation to get the data for that source.
```sql
_index=sumologic_volume _sourceCategory = "source_and_tier_volume"
@@ -127,9 +127,9 @@ _index=sumologic_volume _sourceCategory = "source_and_tier_volume"
| fields gbytes
```
-**Volume for a Specific Collector**
+### Volume for a specific collector
-The following query returns the message volume for a specific Collector. The Collector name and Data tier can be supplied within a JSON operation to get the data for that Collector.
+The following query returns the message volume for a specific collector. The collector name and data tier can be supplied within a JSON operation to get the data for that collector.
```sql
_index=sumologic_volume _sourceCategory = "collector_and_tier_volume"
@@ -141,9 +141,9 @@ _index=sumologic_volume _sourceCategory = "collector_and_tier_volume"
| fields gbytes
```
-**Volume for Each Source Host**
+### Volume for each source host
-The following query returns the message volume for each Source Host. The sourcehost name and data tier can be supplied within a JSON operation to get the data for that sourcehost.
+The following query returns the message volume for each source host. The source host name and data tier can be supplied within a JSON operation to get the data for that source host.
```sql
_index=sumologic_volume _sourceCategory = "sourcehost_and_tier_volume"
@@ -155,9 +155,9 @@ _index=sumologic_volume _sourceCategory = "sourcehost_and_tier_volume"
| fields gbytes
```
-**Volume for the Default Index**
+### Volume for the default index
-The following query returns the message volume for the Default Index. The data tier can be supplied with a JSON operation to filter results of that tier.
+The following query returns the message volume for the default index. The data tier can be supplied with a JSON operation to filter results of that tier.
```sql
_index=sumologic_volume _sourceCategory = "sourcehost_and_tier_volume"
@@ -173,9 +173,7 @@ _index=sumologic_volume _sourceCategory = "sourcehost_and_tier_volume"
Sumo Logic populates the Tracing Data Volume Index with a set of JSON-formatted messages every five minutes. The messages contain the volume of tracing billed bytes and span count of Tracing data that your account is ingesting.
-You can query the index to:
-
-* Get the total tracing data volume (billed bytes/spans count) ingested by collector, source, source name, source category, or source host.
+You can query the index to get the total tracing data volume (billed bytes/spans count) ingested by collector, source, source name, source category, or source host.
### Message format
@@ -244,7 +242,7 @@ This query produces results like these:
#### Tracing volume for a specific collector
-This query returns the tracing volume for a specific Collector. The Collector name can be supplied within a JSON operation to get the data for that Collector.
+This query returns the tracing volume for a specific collector. The collector name can be supplied within a JSON operation to get the data for that collector.
```sql
_index=sumologic_volume _sourceCategory="collector_tracing_volume"
@@ -257,7 +255,7 @@ _index=sumologic_volume _sourceCategory="collector_tracing_volume"
#### Query for tracing ingestion outliers
-This query runs against the tracing volume index and uses the [*outlier*](/docs/search/search-query-language/search-operators/outlier) operator to find timeslices in which your tracing ingestion in billed bytes or span count was greater than the running average by a statistically significant amount.
+This query runs against the tracing volume index and uses the [outlier](/docs/search/search-query-language/search-operators/outlier) operator to find timeslices in which your tracing ingestion in billed bytes or span count was greater than the running average by a statistically significant amount.
```sql
_index=sumologic_volume _sourceCategory=sourcecategory_tracing_volume
@@ -272,7 +270,7 @@ The suggested time range for this query is 7 days. Timeslices can always be redu
#### Query for tracing ingestion prediction
-This query runs against the tracing volume index and uses the [*predict*](/docs/search/search-query-language/search-operators/predict) operator to predict future values.
+This query runs against the tracing volume index and uses the [predict](/docs/search/search-query-language/search-operators/predict) operator to predict future values.
```sql
_index=sumologic_volume _sourceCategory=sourcecategory_tracing_volume
@@ -288,4 +286,4 @@ The suggested time range for this query is 7 days. Timeslices can always be redu
### Index retention period
-By default, the retention period of the Data Volume index is the same as the retention period of your Default Partition. You can change the retention period by editing the partition that contains the index, `sumologic_volume`. For more information, see [Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
+By default, the retention period of the Data Volume index is the same as the retention period of your default partition. You can change the retention period by editing the partition that contains the index, `sumologic_volume`. For more information, see [Created and Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
diff --git a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
index 24a1714355..3f0fa940c9 100644
--- a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
+++ b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md
@@ -8,9 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
Sumo Logic populates the Metrics Data Volume Index with a set of JSON-formatted messages every five minutes. The messages contain the volume of metric data points your account is ingesting.
-You can query the index to:
-
-* Get the total metric data volume (data points) ingested by collector, source, source name, source category, or source host.
+You can query the index to get the total metric data volume (data points) ingested by collector, source, source name, source category, or source host.
:::note
You cannot query the index to get storage credits. For information about storage credits, see [Sumo Logic Credits Accounts](/docs/manage/manage-subscription/sumo-logic-credits-accounts).
@@ -86,7 +84,7 @@ It returns results like these:
### Metric volume for a specific collector
-This query returns the metric volume for a specific Collector. The Collector name can be supplied within using the where operator to get the ingest data for a specific Collector.
+This query returns the metric volume for a specific collector. The collector name can be supplied within using the where operator to get the ingest data for a specific collector.
```sql
_index=sumologic_volume _sourceCategory="collector_metrics_volume"
@@ -99,7 +97,7 @@ _index=sumologic_volume _sourceCategory="collector_metrics_volume"
### Query for metric ingestion outliers
-This query runs against the metrics volume index and uses the [outlier](/docs/search/search-query-language/search-operators/manually-cast-data-string-number) operator to find timeslices in which your metric ingestion in DPM was greater than the running average by a statistically significant amount.
+This query runs against the metrics volume index and uses the [outlier](/docs/search/search-query-language/search-operators/outlier/) operator to find timeslices in which your metric ingestion in DPM was greater than the running average by a statistically significant amount.
```sql
_index=sumologic_volume _sourceCategory=sourcecategory_metrics_volume
diff --git a/docs/manage/ingestion-volume/index.md b/docs/manage/ingestion-volume/index.md
index 2ffdf1b756..e343eaab8c 100644
--- a/docs/manage/ingestion-volume/index.md
+++ b/docs/manage/ingestion-volume/index.md
@@ -14,7 +14,7 @@ In this section, we'll introduce the following concepts:
}){kind=icon}
Learn how the logs will be ingested across all Collectors.
+Learn how the logs will be ingested across all collectors.
})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
@@ -95,7 +95,7 @@ You must update the indicated field for the search to be successfully saved.
#### Setup
-1. Enable the Data Volume Index. See [Enable and Manage the Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
+1. Enable the Data Volume Index. See [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
1. Substitute the correct value of `X` for the following parameter in the search query (see entry in yellow in the query below).
```sql
X as daily_plan_size
@@ -124,7 +124,7 @@ _index=sumologic_volume sizeInBytes
After completing the setup steps above, schedule the search to run, as follows.
-1. Schedule the query you created in the previous step (**Query**). For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
+1. Schedule the query you created in the previous step (**Query**). For details, see [Create a Scheduled Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Daily**.
1. Set time range value to **Last 24 Hours**.})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
@@ -133,12 +133,12 @@ After completing the setup steps above, schedule the search to run, as follows.
This hourly alert is generated when both of the following occur:
-* Ingest for any `_sourceCategory` in your account has a 50% spike compared with the maximum log ingest for the same `_sourceCategory` over the **last four weeks** (comparison is with the same hour and day of week).
+* Ingest for any `_sourceCategory` in your account has a 50% spike compared with the maximum log ingest for the same `_sourceCategory` over the last four weeks (comparison is with the same hour and day of week).
* The log volume ingested by the `_sourceCategory` represents at least 25 % of the total data ingested within the hour.
#### Setup
-1. Enable the Data Volume Index. See [Enable and Manage the Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
+1. Enable the Data Volume Index. See [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
1. (Optional) To adjust the sensitivity of this alert, change either of the values from the following line of the query:
```sql
| where pct_increase > 30 and ingest_weight\> 30
@@ -147,9 +147,9 @@ This hourly alert is generated when both of the following occur:
```sql
| where pct_increase > 50 and ingest_weight\> 30
```
-1. (Optional) To change the alert to evaluate a spike in a Collector or Source, do either of the following:
- * To generate an alert on a spike in ingest for a Collector, change the first line of the query replacing `_sourceCategory="sourcecategory_volume"` with `_sourceCategory="collector_volume"`
- * To generate an alert on a spike in ingest for a Source, change the first line of the query replacing `_sourceCategory="sourcecategory_volume"` with `_sourceCategory="source_volume"`
+1. (Optional) To change the alert to evaluate a spike in a collector or source, do either of the following:
+ * To generate an alert on a spike in ingest for a collector, change the first line of the query replacing `_sourceCategory="sourcecategory_volume"` with `_sourceCategory="collector_volume"`
+ * To generate an alert on a spike in ingest for a source, change the first line of the query replacing `_sourceCategory="sourcecategory_volume"` with `_sourceCategory="source_volume"`
#### Query
@@ -173,7 +173,7 @@ _index=sumologic_volume sizeInBytes _sourceCategory="sourcecategory_volume"
After completing the setup steps above, schedule the search to run, as follows.
-1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
+1. Schedule the query you just created in Setup. For details, see [Create a Scheduled Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Hourly**.
1. Enter **-65m -5m** for the time range.})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.**
@@ -182,7 +182,7 @@ After completing the setup steps above, schedule the search to run, as follows.
## Data not sent alert
-This hourly alert will notify you if any of your Collectors have not sent log data for the last 24 hours (-24h). Because this alert will trigger if **any** Collectors do not send data in the specified time range, we recommend that you verify that all your Collectors are sending data before you set this alert and that you extend the time range if 24 hours is not long enough for your data to collect.
+This hourly alert will notify you if any of your collectors have not sent log data for the last 24 hours (-24h). Because this alert will trigger if *any* collectors do not send data in the specified time range, we recommend that you verify that all your collectors are sending data before you set this alert and that you extend the time range if 24 hours is not long enough for your data to collect.
:::note
This type of alert isn't suitable for ephemeral environments and can send false positives.
@@ -190,10 +190,10 @@ This type of alert isn't suitable for ephemeral environments and can send false
#### Setup
-**Prerequisite**. All collectors must be sending data **before** you set this alert. This alert will trigger if *any* collectors do not send data in the specified time range. If you want to identify collectors that are not ingesting for a long time or have not ingested at all, you can use the [Collector API](/docs/api/collector-management/collector-api-methods-examples)
+**Prerequisite**. All collectors must be sending data *before* you set this alert. This alert will trigger if *any* collectors do not send data in the specified time range. If you want to identify collectors that are not ingesting for a long time or have not ingested at all, you can use the [collector API](/docs/api/collector-management/collector-api-methods-examples)
attributes `alive` and `LastSeenAlive`.
-1. Enable the Data Volume Index. See [Enable and Manage the Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
+1. Enable the Data Volume Index. See [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index) for instructions.
1. (Optional) Depending on how busy your collectors are, you can modify the following alert threshold:
```sql
| where mins_since_last_logs\>= 60
@@ -219,15 +219,15 @@ _index=sumologic_volume sizeInBytes _sourceCategory="collector_volume"
| format ("%s Has not collected data in the past 60 minutes", collector) as message
```
-You can run a similar query across Sources, sourceHosts, sourceNames, source categories, or views, by changing the entry for `"collector_volume"` in the search scope keyword line to:`"source_volume"` for Sources, `"sourcehost_volume"`for sourceHosts, `"sourcename_volume"` for sourceNames, `"sourceCategory_volume"` for sourceCategories, or `"view_volume"` for views.
+You can run a similar query across sources, sourceHosts, sourceNames, source categories, or views, by changing the entry for `"collector_volume"` in the search scope keyword line to:`"source_volume"` for sources, `"sourcehost_volume"` for sourceHosts, `"sourcename_volume"` for sourceNames, `"sourceCategory_volume"` for sourceCategories, or `"view_volume"` for views.
-If you do not want the results of the query across Sources or source categories to be called "collector", you can replace all three instances of "collector" with a different field name.
+If you do not want the results of the query across sources or source categories to be called "collector", you can replace all three instances of "collector" with a different field name.
#### Scheduling
After completing the setup steps, you'll need to create a monitor.
-1. Create a monitor corresponding to the query you've created above ([learn more](/docs/alerts/monitors/create-monitor)).
+1. [Create a monitor](/docs/alerts/monitors/create-monitor) corresponding to the query you've created above.
1. Set the **Run frequency** to **Hourly**.
1. Set a time range. The default is **Last 24 hours**. If you need to allow for more time because some collectors do not typically ingest data that often, specify a longer time range. For example, seven days.})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**.
@@ -247,12 +247,12 @@ After completing the setup steps, you'll need to create a monitor.
This alert is automatically generated when your account has entered a throttled state (induced by metrics or logs) in the last 15 minutes. The alert runs every 15 minutes and covers a 15-minute period.
:::note
-All accounts are subject to throttling, regardless of plan type (Cloud Flex or Cloud Flex Credits) or [Data Tier](/docs/manage/partitions/data-tiers).
+All accounts are subject to throttling, regardless of plan type (Cloud Flex or Cloud Flex Credits) or [data tier](/docs/manage/partitions/data-tiers).
:::
#### Setup
-Enable the Audit Index. See [Enable and Manage the Audit Index](/docs/manage/security/audit-indexes/audit-index#enable-the-audit-index) for instructions.
+Enable the Audit Index. See [Enable the audit Index](/docs/manage/security/audit-indexes/audit-index#enable-the-audit-index) for instructions.
#### Query
@@ -264,7 +264,7 @@ _index=sumologic_audit _sourceCategory=account_management _sourceName=VOLUME_QUO
After completing the setup steps above, schedule the search to run, as follows.
-1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md).
+1. Schedule the query you just created in Setup. For details, see [Create a Scheduled Search](../../alerts/scheduled-searches/schedule-search.md).
1. Set the **Run frequency** to **Every 15 Minutes**.
1. Set the time range to the **Last 15 Minutes**.})
1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**.
diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
index 326e69bc03..8ea5fc8c44 100644
--- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
+++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
@@ -25,7 +25,7 @@ Sumo Logic provides flexible account types within its Cloud Flex Legacy packagi
* **Professional** accounts scale to meet your growing needs for user licenses, data retention, and volume options based on subscription. You can [upgrade](/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account) from a Professional to an Enterprise account at any time.
* **Enterprise** accounts, the premier Sumo Logic log management solution, are built to fit your organization's needs for data volume, data retention, and user management requirements. Enterprise accounts include [Ingest Budgets](/docs/manage/ingestion-volume/ingest-budgets) and [SAML-based SSO](/docs/manage/security/saml/set-up-saml).
:::note
- [Ingest Budgets](/docs/manage/ingestion-volume/ingest-budgets/) are only available for Enterprise accounts. Ingest budgets control the capacity of daily log ingestion volume sent to Sumo Logic from Collectors.
+ [Ingest Budgets](/docs/manage/ingestion-volume/ingest-budgets/) are only available for Enterprise accounts. Ingest budgets control the capacity of daily log ingestion volume sent to Sumo Logic from collectors.
:::
The following table provides a summary list of key features by package accounts.
@@ -44,7 +44,7 @@ The following table provides a summary list of key features by package accounts.
| Log Data storage (Cloud Flex Accounts) | 4GB | 30GB | ✓ | ✓ |
| Log Data volume | 500MB per day | 1GB per day* | ✓ | ✓ |
| [LogReduce](/docs/search/behavior-insights/logreduce) | ✓ | ✓ | ✓ | ✓ |
-| [Lookup Tables](/docs/search/lookup-tables) | none | Varies by the account type being trialed | 10 tables per org | 100 tables per org |
+| [Lookup tables](/docs/search/lookup-tables) | none | Varies by the account type being trialed | 10 tables per org | 100 tables per org |
| Metrics | | ✓ | ✓ | ✓ |
| Metrics data retention | | ✓ | ✓ | ✓ |
| Metrics data retention | | ✓ | ✓ | ✓ |
@@ -57,10 +57,10 @@ The following table provides a summary list of key features by package accounts.
| Users (Classic Accounts) | Three users | 20 users* | ✓ | ✓ |
| User and Role APIs | ✓ | ✓ | ✓ | ✓ |
-\* Contact [Sumo Logic Sales](mailto:sales@sumologic.com) to customize your account to meet your organization's needs.
+\* Contact [Sumo Logic Sales](https://support.sumologic.com/support/s/) to customize your account to meet your organization's needs.
:::important
-It's important to keep track of your daily usage. For tips on how to monitor and limit the data you're sending to Sumo Logic, see [Manage Ingestion.](../ingestion-volume/log-ingestion.md)
+It's important to keep track of your daily usage. For tips on how to monitor and limit the data you're sending to Sumo Logic, see [Log Ingestion.](/docs/manage/ingestion-volume/log-ingestion/)
:::
## Account Limitations and Guidelines
@@ -73,47 +73,47 @@ An account that is within its limits is defined as using **Reserved Capacity.**
### Collection Limitations
-* The maximum number of Collectors allowed per organization is 10,000.
-* The maximum number of Sources allowed on a Collector is 1,000.
+* The maximum number of collectors allowed per organization is 10,000.
+* The maximum number of Sources allowed on a collector is 1,000.
* The maximum number of Processing Rules allowed on a Source is 100.
### Continuous Query Limitations
-For all Sumo Logic account types (except for Sumo Logic Free) there is an overall limit of 200 continuous queries per Sumo Logic organization that can be run at one time. This includes Dashboard Panels, Alerts, and all other types of queries.
+For all Sumo Logic account types (except for Sumo Logic Free) there is an overall limit of 200 continuous queries per Sumo Logic organization that can be run at one time. This includes dashboard panels, alerts, and all other types of queries.
### Data Limits for Metrics
-For billing and reporting purposes, data volume for metrics is measured in Data Points per Minute (DPM). When the DPM limit is exceeded, data is cached on the host and the Source is throttled. The calculation of DPM varies according to the type of metric Source. For details, see [Data Limits for Metrics](../../metrics/manage-metric-volume/data-limits-for-metrics.md).
+For billing and reporting purposes, data volume for metrics is measured in data points per minute (DPM). When the DPM limit is exceeded, data is cached on the host and the Source is throttled. The calculation of DPM varies according to the type of metric Source. For details, see [Data Limits for Metrics](/docs/metrics/manage-metric-volume/data-limits-for-metrics/).
## Important notes on Sumo Logic Free accounts
Using a Free account is a great way to get to know Sumo Logic. While you're trying the Sumo Logic service, here are important points to be aware of:
* Free accounts run on seven-day intervals. This means that over the course of seven days, you cannot ingest more than a total of 3.5 GB of log data.
-* If you begin to reach the 500 MB daily limit, Sumo Logic sends an email to let you know. You can take action to [reduce the amount of data](../partitions/manage-indexes-variable-retention.md) you're uploading in order to stay below the limit.
+* If you begin to reach the 500 MB daily limit, Sumo Logic sends an email to let you know. You can take action to [reduce the amount of data](/docs/manage/partitions/manage-indexes-variable-retention/) you're uploading in order to stay below the limit.
* If the 500 MB limit is surpassed, you'll receive an email letting you know that data in the Sumo Logic Cloud can no longer be searched (but additional data is still collected). However, if the data limit is fully exceeded, data collection stops (in addition to search being disabled). Disabled features will be available after your usage falls below 4 GB when averaged over seven days (this could take one day, or up to seven days, depending on the amount of data you've uploaded and where you've uploaded it).
* In extreme situations, Free accounts may be disabled if the data volume continues to exceed the limits.
-* Free accounts are limited to 20 continuous queries, including [Dashboard Panels](/docs/dashboards/about).
-* Because Free accounts run on seven-day intervals, [Dashboard Panel](/docs/dashboards/about) queries may not use a time range longer than seven days.
+* Free accounts are limited to 20 continuous queries, including [dashboard panels](/docs/dashboards/about).
+* Because Free accounts run on seven-day intervals, [dashboard panel](/docs/dashboards/about) queries may not use a time range longer than seven days.
* For Sumo Logic Apps, Free accounts are limited to install the [Log Analysis QuickStart app](/docs/integrations/sumo-apps/log-analysis-quickstart).
* The limitations of a Free account cannot be changed, but you can upgrade to a Professional account at any time.
-* For information on throttling and account caps, see [Manage Ingestion](../ingestion-volume/log-ingestion.md).
+* For information on throttling and account caps, see [Log Ingestion](/docs/manage/ingestion-volume/log-ingestion/).
### Important notes on Sumo Logic Trial accounts
Using a Trial account is a great way to learn about the advanced features of Sumo Logic. While you're trying the Sumo Logic service, there are a few points that are important to be aware of:
* Trial accounts are allowed to burst up to 5 GB a day for short periods.
-* For information on throttling and account caps, see [Manage Ingestion](../ingestion-volume/log-ingestion.md).
+* For information on throttling and account caps, see [Log Ingestion](/docs/manage/ingestion-volume/log-ingestion/).
## Account Page
The **Account** page displays information about your Sumo Logic organization, account type, billing period, and the number of users. It also allows the account owner to reassign the role of the Account Owner.
-[Data Tiers](/docs/manage/partitions/data-tiers) provide economic flexibility by aligning your analytics to the value of your data. By using the Continuous and Frequent tiers, you can appropriately segment your data by use case and analytics needs, thus enabling you to optimize your analytics investments.
+[Data tiers](/docs/manage/partitions/data-tiers) provide economic flexibility by aligning your analytics to the value of your data. By using the Continuous and Frequent tiers, you can appropriately segment your data by use case and analytics needs, thus enabling you to optimize your analytics investments.
:::note
-[Data Tiers](/docs/manage/partitions/data-tiers) must be enabled on your plan to be able to access this functionality. For more information, contact your Sumo Logic Account Representative.
+[Data tiers](/docs/manage/partitions/data-tiers) must be enabled on your plan to be able to access this functionality. For more information, contact your Sumo Logic Account Representative.
