From bff9b34eb90f3aef7d92067084ec7f3105ffa6b8 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Tue, 2 Apr 2024 09:57:47 -0500
Subject: [PATCH 1/3] Update search filter limitations

---
 .../users-roles/roles/construct-search-filter-for-role.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/manage/users-roles/roles/construct-search-filter-for-role.md b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
index c18c290fe1..bacd9ae109 100644
--- a/docs/manage/users-roles/roles/construct-search-filter-for-role.md
+++ b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
@@ -51,11 +51,15 @@ The explanations of the behavior of each example filter assume that no other rol
 
 #### Search filter limitations
 
+* Role filters should include only keyword expressions or or built-in metadata field expressions using these fields: `_sourcecategory`, `_collector`, `_source`, `_sourcename`, `_sourcehost`.
+* Using `_index` or `_view` in a role filter scope is not supported.
 * Role filters cannot include vertical pipes (`|`).
 * Role filters apply to log searches, not metric searches.
-* If one or more of your FERs override the out-of-the-box metadata tags you use in your search filters for a role, Live Tail can still provide access to data outside of the scope intended in your search filter. You should either avoid overriding out-of-the-box metadata tags in your FERs or avoid overridden tags in your search filters.
 * The [_dataTier](/docs/manage/partitions/data-tiers/searching-data-tiers/) search modifier is not supported in role filters.
-* For limitations related to the use of Scheduled Views or Partitions in a search filter, refer to [Partitions](/docs/manage/partitions/#limitations) and [Scheduled Views](/docs/manage/scheduled-views).
+* If one or more of your FERs override the out-of-the-box metadata tags you use in your search filters for a role, Live Tail can still provide access to data outside of the scope intended in your search filter. You should either avoid overriding out-of-the-box metadata tags in your FERs or avoid overridden tags in your search filters.
+* Using a field or Field Extraction Rule (FER) in a role filter is not supported. It will cause errors for any search run by a user in the role where the field is not valid. For example, if an FER created a field `foo`, adding the `foo=bar` scope to a role will break any search for a user where this field is not valid. This most often causes errors where users search a view where the field is not a valid schema field in that view.
+
+For limitations related to the use of Scheduled Views or Partitions in a search filter, refer to [Partitions](/docs/manage/partitions/#limitations) and [Scheduled Views](/docs/manage/scheduled-views).
 
 #### Using metadata in a search filter
 

From 2ac547e15167eeb8c391e517e7790463d4003843 Mon Sep 17 00:00:00 2001
From: "John Pipkin (Sumo Logic)" <jpipkin@sumologic.com>
Date: Tue, 2 Apr 2024 13:28:36 -0500
Subject: [PATCH 2/3] Update
 docs/manage/users-roles/roles/construct-search-filter-for-role.md

Co-authored-by: Kim <56411016+kimsauce@users.noreply.github.com>
---
 .../users-roles/roles/construct-search-filter-for-role.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/manage/users-roles/roles/construct-search-filter-for-role.md b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
index bacd9ae109..b7c5ca662f 100644
--- a/docs/manage/users-roles/roles/construct-search-filter-for-role.md
+++ b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
@@ -51,7 +51,7 @@ The explanations of the behavior of each example filter assume that no other rol
 
 #### Search filter limitations
 
-* Role filters should include only keyword expressions or or built-in metadata field expressions using these fields: `_sourcecategory`, `_collector`, `_source`, `_sourcename`, `_sourcehost`.
+* Role filters should include only keyword expressions or built-in metadata field expressions using these fields: `_sourcecategory`, `_collector`, `_source`, `_sourcename`, `_sourcehost`.
 * Using `_index` or `_view` in a role filter scope is not supported.
 * Role filters cannot include vertical pipes (`|`).
 * Role filters apply to log searches, not metric searches.

From 14b308d1a9ed3f60bf4d142133a14f1f86a2f239 Mon Sep 17 00:00:00 2001
From: "John Pipkin (Sumo Logic)" <jpipkin@sumologic.com>
Date: Tue, 2 Apr 2024 13:28:55 -0500
Subject: [PATCH 3/3] Update
 docs/manage/users-roles/roles/construct-search-filter-for-role.md

Co-authored-by: Kim <56411016+kimsauce@users.noreply.github.com>
---
 .../users-roles/roles/construct-search-filter-for-role.md     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/manage/users-roles/roles/construct-search-filter-for-role.md b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
index b7c5ca662f..699f4b7076 100644
--- a/docs/manage/users-roles/roles/construct-search-filter-for-role.md
+++ b/docs/manage/users-roles/roles/construct-search-filter-for-role.md
@@ -56,8 +56,8 @@ The explanations of the behavior of each example filter assume that no other rol
 * Role filters cannot include vertical pipes (`|`).
 * Role filters apply to log searches, not metric searches.
 * The [_dataTier](/docs/manage/partitions/data-tiers/searching-data-tiers/) search modifier is not supported in role filters.
-* If one or more of your FERs override the out-of-the-box metadata tags you use in your search filters for a role, Live Tail can still provide access to data outside of the scope intended in your search filter. You should either avoid overriding out-of-the-box metadata tags in your FERs or avoid overridden tags in your search filters.
-* Using a field or Field Extraction Rule (FER) in a role filter is not supported. It will cause errors for any search run by a user in the role where the field is not valid. For example, if an FER created a field `foo`, adding the `foo=bar` scope to a role will break any search for a user where this field is not valid. This most often causes errors where users search a view where the field is not a valid schema field in that view.
+* If one or more of your Field Extraction Rules (FERs) override the out-of-the-box metadata tags you use in your search filters for a role, Live Tail can still provide access to data outside of the scope intended in your search filter. You should either avoid overriding out-of-the-box metadata tags in your FERs or avoid overridden tags in your search filters.
+* Using a field or FERs in a role filter is not supported. It will cause errors for any search run by a user in the role where the field is not valid. For example, if an FER created a field `foo`, adding the `foo=bar` scope to a role will break any search for a user where this field is not valid. This most often causes errors where users search a view where the field is not a valid schema field in that view.
 
 For limitations related to the use of Scheduled Views or Partitions in a search filter, refer to [Partitions](/docs/manage/partitions/#limitations) and [Scheduled Views](/docs/manage/scheduled-views).