SumoLogic · kimsauce · May 3, 2024 · Apr 24, 2024 · Apr 24, 2024 · Apr 24, 2024
@@ -2506,6 +2506,7 @@
   "/cid/9004": "/docs/integrations/microsoft-azure/active-directory-json",
   "/cid/9006": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-network-firewall",
   "/cid/9008": "/docs/alerts/webhook-connections/new-relic",
+  "/cid/10333": "/docs/send-data/opentelemetry-collector/remote-management/processing-rules",
   "/cid/9010": "/docs/send-data/opentelemetry-collector",
   "/cid/9011": "/docs/send-data/opentelemetry-collector/install-collector/linux",
   "/cid/9012": "/docs/send-data/opentelemetry-collector/install-collector/macos",

@@ -1,5 +1,5 @@
 ---
-id: remote-management
+slug: /send-data/opentelemetry-collector/remote-management
 title: OpenTelemetry Remote Management
 sidebar_label: Remote Management
 ---

@@ -0,0 +1,41 @@
+---
+id: include-and-exclude-rules
+title: Include and Exclude Rules for OpenTelemetry (Beta)
+description: Use include and exclude processing rules to specify what kind of data is sent to Sumo Logic using OpenTelemetry Collector.
+---
+
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+You can use include and exclude processing rules to specify what data is sent to Sumo Logic using OpenTelemetry Collector. Internally these will use [filter processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/filterprocessor) to get the data filtered. 
+
+* An exclude rule functions as a denylist filter where the matching data is not sent to Sumo Logic.
+* An include rule functions as an allowlist filter where only matching data is sent to Sumo Logic.
+
+As a best practice, specify these rules to match the lesser volume of data.
+
+* If you want to **collect the majority of data** from a source template, provide **exclude** rules to match (filter out) the lesser volume of data.
+* If you want to **collect a small set of data** from a source template, provide **include** rules to match (filter in) the lesser volume of data.
+
+For example, to include only messages coming from a Windows Event log with ID `8015`, you can add a Logs Filter to the source template and select the **Type** of the filter as "Include message that match", and can use the following filter regular expression:
+
+```
+.*"id":8015.*
+```
+
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/processingrule-include-logs.png')} alt="collector-installation-completion-page" style={{border:'1px solid gray'}} width="700" />
+
+## Rules and limitations
+
+When writing regular expression rules, you must follow these rules:
+
+* Your rule must be [RE2 compliant](https://github.com/google/re2/wiki/Syntax).
+* If your rule matches *only a section* of the log line, the full log line will be matched.
+* For *single line messages*, it is not mandatory to prefix and suffix the regex expression with `.\*`.
+* Exclude rules take priority over include rules. Include rules are processed first. However, if an exclude rule matches data that matched the include rule filter, the data is excluded.
+* If two or more rules are listed, the assumed Boolean operator is `OR`.
@@ -0,0 +1,56 @@
+---
+slug: /send-data/opentelemetry-collector/remote-management/processing-rules
+title: Processing Rules for OpenTelemetry (Beta)
+description: Use Sumo Logic processing rules for an OpenTelemetry agent with an OpenTelemetry remote management (OTRM) source template.
+---
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+Processing rules can be used with OpenTelemetry Collector for different source templates in OTRM (OpenTelemetry remote management). These processing rules can filter and can mask the data sent to Sumo Logic from OpenTelemetry Collector which is remotely managed by Sumo Logic. The rules affect only the data sent to Sumo Logic; logs and metrics on your end remain intact and unchanged. Data filtered by OpenTelemetry Collector using processing rules does not count towards your daily data volume quota.
+
+Processing rules for logs collection support the following rule types:
+
+* [Exclude messages that match](include-and-exclude-rules.md). Remove messages that you do not want to send to Sumo Logic at all ("denylist" filter). These messages are skipped by OpenTelemetry Collector and are not uploaded to Sumo Logic.
+* [Include messages that match](include-and-exclude-rules.md). Send only the data you'd like in your Sumo Logic account (an "allowlist" filter). This type of rule can be useful, for example, if you only want to include messages coming from a firewall.
+
+Processing Rules for metrics collection support the following rule types:
+
+* [Exclude metrics that match](metrics-include-and-exclude-rules.md). Remove metrics that you do not want to send to Sumo Logic at all ("denylist" filter).
+* [Include metrics that match](metrics-include-and-exclude-rules.md). Send only selected metrics to your Sumo Logic account (an "allowlist" filter). 
+
+## Limitations
+
+* Regular expressions must be [RE2 compliant](https://github.com/google/re2/wiki/Syntax).
+* Processing Rules are tested with maximum of 20 rules.
+
+## How do processing rules work together?