:::
The top panel of the Account Overview page provides an at-a-glance view of your account information:
@@ -125,7 +125,7 @@ The top panel of the Account Overview page provides an at-a-glance view of your
* **Continuous Ingest.** Shows your daily capacity for log ingest to the Continuous Data Tier, and your average daily usage. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference.
* **Frequent Ingest**. Shows your daily capacity for log ingest to the Frequent Data Tier, and your average daily usage. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference.
* **Metrics Ingest**. Shows your daily capacity for metrics ingest, and your average daily usage, both in DPM. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference. If your daily usage average is higher than your capacity, you will be charged the on-demand rate for the difference.
-* **Storage.** Shows your daily storage capacity and average daily storage usage. You can adjust capacity use by modifying your [retention periods](../partitions/manage-indexes-variable-retention.md).
+* **Storage.** Shows your daily storage capacity and average daily storage usage. You can adjust capacity use by modifying your [retention periods](/docs/manage/partitions/manage-indexes-variable-retention/).
* **Auto Refresh Dashboard Panels.** Show the number of auto refresh dashboard panels you have set up. Compares the number allowed to the number already in use. For example, out of 200, 174 have been used.
To view the Account page, do the following:
@@ -134,13 +134,13 @@ To view the Account page, do the following:
1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. })
:::note
-If you are your Sumo Logic account owner, your Account page also displays a **Manage Organization** section. For information on these options, see [Manage Organization](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings).
+If you are your Sumo Logic account owner, your Account page also displays a **Manage Organization** section. For information on these options, see [Manage Organization Settings](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings).
:::
})
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-flex.md b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-flex.md
index 80158818a2..e9b09c2da0 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-flex.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-flex.md
@@ -17,13 +17,13 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
This feature is not enabled by default. If you’d like to have it enabled, contact your Sumo Logic account executive.
:::
-This topic has information about Sumo Logic’s Organizations (“Sumo Orgs”) feature for Flex licensing, which you can use to create and manage orgs. The term *parent org* refers to the organization from which you create a new organization, while *child orgs* are the organizations you create.
+This topic has information about Sumo Logic’s organizations feature for Flex licensing, which you can use to create and manage orgs. The term *parent org* refers to the organization from which you create a new organization, while *child orgs* are the organizations you create.
-Sumo Orgs allows you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs.
+Sumo Logic organitztions allow you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs.
-When you create a child org, you provision it with credits, based on the ingest volume you estimate for the org. When you provision a child org you use a Credits Calculator to estimate and allocate required credits for each product variable.
+When you create a child org, you provision it with credits, based on the ingest volume you estimate for the org. When you provision a child org you use a credits calculator to estimate and allocate required credits for each product variable.
-We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. For example, if you estimate 1GB usage for logs and specify that as the baseline when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion.md) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.
+We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. For example, if you estimate 1GB usage for logs and specify that as the baseline when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion/#log-throttling) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.
Users that have the required [role capabilities](/docs/manage/manage-subscription/create-and-manage-orgs#requirements-for-creating-and-managing-orgs) can create child orgs under a parent org, and manage and monitor the allocation and consumption of Sumo Logic credits across orgs, and for each child org. This functionality is available in the Sumo Logic UI in the **Organizations** tab and also in the [Organizations Management API](https://organizations.sumologic.com/docs/).
@@ -39,7 +39,7 @@ You cannot delete a new child org once it is created.
1. Click **+ Add Organization**.})
1. The **Create New Organization** pane appears. })
-### Allocate Credits
+### Allocate credits
1. **Plan Type**. Select your organization's plan type.
1. **Deployment**. Select a Sumo Logic deployment from the list.
@@ -61,7 +61,7 @@ You cannot delete a new child org once it is created.
* **Metrics**. Enter estimated daily metric data points per minute (DPM) ingestion.})
1. **Cloud SIEM Enterprise**. Click the checkbox to enable Cloud SIEM. When the **Cloud Log Ingest** field appears, enter a value in GB.
:::note
- Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM Provisioning](#monitor-cloud-siem-provisioning), below.
+ Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM provisioning](#monitor-cloud-siem-provisioning), below.
:::
1. As you enter the ingestion estimates, the number of credits required for the specified ingestion levels will be incremented.
1. The calculator now shows the recommended credit allocation, which provides you a suggestion on how many credits you would need for the child org. This is calculated based on the baseline added, the burndowns in your contract, and the days remaining in your contract.
@@ -70,7 +70,7 @@ You cannot delete a new child org once it is created.
1. **Credits to be allocated**. The recommended credits for this child org will be displayed once you set the baseline. You can add or reduce the credit based on your requirement.
1. **Remaining Credits (Parent)**. Total balance credits available in the parent org after using the credits for child org.
-### Basic Details
+### Basic details
1. **Organization Name**. Enter a unique name for the org.
1. **Account Owner Email**. Enter the name of the account owner.
@@ -98,7 +98,7 @@ To change an org's credits allocation:
**Example 2**: Suppose you need to increase credits for your child org. The image below shows that you have used 35 out of 31,026 credits allocated to your child org. To add more credits, select **Credits to be Added** and enter the additional credits required.})
1. If you want to modify the baseline, click **View Baseline**. The credits calculator appears.
- 1. Click **Edit** and follow the [step 4 in Allocate Credits](#allocate-credits) to update the credits allocation.})
+ 1. Click **Edit** and follow step 4 in [Allocate credits](#allocate-credits) to update the credits allocation.
1. Once you save the new baseline, you can view the recommended value in the **Credits to be Added/Reduced** section.})
1. (Optional) Click **View Details** to view the detailed breakdown of additional credits required value.})
1. Click **Save** once you finish editing the credit values.
@@ -127,9 +127,9 @@ You can view the aggreagte usage for all child orgs across usage category in the
* **Metrics Ingest**. Credits used for metrics ingested.
* **Data Forwarding**. For more information, see [Data Forwarding](/docs/manage/data-forwarding/).
* **Storage**. Credits used for log storage in the Continuous and Frequent Tiers.
-* **Promotional categories**. For more information, see [Promotional Credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
+* **Promotional categories**. For more information, see [Promotional credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
-By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the Download Report button.
+By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the **Download Report** button.
})
@@ -162,7 +162,7 @@ By clicking the **Download Report** button, you can download the selected child
## Audit logging for organizations
-This section has examples of the messages Sumo Logic writes to the Audit Event Index when you create or update an org.
+This section has examples of the messages Sumo Logic writes to the [Audit Event Index](/docs/manage/security/audit-indexes/audit-event-index/) when you create or update an org.
### OrganizationCreated
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers.md b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers.md
index 6af750f3c7..ee34f25a71 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers.md
@@ -2,7 +2,7 @@
id: create-manage-orgs-service-providers
title: Create and Manage Organizations (Service Providers)
sidebar_label: Service Providers
-description: For Sumo Logic Service Providers, Sumo Orgs eases the process of provisioning and managing POV Trial orgs in multiple Sumo Logic deployments.
+description: For Sumo Logic service providers, using Sumo Logic organitztions eases the process of provisioning and managing POV Trial orgs in multiple Sumo Logic deployments.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -15,27 +15,27 @@ import Iframe from 'react-iframe';
| Credits | Enterprise Operations, Enterprise Security, Enterprise Suite |
:::note
-This feature is not enabled by default. If you’d like to have it enabled, contact your Sumo Logic Account Executive.
+This feature is not enabled by default. If you’d like to have it enabled, contact your Sumo Logic account executive.
:::
-This topic has information about Sumo Logic’s Organizations (“Sumo Orgs”) feature for Sumo Logic Service Providers. Sumo Orgs allows you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs. We use the term *parent org* to refer to the org from which you create and manage orgs, and *child orgs* to refer to the orgs you create.
+This topic has information about Sumo Logic’s organizations feature for Sumo Logic service providers. Sumo Logic organizations allow you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs. We use the term *parent org* to refer to the org from which you create and manage orgs, and *child orgs* to refer to the orgs you create.
-As a Service Provider, you can create two types of child orgs:
+As a service provider, you can create two types of child orgs:
* You can create POV (Proof of Value) Trial orgs for your prospects to access in order to evaluate Sumo Logic. For more information, see [About POV Trial orgs](#about-pov-trial-orgs).
* You can create child orgs, either for use within your own company or for customers who are not going to trial Sumo Logic before subscribing.
In either case, the child orgs you create will be the same plan type as the parent org. For example, if you have an Enterprise Suite plan, the child orgs you create will also be Enterprise Suite accounts.
-When you create a child org, you provision it with credits, based on the ingest volume you estimate for the org. We refer to the different flavors of ingest—Continuous Log Ingest, Frequent Log Ingest, and so on—as *product variables*. When you provision a child org you use a Credits Calculator to estimate and allocate required credits for each product variable.
+When you create a child org, you provision it with credits, based on the ingest volume you estimate for the org. We refer to the different flavors of ingest—Continuous Log Ingest, Frequent Log Ingest, and so on—as *product variables*. When you provision a child org you use a credits calculator to estimate and allocate required credits for each product variable.
-We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. (For example, if you estimate 1GB usage for logs and specify that as the "baseline" when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion.md) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.)
+We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. (For example, if you estimate 1GB usage for logs and specify that as the "baseline" when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion/#log-throttling) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.)
Users that have the required role capabilities can create child orgs under a parent org, and manage and monitor the allocation and consumption of Sumo Logic credits across orgs, and for each child org. This functionality is available in the Sumo Logic UI in the **Organizations** tab and also in the [Organizations Management API](https://organizations.sumologic.com/docs/).
## About POV Trial orgs
-POV Trial orgs you create will have a 45 day trial period. POV Trial orgs will be provisioned with the following ingestion limits.
+POV Trial orgs you create will have a 45 day trial period. POV Trial orgs will be provisioned with the following ingestion limits:
* 5 GB Continuous Tier ingest
* 5 GB Frequent Tier ingest
@@ -48,12 +48,12 @@ POV Trial orgs you create will have a 45 day trial period. POV Trial orgs will b
The credits associated with the trial org allocations don’t impact the parent org’s credits allocation.
:::
-You can upgrade a trial org by editing the org and changing the Plan Type. When you upgrade a POV Trial org, if the org is in a different Sumo Logic deployment from the parent org, the Credits calculator may add a deployment factor, which is a percentage upcharge that varies by deployment.
+You can upgrade a trial org by editing the org and changing the Plan Type. When you upgrade a POV Trial org, if the org is in a different Sumo Logic deployment from the parent org, the credits calculator may add a deployment factor, which is a percentage upcharge that varies by deployment.
The plan gets downgraded to [**Free** plan with limitations](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#credits---account-types) once the 45-day POV trial period is over. To prevent this from happening, Sumo Logic provides indicators about the expiration date in two different places on the platform.
-* **View details for the selected organizations**. You can see the **Plan Expiry** date with information about the downgrading of your plan in the view details side panel for the selected organizations. This tooltip is different for CSV and Non-CSV provisioned child org.
-* **Child org table**. If the number of days left for expiry is less than 14, a warning icon with the expiry date will be shown against the respective organizations, and the information about downgrading your plan will turn into a warning with the same message.
+* **View details for the selected organizations**. You can see the **Plan Expiry** date with information about the downgrading of your plan in the view details side panel for the selected organizations. This tooltip is different for CSV and non-CSV provisioned child orgs.
+* **Child org table**. If the number of days left for expiration is less than 14, a warning icon with the expiration date will be shown against the respective organizations, and the information about downgrading your plan will turn into a warning with the same message.
:::info
If your CSE POV trial plan is downgraded to the free plan, your CSE access will be disabled and your data will be erased after seven days.
@@ -73,7 +73,7 @@ After you create a child org, you can’t delete it.
1. Click **+ Add Organization**. })
1. The **Create New Organization** pane appears.})
-### Allocate Credits
+### Allocate credits
1. **Plan Type**. Select your organization's plan type. By default, “POV Trial (45 days)” is selected. Leave it selected.
1. **Deployment**. Select a Sumo Logic deployment from the list.
@@ -91,7 +91,7 @@ After you create a child org, you can’t delete it.
* **CSE Log Ingest**. Estimated daily Cloud SIEM ingestion.
1. Click **Done** to go back.
-### Basic Details
+### Basic details
1. **Organization Name**. Enter a unique name for the org.
1. **Account Owner Email**. Enter the name of the account owner.
@@ -107,7 +107,7 @@ After you create a child org, you can’t delete it.
1. In the edit pane, choose the **Enterprise plan** that appears as an option in the **Plan Type** dropdown.})
1. A warning message is shown that says you won’t be able to downgrade the org once you upgrade it.})
1. Click **Set Baseline**.
-1. The Credits Calculator appears.})
+1. The credits calculator appears.
* **Continuous Log Ingest**. Enter estimated daily ingestion to the Continuous Tier.
* **Frequent Log Ingest**. Enter estimated daily ingestion to the Frequent Tier.
* **Infrequent Log Ingest**. Enter estimated daily ingestion to the Infrequent Tier.
@@ -115,7 +115,7 @@ After you create a child org, you can’t delete it.
* **Tracing**. Enter estimated daily ingestion of traces.
1. **Cloud SIEM Enterprise**. Click the checkbox to enable Cloud SIEM. When the **Cloud Log Ingest** field appears, enter a value in GB.
:::note
- Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM Provisioning](#monitor-cloud-siem-provisioning), below.
+ Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM provisioning](#monitor-cloud-siem-provisioning), below.
:::
1. As you enter the ingestion estimates, the number of credits required for the ingestion levels is incremented.
1. The calculator now shows the recommended credit allocation, which provides you a suggestion on how many credits you would need for the child org. This is calculated based on the baseline added, the burndowns in your contract, and the days remaining in your contract.
@@ -138,7 +138,7 @@ If a POV trial org is not upgraded to Enterprise plan after 45 days, the org wil
* **Tracing**. Enter estimated daily ingestion of traces.
1. **Cloud SIEM Enterprise**. Click the checkbox to enable Cloud SIEM. When the **Cloud Log Ingest** field appears, enter a value in GB.
:::note
- Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM Provisioning](#monitor-cloud-siem-provisioning), below.
+ Provisioning Cloud SIEM can take up to 24 hours. See [Monitor Cloud SIEM provisioning](#monitor-cloud-siem-provisioning), below.
:::
1. As you enter the ingestion estimates, the number of credits required for the specified ingestion levels will be incremented.
1. The calculator now shows the recommended credit allocation, which provides you a suggestion on how many credits you would need for the child org. This is calculated based on the baseline added, the burndowns in your contract, and the days remaining in your contract.
@@ -183,7 +183,7 @@ To change an org's credits allocation:
**Example 2**: Consider you need to increase credits to your child org. The below image shows that you have used 35 credits out of 31026 credits allocated to your child org. Now, if you wish to increase the credits to your child org, select **Credits to be Added** and add the additional credits required.
1. If you want to modify the baseline, click **View Baseline**. The **Credits Calculator** appears.
- 1. Click **Edit** and follow the steps in [Allocate Credits](#allocate-credits) to update the credits allocation.})
+ 1. Click **Edit** and follow the steps in [Allocate credits](#allocate-credits) to update the credits allocation.
1. Once you save the new baseline, you can view the recommended value in the **Credits to be Added/Reduced** section.
1. (Optional) Click **View Details** to view the detailed breakdown of additional credits required value.
1. Click **Save** once you finish editing the credit values.
@@ -223,9 +223,9 @@ You can view the aggregate usage for all child orgs across usage category in the
* **Storage**. Credits used for log storage in the Continuous and Frequent Tiers.
* **Cloud SIEM Ingest**. Credits used for logs ingested into Cloud SIEM.
* **Infrequent Storage**. Credits used for log storage in the Infrequent Tier.
-* **Promotional categories**. For more information, see [Promotional Credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
+* **Promotional categories**. For more information, see [Promotional credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
-By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the Download Report button.
+By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the **Download Report** button.
})
@@ -261,7 +261,7 @@ By clicking the **Download Report** button, you can download the selected child
## Audit logging for organizations
-This section has examples of the messages Sumo Logic writes to the Audit Event Index when you create, deactivate, and update an org.
+This section has examples of the messages Sumo Logic writes to the [Audit Event Index](/docs/manage/security/audit-indexes/audit-event-index/) when you create, deactivate, and update an org.
### OrganizationCreated
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs.md b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs.md
index 852c377fde..d9515cf894 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs.md
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
import Iframe from 'react-iframe';
:::note
-If you are a Sumo Logic Service Provider, see [Create and Manage Orgs (Service Providers)](create-manage-orgs-service-providers.md).
+If you are a Sumo Logic Service Provider, see [Create and Manage Orgs (Service Providers)](/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers/).
:::
## Availability
@@ -19,16 +19,16 @@ If you are a Sumo Logic Service Provider, see [Create and Manage Orgs (Service P
| Credits | Enterprise Operations, Enterprise Security, Enterprise Suite |
:::note
-This feature is not enabled by default. If you’d like to have it enabled, contact your Sumo Logic Account Executive.
+This feature is not enabled by default. If you’d like to have it enabled, contact your Sumo Logic account executive.
:::
-This topic has information about Sumo Logic’s Organizations (“Sumo Orgs”) feature, which you can use to create and manage orgs. We use the term *parent org* to refer to the org from which you create a new org, and *child orgs* to refer to the orgs you create.
+This topic has information about Sumo Logic’s organizations feature, which you can use to create and manage orgs. We use the term *parent org* to refer to the org from which you create a new org, and *child orgs* to refer to the orgs you create.
-Sumo Orgs allows you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs.
+Sumo Logic organizations allow you to logically group, provision, and centrally manage and monitor the credits usage of multiple orgs.
When you create a child org, you provision it with credits, based on the ingest volume you estimate for the org. We refer to the different flavors of ingest—Continuous Log Ingest, Frequent Log Ingest, and so on—as *product variables*. When you provision a child org you use a Credits Calculator to estimate and allocate required credits for each product variable.
-We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. For example, if you estimate 1GB usage for logs and specify that as the baseline when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion.md) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.
+We refer to your estimates of ingest capacity required for each product variable as *baselines*. Sumo Logic’s throttling multipliers for logs and metrics are based on these estimates. For example, if you estimate 1GB usage for logs and specify that as the baseline when you create the org, Sumo Logic will start [throttling](/docs/manage/ingestion-volume/log-ingestion/#log-throttling) when ingestion to the org reaches 4 to 10 times the baseline. The multiplier depends on your account size.
Users that have the required role capabilities (described in the following section) can create child orgs under a parent org, and manage and monitor the allocation and consumption of Sumo Logic credits across orgs, and for each child org. This functionality is available in the Sumo Logic UI in the **Organizations** tab and also in the [Organizations Management API](https://organizations.sumologic.com/docs/).
@@ -167,9 +167,9 @@ You can view the aggreagte usage for all child orgs across usage category in the
* **Storage**. Credits used for log storage in the Continuous and Frequent Tiers.
* **Cloud SIEM Ingest**. Credits used for logs ingested into Cloud SIEM.
* **Infrequent Storage**. Credits used for log storage in the Infrequent Tier.
-* **Promotional categories**. For more information, see [Promotional Credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
+* **Promotional categories**. For more information, see [Promotional credits](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#promotional-credits).
-By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the Download Report button.
+By clicking the **Download Report** button, you can download the org usage data in csv format for further analysis and reporting. You can also download the detailed child org usage data in csv format by clicking **Download Detailed Credit Usages** from the kebab icon next to the **Download Report** button.
@@ -205,7 +205,7 @@ By clicking the **Download Report** button, you can download the selected child
## Audit logging for organizations
-This section has examples of the messages Sumo Logic writes to the Audit Event Index when you create or update an org.
+This section has examples of the messages Sumo Logic writes to the [Audit Event Index](/docs/manage/security/audit-indexes/audit-event-index/) when you create or update an org.
### OrganizationCreated
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/index.md b/docs/manage/manage-subscription/create-and-manage-orgs/index.md
index d634b66385..e540bcddf4 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/index.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/index.md
@@ -10,7 +10,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
## Requirements for creating and managing orgs
-There are several [role capabilities](/docs/manage/users-roles/roles/role-capabilities) that are required to work with orgs:
+There are several [role capabilities](/docs/manage/users-roles/roles/role-capabilities/#organizations) that are required to work with orgs:
* **View Organizations**. This capability is required to view the Organizations UI.
* **Create Organizations**. This capability is required to create or provision child organizations.
@@ -26,7 +26,7 @@ In this section, we'll introduce the following concepts:
}){kind=icon}
Learn how to create and manage multiple Sumo Logic Orgs.
+Learn how to create and manage multiple Sumo Logic orgs.
Learn how to create and manage multiple Sumo Logic Orgs with Flex data.
+Learn how to create and manage multiple Sumo Logic orgs with Flex data.
})
:::note
-If the account owner leaves your organization and you cannot transfer the account ownership, please [submit a support ticket](https://support.sumologic.com/support/s) to transfer the account ownership.
+If the account owner leaves your organization and you cannot transfer the account ownership, [submit a support ticket](https://support.sumologic.com/support/s) to transfer the account ownership.
:::
### Delete an organization
@@ -74,7 +74,7 @@ By default, your Sumo Logic account has a "service" subdomain. For example, `se
If you have multiple Sumo Logic accounts, you may find it useful to configure a custom subdomain for each of your Sumo Logic accounts.
-Custom subdomains can help ensure that requests are authenticated to the right account when links are received. Once configured by your account owner, your custom subdomain will be used in the links Sumo generates when you share queries or dashboards, or the links in alerts and other emails you may receive from your account. These subdomain-enabled links will direct the user to the specified account for authentication.
+Custom subdomains can help ensure that requests are authenticated to the right account when links are received. Once configured by your account owner, your custom subdomain will be used in the links Sumo Logic generates when you share queries or dashboards, or the links in alerts and other emails you may receive from your account. These subdomain-enabled links will direct the user to the specified account for authentication.
When you use custom subdomains in combination with SAML integrations [configured with SP initiated login](/docs/manage/security/saml/set-up-saml), your SAML authentication options will be provided within your subdomain-enabled Sumo Logic login page.
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md b/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md
index b2781cc883..78da9106bc 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md
@@ -36,7 +36,7 @@ You can push the following:
* Cloud SIEM [rule tuning expressions](/docs/cse/rules/rule-tuning-expressions/)
* [Library](/docs/get-started/library)
* [Monitors](/docs/alerts/monitors/)
-* [Source Template](/docs/send-data/opentelemetry-collector/remote-management/source-templates/)
+* [Source templates](/docs/send-data/opentelemetry-collector/remote-management/source-templates/)
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Organizations**. You can also click the **Go To...** menu at the top of the screen and select **Organizations**.})
- 1. Click **Stop Push** on the confirmation pop-up. To view the results table, refer to [View Results](#view-results).})
+ 1. Click **Stop Push** on the confirmation pop-up. To view the results table, refer to [View results](#view-results).
### Tips
diff --git a/docs/manage/manage-subscription/manage-billing-information.md b/docs/manage/manage-subscription/manage-billing-information.md
index f2f1069c76..d1a7675a56 100644
--- a/docs/manage/manage-subscription/manage-billing-information.md
+++ b/docs/manage/manage-subscription/manage-billing-information.md
@@ -9,7 +9,7 @@ The **Billing** page allows admin users to add or update the credit card informa
All users who have Admin role privileges can manage the billing information for Sumo Logic. This includes the credit card number on file (monthly or annual payment), as well as the billing address and contact information.
-Once changes are submitted, Sumo Logic will begin applies the new credit card for the next billing cycle. To reassign the account owner role to another admin user, see Account Page for your account type.
+Once changes are submitted, Sumo Logic will begin to apply the new credit card for the next billing cycle. To reassign the account owner role to another admin user, see the Account page for your account type.
To modify your billing information:
diff --git a/docs/manage/manage-subscription/organization-usage-limits.md b/docs/manage/manage-subscription/organization-usage-limits.md
index 3b5b0d9c4a..1ae1a7bc6f 100644
--- a/docs/manage/manage-subscription/organization-usage-limits.md
+++ b/docs/manage/manage-subscription/organization-usage-limits.md
@@ -11,19 +11,19 @@ This page provides information about the query budget usage limits, which allows
## Ingestion - Throttling Limits
:::info
-Only **Administrator** have the access to view the **Ingestion - Throttling Limits** section.
+Only administrators have the access to view the **Ingestion - Throttling Limits** section.
:::
-This section provides information about the baseline and throttling limits set. Click **View Usage and Throttling Limits** button to view the logs, metrics, and traces ingestion rate over the selected time range. With [View Recent Breaches](/docs/manage/security/audit-indexes/audit-index/#throttling-events) button you can view recent throttling limit breaches.
+This section provides information about the baseline and throttling limits set. Click the **View Usage and Throttling Limits** button to view the logs, metrics, and traces ingestion rate over the selected time range. With the **View Recent Breaches** button you can view recent [throttling limit breaches](/docs/manage/security/audit-indexes/audit-index/#throttling-events).
### Enable Ingestion Throttling Notifications
:::note
-Only users with **Administrator** access can enable this feature.
+Only users with administrator access can enable this feature.
:::
1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select your username and then **Preferences**. })
-1. Access your [Preferences](/docs/get-started/account-settings-preferences/#my-preferences).
+1. Access your [preferences](/docs/get-started/account-settings-preferences/#my-preferences).
1. Navigate to **My Preferences** and check the **Enable ingestion throttling notifications** checkbox.})
## Availability
@@ -42,8 +42,8 @@ To manage the query size limit follow the below steps:
:::info
Sumo Logic defines scan as two types:
- - **Foreground interactive search**. Search page UI, Mobot, and Dashboards.
- - **Background search**. API, Scheduled Search, Monitor, Scheduled Views, and SLO.
+ - **Foreground interactive search**. Search page UI, Mobot, and dashboards.
+ - **Background search**. API, scheduled search, monitor, scheduled views, and SLO.
:::
:::note
diff --git a/docs/manage/manage-subscription/scan-budgets.md b/docs/manage/manage-subscription/scan-budgets.md
index ffec17c4aa..3d61d01d00 100644
--- a/docs/manage/manage-subscription/scan-budgets.md
+++ b/docs/manage/manage-subscription/scan-budgets.md
@@ -42,8 +42,8 @@ To create the query size limit using the **Advanced** configuration:
- **Only allow background query scans**. A warning message will be displayed if you run a query that exceeds the budget set. This will block the foreground searches but will not impact any background searches/automated queries.
:::info
Sumo Logic defines scan as two types:
- - **Foreground interactive search**. Search page UI, Mobot, and Dashboards.
- - **Background search**. API, Scheduled Search, Monitors, Scheduled Views, and SLO.
+ - **Foreground interactive search**. Search page UI, Mobot, and dashboards.
+ - **Background search**. API, scheduled search, monitors, scheduled views, and SLO.
:::
1. **Details**. Enter the name for the scan budget.})
1. Click **Save** to create the scan budget.
@@ -70,7 +70,7 @@ To view the selected scan budget:
- **Per Query Budget**. Limits the data (in GBs) that a single query can consume. If the query size exceeds the set limit, you will not be able to continue scanning until they are within the query size limit.
- **Time phased budgets**. Limits the data (in GBs) that a single user or a group can consume based on the time phase selected while creating the budget.
- **Status**. Describes if the scan budget is active or inactive.
- - **Usage Category**. Describes the type of scan. For Flex this is shown as **Flex Scan** and for Data tier this is shown as **Infrequent Scan**.
+ - **Usage Category**. Describes the type of scan. For Flex this is shown as **Flex Scan** and for data tier this is shown as **Infrequent Scan**.
- **Scope**. Displays the list of roles or users for whom the selected scan budget is applied for or excluded from.
- **Capacity (per user)**. Describes the budget set for individual user search.
- **Action when capacity reached**. Describes the type of action sected to notify when the budget limit is reached.
diff --git a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
index 9b498be271..7a9238e5a5 100644
--- a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
+++ b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
@@ -8,11 +8,11 @@ description: View information on Sumo Logic Credits accounts and intuitively mon
import useBaseUrl from '@docusaurus/useBaseUrl';
import AccountCredit from '../../reuse/account-credit.md';
-Sumo Logic provides flexible account types within its Credits packaging for any size organization.
+Sumo Logic provides flexible account types within its credits packaging for any size organization.
})
1. The page refreshes to show the **Confirm Upgrade** step.})
1. Read the Service Level Agreements, then click **I have read and agree to the Service Level Agreements** to continue.
1. Click **Confirm** to complete the upgrade. After you click **Confirm**, the credit card you provided to Sumo Logic is charged.
1. The upgrade is processed, then a **Congratulations** screen appears. Click **Finish**.
-If you have any issues, or if you do not see a charge on your credit card within 48 hours, contact [support@sumologic.com](mailto:support@sumologic.com).
+If you have any issues, or if you do not see a charge on your credit card within 48 hours, [contact Support](https://support.sumologic.com/support/s/).
:::note
The price shown in the screenshots above may not reflect the actual current price.
diff --git a/docs/manage/partitions/data-tiers/create-edit-partition.md b/docs/manage/partitions/data-tiers/create-edit-partition.md
index 959a202d5f..942ebd2c56 100644
--- a/docs/manage/partitions/data-tiers/create-edit-partition.md
+++ b/docs/manage/partitions/data-tiers/create-edit-partition.md
@@ -1,7 +1,7 @@
---
id: create-edit-partition
title: Create and Edit a Partition
-description: Learn how to create and edit a Partition in an Index.
+description: Learn how to create and edit a partition in an index.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -11,58 +11,58 @@ Partitions provide three primary functions:
* Enhance searches
* Enhance retention options
-Partitions ingest your messages in real time, and differ from [Scheduled Views](/docs/manage/scheduled-views), which backfill with aggregate data. Partitions begin building a non-aggregate index from the time the Partition is created and only index data moving forward (from the time of creation).
+Partitions ingest your messages in real time, and differ from [Scheduled Views](/docs/manage/scheduled-views), which backfill with aggregate data. Partitions begin building a non-aggregate index from the time the partition is created and only index data moving forward (from the time of creation).
See [Partitions](/docs/manage/partitions) for limitations.
## Prerequisites
-To create or edit a Partition, you must be an account Administrator or have the [Manage Partitions role capability](/docs/manage/users-roles/roles/role-capabilities). It's important to note that Partitions only affect data generated from the date of their creation onwards; any data predating their establishment is not included.
+To create or edit a partition, you must be an account Administrator or have the [Manage Partitions role capability](/docs/manage/users-roles/roles/role-capabilities). It's important to note that partitions only affect data generated from the date of their creation onwards; any data predating their establishment is not included.
-## Partitions and Data Tiers
+## Partitions and data tiers
-If you have a Sumo Logic Enterprise Suite account, you can take advantage of the [Data Tiers](/docs/manage/partitions/data-tiers/) feature, which allows you to choose the tier where the Partition will reside. You select the tier when you configure the Partition.
+If you have a Sumo Logic Enterprise Suite account, you can take advantage of the [data tiers](/docs/manage/partitions/data-tiers/) feature, which allows you to choose the tier where the partition will reside. You select the tier when you configure the partition.
-## Create a Partition
+## Create a partition
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Partitions**. You can also click the **Go To...** menu at the top of the screen and select **Partitions**. })
-1. **Name**. Enter a name for the Partition. Partitions must be named alphanumerically, with no special characters, with the exception of underscores (`_`) and hyphens (`-`). However, a Partition name cannot start with `sumologic_`, an underscore `_`, or a hyphen (`-`).
-1. **Data Tier**. (Enterprise Suite accounts only) Click the radio button for the tier where you want the Partition to reside.
-1. **Routing Expression**. Enter a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that matches the data you want to have in the Partition, using [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) or [custom metadata fields](/docs/manage/fields). If you have an Enterprise Suite account, and are going to assign the Partition to the Infrequent Tier, see the information in the [Assigning Data to a Data Tier](/docs/manage/partitions/data-tiers#assigning-data-to-a-data-tier) section of the [Data Tiers](/docs/manage/partitions/data-tiers/) page.
+1. **Name**. Enter a name for the partition. Partitions must be named alphanumerically, with no special characters, with the exception of underscores (`_`) and hyphens (`-`). However, a partition name cannot start with `sumologic_`, an underscore `_`, or a hyphen (`-`).
+1. **Data Tier**. (Enterprise Suite accounts only) Click the radio button for the tier where you want the partition to reside.
+1. **Routing Expression**. Enter a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that matches the data you want to have in the partition, using [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) or [custom metadata fields](/docs/manage/fields). If you have an Enterprise Suite account, and are going to assign the partition to the Infrequent Tier, see the information in the [Assigning data to a data tier](/docs/manage/partitions/data-tiers#assigning-data-to-a-data-tier) section of the [Data Tiers](/docs/manage/partitions/data-tiers/) page.
:::note
- The [`_dataTier`](searching-data-tiers.md) search modifier is not supported in Partition routing expressions.
+ The [`_dataTier`](searching-data-tiers.md) search modifier is not supported in partition routing expressions.
:::
-1. **Retention Period**. Enter the number of days you wish to retain the data in the Partition, or click **Apply the retention period of the Default Continuous Index**.
-1. **Data Forwarding**. If you want to forward the data in the Partition to a cloud environment, click **Enable Data Forwarding** and specify the necessary information for the options that appear. For more information, see [Data Forwarding](/docs/manage/data-forwarding).
+1. **Retention Period**. Enter the number of days you wish to retain the data in the partition, or click **Apply the retention period of the Default Continuous Index**.
+1. **Data Forwarding**. If you want to forward the data in the partition to a cloud environment, click **Enable Data Forwarding** and specify the necessary information for the options that appear. For more information, see [Data Forwarding](/docs/manage/data-forwarding).
### Enhance search and retention
-* To learn how to run a search against a Partition, see [Run a Search Against a Partition](/docs/manage/partitions/run-search-against-partition) and [Optimize Your Search with Partitions](/docs/search/optimize-search-partitions.md).
+* To learn how to run a search against a partition, see [Run a Search Against a Partition](/docs/manage/partitions/run-search-against-partition) and [Optimize Your Search with Partitions](/docs/search/optimize-search-partitions.md).
* To learn about data retention periods and how to modify them, see [Manage Indexes with Variable Retention](/docs/manage/partitions/manage-indexes-variable-retention).
### Best practices for optimum performance
When designing partitions, keep the following in mind:
-* **Avoid using queries that are subject to change**. In order to benefit from using Partitions, they should be used for long-term message organization.
-* **Make the query as specific as possible**. Making the query specific will reduce the amount of data in the Partition, which increases search performance.
+* **Avoid using queries that are subject to change**. In order to benefit from using partitions, they should be used for long-term message organization.
+* **Make the query as specific as possible**. Making the query specific will reduce the amount of data in the partition, which increases search performance.
* **Keep the query flexible**. Use a flexible query, such as `_sourceCategory=*Apache*`, so that metadata can be adjusted without breaking the query.
-* **Group data together that is most often used together**. For example, create Partitions for categories such as web data, security data, or errors.
+* **Group data together that is most often used together**. For example, create partitions for categories such as web data, security data, or errors.
* **Group data together that is used by teams**. Partitions are an excellent way to organize messages by role and teams within your organization.
-* **Avoid including too much data in your partition**. Send between 2% and 20% of your data to a Partition. Including 90% of the data in your index in a Partition won’t improve search performance.
-* **Don’t create overlapping partitions**. With multiple Partitions, messages could be duplicated if you create routing expressions that overlap. For example, if you have the following Partitions, messages for `_sourceCategory=prod/Apache` would be duplicated as they would be stored in both Partitions.
+* **Avoid including too much data in your partition**. Send between 2% and 20% of your data to a partition. Including 90% of the data in your index in a partition won’t improve search performance.
+* **Don’t create overlapping partitions**. With multiple partitions, messages could be duplicated if you create routing expressions that overlap. For example, if you have the following partitions, messages for `_sourceCategory=prod/Apache` would be duplicated as they would be stored in both partitions.
* Partition1: `_sourceCategory=prod`
* Partition2: `_sourceCategory=*/Apache`
-Overlapping data between two or more Partitions will count as additional ingest toward your account's quota. See [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index).
+Overlapping data between two or more partitions will count as additional ingest toward your account's quota. See [Data Volume Index](/docs/manage/ingestion-volume/data-volume-index).
## Edit a partition
This section has instructions for editing a partition.
-When you create a partition, you specify the Data Tier where the partition will reside, a routing expression that determines what data is stored in the partition, and a retention period. Optionally, you can enable data forwarding of the partition’s data to an S3 bucket.
+When you create a partition, you specify the data tier where the partition will reside, a routing expression that determines what data is stored in the partition, and a retention period. Optionally, you can enable data forwarding of the partition’s data to an S3 bucket.
### About partition editability
@@ -74,8 +74,8 @@ You can make some changes to an existing partition:
By default, Sumo Logic internal partitions like `sumologic_audit_events`, `sumologic_volume`, and so on, have the same retention period as the Default Continuous Index. You can change the retention period for any of these internal partitions as desired.
:::
* You can change the data forwarding configuration.
-* You cannot change the name of partition, reuse a partition name, or change the target Data Tier.
-* Security partitions can’t be edited. Sumo Logic stores Cloud SIEM Records in seven partitions, one for each [Cloud SIEM Record type](/docs/cse/schema/cse-record-types). The names of the Sumo Logic partitions that contain Cloud SIEM Records begin with the string `sec_record_`. If you have a role that grants you the **View Partitions** capability, you can view the security partitions in the Sumo Logic UI. Note, however, that no user can edit or remove a security partition.
+* You cannot change the name of partition, reuse a partition name, or change the target data tier.
+* Security partitions can’t be edited. Sumo Logic stores Cloud SIEM records in seven partitions, one for each [Cloud SIEM record type](/docs/cse/schema/cse-record-types). The names of the Sumo Logic partitions that contain Cloud SIEM records begin with the string `sec_record_`. If you have a role that grants you the **View Partitions** capability, you can view the security partitions in the Sumo Logic UI. Note, however, that no user can edit or remove a security partition.
### Changing a partition's routing expression
@@ -87,9 +87,9 @@ Before changing the routing expression for a partition, consider the impact of t
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Partitions**. You can also click the **Go To...** menu at the top of the screen and select **Partitions**. })
diff --git a/docs/manage/partitions/data-tiers/index.md b/docs/manage/partitions/data-tiers/index.md
index 240df92a21..be808dd005 100644
--- a/docs/manage/partitions/data-tiers/index.md
+++ b/docs/manage/partitions/data-tiers/index.md
@@ -1,11 +1,11 @@
---
slug: /manage/partitions/data-tiers
title: Data Tiers
-description: Data Tiers provide the ability to allocate data to different storage tiers based on frequency of access - Continuous, Frequent, and Infrequent.
+description: Data tiers provide the ability to allocate data to different storage tiers based on frequency of access - Continuous, Frequent, and Infrequent.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
-This page describes Sumo Logic's Data Tiers feature.
+This page describes Sumo Logic's data tiers feature.
:::tip
For related information, see [Data Tiers FAQ](faq.md).
@@ -21,25 +21,25 @@ Some use cases require “high touch” data that you need to monitor and analyz
Other use cases require much less frequent data analysis. Here, we’re talking about “low touch” data that can be very valuable when you want to mine your data for insights, provide periodic reports, or perform a root cause analysis. These use cases can require frequent or infrequent access to data like development, test, and pre-production logs; debug logs; CDN logs; and network logs.
-Sumo Logic’s *Data Tiers* provide a comprehensive solution for all types of data that an organization has, low touch, high touch and everything in between, at an economical price. Data Tiers provide tier-based pricing based on your planned usage of the data you ingest.
+Sumo Logic’s *data tiers* provide a comprehensive solution for all types of data that an organization has, low touch, high touch and everything in between, at an economical price. Data tiers provide tier-based pricing based on your planned usage of the data you ingest.
:::note
-Data Tiers must be enabled on your [Cloud Flex Legacy account](/docs/manage/manage-subscription/cloud-flex-legacy-accounts) or [Sumo Logic Credits account](/docs/manage/manage-subscription/sumo-logic-credits-accounts) plan to be able to access this functionality. Infrequent Tier, described below, is only available on Sumo Logic Credits. For more information, contact your Sumo Logic account representative.
+Data tiers must be enabled on your [Cloud Flex Legacy account](/docs/manage/manage-subscription/cloud-flex-legacy-accounts) or [Sumo Logic Credits account](/docs/manage/manage-subscription/sumo-logic-credits-accounts) plan to be able to access this functionality. Infrequent Tier, described below, is only available on Sumo Logic Credits. For more information, contact your Sumo Logic account representative.
:::
-## Types of Data Tiers
+## Types of data tiers
-Each Sumo Logic Data Tier supports a different use case and provides its own set of features and capabilities:
+Each Sumo Logic data tier supports a different use case and provides its own set of features and capabilities:
* The Continuous Tier is for the data you use to monitor and troubleshoot production applications and to ensure the security of your applications.
* The Frequent Tier - available only for Sumo Logic Enterprise Suite plans - is for data you need to frequently access to troubleshoot and investigate issues. For example, you might use the Frequent Tier for development and test data that helps you investigate issues during development. Searching the Frequent Tier is free: it's included in the data ingestion price.
* The Infrequent Tier - available only for Sumo Logic Enterprise Suite plans - is for data that is used to troubleshoot intermittent or hard-to-reproduce issues. For example, you might use the Infrequent Tier for debug logs, OS logs, thread dumps, and so on. The Infrequent Tier has a pay-per-search pricing model, and very low ingestion cost.
-## Planning your use of Data Tiers
+## Planning your use of data tiers
If you do not specify a data tier, all data ingested into Sumo Logic will go to the Continuous Tier. Only data that goes to a partition can go to the Frequent or Infrequent Tiers. You'll need to configure the target tier for the data in a partition on the **Partition** page.
-When planning your use of Data Tiers, it is important to remember the following guidelines:
+When planning your use of data tiers, it is important to remember the following guidelines:
* The General Index cannot be changed, and it is always in the Continuous Tier.
* The tier where you assign your data governs how you can search and analyze the data. The table below shows capabilities that are available in each tier.
@@ -52,7 +52,7 @@ After a partition is created in a given tier, you cannot change its tier. If you
## Feature support by tier
-How you can search and use your ingested data varies by the Data Tier it resides in, as described in the following table.
+How you can search and use your ingested data varies by the data tier it resides in, as described in the following table.
| Feature support | Continuous Tier | Frequent Tier | Infrequent Tier |
| :-- | :-- | :-- | :-- |
@@ -74,17 +74,17 @@ How you can search and use your ingested data varies by the Data Tier it resides
* Feature activation is subject to minimum volume and service plan requirements, confirmed at time of transaction.
-## Assigning data to a Data Tier
+## Assigning data to a data tier
-You assign data to a Data Tier at the partition level. When you create a partition, you define a routing expression and select the target tier for the data that matches the routing expression. For instructions, see [Create a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
+You assign data to a data tier at the partition level. When you create a partition, you define a routing expression and select the target tier for the data that matches the routing expression. For instructions, see [Create and Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
-## Searching Data Tiers
+## Searching data tiers
For information about searching data tiers, see [Searching Data Tiers](searching-data-tiers.md).
## Common error messages
-This section describes the most common error messages for Data Tiers.
+This section describes the most common error messages for data tiers.
* If you try to add a panel to a dashboard that uses data from the Frequent or Infrequent Tiers, you'll receive the following error message, because you can only use data from the Continuous Tier in a dashboard: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`})
* If you try to specify the scope of a Scheduled View or a Scheduled Search using a partition in the Frequent or Infrequent Data tiers, you'll receive this error message: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`
@@ -97,25 +97,25 @@ In this section, we'll introduce the following concepts:
}){kind=icon}
Learn how to create and edit a Partition in an Index.
+Learn how to create and edit a partition in an Index.
Learn how to view details about a Sumo Logic Partition.
+Learn how to view details about a Sumo Logic partition.
Learn how to search specific Data Tiers.
+Learn how to search specific data tiers.
Get answers on various FAQs about Data Tiers.
+Get answers on various FAQs about data tiers.