+
+You can create one or more processing rules for a Source Template, combining the different types of filters to generate the exact data set you want sent to Sumo Logic.  
+
+When a Source has multiple rules they are processed in the following order: includes, excludes, masks.   
+
+Exclude rules take priority over include rules. Include rules are processed first, however, if an exclude rule matches data that matched the include rule filter, the data is excluded.
+
+## Guide contents
+
+In this section, we'll introduce the following concepts:
+
+<div className="box-wrapper" >
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/send-data/opentelemetry-collector/remote-management/processing-rules/include-and-exclude-rules"><img src={useBaseUrl('img/icons/operations/rules.png')} alt="icon" width="40"/><h4>Include and Exclude Rules for OpenTelemetry </h4></a>
+  <p>Use include and exclude processing rules to specify what kind of data is sent to Sumo Logic using OpenTelemetry Collector.</p>
+  </div>
+</div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/send-data/opentelemetry-collector/remote-management/processing-rules/metrics-include-and-exclude-rules"><img src={useBaseUrl('img/icons/operations/rules.png')} alt="icon" width="40"/><h4>Metrics Include and Exclude Rules for OpenTelemetry</h4></a>
+  <p>Use metrics processing rules to specify what metrics are sent to Sumo Logic using OpenTelemetry Collector.</p>
+  </div>
+</div>
+</div>
@@ -0,0 +1,62 @@
+---
+id: metrics-include-and-exclude-rules
+title: Metrics Include and Exclude Rules for OpenTelemetry (Beta)
+description: You can use metrics processing rules to specify what metrics are sent to Sumo Logic using OpenTelemetry Collector.
+---
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+You can use include and exclude processing rules to specify what metrics is sent to Sumo Logic using OpenTelemetry Collector. Internally these will use [filter processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/filterprocessor) to get the metrics filtered. 
+
+* An exclude rule functions as a denylist filter where all data is sent except matching data to Sumo Logic.
+* An include rule functions as an allowlist filter where only matching data is sent to Sumo Logic.
+
+As a best practice, specify these rules to match the lesser volume of data.
+
+* If you want to collect the majority of data from a source template, provide exclude rules to match (filter out) the lesser volume of data
+* If you want to collect a small set of data from a source template, provide include rules to match (filter in) the lesser volume of data.
+
+## Metric filter examples
+
+For filtering metrics data in source template you can add a metrics filter to the source template. You can then provide the name of the filter followed by **Type** (filter to include or exclude) and **Filter by**. 
+
+There are three ways to use metrics filter in source template: 
+* Filter by metrics name
+* Filter by dimension
+* Filter by metrics name and dimension
+
+### Filter by metrics name
+
+If you need to filter by name of the metrics, then you can select this option and provide the regex which matched with the metric name. 
+
+For example when collecting host metrics, if you need to collect only network metrics, then you can give `network` in the metric name. 
+
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/processingrule-include-metricname.png')} alt="collector-installation-completion-page" style={{border:'1px solid gray'}} width="700" />
+
+### Filter by dimension
+
+If you need to filter by dimension of the metrics, then you can select this option and provide the list of keys and values in the dimension table. Key needs to be the exact dimension name and value can be a regex which matches against the value for the key given. All of these key value pairs will have the `AND` condition between them. 
+
+For example, when collecting host metrics you can filter CPU metrics data for a specific CPU (say `cpu0`), and you can mention the respective key value pair in the dimension table.
+
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/processingrule-include-metricdimension.png')} alt="collector-installation-completion-page" style={{border:'1px solid gray'}} width="700" />
+
+### Filter by metrics name and dimension
+
+If you need to filter by metrics name and dimension, then you can select this option and provide the metric name regex and dimension key and value. Key needs to be the exact dimension name and value can be a regex which matches against the value for the key given. All inputs here (that is, metric name) and all key value pairs will have the `AND` condition between them. 
+
+For example, when collecting host metrics, you can filter network metrics for a specific device and direction by giving metric name regex as `network`, and in the dimension table key value pair you can specify `device=lo` and `direction=transmit`.
+
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/processingrule-include-metricnameanddimension.png')} alt="collector-installation-completion-page" style={{border:'1px solid gray'}} width="700" />
+
+## Rules and Limitations
+
+* Your rule must be [RE2 compliant](https://github.com/google/re2/wiki/Syntax).
+* Exclude rules take priority over include rules. Include rules are processed first, however, if an exclude rule matches data that matched the include rule filter, the data is excluded.
+* If two or more rules are listed, the assumed Boolean operator is OR.
+* If data needs to get filtered for single dimension key which can have multiple possible values then we can use a `|` operator. For example if we need to monitor cpu metrics for only cpu0 and cpu1 then we can form the dimension value expression as `cpu0|cpu1`.