})
-1. Click the row for a Partition to view its details.})
+1. Click the row for a partition to view its details.
:::note
- The information displayed for partitions that contain Cloud SIEM Records varies from other partitions. You can tell if a partition contains Cloud SIEM Records from its name: The names of the Sumo Logic partitions that contain Cloud SIEM Records begin with the string `sec_record_`. The detailed view for security partitions does not display Data Tier or a routing expression. Note also that you can’t edit a security partition, or configure data forwarding for it. Cloud SIEM users can search security partitions, as described in [Searching for Cloud SIEM Records in Sumo Logic](/docs/cse/records-signals-entities-insights/search-cse-records-in-sumo).
+ The information displayed for partitions that contain Cloud SIEM records varies from other partitions. You can tell if a partition contains Cloud SIEM records from its name: The names of the Sumo Logic partitions that contain Cloud SIEM records begin with the string `sec_record_`. The detailed view for security partitions does not display Data Tier or a routing expression. Note also that you can’t edit a security partition, or configure data forwarding for it. Cloud SIEM users can search security partitions, as described in [Searching for Cloud SIEM Records in Sumo Logic](/docs/cse/records-signals-entities-insights/search-cse-records-in-sumo).
:::
diff --git a/docs/manage/partitions/decommission-partition.md b/docs/manage/partitions/decommission-partition.md
index 0f51ab8209..9d4ef5116c 100644
--- a/docs/manage/partitions/decommission-partition.md
+++ b/docs/manage/partitions/decommission-partition.md
@@ -20,5 +20,5 @@ To decommission a partition:
:::
1. The partition details appear on the right side of the page.})
1. Click **Decommission**.
-1. In the Confirm dialog, click **OK**.
+1. In the confirmation dialog, click **OK**.
1. The partition is decommissioned.
diff --git a/docs/manage/partitions/edit-data-forwarding-destinations-partition.md b/docs/manage/partitions/edit-data-forwarding-destinations-partition.md
index 76c08cd4a3..a58ae0465a 100644
--- a/docs/manage/partitions/edit-data-forwarding-destinations-partition.md
+++ b/docs/manage/partitions/edit-data-forwarding-destinations-partition.md
@@ -9,11 +9,11 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
You can specify data forwarding settings for a partition so that the messages that were routed to an index can be forwarded to an existing or new Amazon S3 destination.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Partitions**. You can also click the **Go To...** menu at the top of the screen and select **Partitions**. })
1. The partition details are displayed on the right side of the page.}){kind=icon}
1. Click **Edit** to open the pane for editing.
-1. You can configure Data Forwarding, or if Data Forwarding is already configured, modify the configuration. For more information, see [Forward Data from Sumo Logic to S3 or GCS](../data-forwarding/forward-data-from-sumologic.md).
+1. You can configure data forwarding, or if data forwarding is already configured, modify the configuration. For more information, see [Forward Data from Sumo Logic to S3 or GCS](../data-forwarding/forward-data-from-sumologic.md).
diff --git a/docs/manage/partitions/faq.md b/docs/manage/partitions/faq.md
index 73fb941b2a..75afd19c62 100644
--- a/docs/manage/partitions/faq.md
+++ b/docs/manage/partitions/faq.md
@@ -21,7 +21,7 @@ For Flex customers:
## How does Sumo Logic decide on which partitions to scan?
1. For any query, the first step is determining the scope of the query. If your query does not explicitly mention the `index/view` clause in the source expression, Sumo Logic will consider all partitions in the default scope. You can override the scope of the query by mentioning the specific `index/view` in the source expression `(_index=partitionA)` or adding other tier partitions in the scope by using `_dataTier` modifier like `_dataTier=Infrequent or _dataTier=All`.
-2. Then apply a **[partition selection process](#what-happens-in-the-partition-selection-process)** as mentioned below that helps with the final list of partitions that will scan.
+2. Then apply a [partition selection process](#what-happens-in-the-partition-selection-process) as mentioned below that helps with the final list of partitions that will scan.
## What happens in the partition selection process?
diff --git a/docs/manage/partitions/flex/create-edit-partition-flex.md b/docs/manage/partitions/flex/create-edit-partition-flex.md
index 65a181a39e..ba6c2facd7 100644
--- a/docs/manage/partitions/flex/create-edit-partition-flex.md
+++ b/docs/manage/partitions/flex/create-edit-partition-flex.md
@@ -1,7 +1,7 @@
---
id: create-edit-partition-flex
title: Create and Edit a Partition
-description: Learn how to create and edit a Partition in an Index.
+description: Learn how to create and edit a partition in an Index.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -11,15 +11,15 @@ Partitions provide three primary functions:
* Enhance searches
* Enhance retention options
-Partitions ingest your messages in real time, and differ from [Scheduled Views](/docs/manage/scheduled-views), which backfill with aggregate data. Partitions begin building a non-aggregate index from the time the Partition is created and only index data moving forward (from the time of creation).
+Partitions ingest your messages in real time, and differ from [Scheduled Views](/docs/manage/scheduled-views), which backfill with aggregate data. Partitions begin building a non-aggregate index from the time the partition is created and only index data moving forward (from the time of creation).
See [Partitions](/docs/manage/partitions) for limitations.
## Prerequisites
-To create or edit a Partition, you must be an account Administrator or have the [Manage Partitions role capability](/docs/manage/users-roles/roles/role-capabilities). It's important to note that Partitions only affect data generated from the date of their creation onwards; any data predating their establishment is not included.
+To create or edit a partition, you must be an account Administrator or have the [Manage Partitions role capability](/docs/manage/users-roles/roles/role-capabilities). It's important to note that partitions only affect data generated from the date of their creation onwards; any data predating their establishment is not included.
-## Create a Partition
+## Create a partition
:::important
The search modifier `dataTier` is not supported for Flex queries.
@@ -28,31 +28,31 @@ The search modifier `dataTier` is not supported for Flex queries.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Partitions**. You can also click the **Go To...** menu at the top of the screen and select **Partitions**.})
-1. **Name**. Enter a name for the Partition. Partitions must be named alphanumerically, with no special characters, with the exception of underscores (`_`) and hyphens (`-`). However, a Partition name cannot start with `sumologic_`, an underscore `_`, or a hyphen (`-`).
+1. **Name**. Enter a name for the partition. Partitions must be named alphanumerically, with no special characters, with the exception of underscores (`_`) and hyphens (`-`). However, a partition name cannot start with `sumologic_`, an underscore `_`, or a hyphen (`-`).
1. (Optional) **Include this partition in default scope**. By default, this checkbox is selected. Deselect this checkbox if you need to exclude this partition from the [default scope in your search](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope).
:::note
After changing the default scope of a partition, expect a delay of 2 to 3 minutes to reflect the change in the query scope.
:::
-1. **Routing Expression**. Enter a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that matches the data you want to have in the Partition, using [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) or [custom metadata fields](/docs/manage/fields).
-1. **Retention Period**. Enter the number of days you wish to retain the data in the Partition, or click **Apply the retention period of sumologic_default**.
+1. **Routing Expression**. Enter a [keyword search expression](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md) that matches the data you want to have in the partition, using [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) or [custom metadata fields](/docs/manage/fields).
+1. **Retention Period**. Enter the number of days you wish to retain the data in the partition, or click **Apply the retention period of sumologic_default**.
1. **Compliance data**. Click the **Mark as compliance data** to not change the routing expression and the retention period for partitions.
-1. **Data Forwarding**. If you want to forward the data in the Partition to a cloud environment, click **Enable Data Forwarding** and specify the necessary information for the options that appear. For more information, see [Data Forwarding](/docs/manage/data-forwarding).
+1. **Data Forwarding**. If you want to forward the data in the partition to a cloud environment, click **Enable Data Forwarding** and specify the necessary information for the options that appear. For more information, see [Data Forwarding](/docs/manage/data-forwarding).
### Enhance search and retention
-* To learn how to run a search against a Partition, see [Run a Search Against a Partition](/docs/manage/partitions/run-search-against-partition) and [Optimize Your Search with Partitions](/docs/search/optimize-search-partitions.md).
+* To learn how to run a search against a partition, see [Run a Search Against a Partition](/docs/manage/partitions/run-search-against-partition) and [Optimize Your Search with Partitions](/docs/search/optimize-search-partitions.md).
* To learn about data retention periods and how to modify them, see [Manage Indexes with Variable Retention](/docs/manage/partitions/manage-indexes-variable-retention).
### Best practices for optimum performance
When designing partitions, keep the following in mind:
-* **Avoid using queries that are subject to change**. In order to benefit from using Partitions, they should be used for long-term message organization.
-* **Make the query as specific as possible**. Making the query specific will reduce the amount of data in the Partition, which increases search performance.
+* **Avoid using queries that are subject to change**. In order to benefit from using partitions, they should be used for long-term message organization.
+* **Make the query as specific as possible**. Making the query specific will reduce the amount of data in the partition, which increases search performance.
* **Keep the query flexible**. Use a flexible query, such as `_sourceCategory=*Apache*`, so that metadata can be adjusted without breaking the query.
-* **Group data together that is most often used together**. For example, create Partitions for categories such as web data, security data, or errors.
+* **Group data together that is most often used together**. For example, create partitions for categories such as web data, security data, or errors.
* **Group data together that is used by teams**. Partitions are an excellent way to organize messages by role and teams within your organization.
-* **Avoid including too much data in your partition**. Send between 2% and 20% of your data to a Partition. Including 90% of the data in your index in a Partition won’t improve search performance.
-* **Don’t create overlapping partitions**. With multiple Partitions, messages could be duplicated if you create routing expressions that overlap. For example, if you have the following Partitions, messages for `_sourceCategory=prod/Apache` would be duplicated as they would be stored in both Partitions.
+* **Avoid including too much data in your partition**. Send between 2% and 20% of your data to a partition. Including 90% of the data in your index in a partition won’t improve search performance.
+* **Don’t create overlapping partitions**. With multiple partitions, messages could be duplicated if you create routing expressions that overlap. For example, if you have the following partitions, messages for `_sourceCategory=prod/Apache` would be duplicated as they would be stored in both partitions.
* Partition1: `_sourceCategory=prod`
* Partition2: `_sourceCategory=*/Apache`
@@ -76,15 +76,15 @@ You can make some changes to an existing partition:
* You can change the data forwarding configuration.
* You cannot change the name of a partition or reuse a partition name.
* You cannot edit the audit index partition to include it in the default scope.
-* Security partitions can’t be edited. Sumo Logic stores Cloud SIEM Records in seven partitions, one for each [Cloud SIEM Record type](/docs/cse/schema/cse-record-types). The names of the Sumo Logic partitions that contain Cloud SIEM Records begin with the string `sec_record_`. If you have a role that grants you the **View Partitions** capability, you can view the security partitions in the Sumo Logic UI. Note, however, that no user can edit or remove a security partition.
+* Security partitions can’t be edited. Sumo Logic stores Cloud SIEM records in seven partitions, one for each [Cloud SIEM record type](/docs/cse/schema/cse-record-types). The names of the Sumo Logic partitions that contain Cloud SIEM records begin with the string `sec_record_`. If you have a role that grants you the **View Partitions** capability, you can view the security partitions in the Sumo Logic UI. Note, however, that no user can edit or remove a security partition.
### How to edit a partition
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Partitions**. You can also click the **Go To...** menu at the top of the screen and select **Partitions**.})
diff --git a/docs/manage/partitions/flex/index.md b/docs/manage/partitions/flex/index.md
index fbbb5dcc95..f9fc7d1585 100644
--- a/docs/manage/partitions/flex/index.md
+++ b/docs/manage/partitions/flex/index.md
@@ -7,7 +7,7 @@ description: Learn about Sumo Logic Flex Pricing.
import useBaseUrl from '@docusaurus/useBaseUrl';
import Iframe from 'react-iframe';
-Flex Pricing delivers a new financial model for log management in which you can centralize, store, and analyze all application, infrastructure, and security data in one place. This drives collaboration and velocity while delivering a reliable and secure digital experience. Here's how it works:
+Flex Pricing delivers a new financial model for log management in which you can centralize, store, and analyze all application, infrastructure, and security data in one place. This drives collaboration and velocity while delivering a reliable and secure digital experience.
:::info
-To setup and configure the Flex app, refer to [Sumo Logic Flex](/docs/integrations/sumo-apps/flex/).
+To set up and configure the Flex app, refer to [Flex](/docs/integrations/sumo-apps/flex/).
:::
## Feature support
@@ -53,7 +53,7 @@ In this section, we'll introduce the following concepts:
Learn how to create and edit a Partition in an Index.
+Learn how to create and edit a partition in an Index.
})
-1. Click the row for a Partition to view its details.})
+1. Click the row for a partition to view its details.
:::note
- The information displayed for partitions that contain Cloud SIEM Records varies from other partitions. You can tell if a partition contains Cloud SIEM Records from its name because the names of the Sumo Logic partitions that contain Cloud SIEM Records begin with the string `sec_record_`. Note also that you can’t edit a security partition, or configure data forwarding for it. Cloud SIEM users can search security partitions, as described in [Searching for Cloud SIEM Records in Sumo Logic](/docs/cse/records-signals-entities-insights/search-cse-records-in-sumo).
+ The information displayed for partitions that contain Cloud SIEM records varies from other partitions. You can tell if a partition contains Cloud SIEM records from its name because the names of the Sumo Logic partitions that contain Cloud SIEM records begin with the string `sec_record_`. Note also that you can’t edit a security partition, or configure data forwarding for it. Cloud SIEM users can search security partitions, as described in [Searching for Cloud SIEM Records in Sumo Logic](/docs/cse/records-signals-entities-insights/search-cse-records-in-sumo).
:::
diff --git a/docs/manage/partitions/index.md b/docs/manage/partitions/index.md
index f025a68dea..d1690cd1ca 100644
--- a/docs/manage/partitions/index.md
+++ b/docs/manage/partitions/index.md
@@ -1,7 +1,7 @@
---
slug: /manage/partitions
title: Partitions
-description: Partitions speed the search process by allowing an Admin to filter a subset of the log messages in an index.
+description: Partitions speed the search process by allowing an admin to filter a subset of the log messages in an index.
---
import Iframe from 'react-iframe';
@@ -27,11 +27,11 @@ You can use Terraform to provide a partition with the [`sumologic_partition`](ht
Data Tiers provide the ability to allocate data to different storage tiers based on frequency of access - Continuous, Frequent, and Infrequent.
+Data tiers provide the ability to allocate data to different storage tiers based on frequency of access - Continuous, Frequent, and Infrequent.
Learn about the estimate scan data for Data tier and Flex pricing.
+Learn about the estimate scan data for data tier and Flex pricing.
Learn about Sumo Logic Flex Pricing.
Learn how to run a search against data in a Partition.
+Learn how to run a search against data in a partition.
Learn how to specify Data Forwarding settings for a Partition.
+Learn how to specify data forwarding settings for a partition.
Learn how to create Index Partitions and Scheduled Views to store your data.
+Learn how to create index partitions and Scheduled Views to store your data.
Learn how to decommission a Partition to keep it from being started.
+Learn how to decommission a partition to keep it from being started.
Answers to frequently asked questions about Sumo Logic Partitions.
+Answers to frequently asked questions about Sumo Logic partitions.
})
- :::info
- The new retention policy will apply to all logs in the partition that have not yet aged out, not just to newly ingested data.
- :::
+ :::info
+ The new retention policy will apply to all logs in the partition that have not yet aged out, not just to newly ingested data.
+ :::
1. If the new retention period is shorter than the previous period, a portion of your data will be deleted in 7 days or right away. Click **Save** and choose either:
* Simulate this data deletion for a few days and then reduce it permanently by selecting **Apply change in 7 days**. You will be billed for this data until the deletion is permanent, but it gives you a sense of how the deletion will impact you before it is final.})
:::info
diff --git a/docs/manage/partitions/run-search-against-partition.md b/docs/manage/partitions/run-search-against-partition.md
index 282ac568ff..0879dcad8e 100644
--- a/docs/manage/partitions/run-search-against-partition.md
+++ b/docs/manage/partitions/run-search-against-partition.md
@@ -65,7 +65,7 @@ Here are some examples where index aliasing is used in wildcard queries.
- If you have the [Data Tiers](/docs/manage/partitions/data-tiers/) feature, see [Searching Data Tiers](/docs/manage/partitions/data-tiers/searching-data-tiers/) for information about how to search partitions by Data Tier.
-- If you have the Flex feature, see [Searching Flex](/docs/manage/partitions/flex/) for information about how to search partitions.
+- If you have the Flex feature, see [Flex Pricing](/docs/manage/partitions/flex/) for information about how to search partitions.
## Why did I get a message to run a search against a partition?
diff --git a/docs/manage/scheduled-views/add-scheduled-view.md b/docs/manage/scheduled-views/add-scheduled-view.md
index 08ad9139a3..c390dc741f 100644
--- a/docs/manage/scheduled-views/add-scheduled-view.md
+++ b/docs/manage/scheduled-views/add-scheduled-view.md
@@ -30,7 +30,7 @@ For Scheduled View query requirements, see [Scheduled Views Best Practices and E
:::
1. **Timezone**. Select the timezone for the scheduled view of your choice from the drop-down. If you do not make a selection, the Scheduled View will default to the timezone preference in Sumo Logic. But if the timezone is not set in Sumo Logic *User Preferences* page, then this will default to the timezone from your browser.
1. **Retention Period.** Either enter a retention period for the data in the index, in days, or click **Apply the retention period of Default Partition**. For more information, see [Manage Indexes with Variable Retention](../partitions/manage-indexes-variable-retention.md).
-1. **Data Forwarding.** (Optional). Choose **Enable Data Forwarding** to [forward data from Sumo Logic to Amazon S3 or Google Cloud Storage](../data-forwarding/forward-data-from-sumologic.md). The results from the Scheduled View are forwarded to S3 or GCS. Raw logs are sent if the view query does not use an aggregate operator. If the view query performs an aggregation, aggregate results are sent. See [File Format](../data-forwarding/forward-data-from-sumologic.md) for details on how the file objects are structured.
+1. **Data Forwarding.** (Optional). Choose **Enable Data Forwarding** to [forward data from Sumo Logic to Amazon S3 or Google Cloud Storage](../data-forwarding/forward-data-from-sumologic.md). The results from the Scheduled View are forwarded to S3 or GCS. Raw logs are sent if the view query does not use an aggregate operator. If the view query performs an aggregation, aggregate results are sent. See [File format of forwarded data](/docs/manage/data-forwarding/forward-data-from-sumologic/#file-format-of-forwarded-data) for details on how the file objects are structured.
1. Click **Save**.
The view begins to index data as soon as you create it. Allow a few hours for the indexing to complete. If you've chosen to index a large amount of data and/or have chosen a long date range for the view, it could take a bit longer.
diff --git a/docs/manage/scheduled-views/index.md b/docs/manage/scheduled-views/index.md
index 61a72d6b21..37b0e18593 100644
--- a/docs/manage/scheduled-views/index.md
+++ b/docs/manage/scheduled-views/index.md
@@ -48,13 +48,13 @@ In this section, we'll introduce the following concepts:
}){kind=icon}
Learn how to pause view stops new data from being Indexed.
+Learn how to pause a view to stop new data from being indexed.
Learn how to run a search against Indexed data in a Scheduled View.
+Learn how to run a search against indexed data in a Scheduled View.
})
* **View the audit Log**. Audit log entries are created for configuration changes by administrators, when 2-Step Verification for a user is enabled or disabled, and when there is a failure to validate a 2-Step Verification code upon sign-in.
diff --git a/docs/manage/security/2-step-verification-users.md b/docs/manage/security/2-step-verification-users.md
index 91baef2371..d48f3783d6 100644
--- a/docs/manage/security/2-step-verification-users.md
+++ b/docs/manage/security/2-step-verification-users.md
@@ -1,7 +1,7 @@
---
id: 2-step-verification-users
title: 2-Step Verification for Users
-description: Learn how to set up and use Multi-factor authentication for your user account.
+description: Learn how to set up and use 2-Step Verification for your user account.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -68,7 +68,7 @@ To change your device for 2-Step Verification:
1. Click **Change Device** under **My Security Settings**.
1. Open your TOTP app on the new device and scan the QR code that you see on the screen. If you are unable to scan the code, you can enter the code displayed below the QR code manually. })
1. Enter two consecutive codes generated by the TOTP app. These codes are required for clock synchronization.
-1. Enter your Sumo Logic password. This step provides an additional layer of security, to prevent someone from changing the device if you step away from your browser while you're signed in to Sumo.
+1. Enter your Sumo Logic password. This step provides an additional layer of security, to prevent someone from changing the device if you step away from your browser while you're signed in to Sumo Logic.
1. Click **Continue**.
1. Click **Save**.
diff --git a/docs/manage/security/access-keys.md b/docs/manage/security/access-keys.md
index 705357ea16..4a97974ae9 100644
--- a/docs/manage/security/access-keys.md
+++ b/docs/manage/security/access-keys.md
@@ -9,7 +9,7 @@ import Iframe from 'react-iframe';
In Sumo Logic, you'll need an access key to:
* **Register new Collectors**. When you install a collector, in addition to having a role that grants you the **Manage Collectors** capability, you must supply an access key. You can use a different access key for each collector, or use the same access key for multiple collectors. The only time a collector uses the access key is at installation, so if a key is deleted after a collector has been set up, the collector isn't affected.
-* **Use Sumo Logic APIs**. You must supply an access key to use the Sumo Logic APIs. See [API Authentication](/docs/api/about-apis/getting-started#authentication) for details.
+* **Use Sumo Logic APIs**. You must supply an access key to use the Sumo Logic APIs. See [Authentication](/docs/api/about-apis/getting-started#authentication) for details.
* **Run scripts or automation**. Create access keys to provide authentication for scripts or automation.
:::sumo Micro Lesson
@@ -78,9 +78,9 @@ If you are an administrator who needs to create an access key for system use (su
* **Default**. The key has all permissions.
* **Custom**. The key has only the specified permissions. })
})
1. Click **Save** to generate the key.
-1. **IMPORTANT**. Copy both the generated Access ID and Access Key before clicking **Done**. *This is the only time you will be able to copy the ID and key*.})
+1. **IMPORTANT**. Copy both the generated access ID and access key before clicking **Done**. *This is the only time you will be able to copy the ID and key*.
:::warning
- After you click **Done**, you will not be able to recover this Access ID and Access Key.
+ After you click **Done**, you will not be able to recover this access ID and access key.
:::
All personal access keys created in the organization are displayed in the **Access Keys** tab, described next.
@@ -135,7 +135,7 @@ an Access-Control-Allow-Origin header.
:::note
After an access key is deactivated, there can be a brief period of time during which a previous successful authentication remains cached and a subsequent API request using the deactivated key will succeed. This could occur if the access key was used to authenticate within 15 minutes prior to the key being deactivated.
:::
- * **Rotate**. Refresh an access key with a new Access ID and Access Key. Copy the new ID and key and use them in all the places where the previous access key was used. (The old key is still usable for 5 minutes after rotation.) Rotate access keys in accordance with your company's rules. By default, access keys are set to never expire after creation or rotation, though the [access keys expiration policy](#access-keys-expiration-policy) can be updated by a Sumo Logic administrator. An access key's expiration date appears in the **Expires At** column.
+ * **Rotate**. Refresh an access key with a new access ID and access key. Copy the new ID and key and use them in all the places where the previous access key was used. (The old key is still usable for 5 minutes after rotation.) Rotate access keys in accordance with your company's rules. By default, access keys are set to never expire after creation or rotation, though the [access keys expiration policy](#access-keys-expiration-policy) can be updated by a Sumo Logic administrator. An access key's expiration date appears in the **Expires At** column.
* **Delete**. Permanently removes the access key. The key will no longer be usable for API calls. However, deleting a key used to register a collector does not affect the collector, since the only time a collector uses the access key is at installation.
### Organization access keys
@@ -149,14 +149,14 @@ If you have the [**Manage Access Keys** role capability](/docs/manage/users-role
To enhance the security of your account, Sumo Logic will by default automatically deactivate access keys that haven’t been used for 30 days or more. As an extra security measure, deactivating an access key that has gone unused will ensure that forgotten keys cannot be used later to access your account.
-An administrator can adjust the limit to the number of days an Access Key can go unused before being automatically deactivated. To configure this option, you must be a Sumo Logic Administrator or have the **Manage organization settings** role capability.
+An administrator can adjust the limit to the number of days an access key can go unused before being automatically deactivated. To configure this option, you must be a Sumo Logic administrator or have the **Manage organization settings** role capability.
To configure the access keys deactivation policy:
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account Security Settings** select **Policies**. You can also click the **Go To...** menu at the top of the screen and select **Policies**. })
:::note
- This section is visible to Administrators only.
+ This section is visible to administrators only.
:::
### Access keys expiration policy
@@ -165,14 +165,14 @@ By default, access keys are set to never expire. However, an administrator can u
An access key's expiration date appears in the **Expires At** column on the **Access Keys** tab. You can sort by this column to see when you must rotate keys. To rotate a key, hover your mouse over an access key, click the three-dot kebab icon, and select **Rotate**. (The old key is still usable for 5 minutes after rotation.) Rotating an access key resets its expiration date according to the number of days in the policy.
-An administrator can adjust the time period before access keys expire. To configure this option, you must be a Sumo Logic Administrator or have the **Manage organization settings** role capability.
+An administrator can adjust the time period before access keys expire. To configure this option, you must be a Sumo Logic administrator or have the **Manage organization settings** role capability.
To configure the access keys expiration policy:
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account Security Settings** select **Policies**. You can also click the **Go To...** menu at the top of the screen and select **Policies**. })
:::note
- This section is visible to Administrators only.
+ This section is visible to administrators only.
:::
:::warning
diff --git a/docs/manage/security/audit-indexes/audit-event-index.md b/docs/manage/security/audit-indexes/audit-event-index.md
index 5eae3d62f1..bcd8d2e82d 100644
--- a/docs/manage/security/audit-indexes/audit-event-index.md
+++ b/docs/manage/security/audit-indexes/audit-event-index.md
@@ -132,4 +132,4 @@ Each audit event log has common keys that categorize it to a product area and pr
## Index retention period
-By default, the retention period of the Audit Event index is the same as the retention period of your Default Partition. You can change the retention period by editing the relevant partition, `sumologic_audit_events`. For more information, see [Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
+By default, the retention period of the Audit Event index is the same as the retention period of your Default Partition. You can change the retention period by editing the relevant partition, `sumologic_audit_events`. For more information, see [Create and Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
diff --git a/docs/manage/security/audit-indexes/audit-index.md b/docs/manage/security/audit-indexes/audit-index.md
index 7f1f726b02..034ba2b1f8 100644
--- a/docs/manage/security/audit-indexes/audit-index.md
+++ b/docs/manage/security/audit-indexes/audit-index.md
@@ -30,7 +30,7 @@ All users can access the data contained within the audit index, but only adminis
1. Next to **Sumo Logic Auditing**, select the **Enable** check box.
:::important
-Auditing typically adds a nominal amount of data to your overall volume (approximately one to two percent) when pre-aggregated. In your Sumo Logic account, this data will count against your data volume quota. For more information, see [Manage Ingestion](/docs/manage/ingestion-volume/log-ingestion).
+Auditing typically adds a nominal amount of data to your overall volume (approximately one to two percent) when pre-aggregated. In your Sumo Logic account, this data will count against your data volume quota. For more information, see [Log Ingestion](/docs/manage/ingestion-volume/log-ingestion).
:::
## Query the audit index
@@ -73,17 +73,17 @@ The table below lists defines the fields returned for an audit event. Note that
| Action | The action that was performed. Actions vary by event type. For more information, see [Audit event classes and actions](#audit-event-classes-and-actions). |
| Class | The object affected by the event. Classes vary by event type. For more information, see [Audit event classes and actions](#audit-event-classes-and-actions). |
| Collector | Values include "InternalCollector". |
-| Interface | Indicates how the event was initiated from the Sumo UI or using an API. Values include: "UI", "API", and "INTERNAL". |
+| Interface | Indicates how the event was initiated from the Sumo Logic UI or using an API. Values include: "UI", "API", and "INTERNAL". |
| `_sourceCategory` | The source category associated with the event type. For more information, see [Audit index source categories](#audit-index-source-categories). |
| `_sourceHost` | IP address of the source's host, or "no_sourceHost". |
| sourceSession | The session ID associated with the event, or "no_session". |
-| sourceUser | The Sumo username associated with the event. |
+| sourceUser | The Sumo Logic username associated with the event. |
| Status | The status of the action, which can be success or failure |
| Target | The object for the action, such as a key name. |
## Audit event classes and actions
-The sections list the classes of objects — for example: collectors, users, and sessions—for which Sumo writes audit logs, and the actions, such as create or delete, that result in a message to the audit log.
+The sections list the classes of objects — for example: collectors, users, and sessions—for which Sumo Logic writes audit logs, and the actions, such as create or delete, that result in a message to the audit log.
When you query the audit index, the search results will include the class and action for each audit log. The `class` and `action` are hidden by default. To display a hidden field, click the checkbox next to it in the **Hidden Fields** section of the **Messages** tab. You can also perform targeted searches of the audit index using the `class` and `action` fields in your query.
@@ -107,7 +107,7 @@ The table below shows the value of the `class` and `action` fields for account m
### Microsoft Office 365 Audit Source events
-Sumo logs audit messages for Microsoft Office 365 Audit Source when the following events occur:
+Sumo Logic logs audit messages for Microsoft Office 365 Audit Source when the following events occur:
* Source registration success with Microsoft
* Failure to read back content from Microsoft
@@ -139,7 +139,7 @@ The events have these formats:
Status is provided to the audit index (`_index=sumologic_audit`) in the account management source category
(`_sourceCategory=account_management`) and volume quota source (`_sourceName=VOLUME_QUOTA`). The status includes the type of resource that experienced throttling in the last 15 minutes.
-A scheduled search can be set up to send an alert when throttling occurs. See [Schedule a search](/docs/alerts/scheduled-searches).
+A scheduled search can be set up to send an alert when throttling occurs. See [Create a Scheduled search](/docs/alerts/scheduled-searches/schedule-search).
Throttling events reported include:
@@ -278,12 +278,12 @@ The table below shows the value of the `class` and `action` fields for schedule
| Finish | Scheduled search finished successfully. |
| Delete | Scheduled search was deleted. |
| Modify | The alert condition for the scheduled search was met and the alert action was fired. |
-| Timeout | Scheduled search did not complete within the timeout period, which is 20 minutes to an hour, depending on the time range set for the query.}){kind=icon}
See Audit Event Log Definitions documentation for audited events.
+Documentation for audited events.
})
:::note
-* Users with a role that grants the [**Manage audit data feed**](/docs/manage/users-roles/roles/role-capabilities#security) capability are allowed to enable the Search Audit Index.
+* Users with a role that grants the [Manage Audit Data Feed](/docs/manage/users-roles/roles/role-capabilities#security) capability are allowed to enable the Search Audit Index.
* Enabling the index will not count towards your data volume quota.
* Logging to the index begins when the index is enabled.
:::
@@ -46,7 +46,7 @@ Querying the index returns results only if the index is enabled.
## Index retention period
-By default, the retention period of the Search Audit index is the same as the retention period of your Default partition. You can change the retention period by editing the partition that contains the index, `sumologic_search_usage_per_query`. For more information, see [Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
+By default, the retention period of the Search Audit Index is the same as the retention period of your default partition. You can change the retention period by editing the partition that contains the index, `sumologic_search_usage_per_query`. For more information, see [Create and Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
## Log Search Audit Index message fields
@@ -55,7 +55,7 @@ The following table provides details on the fields returned by the index:
| Field | Description |
|:--|:--|
| `time` | The time when the audit log was generated. |
-| `analytics_tier` | The data tier associated with the audit message. Learn more about [Data Tiers](/docs/manage/partitions/data-tiers). |
+| `analytics_tier` | The data tier associated with the audit message. Learn more about [data tiers](/docs/manage/partitions/data-tiers). |
| `content_identifier` | The ID of the content item that triggered the search query. |
| `content_name` | The name of the content item that triggered the search query. |
| `data_retreived_bytes` | Amount of data retrieved by the search query. This represents the approximate size of messages that match the source expression of the query and are retrieved from scanning. |
@@ -82,13 +82,13 @@ The table below shows the possible values for the `query_type` field.
| query_type value | Description |
|:--|:--|
-| Alerts | Search queries run by users accessing the [Alert Response Page](/docs/alerts/monitors/alert-response). |
-| Search API | Search queries run by users using the [Search Job API](/docs/api/search-job) only. |
+| Alerts | Search queries run by users accessing the [Alert Response](/docs/alerts/monitors/alert-response) page. |
+| Search API | Search queries run by users using the [Search Job APIs](/docs/api/search-job) only. |
| Interactive Search | Search queries run from the Search tab in the UI only. |
| Interactive Dashboard | Search queries run from dashboards in the UI only. |
-| Scheduled Search | [Scheduled search](/docs/alerts/scheduled-searches) queries run as per the frequency specified by users in the org. |
+| Scheduled Search | [Scheduled sSearch](/docs/alerts/scheduled-searches) queries run as per the frequency specified by users in the org. |
| View Maintenance | [Scheduled View](/docs/manage/scheduled-views) queries run on behalf of the users in the org. |
-| Sumo Internal | The Internal searches Sumo Logic runs in the background that are critical in providing other services (for example, autocomplete, scheduled view optimization, etc.). |
+| Sumo Internal | The internal searches Sumo Logic runs in the background that are critical in providing other services (for example, autocomplete, scheduled view optimization, etc.). |
| Auto Refresh Dashboard | Search queries used to power auto refresh dashboard panels. |
| Monitor | Queries associated with [monitors](/docs/alerts/monitors). |
| Span Analytics | Queries run for filtering and aggregating trace data based on [span attributes](/docs/apm/spans) to understand application services performance. Queries can be built using input fields, with filters and visualized results available. |
diff --git a/docs/manage/security/audit-indexes/system-event-index.md b/docs/manage/security/audit-indexes/system-event-index.md
index 649c6fbe31..f29368ee63 100644
--- a/docs/manage/security/audit-indexes/system-event-index.md
+++ b/docs/manage/security/audit-indexes/system-event-index.md
@@ -16,7 +16,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
The System Event Index contains event logs in JSON format on system activities triggered by Sumo Logic, for example, throttling events, rules triggered, and so on. Examining system events allows you to monitor and audit system changes. Enterprise accounts have the System Event Index enabled and available to search by default.
-This index is separate from the [Audit Event Index](/docs/manage/security/audit-indexes/audit-index), which shows user action events rather than events triggered by Sumo Logic.
+This index is separate from the [Audit Event Index](/docs/manage/security/audit-indexes/audit-event-index/), which shows user action events rather than events triggered by Sumo Logic.
## Documentation
@@ -125,4 +125,4 @@ Each system event log has common keys that categorize it to a product area and p
## Index retention period
-By default, the retention period of the System index is the same as the retention period of your Default Partition. You can change the retention period by editing the relevant partition `sumologic_system_events`. For more information, see [Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
+By default, the retention period of the System index is the same as the retention period of your Default Partition. You can change the retention period by editing the relevant partition `sumologic_system_events`. For more information, see [Created and Edit a Partition](/docs/manage/partitions/data-tiers/create-edit-partition).
diff --git a/docs/manage/security/create-allowlist-ip-cidr-addresses.md b/docs/manage/security/create-allowlist-ip-cidr-addresses.md
index 55acc65110..3646602ff0 100644
--- a/docs/manage/security/create-allowlist-ip-cidr-addresses.md
+++ b/docs/manage/security/create-allowlist-ip-cidr-addresses.md
@@ -32,7 +32,7 @@ The IP is generally your host IP address. But if your request is coming through
1. Under **Service Allowlist Settings**, select the **Enable Dashboard Allowlist** check box. })
1. Copy and paste your IP address in the **IP Address or CIDR** text box, a **Description** is optional, then click **Add**.
1. Type additional IP and/or CIDR addresses in the text box, and click **Add**. Repeat this step until you've added all the addresses you'd like to allowlist.
-vClick **Save**.
+Click **Save**.
### Disable allowlist settings
diff --git a/docs/manage/security/index.md b/docs/manage/security/index.md
index 08ea5b5189..502845bcc5 100644
--- a/docs/manage/security/index.md
+++ b/docs/manage/security/index.md
@@ -44,7 +44,7 @@ In this section, we'll introduce the following concepts:
Learn how to use Access Keys to securely register new Collectors or access Sumo Logic APIs.
+Learn how to use Access Keys to securely register new collectors or access Sumo Logic APIs.
})
-### Add Token
+### Add token
1. Click the **+ Add Token** button on the top right of the table. A panel named **Create Installation Token** appears to the right of the table.
1. Input a unique name and optionally provide a description, then click **Save**.})
-### Deactivate Token
+### Deactivate token
-Deactivated tokens cannot be used to register Collectors. You can deactivate a token at any time.
+Deactivated tokens cannot be used to register collectors. You can deactivate a token at any time.
Select **Deactivate** from the menu on the right of the row on the table or in the details pane of the token under the **More Actions** dropdown.
})
-### Delete Token
+### Delete token
-Deleted tokens are removed from your account and cannot be used anymore. Since tokens are only used to register a Collector it won't affect registered Collectors.
+Deleted tokens are removed from your account and cannot be used anymore. Since tokens are only used to register a collector it won't affect registered collectors.
Select **Delete Token** from the menu on the right of the row on the table or in the details pane of the token under the **More Actions** dropdown.
@@ -83,7 +83,7 @@ Select **Delete Token** from the menu on the right of the row on the table or i
## Using Installation Tokens
-This section provides information on using Installation Tokens to register [Installed Collectors](/docs/send-data/installed-collectors). For details on Collector installation, see [Install a Collector on Linux](/docs/send-data/installed-collectors/linux.md), [Install a Collector on MacOS](/docs/send-data/installed-collectors/macos.md), and [Install a Collector on Windows](/docs/send-data/installed-collectors/windows.md).
+This section provides information on using Installation Tokens to register [Installed Collectors](/docs/send-data/installed-collectors). For details on collector installation, see [Install a Collector on Linux](/docs/send-data/installed-collectors/linux.md), [Install a Collector on macOS](/docs/send-data/installed-collectors/macos.md), and [Install a Collector on Windows](/docs/send-data/installed-collectors/windows.md).
### Command line installer
@@ -95,7 +95,7 @@ For example:
sudo ./SumoCollector.sh -q -Vsumo.token_and_url=})
* **First Name**. Enter: `FirstName `
* **Last Name**. Enter: `LastName `
- * **On Demand Provisioning Roles**. Specify the Sumo RBAC roles you want to assign when user accounts are first provisioned. (The roles must already exist in Sumo.) If you enter multiple roles, separate them with commas. For example: `Analyst, CollectorManager`
+ * **On Demand Provisioning Roles**. Specify the Sumo Logic RBAC roles you want to assign when user accounts are first provisioned. (The roles must already exist in Sumo Logic.) If you enter multiple roles, separate them with commas. For example: `Analyst, CollectorManager`
1. Click **Save**.
1. To view the details of your configuration, select it the **Configuration List.** })
1. Keep the panel open. When you complete the AWS Single Sign-on configuration below, you will copy the **Assertion Consumer** and **Entity ID** values into AWS Single Sign-on. })
@@ -61,9 +61,9 @@ This section has instructions for configuring basic SAML in Sumo Logic.
1. Click **Save Changes**.
1. On the **Assigned Users** tab of your new AWS SSO configuration, click **Assign users**. })
1. Select the individual users or groups that you want to allow to sign into Sumo Logic using AWS SSO. If you have not previously configured AWS Single Sign on you may need to first add your users and groups, as described in AWS help:
- * [Add Users](https://docs.aws.amazon.com/singlesignon/latest/userguide/addusers.html)
- * [Add Groups](https://docs.aws.amazon.com/singlesignon/latest/userguide/addgroups.html)
- * [Add Users to Groups](https://docs.aws.amazon.com/singlesignon/latest/userguide/adduserstogroups.html)
+ * [Add users](https://docs.aws.amazon.com/singlesignon/latest/userguide/addusers.html)
+ * [Add groups](https://docs.aws.amazon.com/singlesignon/latest/userguide/addgroups.html)
+ * [Add users to groups](https://docs.aws.amazon.com/singlesignon/latest/userguide/adduserstogroups.html)
1. Click **Assign Users** to complete the addition of your users to the configuration.
-This completes the setup for AWS Single Sign-On to Sumo Logic. Your users should now be able to sign in to Sumo Logic from your AWS SAML Application page by clicking the SumoLogic tile.
+This completes the setup for AWS Single Sign-On to Sumo Logic. Your users should now be able to sign in to Sumo Logic from your AWS SAML Application page by clicking the Sumo Logic tile.
diff --git a/docs/manage/security/saml/integrate-google-iam-service.md b/docs/manage/security/saml/integrate-google-iam-service.md
index 4ed05a24c6..e1e34aa2d7 100644
--- a/docs/manage/security/saml/integrate-google-iam-service.md
+++ b/docs/manage/security/saml/integrate-google-iam-service.md
@@ -13,13 +13,13 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
| Cloud Flex | Trial, Enterprise |
| Credits | Trial, Essentials, Enterprise Operations, Enterprise Security, Enterprise Suite |
-This page has instructions for integrating Sumo Logic SAML with Google Apps IAM. This allows Sumo users to use Google Apps credentials to log into Sumo Logic using Single Sign-On (SSO).
+This page has instructions for integrating Sumo Logic SAML with Google Apps IAM. This allows Sumo Logic users to use Google Apps credentials to log into Sumo Logic using Single Sign-On (SSO).
For more information, refer to [the Google Support documentation](https://support.google.com/a/answer/6087519?hl=en).
## Before you start
-For key information about SAML in Sumo, see the [Limitations](set-up-saml.md) section of the "Set Up SAML for Single Sign-On" page.
+For key information about SAML in Sumo Logic, see [Limitations](/docs/manage/security/saml/set-up-saml/#limitations).
### Configure SSO for a Custom App
@@ -27,7 +27,7 @@ For key information about SAML in Sumo, see the [Limitations](set-up-saml.md)
1. Select **Apps > SAML Apps**.
1. Select a new SAML app to be configured, or click the **+** at the bottom of the page.
1. On the **Enable SSO for SAML Application** page, select **Setup my own Custom App** at the bottom of the page. })
-1. The **Google IdP Information** page appears. Make note of the following URLs, as you will supply them when you configure SAML in Sumo:
+1. The **Google IdP Information** page appears. Make note of the following URLs, as you will supply them when you configure SAML in Sumo Logic:
* **SSO URL**. You'll enter this URL as the **Authn Request URL** when you perform the steps in [Configure Sumo Logic SAML](#configure-sumo-logic-saml) below.
* **Entity ID**. You'll enter this URL as the **Issuer** in Sumo Logic when you perform the steps in [Configure Sumo Logic SAML](#configure-sumo-logic-saml) below. })
@@ -45,20 +45,20 @@ For key information about SAML in Sumo, see the [Limitations](set-up-saml.md)
1. Click **+ Add Configuration** to create a new configuration. }){kind=icon}
1. The **Add Configuration** page appears. })
1. **Configuration Name.** Google Apps Auth (or, you can enter any name you like).
-1. **Debug Mode.** Not required. Activating this setting now is useful for troubleshooting later. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](view-saml-debug-information.md).
+1. **Debug Mode.** Not required. Activating this setting now is useful for troubleshooting later. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](/docs/manage/security/saml/view-saml-debug-information/).
1. **Issuer.** Enter the **Entity ID** from the **Google IdP Information** dialog.
1. **X.509 Certificate.** Open the certificate file that you downloaded from the **Google IdP Information** dialog in a text editor. Copy and paste the contents into this field.
1. **Attribute Mapping**. Select **Use SAML attribute** and type the email attribute name in the text box.
-1. **SP Initiated Login Configuration**. (Optional) This step has instructions for setting up SP-initiated login. When SP initiated login has been enabled, your SAML configuration will appear as an additional authentication option within your subdomain-enabled account login page. SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in the [Change account subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings) section of the *Manage Organization* topic.
+1. **SP Initiated Login Configuration**. (Optional) This step has instructions for setting up SP-initiated login. When SP initiated login has been enabled, your SAML configuration will appear as an additional authentication option within your subdomain-enabled account login page. SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in [Set up a custom subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings/#set-up-a-customsubdomain).
1. **Authn Request URL.** Enter the **SSO URL** from the **Google IdP Information** dialog.
- 1. **Disable Requested Authn Context**. (Optional) If you check this option, Sumo will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
- 1. **Sign Authn Request.** (Optional) If you select this option, Sumo will send signed Authn requests to your IdP. When you click this option, a Sumo-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to verify the signature of the Authn requests sent by Sumo.
-1. **Roles Attribute.** When you click this option, the **Roles** **Attribute** field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see [Set Up SAML for Single Sign-On](set-up-saml.md).
-1. **On-Demand provisioning.** Select this option and specify the following attributes to have Sumo Logic automatically create accounts when a user first logs on. For more information, see [Set Up SAML for Single Sign-On](set-up-saml.md).
+ 1. **Disable Requested Authn Context**. (Optional) If you check this option, Sumo Logic will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
+ 1. **Sign Authn Request.** (Optional) If you select this option, Sumo Logic will send signed Authn requests to your IdP. When you click this option, a Sumo Logic-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to verify the signature of the Authn requests sent by Sumo Logic.
+1. **Roles Attribute.** When you click this option, the **Roles** **Attribute** field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see [Set Up SAML for Single Sign-On](/docs/manage/security/saml/set-up-saml/).
+1. **On-Demand provisioning.** Select this option and specify the following attributes to have Sumo Logic automatically create accounts when a user first logs on. For more information, see [Set Up SAML for Single Sign-On](/docs/manage/security/saml/set-up-saml/).
1. **First Name Attribute.** FirstName
1. **Last Name Attribute.** LastName
- 1. **On Demand Provisioning Roles**. Specify the Sumo RBAC roles you want to assign when user accounts are provisioned. (The roles must already exist.)
-1. **Logout Page**. Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see [Set Up SAML for Single Sign-On.](set-up-saml.md)
+ 1. **On Demand Provisioning Roles**. Specify the Sumo Logic RBAC roles you want to assign when user accounts are provisioned. (The roles must already exist.)
+1. **Logout Page**. Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see [Set Up SAML for Single Sign-On.](/docs/manage/security/saml/set-up-saml/)
1. Click **Add** to save the configuration.
1. To view the details of your configuration, select it the **Configuration List**. The right side of the page displays the **Assertion Consumer**. You'll need to provide it when you complete the Google SAML configuration. })
diff --git a/docs/manage/security/saml/integrate-onelogin.md b/docs/manage/security/saml/integrate-onelogin.md
index cb3729aeb9..521e84af72 100644
--- a/docs/manage/security/saml/integrate-onelogin.md
+++ b/docs/manage/security/saml/integrate-onelogin.md
@@ -17,7 +17,7 @@ This section has instructions for integrating OneLogin and Sumo Logic to allow S
## Before you start
-Read the "Limitations section" on [Set Up SAML for Single Sign-On](set-up-saml.md).
+Read [Limitations](/docs/manage/security/saml/set-up-saml/#limitations).
## Configure a SAML app in OneLogin
@@ -25,7 +25,7 @@ Read the "Limitations section" on [Set Up SAML for Single Sign-On](set-up-saml.
1. On the **Applications** page, click **Add App**. })
1. On the **Find Applications** page, search for Sumo Logic and select the **Sumo Logic SAML 2.0** app. })
1. On the **Add Sumo Logic** page:
- * **Display Name**. This is the display name that will appear on your OneLogin portal page. Edit as desired
+ * **Display Name**. This is the display name that will appear on your OneLogin portal page. Edit as desired.
* **Visible in portal**. Toggle this option off if you do not want Sumo Logic to appear on your OneLogin portal page.
* **Icons**. (Optional) If desired, you can upload different icons to display on your OneLogin portal page.
* **Description**. (Optional) Provide a short description for this application.
@@ -37,13 +37,13 @@ Read the "Limitations section" on [Set Up SAML for Single Sign-On](set-up-saml.
* **NameID**. Select "Email" or something equivalent to the users email to use as the Sumo Logic credential.
* **Role**. If you will be sending multiple OneLogin roles then change this to "**Semicolon Delimited Input (multi-value output)**". })
1. On the **SSO** tab:
- * Copy the **Issuer URL** and the **SAML 2.0 Endpoint** to supply when you configure Sumo Logic in Step 2 below.
+ * Copy the **Issuer URL** and the **SAML 2.0 Endpoint** to supply when you configure Sumo Logic below.
* Right-Click **View Details** for the X.509 Certificate and open in a new tab. })
* On the **Certificates** page, copy the **X.509 Certificate**. You'll supply it when you configure Sumo Logic in the following section. })
1. On the **Access** tab, choose which roles will have access to Sumo Logic. })
1. Click **Save**.
-### Configure SAML in Sumo
+### Configure SAML in Sumo Logic
This section has instructions for configuring SAML in Sumo Logic.
@@ -51,14 +51,14 @@ This section has instructions for configuring SAML in Sumo Logic.
1. Click **+ Add Configuration** to create a new configuration. })
1. The **Add Configuration** page appears.})
1. **Configuration Name**. Enter a name to identify the SSO policy (or another name used internally to describe the policy).
-1. **Debug Mode**. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](view-saml-debug-information.md).
+1. **Debug Mode**. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](/docs/manage/security/saml/view-saml-debug-information/).
1. **Issuer**. Paste in the **Issuer URL** you copied from the OneLogin **SSO** page, as described above.
1. **X.509 Certificate**. Paste in the certificate you downloaded from the OneLogin **SSO** page, as described above.
1. **Attribute mapping**. Select "Use SAML subject".
-1. **SP-initiated Login**. (Optional) This configuration enables a Sumo user to initiate login from Sumo Logic. To configure this option, see [Configure SP-initiated login](#configuresp-initiated-login).
+1. **SP-initiated Login**. (Optional) This configuration enables a Sumo Logic user to initiate login from Sumo Logic. To configure this option, see [Configure SP-initiated login](#configuresp-initiated-login).
1. **Roles Attribute**. (Optional). To configure this option, see [Configure on-demand role provisioning](#configure-on-demand-role-provisioning).
-1. **On Demand Provisioning**. (Optional). See [Configure on demand provisioning](#configure-on-demand-account-provisioning) below.
-v**Logout Page**. When a Sumo user logs out of Sumo Logic or if the user’s session times out, they will be redirected to the page you specify. If you want users to be redirected to your OneLogin portal page, enter `https``://your-domain.onelogin.com/portal/` where `your-domain` is your company's OneLogin domain.
+1. **On Demand Provisioning**. (Optional). See [Configure on-demand account provisioning](#configure-on-demand-account-provisioning) below.
+v**Logout Page**. When a Sumo Logic user logs out of Sumo Logic or if the user’s session times out, they will be redirected to the page you specify. If you want users to be redirected to your OneLogin portal page, enter `https``://your-domain.onelogin.com/portal/` where `your-domain` is your company's OneLogin domain.
1. Click **Add**.
1. To view the details of your configuration, select it the **Configuration List**.
1. Copy the **Assertion Consumer** and **Entity ID** from the details pane. You'll paste these into the OneLogin **Configuration** page, as described in the following section. })
@@ -78,10 +78,10 @@ features.
### Configure SP-initiated login
:::tip
-SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in the [Change account subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings) section of the *Manage Organization* topic.
+SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in [Set up a custom subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings/#set-up-a-customsubdomain).
:::
-This configuration enables a Sumo user to initiate login from Sumo Logic. Sumo redirects the user to OneLogin with a SAML AuthnRequest with the information that OneLogin needs to authenticate the user. OneLogin replies to Sumo with a SAML Assertion (SAMLResponse).
+This configuration enables a Sumo Logic user to initiate login from Sumo Logic. Sumo Logic redirects the user to OneLogin with a SAML AuthnRequest with the information that OneLogin needs to authenticate the user. OneLogin replies to Sumo Logic with a SAML Assertion (SAMLResponse).
1. **Authn Request URL**. Enter the **SAML 2.0 Endpoint URL** that you copied from the OneLogin **SSO** page, as described above.
1. **Disable Requested Authentication Context**. (Optional). Leave unchecked.
@@ -89,14 +89,14 @@ This configuration enables a Sumo user to initiate login from Sumo Logic. Sumo r
### Configure on-demand account provisioning
-If you configure on-demand account provisioning, Sumo Logic automatically creates a user account the first time a user tries to access Sumo Logic from your OneLogin portal page. To configure this behavior, you update your OneLogin integration in Sumo Logic, providing the **First Name** and **Last Name** attributes One Login uses to identify users, and the role or roles you want to assign to the accounts when they are created.
+If you configure on-demand account provisioning, Sumo Logic automatically creates a user account the first time a user tries to access Sumo Logic from your OneLogin portal page. To configure this behavior, you update your OneLogin integration in Sumo Logic, providing the **First Name** and **Last Name** attributes OneLogin uses to identify users, and the role or roles you want to assign to the accounts when they are created.
In Sumo Logic, open your OneLogin integration application for editing.
1. Click the **On Demand Provisioning** checkbox.
1. **First Name**. Enter: `firstname`
1. **Last Name**. Enter: `lastname`
-1. **On Demand Provisioning Roles**. Specify the Sumo RBAC roles you want to assign when user accounts are provisioned. The roles must already exist in Sumo Logic.
+1. **On Demand Provisioning Roles**. Specify the Sumo Logic RBAC roles you want to assign when user accounts are provisioned. The roles must already exist in Sumo Logic.
1. Click **Save** to save the SAML configuration.
### Configure on-demand role provisioning
diff --git a/docs/manage/security/saml/integrate-sumo-logic-with-okta.md b/docs/manage/security/saml/integrate-sumo-logic-with-okta.md
index 618179d239..7a44d4eb9b 100644
--- a/docs/manage/security/saml/integrate-sumo-logic-with-okta.md
+++ b/docs/manage/security/saml/integrate-sumo-logic-with-okta.md
@@ -20,11 +20,10 @@ Sumo Logic using their Single Sign-On (SSO) credentials.
## Before you start
-* Read the "Limitations section" on [Set Up SAML for Single Sign-On](set-up-saml.md).
-* If you plan to manage Sumo role assignments on Okta, before you proceed, make sure that you have:
-
- * Configured an Okta group for each Sumo role, with the same name as the Sumo role. For example, you should have an “Administrator” group in Okta, just as you have an “Administrator” role in Sumo.
- * Assigned your Sumo users to the appropriate Okta groups, based on the Sumo roles you want to assign to each user.
+* Read [Limitations](/docs/manage/security/saml/set-up-saml/#limitations).
+* If you plan to manage Sumo Logic role assignments on Okta, before you proceed, make sure that you have:
+ * Configured an Okta group for each Sumo Logic role, with the same name as the Sumo Logic role. For example, you should have an “Administrator” group in Okta, just as you have an “Administrator” role in Sumo Logic.
+ * Assigned your Sumo Logic users to the appropriate Okta groups, based on the Sumo Logic roles you want to assign to each user.
## Install the Sumo Logic SAML App in Okta
@@ -40,13 +39,12 @@ Sumo Logic using their Single Sign-On (SSO) credentials.
1. On the **Sign-on Options** tab, select **View Setup Instructions**. })
1. Follow the instructions on the **View Setup Instructions** page to configure the Sumo Logic SAML integration. The information that appears is similar to the content of the [How to Configure SAML 2.0 for Sumo Logic](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Sumologic.html) in Okta help. The page includes instructions on how to configure on-demand user account provisioning and SP-initiated login.
-### Configure Okta to send role assignments to Sumo (Optional)
+### Configure Okta to send role assignments to Sumo Logic (Optional)
-In this step, you configure Okta to send group membership information in the SAML assertions it sends, so that Sumo Logic can assign roles to a user at each logon. This allows you to manage Sumo role assignments via Okta. If you don’t want to manage Sumo roles via Okta, skip these steps and proceed to [Add Okta users to the Sumo Logic app in Okta](#add-okta-users-to-the-sumo-logic-app-in-okta) below.
+In this step, you configure Okta to send group membership information in the SAML assertions it sends, so that Sumo Logic can assign roles to a user at each logon. This allows you to manage Sumo Logic role assignments via Okta. If you don’t want to manage Sumo Logic roles via Okta, skip these steps and proceed to [Add Okta users to the Sumo Logic app in Okta](#add-okta-users-to-the-sumo-logic-app-in-okta) below.
These instructions assume that:
-
-* You have configured a set of groups on Okta whose names match the names of the roles defined in Sumo.
+* You have configured a set of groups on Okta whose names match the names of the roles defined in Sumo Logic.
* You have assigned each user in Okta to the Okta groups that maps to the roles you want the user to have.
There are two sides to the configuration. You'll configure a **Group Attribute Statement i**n Okta and a **Roles Attribute** in Sumo Logic, each with the same value.
@@ -57,9 +55,9 @@ There are two sides to the configuration. You'll configure a **Group Attribute
1. In the **Group Attribute Statements** section, enter a name for the attribute that will contain your Okta groups. For example, "**roles**". Note the name you supply will be used when configuring the **Roles Attribute** in your Sumo Logic SAML configuration. Sumo Logic only accepts a single role attribute name when configuring the **Roles Attribute** in Sumo Logic. })
1. **Name Format**. Leave unspecified.
1. **Filter**. In the left-side field, choose one of the options from the pulldown, to select the type of match expression you are going to enter:
- 1. **Starts with**. Useful if all the names of the Okta groups with Sumo users all begin with the same string.
- 1. **Equals**. Useful if there is a single Okta group for Sumo users.
- 1. **Contains**. Useful if all the names of the Okta groups with Sumo users all contain the same string.
+ 1. **Starts with**. Useful if all the names of the Okta groups with Sumo Logic users all begin with the same string.
+ 1. **Equals**. Useful if there is a single Okta group for Sumo Logic users.
+ 1. **Contains**. Useful if all the names of the Okta groups with Sumo Logic users all contain the same string.
1. **Matches regex.** Use this option if you can’t specify your groups using any of the other filter types. For example regex `Foo|A.*` will match the Okta group “Foo” and groups whose names begin with the letter “A”. If you are entering a regular expression, you must enter the case correctly. Regular expressions are case-sensitive.
1. Click **Save** at the bottom of the **Create SAML Integration** page.
1. In Sumo Logic, go to the **SAML** page. })
@@ -106,18 +104,18 @@ If the same user accessed Sumo using both methods (SAML and direct logon) during
Click Require SAML Sign In to require users to sign in using SAML.
:::tip
-After you lock down SAML, any new users you allowlist will have to select Forgot Password from the login screen to recover their credentials. This is because a SAML-locked down user does NOT have a password.
+After you lock down SAML, any new users you allowlist will have to select **Forgot Password** from the login screen to recover their credentials. This is because a SAML-locked down user does NOT have a password.
:::
})
-Sumo automatically adds your account under **Allow these users to sign in using passwords in addition to SAML** as an allowlisted user as a preventative measure to ensure you’re still able to access Sumo if you run into issues.
+Sumo Logic automatically adds your account under **Allow these users to sign in using passwords in addition to SAML** as an allowlisted user as a preventative measure to ensure you’re still able to access Sumo Logic if you run into issues.
Having only one user able to bypass SAML may not be convenient or practical if you have a global company or a large team. You can add additional allowlisted users by clicking the (+) icon by **Allow these users to sign in using passwords in addition to SAML**:
})
-We do not recommend denying all users password access to Sumo even if you want to enforce log in by SAML. If you attempt to delete your last remaining allowlisted user, you will receive a warning that this is not a recommended practice:
+We do not recommend denying all users password access to Sumo Logic even if you want to enforce login by SAML. If you attempt to delete your last remaining allowlisted user, you will receive a warning that this is not a recommended practice:
})
diff --git a/docs/manage/security/saml/integrate-sumo-with-azure-ad.md b/docs/manage/security/saml/integrate-sumo-with-azure-ad.md
index d3dd72f543..81efb12ae5 100644
--- a/docs/manage/security/saml/integrate-sumo-with-azure-ad.md
+++ b/docs/manage/security/saml/integrate-sumo-with-azure-ad.md
@@ -1,6 +1,6 @@
---
id: integrate-sumo-with-azure-ad
-title: Integrate Sumo with Azure AD
+title: Integrate Sumo Logic with Azure AD
description: Enable Single Sign-On (SSO) to Sumo Logic with Azure Active Directory (AD).
---
@@ -14,14 +14,14 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
| Credits | Trial, Essentials, Enterprise Operations, Enterprise Security, Enterprise Suite |
Organizations with Enterprise accounts can provision Security Assertion Markup Language (SAML) 2.0 to enable Single Sign-On (SSO) for user
-access to Sumo Logic. This section has instructions for integrating Sumo with Azure AD.
+access to Sumo Logic. This section has instructions for integrating Sumo Logic with Azure AD.
-## Configure Sumo as an Enterprise App in Azure AD
+## Configure Sumo Logic as an Enterprise App in Azure AD
-In this step you set up Sumo as an Enterprise App in Azure AD.
+In this step you set up Sumo Logic as an Enterprise App in Azure AD.
:::note
-The steps below are for the new Azure Management Console. For general steps for using the legacy GUI, see [Configure single sign-on to applications that are not in the Azure Active Directory application gallery](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications) in Azure help.
+The steps below are for the new Azure Management Console. For general steps for using the legacy GUI, see [Azure help](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications).
:::
1. Go into the Microsoft Azure Management Console and select **Azure Active Directory** in the left-side navigation pane.
@@ -35,8 +35,8 @@ The steps below are for the new Azure Management Console. For general steps for
1. Click the **SAML** tile on the **Single sign-on** page. })
1. Click **Edit** in the **Basic SAML Configuration** page. })
1. In the **Basic SAML Configuration** pane:
- 1. Select **https://service.sumologic.com** as the default **Identifier (Entity ID)** in the list. (You'll update this in a later step.)
- 1. Enter *https://service.sumologic.com* as the **Reply URL (Assertion Consumer Service URL)**. (You'll update this in a later step.)
+ 1. Select `https://service.sumologic.com` as the default **Identifier (Entity ID)** in the list. (You'll update this in a later step.)
+ 1. Enter `https://service.sumologic.com` as the **Reply URL (Assertion Consumer Service URL)**. (You'll update this in a later step.)
1. Click **Save** at the top of the pane, and then close the pane.
1. In the **SAML Signing Certificate** tile, click the **Download** link for **Certificate (Base64)** to download the `})
1. In the **SAML Signing Certificate** tile, click the **Download** link for **Federation Metadata XML** to download the `})
- 1. **Authn Request URL.** Enter the **Login URL** that you noted in the substep 13 of [Configure Sumo as an Enterprise App in Azure AD](#configure-sumo-as-an-enterprise-app-in-azure-ad).
+ 1. **Authn Request URL.** Enter the **Login URL** that you noted in the substep 13 of [Configure Sumo Logic as an Enterprise App in Azure AD](#configure-sumo-logic-as-an-enterprise-app-in-azure-ad).
1. **Disable Requested Authn Context**. Checkmark this option.
1. **Select Binding Type**. Click **Post**.
1. **Sign Authn Request**. Leave this option deselected.
-1. **Configure on-demand provisioning**. (Optional) If you configure on-demand provisioning, Sumo Logic automatically creates a user account the first time a user logs on to Sumo. To complete this procedure, you must supply the First Name and Last Name attributes Azure AD uses to identify users.
+1. **Configure on-demand provisioning**. (Optional) If you configure on-demand provisioning, Sumo Logic automatically creates a user account the first time a user logs on to Sumo Logic. To complete this procedure, you must supply the First Name and Last Name attributes Azure AD uses to identify users.
1. Click the **On Demand Provisioning** checkbox. })
- 1. **First Name Attribute**. You might need to provide the full attribute path, which can vary based on the ADFS version (the actual path can be seen in the SAML assertion). Here is an example:`http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname`
- 1. **Last Name Attribute**. You might need to provide the full attribute path, which can vary based on the ADFS version (the actual path can be seen in the SAML assertion). Here is an example:`http://schemas.microsoft.com/ws/2008/06/identity/claims/surname`
+ 1. **First Name Attribute**. You might need to provide the full attribute path, which can vary based on the ADFS version (the actual path can be seen in the SAML assertion). Here is an example: `http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname`
+ 1. **Last Name Attribute**. You might need to provide the full attribute path, which can vary based on the ADFS version (the actual path can be seen in the SAML assertion). Here is an example: `http://schemas.microsoft.com/ws/2008/06/identity/claims/surname`
1. **On Demand Provisioning Roles**. Specify the Sumo Logic roles you want to assign when user accounts are provisioned. (These roles must already exist in Sumo Logic.)
-1. **Configure logout page**. (Optional) Configure a logout page if you would like to point all Sumo users to a particular URL after logging out of Sumo Logic or after their session has timed out. You could choose your company's intranet, for example, or any other site that you'd prefer users in your organization access.
+1. **Configure logout page**. (Optional) Configure a logout page if you would like to point all Sumo Logic users to a particular URL after logging out of Sumo Logic or after their session has timed out. You could choose your company's intranet, for example, or any other site that you'd prefer users in your organization access.
1. Click the **Logout Page** checkbox.
- 1. Enter the URL of the page to which you want to direct users after logging of Sumo.
+ 1. Enter the URL of the page to which you want to direct users after logging of Sumo Logic.
1. Click **Add** to save the configuration
1. Select the new configuration from the **Configuration List**.
1. Copy the following field values and save them in a text file. You'll need them in the steps to follow.
@@ -84,24 +84,24 @@ Do **not** close the **Setup Single Sign-On with SAML** window, you will return
### Complete Azure configuration
1. In Section 1, **Basic SAML Configuration**, edit the configuration.
- 1. **Identifier (Entity ID).** If you configured selected SP initiated login, replace *https://service.sumologic.com* with the Entity ID you copied in substep 14 of [Configure SAML in Sumo Logic](#configure-saml-in-sumo-logic). })
- 1. **Reply URL (Assertion Consumer URL)**. Replace *https://service.sumologic.com* with the Assertion Consumer URL you copied in substep 14 of [Configure SAML in Sumo Logic](#configure-saml-in-sumo-logic). })
+ 1. **Identifier (Entity ID).** If you configured selected SP initiated login, replace `https://service.sumologic.com` with the Entity ID you copied in substep 14 of [Configure SAML in Sumo Logic](#configure-saml-in-sumo-logic).
+ 1. **Reply URL (Assertion Consumer URL)**. Replace `https://service.sumologic.com` with the Assertion Consumer URL you copied in substep 14 of [Configure SAML in Sumo Logic](#configure-saml-in-sumo-logic).
1. Click **Save**.
1. In the left navigation pane, click **Properties** in the **Manage** section.
1. **Enabled for users to sign in?** Enter *Yes*.
- 1. **User assignment required?** Enter *Yes*. (This option controls whether a user must be assigned to this group or whether any user in the Azure AD tenant can use Sumo Logic. We recommend setting this to *Yes* as the Sumo environment has a finite number of users.
+ 1. **User assignment required?** Enter *Yes*. (This option controls whether a user must be assigned to this group or whether any user in the Azure AD tenant can use Sumo Logic. We recommend setting this to *Yes* as the Sumo Logic environment has a finite number of users.
1. Click **Save**. })
1. In the left navigation pane, click **Users and Groups** in the **Manage** section.
1. Select **Add user/group**.
-1. Add the Users or Groups that should have access to sign in to Sumo Logic and then click **Assign**.
+1. Add the users or groups that should have access to sign in to Sumo Logic and then click **Assign**.
-### Configure Azure AD to send Group assignments to Sumo (Optional)
+### Configure Azure AD to send group assignments to Sumo Logic (Optional)
-In this step, you configure Azure AD to send group membership information in the SAML assertions it sends, so that Sumo Logic can assign roles to a user at each logon. This allows you to manage Sumo role assignments via Azure AD. If you don’t want to manage Sumo roles via Azure AD, skip these steps and proceed to [Test SAML Authentication](#test-saml-authentication) below.
+In this step, you configure Azure AD to send group membership information in the SAML assertions it sends, so that Sumo Logic can assign roles to a user at each logon. This allows you to manage Sumo Logic role assignments via Azure AD. If you don’t want to manage Sumo Logic roles via Azure AD, skip these steps and proceed to [Test SAML Authentication](#test-saml-authentication) below.
These instructions assume that:
-* You have configured a set of groups on Azure AD whose names match the names of the roles defined in Sumo.
+* You have configured a set of groups on Azure AD whose names match the names of the roles defined in Sumo Logic.
* You have assigned each user in Azure AD to the Azure AD groups that maps to the roles you want the user to have.
There are two sides to the configuration. You'll configure a **Group Attribute Claim** in Azure AD and set a **Roles Attribute** in Sumo Logic.
diff --git a/docs/manage/security/saml/integrate-with-bitium.md b/docs/manage/security/saml/integrate-with-bitium.md
index dfdd0a1bfd..50ac1b1700 100644
--- a/docs/manage/security/saml/integrate-with-bitium.md
+++ b/docs/manage/security/saml/integrate-with-bitium.md
@@ -13,7 +13,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
| Cloud Flex | Trial, Enterprise |
| Credits | Trial, Essentials, Enterprise Operations, Enterprise Security, Enterprise Suite |
-Bitium is a cloud-based identity management provider that can be integrated with Sumo Logic’s SAML 2.0 API to allow users to sign in to Sumo Logic using their Single Sign-On (SSO) credentials.SAML 2.0 API to allow users to Sign in to Sumo Logic using their Single Sign-On (SSO) credentials.
+Bitium is a cloud-based identity management provider that can be integrated with Sumo Logic’s SAML 2.0 API to allow users to sign in to Sumo Logic using their Single Sign-On (SSO) credentials. SAML 2.0 API to allow users to Sign in to Sumo Logic using their Single Sign-On (SSO) credentials.
You can sign up for a free Bitium Trial account on the [Bitum site](https://www.bitium.com).
@@ -32,7 +32,7 @@ You can sign up for a free Bitium Trial account on the [Bitum site](https://www.
* Login URL
* LogOut URL
* X.509 Certificate
-1. Keep this page open to use these parameters in the next step, Configure SAML in Sumo Logic.
+1. Keep this page open to use these parameters in the next step, [Configure SAML in Sumo Logic](#configure-saml-in-sumo-logic).
## Configure SAML in Sumo Logic
@@ -41,31 +41,31 @@ You can sign up for a free Bitium Trial account on the [Bitum site](https://www.
1. Click **Configure**, and configure the SAML settings.
1. **Configuration Name.** Type the name of the SSO policy (or another name used internally to describe the policy).
1. **Debug Mode.** Select this option if you'd like to view additional details when an error occurs.
-1. **Issuer.** Type the unique URL associated with your organization's SAML IdP. This is the Identity Provider Issuer from Step 12 in the previous section.
-1. **X.509 Certificate.** Copy and paste your organization's X.509 certificate, which is used to verify signatures in SAML assertions. This is the Certificate, also from Step 12.
+1. **Issuer.** Type the unique URL associated with your organization's SAML IdP. This is the Identity Provider Issuer from the previous section.
+1. **X.509 Certificate.** Copy and paste your organization's X.509 certificate, which is used to verify signatures in SAML assertions. This is the Certificate, also from the previous section.
1. **Attribute Mapping.** Depending on your IdP, select:
* **Use SAML subject**, or
* **Use SAML Attribute** and then type the email attribute name in the text box.
1. **SP Initiated Login Configuration.** (Optional) This section has instructions for setting up SP-initiated login. When SP initiated login has been enabled, your SAML configuration will appear as an additional authentication option within your subdomain-enabled account login page.
:::note
- SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in the [Change account subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings) section of the *Manage Organization* topic.
+ SP initiated login requires a custom Sumo Logic subdomain. If a custom subdomain has not yet been configured for your org, following the instructions in [Set up a custom subdomain](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings/#set-up-a-customsubdomain).
:::
* **Authn Request URL.** Enter the URL that the IdP has assigned for Sumo Logic to submit SAML authentication requests to the IdP. This field is required if you checked the **SP Initiated Login Configuration** checkbox.
- * **Disable Requested Authn Context**. (Optional.) If you check this option, Sumo will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
- * **Sign Authn Request**. (Optional.) If you select this option, Sumo will send signed Authn requests to your IdP. When you click this option, a Sumo-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to use to verify the signature of the Authn requests sent by Sumo.
-1. **Roles Attribute:** When you click this option, **Roles** Attribute field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see [Set SAML for Single Sign-On](set-up-saml.md).
-1. **On Demand Provisioning.** Select this option to have Sumo Logic automatically create accounts when a user first logs on. For more information, see [Set Up SAML for Single Sign-on.](set-up-saml.md).
+ * **Disable Requested Authn Context**. (Optional.) If you check this option, Sumo Logic will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
+ * **Sign Authn Request**. (Optional.) If you select this option, Sumo Logic will send signed Authn requests to your IdP. When you click this option, a Sumo Logic-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to use to verify the signature of the Authn requests sent by Sumo Logic.
+1. **Roles Attribute:** When you click this option, **Roles** Attribute field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see [Set SAML for Single Sign-On](/docs/manage/security/saml/set-up-saml/).
+1. **On Demand Provisioning.** Select this option to have Sumo Logic automatically create accounts when a user first logs on. For more information, see [Set Up SAML for Single Sign-on.](/docs/manage/security/saml/set-up-saml/).
* **First Name**
* **Last Name**
* **On Demand Provisioning Roles.** Add a role for all Bitium users, such as Administrator.
-1. **Logout Page**: Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see [Set Up SAML for Single Sign-On](set-up-saml.md).
+1. **Logout Page**: Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see [Set Up SAML for Single Sign-On](/docs/manage/security/saml/set-up-saml/).
1. Click **Add**.
1. View the summary of the SAML configuration parameters. Leave this dialog open so that you can use these settings in Bitium. })
## Add Sumo Logic SAML Settings to SAML Settings to Bitium
1. Go back to the Bitium **SAML Configuration** page.
-1. Within the **SAML URL** text box, enter the Authentication Request URL displayed in step 6 of the previous section. })
+1. Within the **SAML URL** text box, enter the Authentication Request URL displayed in the previous section.
1. Click **Save Changes** to complete the application install.
1. Assign users as needed to the Sumo Logic App.
1. You are now configured to sign in to Sumo Logic through Bitium.
diff --git a/docs/manage/security/saml/manage-permissions-with-adfs.md b/docs/manage/security/saml/manage-permissions-with-adfs.md
index 08f57886c1..a1f363f0f3 100644
--- a/docs/manage/security/saml/manage-permissions-with-adfs.md
+++ b/docs/manage/security/saml/manage-permissions-with-adfs.md
@@ -15,20 +15,19 @@ You can manage Sumo Logic user permissions using ADFS and SAML. To do this, you
Before you begin, here are a few key points, limitations, and tips:
* User permissions are updated upon every SSO login. This allows you to manage permissions for Sumo Logic users within Active Directory.
-* SAML does not provide a deprovisioning mechanism. This means that if a user is deleted or disabled in Active Directory, it will not be reflected in Sumo Logic. However, these users would no longer be able to sign in to Sumo Logic via SSO. The exception is Access Keys, and if SAML lockdown is not enabled, users would still be able to login via native accounts.
-* Access Keys are NOT controlled by SAML. This means that if a user has been turned off on the SSO side, their Access Keys would still be valid. For this reason, administrators should audit users regularly and disable Access Keys when necessary.
-* By default, administrators can create new Sumo Logic native logins in addition to SAML provisioned users. This creates the need to either audit your accounts or ask Sumo Logic Support to enable SAML Lock Down.
-* SAML Lock Down disables the ability for users to login directly to Sumo Logic using username and password. There are also a few minor changes to user management behavior, such as not sending an email when a user’s email account is modified.
+* SAML does not provide a deprovisioning mechanism. This means that if a user is deleted or disabled in Active Directory, it will not be reflected in Sumo Logic. However, these users would no longer be able to sign in to Sumo Logic via SSO. The exception is access keys, and if SAML lockdown is not enabled, users would still be able to login via native accounts.
+* Access keys are NOT controlled by SAML. This means that if a user has been turned off on the SSO side, their access keys would still be valid. For this reason, administrators should audit users regularly and disable access keys when necessary.
+* By default, administrators can create new Sumo Logic native logins in addition to SAML provisioned users. This creates the need to either audit your accounts or ask Sumo Logic Support to enable SAML lockdown.
+* SAML lockdown disables the ability for users to login directly to Sumo Logic using username and password. There are also a few minor changes to user management behavior, such as not sending an email when a user’s email account is modified.
* After you have successfully set up your SAML configuration, turn on **Debug** within the SAML configuration in Sumo Logic to identify any issues.
-## Create a New Claim Rule
+## Create a new claim rule
Create a claim rule that gathers AD groups.
-For more information on “The Role of Claims”, see this Microsoft TechNet article:
-[https://technet.microsoft.com/en-us/...(v=ws.11).aspx](https://technet.microsoft.com/en-us/library/ee913589(v=ws.11).aspx).
+For more information on claims, see the Microsoft TechNet article [Role of Claims](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee913589(v=ws.11)?redirectedfrom=MSDN).
-To create a new Claim Rule:
+To create a new claim rule:
1. Complete the provisioning steps in [Set Up SAML for Single Sign-On](set-up-saml.md).
1. Open the ADFS Management application.
@@ -43,10 +42,9 @@ To create a new Claim Rule:
```
1. Click **OK**.
-## Create a New Role
+## Create a new role
-Create a new role that modifies the Group name and supplies the
-claim/attribute name that will be passed.
+Create a new role that modifies the group name and supplies the claim/attribute name that will be passed.
This role will:
@@ -54,7 +52,7 @@ This role will:
* Search the contents of `http://temp/variable` for Active Directory groups that have a `SUMO_ prefix`. The `SUMO_ prefix` is used to allow the ADFS Rule to identify Sumo Logic groups within the list of roles assigned to every user. Once the groups are identified, the `SUMO_ prefix` is removed.
* The results are passed to an attribute called `https://sumologic.com/SAML/Attributes/Role`. This attribute contains a list of values that contain your of Sumo Logic Active Directory groups.
-Here is a sample Role attribute contained within the XML Assertion:
+Here is a sample role attribute contained within the XML assertion:
```xml
})
@@ -75,9 +73,9 @@ To create a new Role:
```
1. Click **OK**.
-## Update the Roles Attribute in Sumo Logic
+## Update the roles attribute in Sumo Logic
-Now that you have setup SAML successfully, update the Roles Attribute (Optional) in Sumo Logic to match the attribute name defined in your role translation claim.
+Now that you have set up SAML successfully, update the roles attribute in Sumo Logic to match the attribute name defined in your role translation claim.
To update the roles attribute:
diff --git a/docs/manage/security/saml/set-up-adfs-authenticate-users.md b/docs/manage/security/saml/set-up-adfs-authenticate-users.md
index 716f51c441..e5b89d79a9 100644
--- a/docs/manage/security/saml/set-up-adfs-authenticate-users.md
+++ b/docs/manage/security/saml/set-up-adfs-authenticate-users.md
@@ -14,7 +14,7 @@ Have the values available that you configured in Sumo Logic. See [Set Up SAML fo
To configure ADFS to authenticate Sumo Logic users, perform the following tasks.
-## Add Relying Party Trust
+## Add relying party trust
The relying party trust configuration is required for the connection between Sumo Logic and ADFS.
@@ -34,7 +34,7 @@ The relying party trust configuration is required for the connection between Sum
After creating the relying party trust, create the claim rules and update the relying party trust as needed. The editing interface opens automatically when you complete the **Relying Party Trust** wizard.
-The claim rule requires an Email Attribute in the assertion, either the SAML Subject or another SAML attribute per the SAML configuration. The value of the Email Attribute must be a valid email address. It is used to uniquely identify the user in the organization.
+The claim rule requires an email attribute in the assertion, either the SAML subject or another SAML attribute per the SAML configuration. The value of the email attribute must be a valid email address. It is used to uniquely identify the user in the organization.
Sumo Logic only validates that the email address format is valid, not that the email address actually exists during login. Using a nonexistent email address will work, but will reduce the ability of the user to receive some system notifications and access third-party services that require the user to verify email address ownership.
@@ -46,7 +46,7 @@ To create claim rules:
1. Enter a name for the claim rule.
1. Select **Active Directory** as the attribute store.
1. Select **E-Mail Addresses** for both the LDAP attribute and outgoing claim type.
- 1. If you set up on-demand provisioning when configuring Sumo SAML, you should also map the LDAP attributes **Given Name** and **Surname. Select** "Given Name" and "Surname" from the dropdown and then ADFS will correctly send claim types.
+ 1. If you set up on-demand provisioning when configuring Sumo Logic SAML, you should also map the LDAP attributes **Given Name** and **Surname. Select** "Given Name" and "Surname" from the dropdown and then ADFS will correctly send claim types.
1. Select Click **OK** to save the rule. })
1. Click **Add Rule** to create another rule. Select **Transform an Incoming Claim** as the template and click **Next**. })
1. Enter a name for the claim rule, and specify the following settings:
@@ -63,7 +63,7 @@ There are a few relying party trust settings that aren’t accessible through th
1. To specify these settings, select the relying party trust entry in the ADFS Management application and select **Actions > Properties**.
1. On the **Identifiers** tab, enter a display name. Enter your relying party identifier and click **Add**. })
-1. On the **Endpoints** tab, add the **SAML Assertion Consumer Endpoint URL** to point to the Assertion Consumer URL that the Sumo Logic SAML configuration specifies. For example: `https://service.us2.sumologic.com/sumo/saml/consume/1234567890` })
+1. On the **Endpoints** tab, add the **SAML Assertion Consumer Endpoint URL** to point to the assertion consumer URL that the Sumo Logic SAML configuration specifies. For example: `https://service.us2.sumologic.com/sumo/saml/consume/1234567890`
1. The new endpoint appears on the **Endpoints** tab.
1. On the **Endpoints** tab, click to add a new endpoint.
* **Endpoint type**. Select "SAML Logout".
diff --git a/docs/manage/security/saml/set-up-saml.md b/docs/manage/security/saml/set-up-saml.md
index 90371c2472..5a56916db3 100644
--- a/docs/manage/security/saml/set-up-saml.md
+++ b/docs/manage/security/saml/set-up-saml.md
@@ -30,19 +30,19 @@ You can use Terraform to provide a SAML configuration with the [`sumologic_saml_
The provisioning process works as follows:
1. Identify the service provider you will use for SSO. For example:
- * [AWS Single Sign-On](integrate-aws-sso.md)
- * [Azure Active Directory (AD)](integrate-sumo-with-azure-ad.md)
- * [Google IAM](integrate-google-iam-service.md)
- * [Microsoft Active Directory Federation Services (ADFS)](set-up-adfs-authenticate-users.md)
- * [Okta](integrate-sumo-logic-with-okta.md)
- * [OneLogin](integrate-onelogin.md)
+ * [AWS Single Sign-On](/docs/manage/security/saml/integrate-aws-sso/)
+ * [Azure Active Directory (AD)](/docs/manage/security/saml/integrate-sumo-with-azure-ad/)
+ * [Google IAM](/docs/manage/security/saml/integrate-google-iam-service/)
+ * [Microsoft Active Directory Federation Services (ADFS)](/docs/manage/security/saml/set-up-adfs-authenticate-users/)
+ * [Okta](/docs/manage/security/saml/integrate-sumo-logic-with-okta/)
+ * [OneLogin](/docs/manage/security/saml/integrate-onelogin/)
1. Configure SAML parameters in Sumo Logic.
1. Configure service provider settings for Sumo Logic in the SSO system, and verify that any additional Role-Based Access Control (RBAC) roles and groups are set up.
1. When provisioning is complete, users attempting to access Sumo Logic will be authenticated through the SSO system.
## Limitations
-This section has key information about SAML in Sumo.
+This section has key information about SAML in Sumo Logic.
### Access keys are not controlled by SAML
@@ -50,11 +50,11 @@ This means that if a user has been turned off on the SSO side, their access keys
### SAML does not provide a deprovisioning mechanism
-This means that if a user is deleted or disabled in the SSO database, it will not be reflected in Sumo Logic. However, these users would no longer be able to sign in to Sumo Logic via SSO. Administrators can delete these users from the **Administration > Users and Roles > Users** page in Sumo Logic. For information about what happens when a user is deleted, and transferring a deleted user's content to another user, see [Delete a User](../../users-roles/users/delete-user.md).
+This means that if a user is deleted or disabled in the SSO database, it will not be reflected in Sumo Logic. However, these users would no longer be able to sign in to Sumo Logic via SSO. Administrators can delete these users from the **Users** page in Sumo Logic. For information about what happens when a user is deleted, and transferring a deleted user's content to another user, see [Delete a User](/docs/manage/users-roles/users/delete-user/).
### Only one certificate for each SAML configuration is currently supported
-Only one token-signing ADFS X.509 for each SAML configuration is currently supported. When you need to do a certificate refresh on the ADFS server, you must update the Sumo certificate afterwards.
+Only one token-signing ADFS X.509 for each SAML configuration is currently supported. When you need to do a certificate refresh on the ADFS server, you must update the Sumo Logic certificate afterwards.
## Prerequisites
@@ -62,17 +62,17 @@ Before provisioning SAML, make sure you have the following:
* **An installed Identity Provider (IdP) SSO system that supports SAML 2.0.** Several SAML IdPs are available. If your organization's IdP supports SAML 2.0 you can configure SAML in Sumo Logic. Examples: Microsoft ADFS, Okta, OneLogin.
* **X.509 certificate.** This certificate is used to verify the signature in SAML assertions.
-* **Valid email address.** An Email Attribute is required in the assertion: either the SAML Subject or another SAML attribute per the SAML configuration. The value of the Email Attribute must be a valid email address. It is used to uniquely identify the user in the organization.
+* **Valid email address.** An email attribute is required in the assertion: either the SAML subject or another SAML attribute per the SAML configuration. The value of the email attribute must be a valid email address. It is used to uniquely identify the user in the organization.
-## Configure basic SAML in Sumo
+## Configure basic SAML in Sumo Logic
-Follow these steps to configure IdP-initiated login. After this procedure, you can enable optional SAML functionality, including SP-initiated login and on-demand provisioning, as described in [Optional Configurations](set-up-saml.md).
+Follow these steps to configure IdP-initiated login. After this procedure, you can enable optional SAML functionality, including SP-initiated login and on-demand provisioning, as described in [Optional configurations](/docs/manage/security/saml/set-up-saml/#optional-configurations).
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account Security Settings** select **SAML**. You can also click the **Go To...** menu at the top of the screen and select **SAML**. })
1. The **Add Configuration** page appears.})
1. **Configuration Name**. Enter a name to identify the SSO policy (or another name used internally to describe the policy).
-1. **Debug Mode**. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](view-saml-debug-information.md).
+1. **Debug Mode**. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see [View SAML Debug Information](/docs/manage/security/saml/view-saml-debug-information/).
1. **Issuer**. Enter the unique URL assigned to your organization by the SAML IdP. })
-The debug page is displayed in a new browser window (not in the Sumo Web application). A new page is generated for each error.
+The debug page is displayed in a new browser window. A new page is generated for each error.
})
-The Debug page includes:
+The debug page includes:
* **Error.** The actual error that triggered the debug page.
* **Parsed response data.** Subset of data that summarize the error condition.
diff --git a/docs/manage/security/scim/about-scim-provisioning.md b/docs/manage/security/scim/about-scim-provisioning.md
index f3c02228b9..da1922391d 100644
--- a/docs/manage/security/scim/about-scim-provisioning.md
+++ b/docs/manage/security/scim/about-scim-provisioning.md
@@ -26,7 +26,7 @@ Although the process will differ depending on your provider, following are the g
#### Create an access key
-Before configuring a provider, create an [access key](/docs/manage/security/access-keys/). (We recommend using a service account to create the access key.) This access key will provide authorization to provision users from the provider into Sumo Logic.
+Before configuring a provider, create an [access key](/docs/manage/security/access-keys/). (We recommend [using a service account to create the access key](/docs/manage/security/access-keys/#from-a-service-account).) This access key will provide authorization to provision users from the provider into Sumo Logic.
When you create the access key, copy its access ID and access key values. You will enter these when you set up provisioning to use one of the following authorization methods:
* Basic authentication
diff --git a/docs/manage/security/scim/provision-with-microsoft-entra-id.md b/docs/manage/security/scim/provision-with-microsoft-entra-id.md
index 10d2252a50..03c7c3d886 100644
--- a/docs/manage/security/scim/provision-with-microsoft-entra-id.md
+++ b/docs/manage/security/scim/provision-with-microsoft-entra-id.md
@@ -109,7 +109,7 @@ Users assigned to the app are provisioned into Sumo Logic.
1. In the app, select **Provisioning** and then select the **Monitoring** tab.
1. The tab should show provisioning status. Click **View Provisioning Logs** for details.
1. Verify in Sumo Logic:
- 1. Log in to the Sumo Logic instance that you linked to the provisioning app in Step 2 when you provided the Assertion Consumer URL and entity ID.
+ 1. Log in to the Sumo Logic instance that you linked to the provisioning app in [Step 2](#step-2-set-up-single-sign-on) when you provided the Assertion Consumer URL and entity ID.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Users**. You can also click the **Go To...** menu at the top of the screen and select **Users**. })
1. Select **SAML 2.0** and click **Next**.})
1. Provide a name in the **App Name** field and click **Next**.})
@@ -152,7 +152,7 @@ As soon as users are assigned to the app, they are provisioned into Sumo Logic.
1. Navigate to **Reports > System Log** to see the log.
1. The log should show that users you added to the app are pushed to Sumo Logic with an event info message like **Push new user to external application SUCCESS**.
1. Verify in Sumo Logic:
- 1. Log in to the Sumo Logic instance that you linked to the provisioning app in Step 2 when you provided the Assertion Consumer URL and entity ID.
+ 1. Log in to the Sumo Logic instance that you linked to the provisioning app in [Step 2](#step-2-set-up-provisioning) when you provided the Assertion Consumer URL and entity ID.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Users**. You can also click the **Go To...** menu at the top of the screen and select **Users**. })
-When you follow these instructions, on the **Configuration** tab you'll add the **SAML Audience URL** and **SAML Consumer URL**. Obtain these values from the assertion consumer URL and entity ID on the [SAML configuration](/docs/manage/security/saml/integrate-onelogin/#configure-saml-in-sumo) of the Sumo Logic tenant where you will provision users. })
+When you follow these instructions, on the **Configuration** tab you'll add the **SAML Audience URL** and **SAML Consumer URL**. Obtain these values from the assertion consumer URL and entity ID on the [SAML configuration](/docs/manage/security/saml/integrate-onelogin/#configure-saml-in-sumo-logic) of the Sumo Logic tenant where you will provision users.
:::note
Also on the **Configuration** tab, for **SCIM Base URL** enter the [API endpoint for your deployment](/docs/api/about-apis/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security) for the [SCIM User Management APIs](/docs/api/scim-user/) using the format `})
+ 1. Enter the **SAML Audience URL** (entity ID) and **SAML Consumer URL** (assertion consumer URL) for your Sumo Logic instance:
1. For **API Status**, click **Enable**.
1. For **SCIM Base URL**, ensure that you have entered the [API endpoint for your deployment](/docs/api/about-apis/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security) for the [SCIM User Management APIs](/docs/api/scim-user/) using the format `
-These topics have information about creating and managing Sumo Logic roles and users. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning user to roles. For more information, see [Role-Based Access Control](roles/role-based-access-control.md).
+These topics have information about creating and managing Sumo Logic roles and users. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning user to roles. For more information, see [Role-Based Access Control](/docs/manage/users-roles/roles/role-based-access-control/).
[**New UI**](/docs/get-started/sumo-logic-ui/). To access the Users and Roles page, in the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select either **Users** or **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Users** or **Roles**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the Users and Roles page, in the main Sumo Logic menu select **Administration > Users and Roles**.
:::note
-To manage users and roles, you must have the Administrator role or your role must have been assigned the [manage users and roles capability](roles/role-capabilities.md).
+To manage users and roles, you must have the Administrator role or your role must have been assigned the [Manage Users and Roles capability](/docs/manage/users-roles/roles/role-capabilities/#user-management).
:::
import DocCardList from '@theme/DocCardList';
diff --git a/docs/manage/users-roles/roles/construct-search-filter-for-role.md b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
index 303e086043..fa0b684196 100644
--- a/docs/manage/users-roles/roles/construct-search-filter-for-role.md
+++ b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
@@ -7,7 +7,7 @@ description: Construct a role search filter to control what log data users with
import useBaseUrl from '@docusaurus/useBaseUrl';
import RoleStacking from '../../../reuse/role-stacking-tip.md';
-This page describes how to define search filters for a role. These instructions apply to the **Search Filter** option in Step 6 of the [Create a role](/docs/manage/users-roles/roles/create-manage-roles/#create-a-role) procedure.
+This page describes how to define search filters for a role. These instructions apply to the **Search Filter** option in the [Create a role](/docs/manage/users-roles/roles/create-manage-roles/#create-a-role) procedure.
## Search filter basics
@@ -27,7 +27,7 @@ The sections below list search filter limitations, and describe how you can use
* Use a field or an FER in the role search filter to control access to data.
* If the search filter of a role is modified, the data can still be accessed in the pinned queries for up to 24 hours from the original run prior to the search filter modification.
-For limitations related to the use of Scheduled Views or Partitions in a search filter, refer to [Partitions](/docs/manage/partitions/#limitations) and [Scheduled Views](/docs/manage/scheduled-views).
+For limitations related to the use of Scheduled Views or partitions in a search filter, refer to [Partitions](/docs/manage/partitions/#limitations) and [Scheduled Views](/docs/manage/scheduled-views).
### Using metadata in a search filter
@@ -246,4 +246,4 @@ When a user with Roles A and B runs a query, Sumo Logic combines the two filters
## Test role filtering
-To test whether filtering works as expected, select a role and click the **Emulate log search** button. For more information, see [Test a role](/docs/manage/users-roles/roles/create-manage-roles/#test-a-roles-log-access-rights).
+To test whether filtering works as expected, select a role and click the **Emulate log search** button. For more information, see [Test a role's log access rights](/docs/manage/users-roles/roles/create-manage-roles/#test-a-roles-log-access-rights).
diff --git a/docs/manage/users-roles/roles/create-manage-roles.md b/docs/manage/users-roles/roles/create-manage-roles.md
index d07fa8e308..68640db881 100644
--- a/docs/manage/users-roles/roles/create-manage-roles.md
+++ b/docs/manage/users-roles/roles/create-manage-roles.md
@@ -25,6 +25,8 @@ The Administrator role is a super user. It has all of the [capabilities](/docs/m
Users with the Analyst role have a single capability: View Collectors. Its role search filter enables access to all data in Sumo Logic. You can edit the Analyst role filter to change the capabilities assigned to it and to make the role filter more restrictive. You can also delete the Analyst role if desired. For more information, see [Edit a role](#create-a-role) and [Delete a role](#delete-a-role) below.
+If you are unsure whether you are an analyst or administrator, you can view your role in **Preferences** (see [Onboarding Checklists](/docs/get-started/onboarding-checklists/)).
+
## Create a role
To create a role:
@@ -50,10 +52,6 @@ To create a role:
### Restrict access using Search Filter and Index Access
-:::note
-**Index Access** only appears if the feature has been deployed to your environment. For more information, see our [release note](/release-notes-service/2024/12/31/#october-14-2024-manage).
-:::
-
Follow this process to restrict access using the **Search Filter** and **Index Access** sections on the **Create New Role** pane:
1. Identify the dataset you would like to control access to. Test it out using a [search query](/docs/search/get-started-with-search/).
@@ -101,7 +99,7 @@ To test a role to see if it displays the expected log access behavior, select a
## Add a user to a role
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**. })
+1. Navigate to the role and click the number in the **Users** column.
1. A list of users currently assigned to the role appears.})
1. Click the **Assign Users** field. A list of users that are not currently assigned to the role appears. Click a user’s name to add the user to the role.
1. Add additional users to the role, as desired.
@@ -114,7 +112,7 @@ When you add or remove a role from a user, it can take about an hour for the RBA
## Remove a user from a role
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**. })
+1. Navigate to the role and click the number in the **Users** column.
1. A list of users currently assigned to the role appears.
1. Navigate to the user you want to remove from the role, and click the trash can icon in that row.})
1. Click **Save** when you are done removing users from the role.
@@ -125,7 +123,7 @@ When you add or remove a role from a user, it can take about an hour for the RBA
## See which users are assigned to a role
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**.
+1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**.
1. Navigate to the role and click the number in the **Users** column to see a list of users assigned to the role.
## Edit a role
@@ -141,7 +139,7 @@ To edit a role:
## Delete a role
-You can only delete a role to which no users are assigned. Before deleting a role, you must unassign any users currently assigned to it. For information about unassigning a user from a role, see [Remove a User from a Role](#remove-a-user-from-a-role).
+You can only delete a role to which no users are assigned. Before deleting a role, you must unassign any users currently assigned to it. For information about unassigning a user from a role, see [Remove a user from a role](#remove-a-user-from-a-role).
To delete a role:
diff --git a/docs/manage/users-roles/roles/index.md b/docs/manage/users-roles/roles/index.md
index ae2ae4a84b..749fe85b62 100644
--- a/docs/manage/users-roles/roles/index.md
+++ b/docs/manage/users-roles/roles/index.md
@@ -8,10 +8,10 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
}){kind=icon}
-This guide has information about creating and managing Sumo Logic roles. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning user to roles. For more information, see [Role-Based Access Control](role-based-access-control.md).
+This guide has information about creating and managing Sumo Logic roles. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning user to roles. For more information, see [Role-Based Access Control](/docs/manage/users-roles/roles/role-based-access-control/).
:::note
-To manage users and roles, you must have the administrator role or your role must have been assigned the [manage users and roles capability](role-capabilities.md).
+To manage users and roles, you must have the administrator role or your role must have been assigned the [Manage Users and Roles capability](/docs/manage/users-roles/roles/role-capabilities/#user-management).
:::
[**New UI**](/docs/get-started/sumo-logic-ui/). To access the Roles page, in the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Roles**. You can also click the **Go To...** menu at the top of the screen and select **Roles**.
diff --git a/docs/manage/users-roles/roles/role-based-access-control.md b/docs/manage/users-roles/roles/role-based-access-control.md
index 1769c66ff5..e3d65265f1 100644
--- a/docs/manage/users-roles/roles/role-based-access-control.md
+++ b/docs/manage/users-roles/roles/role-based-access-control.md
@@ -9,11 +9,11 @@ description: Role-Based Access Control (RBAC) allows you to grant capabilities a
Sumo Logic supports Role-Based Access Control (RBAC) to control access to Sumo Logic functionality and to limit the data that users may view.
:::note
-To manage users and roles, you must have the Administrator role or your role must have been assigned the [manage users and roles capability](role-capabilities.md).
+To manage users and roles, you must have the Administrator role or your role must have been assigned the [Manage Users and Roles capability](/docs/manage/users-roles/roles/role-capabilities/#user-management).
:::
With RBAC, you don’t assign permissions directly to users. Instead, you assign permissions to roles, and then assign roles to users. Specifically, when you create a role, you assign it a set of capabilities and a role search filter.
-A [capability](role-capabilities.md) is the right to perform a particular function in Sumo Logic, for instance “Manage connections”, “View collectors” and “Manage password policy”.
+A [capability](/docs/manage/users-roles/roles/role-capabilities/) is the right to perform a particular function in Sumo Logic, for instance “Manage connections”, “View collectors” and “Manage password policy”.
-A [role search filter](construct-search-filter-for-role.md) limits what log data a user with that role may view—it’s essentially a log query. Like any other log query, a search filter can use Sumo Logic built-in metadata fields, keywords, and logical operators. You can assign multiple roles to a particular user. When a user has multiple Sumo roles, Sumo combines the role filters from each of the roles using OR to come up with the combined role filter. When a Sumo Logic user runs a log query, Sumo Logic silently prepends the user’s query with the user’s combined role filter. Note that, when multiple roles filters are applied to a query, the least restrictive filter takes precedence.
+A [role search filter](/docs/manage/users-roles/roles/construct-search-filter-for-role/) limits what log data a user with that role may view—it’s essentially a log query. Like any other log query, a search filter can use Sumo Logic built-in metadata fields, keywords, and logical operators. You can assign multiple roles to a particular user. When a user has multiple roles, Sumo Logic combines the role filters from each of the roles using OR to come up with the combined role filter. When a Sumo Logic user runs a log query, Sumo Logic silently prepends the user’s query with the user’s combined role filter. Note that when multiple roles filters are applied to a query, the least restrictive filter takes precedence.
diff --git a/docs/manage/users-roles/roles/role-capabilities.md b/docs/manage/users-roles/roles/role-capabilities.md
index b553400135..64964a7a40 100644
--- a/docs/manage/users-roles/roles/role-capabilities.md
+++ b/docs/manage/users-roles/roles/role-capabilities.md
@@ -30,7 +30,7 @@ If you use the [createRoleV2 API](https://api.sumologic.com/docs/#operation/crea
| Manage Connections | Manage the [connections](/docs/alerts/webhook-connections/) that allow you to send alerts to other tools. | `manageConnections` |
| View Connections | View [connections](/docs/alerts/webhook-connections/) on the **Connections** page. | `viewConnections` |
| View Views | [View Scheduled Views](/docs/manage/scheduled-views). | `viewScheduledViews` |
-| Manage Views | View, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Scheduled Views capability, users with that role will also have View Scheduled Views capability. | `manageScheduledViews` |
+| Manage Views | View, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Views capability, users with that role will also have View Views capability. | `manageScheduledViews` |
| View Partitions | View [partitions](/docs/manage/partitions). | `viewPartitions` |
| Manage Partitions | View, create, edit, and delete partitions. Note that if you grant a role the Manage Partitions capability, users with that role will also have View Partitions and Manage S3 Data Forwarding capabilities. | `managePartitions` |
| View Account Overview| View the Account Overview page. | `viewAccountOverview` |
@@ -119,9 +119,9 @@ If you use the [createRoleV2 API](https://api.sumologic.com/docs/#operation/crea
| Capability | Description | }){kind=icon}
-This guide has information about how to create and manage Sumo Logic Users. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning user to roles. For more information, see [Role-Based Access Control](../roles/role-based-access-control.md).
+This guide has information about how to create and manage Sumo Logic users. In Sumo Logic, an administrator controls access to capabilities and data by assigning capabilities and search filters to roles, and then assigning users to roles. For more information, see [Role-Based Access Control](/docs/manage/users-roles/roles/role-based-access-control/).
:::note
-To manage users and roles, you must have the administrator role or your role must have been assigned the [manage users and roles capability](../roles/role-capabilities.md).
+To manage users and roles, you must have the administrator role or your role must have been assigned the [Manage Users and Roles capability](/docs/manage/users-roles/roles/role-capabilities/#user-management).
:::
[**New UI**](/docs/get-started/sumo-logic-ui/). To access the Users page, in the main Sumo Logic menu select **Administration**, and then under **Users and Roles** select **Users**. You can also click the **Go To...** menu at the top of the screen and select **Users**.
@@ -66,7 +66,7 @@ In this section, we'll introduce the following concepts:
}){kind=icon}
Learn the steps to take when removing a user from your Org's Sumo Logic Account.
+Learn the steps to take when removing a user from your organization's Sumo Logic Account.
})
1. Select the row for the user you want to unlock and choose **Unlock** from the three-dot kebab options menu.
:::note
- If you have configured SAML for single sign-on, and you have locked down SAML so that users must login using SAML, the **Unlock** option will not appear on the **More Actions** menu. To unlock the user account, you must first toggle the **Require SAML Sign In** option, and then re-enable lockdown. For more information, see [SAML Lockdown Limitations](/docs/manage/security/saml/set-up-saml).
+ If you have configured SAML for single sign-on, and you have locked down SAML so that users must login using SAML, the **Unlock** option will not appear on the **More Actions** menu. To unlock the user account, you must first toggle the **Require SAML Sign In** option, and then re-enable lockdown. For more information, see [Require SAML for sign-in](/docs/manage/security/saml/set-up-saml/#require-saml-for-sign-in-1).
:::
1. The user's account is unlocked, and Sumo Logic automatically sends an email to alert the user.
:::note
- During the lockout period, users can request a password reset from the login page, however this password will not allow access to the account until either the lockout period has expired or an administrator has unlocked the account.
+ During the lockout period, users can request a password reset from the login page. However, this password will not allow access to the account until either the lockout period has expired or an administrator has unlocked the account.
:::
diff --git a/docs/reuse/flex-pricing.md b/docs/reuse/flex-pricing.md
index 00df5c6f4f..fffff0e06f 100644
--- a/docs/reuse/flex-pricing.md
+++ b/docs/reuse/flex-pricing.md
@@ -1,4 +1,4 @@
-Introducing Sumo Logic Flex: the solution that revolutionizes log analytics pricing for technical teams. Bid farewell to data tiers as we usher in an era where your insights and analytics volume, not data ingestion, dictates pricing. The value of log data is now in sync with the insights and analytics you generate from the data, not the data volume or management process.
+Your insights and analytics volume, not data ingestion, dictates pricing. The value of log data is now in sync with the insights and analytics you generate from the data, not the data volume or management process.
With Sumo Logic Flex, you gain an efficient, centralized log analytics framework capable of managing enterprise-wide cloud-scale log ingestion without cost concerns. Consolidate all your data streams — application, infrastructure, security — into a single platform with unlimited user access, fostering seamless collaboration.
diff --git a/docs/reuse/saml.md b/docs/reuse/saml.md
index 23aa2022ba..037967b963 100644
--- a/docs/reuse/saml.md
+++ b/docs/reuse/saml.md
@@ -1,50 +1,50 @@
import useBaseUrl from '@docusaurus/useBaseUrl';
-You can create multiple SAML configurations in Sumo. To create an additional SAML configuration, click the plus (**+**) icon to create a new configuration. Enter the settings for the new configuration, as described the previous section.
+You can create multiple SAML configurations in Sumo Logic. To create an additional SAML configuration, click the plus (**+**) icon to create a new configuration. Enter the settings for the new configuration, as described the previous section.
### Require SAML for sign-in
-After you create a SAML configuration, you can require users to sign in using SAML and prevent users from bypassing SAML with a username and password for login. Before you do so, follow the instructions in Check SAML Usage.
+After you create a SAML configuration, you can require users to sign in using SAML and prevent users from bypassing SAML with a username and password for login. Before you do so, follow the instructions in [Check SAML Usage](#check-saml-usage).
### Check SAML Usage
-If you intend to require Sumo users to sign-in using SAML, as described in the following section, Require SAML for sign-in, it is a best practice to first check whether some users are still logging in directly, instead of using SAML. You can run the following query to see, for a particular time range, whether users signed in using SAML or with their username and password:
+If you intend to require Sumo Logic users to sign-in using SAML, as described in the following section, [Require SAML for sign-in](#require-saml-for-sign-in-1), it is a best practice to first check whether some users are still logging in directly, instead of using SAML. You can run the following query to see, for a particular time range, whether users signed in using SAML or with their username and password:
```sql
_index=sumologic_audit action=login | count by class, sourceuser
```
:::important
-This query depends upon data in the Sumo audit index. If the audit index is not enabled, the query will not return results. To enable the index, follow the instructions in Enable and Manage the Audit Index.
+This query depends upon data in the Sumo Logic audit index. If the audit index is not enabled, the query will not return results. To enable the index, follow the instructions in [Enable the audit index](/docs/manage/security/audit-indexes/audit-index/#enable-the-audit-index).
:::
-The query results show, for each user that has accessed Sumo over the time range, the number of times they have logged in using SAML or by entering a Sumo username and password. In the class column:
+The query results show for each user that has accessed Sumo Logic over the time range, the number of times they have logged in using SAML or by entering a Sumo Logic username and password. In the class column:
* "SAML" indicates the user signed in using SAML.
* "SESSION" indicates the user authenticated by entering a username and password.
-If the same user accessed Sumo using both methods (SAML and direct logon) during the time range, the query results will include a row for each method, showing how many times each method was used.
+If the same user accessed Sumo Logic using both methods (SAML and direct logon) during the time range, the query results will include a row for each method, showing how many times each method was used.
### Require SAML for sign-in
-Click Require SAML Sign In to require users to sign in using SAML.
+Click **Require SAML Sign In** to require users to sign in using SAML.
:::tip
-After you lock down SAML, any new users you allowlist will have to select Forgot Password from the login screen to recover their credentials. This is because a SAML-locked down user does NOT have a password.
+After you lock down SAML, any new users you allowlist will have to select **Forgot Password** from the login screen to recover their credentials. This is because a SAML-locked down user does NOT have a password.
:::
-Sumo automatically adds your account under **Allow these users to sign in using passwords in addition to SAML** as an allowlisted user as a preventative measure to ensure you’re still able to access Sumo if you run into issues.
+Sumo Logic automatically adds your account under **Allow these users to sign in using passwords in addition to SAML** as an allowlisted user as a preventative measure to ensure you’re still able to access Sumo Logic if you run into issues.
Having only one user able to bypass SAML may not be convenient or practical if you have a global company or a large team. You can add additional allowlisted users by clicking the (+) icon next to **Allow these users to sign in using passwords in addition to SAML**:
-We do not recommend denying all users password access to Sumo even if you want to enforce log in by SAML. If you attempt to delete your last remaining allowlisted user, you will receive a warning that this is not a recommended practice:
+We do not recommend denying all users password access to Sumo Logic even if you want to enforce log in by SAML. If you attempt to delete your last remaining allowlisted user, you will receive a warning that this is not a recommended practice: