From d4de3d8c9b95068eb32fc38b06a6c4562efbc051 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Tue, 14 May 2024 00:45:01 -0700 Subject: [PATCH 1/4] Remove references to pre-bento UI --- docs/contributing/word-list.md | 2 +- .../create-processing-rule.md | 85 ++----------------- 2 files changed, 10 insertions(+), 77 deletions(-) diff --git a/docs/contributing/word-list.md b/docs/contributing/word-list.md index bddd7d9a9b..50b8aa1973 100644 --- a/docs/contributing/word-list.md +++ b/docs/contributing/word-list.md @@ -27,7 +27,7 @@ This word list provides an alphabetized list of commonly used terms at Sumo Logi **Check box**. Check box is two words. Don't use checkbox. -**Classic UI**. Use this term to distinguish the old UI. +**Classic UI**. Use this term to clarify you're talking about the legacy UI. **Click**. You click a UI element. Do not use "click on". diff --git a/docs/send-data/collection/processing-rules/create-processing-rule.md b/docs/send-data/collection/processing-rules/create-processing-rule.md index 0f786f75cd..5d9614780a 100644 --- a/docs/send-data/collection/processing-rules/create-processing-rule.md +++ b/docs/send-data/collection/processing-rules/create-processing-rule.md @@ -1,35 +1,17 @@ --- id: create-processing-rule title: Create a Processing Rule -description: Processing rules filter and can forward data sent to Sumo Logic from a Source. +description: Processing rules filter and forward data sent to Sumo Logic from a Source. --- -There are two user interfaces (UI) to create a Processing Rule, classic and new. The new interface is only available on certain Sources and is being released incrementally. Each UI is documented in a separate tab below. +This document describes how to create a Processing Rule. - - - - -## New interface for Hosted Collector Sources - -You can add a processing rule to an existing Source or create a processing rule when you configure a new Source. - -1. To create a processing rule for an existing Source, go to **Manage Data** > **Collection** > **Collection** and click **Edit** next to a Source. When configuring your new or existing Source, click the **\+ Add Filter** or **\+ Add** **Action** text in the **Processing Rules** section.  - - * A filter is either an allowlist or denylist rule. - * An action is either a hash or mask rule. - - ![processing rules](/img/collector/processing-rules/create-a-processing-rule/processing-rules.png) -1. Once clicked, the configuration options are displayed. - - ![generic processing rules UI with added options.png](/img/collector/processing-rules/create-a-processing-rule/generic_processing_rules_UI_with_added_options.png) +You can add a processing rule to an existing Source or create one when you configure a new Source. +1. To create a processing rule for an existing Source, go to **Manage Data** > **Collection** > **Collection** and click **Edit** next to a Source. When configuring your new or existing Source, click the **\+ Add Filter** or **\+ Add** **Action** text in the **Processing Rules** section. + * A filter is either an allowlist or denylist rule. + * An action is either a hash or mask rule.
![processing rules](/img/collector/processing-rules/create-a-processing-rule/processing-rules.png) +1. Once clicked, the configuration options are displayed.
![generic processing rules UI with added options.png](/img/collector/processing-rules/create-a-processing-rule/generic_processing_rules_UI_with_added_options.png) 1. Give a meaningful **Name** to your rule. Names can be up to 32 characters long. 1. Choose the **Type** of processing rule you'd like to create: * Filters have the option to: @@ -39,58 +21,9 @@ You can add a processing rule to an existing Source or create a processing rule * [Hash messages that match](hash-rules.md). Replace a message with a unique, randomly-generated code to protect sensitive or proprietary information. You may want to hash unique identifiers, such as credit card numbers or user names. By hashing this type of data, you can still track it, even though it is fully hidden. * [Mask messages that match](mask-rules.md). Replace an expression with a mask string that you can customize—another option to protect data, such as passwords, that you'dn't normally track. 1. For **Filter**, type a regular expression that defines the messages you want to filter. The rule must match the whole message. - For multi-line log messages, to get the lines before and after the line containing your text, wrap the segment with **(?s).\*** such as: **(?s).\*matching text(?s).\*** - :::note - Your regex must be [RE2 compliant.](https://github.com/google/re2/wiki/Syntax) + Your regex must be [RE2 compliant](https://github.com/google/re2/wiki/Syntax). ::: - -1. To remove a filter or action click the trash can icon. - - ![processing rule trach can icon.png](/img/collector/processing-rules/create-a-processing-rule/trashcan-icon.png) - +1. To remove a filter or action, click the trash can icon.
![processing rule trash can icon.png](/img/collector/processing-rules/create-a-processing-rule/trashcan-icon.png) 1. When you are finished adding all the rules you need, click **Submit**. - - - - - -## Original interface - -1. To create a processing rule for an existing Source, go to **Manage Data** > **Collection** > **Collection** and click **Edit** next to a Source. When configuring your new or existing Source, expand the **Processing Rules for Logs** section and then click **Add Rule**. - - ![Add processing rule](/img/collector/processing-rules/create-a-processing-rule/no-rules.png) - -1. The **Processing Rule for Logs** dialog is displayed.  - - ![Add Processing Rule](/img/collector/processing-rules/create-a-processing-rule/redact-rules.png) -   -1. Give a meaningful **Name** to your rule. Names can be up to 32 characters long. -1. For **Filter**, type a regular expression that defines the messages you want to filter. The rule must match the whole message. - - * For multi-line log messages, to get the lines before and after the line containing your text, wrap the segment with `(?s).` such as:`(?s).*matching text(?s).` - - :::note - Your regex must be [RE2 compliant](https://github.com/google/re2/wiki/Syntax). - ::: - -1. Choose the **Type** of processing rule you'd like to create: - - * [Exclude messages that match](include-and-exclude-rules.md). Remove messages that you do not want to send to Sumo Logic at all, think of it as a "denylist" filter. These messages are skipped after reaching the Source and are not uploaded to Sumo Logic. - * [Include messages that match](include-and-exclude-rules.md). Send only the data you'd like in your Sumo Logic account, think of it as an "allowlist" filter. This type of filter can be very useful when the list of log data you want to send to Sumo Logic is easier to filter than setting up exclude filters for all of the types of messages you'd like to exclude, for example, if you only want to include only messages coming from a firewall. - * [Hash messages that match](hash-rules.md). Replace a message with a unique, randomly-generated code to protect sensitive or proprietary information. You may want to hash unique identifiers, such as credit card numbers or user names. By hashing this type of data, you can still track it, even though it is fully hidden. - * [Mask messages that match](mask-rules.md). Replace an expression with a mask string that you can customize—another option to protect data, such as passwords, that you'dn't normally track. - * Forward messages that match. Send data from an Installed Collector Source to a selected non-Sumo location. This option is only available if you have configured a data forwarding destination. For more information, see [Forward Data from an Installed Collector](/docs/manage/data-forwarding/installed-collectors). - -1. Click **Apply** to add the rule. Continue to add rules as needed. - -1. When you are finished adding all the rules you need, click **Submit**. - - ![rule-action.png](/img/collector/processing-rules/create-a-processing-rule/save-rule.png) - - - - -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; From f4ec8b9b058b5e5363460e6e746bd3f5bd0644a2 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Tue, 14 May 2024 14:23:52 -0700 Subject: [PATCH 2/4] Remove references to pre-Bento UI --- docs/contributing/word-list.md | 2 +- docs/metrics/metrics-operators/outlier.md | 6 ++---- .../search-basics/comments-search-queries.md | 6 ++++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/contributing/word-list.md b/docs/contributing/word-list.md index 50b8aa1973..ae9d594ef3 100644 --- a/docs/contributing/word-list.md +++ b/docs/contributing/word-list.md @@ -27,7 +27,7 @@ This word list provides an alphabetized list of commonly used terms at Sumo Logi **Check box**. Check box is two words. Don't use checkbox. -**Classic UI**. Use this term to clarify you're talking about the legacy UI. +**Classic UI**. Use this term to clarify that you're talking about the legacy UI. **Click**. You click a UI element. Do not use "click on". diff --git a/docs/metrics/metrics-operators/outlier.md b/docs/metrics/metrics-operators/outlier.md index 1478a2d7c6..de539da136 100644 --- a/docs/metrics/metrics-operators/outlier.md +++ b/docs/metrics/metrics-operators/outlier.md @@ -20,11 +20,9 @@ outlier [window=, threshold=, direction=[ +- | + | Where: -* `window` is the range over which to calculate the moving average and standard deviation of the time series. `window` can be specified with time units (s, m, h), or it can be specified without time units. Default: 5m. -:::note -If you use `outlier` in the Classic Metrics UI, if you specify the `window` parameter without supplying a unit of time, the window duration applied will be in the units used in the [quantization](docs/metrics/introduction/metric-quantization.md) of the query. +* `window` is the range over which to calculate the moving average and standard deviation of the time series. `window` can be specified with time units (s, m, h), or it can be specified without time units. Default: 5m. * `threshold` is the number of standard deviations from the moving average that defines the threshold band. Default: 3 -* `direction` specifies what deviation direction should trigger violations: positive deviations (+), negative deviations (-), or both (+-). Default: +- +* `direction` specifies what deviation direction should trigger violations: positive deviations (`+`), negative deviations (`-`), or both (`+-`). Default: `+-`. ![outlier-operator.png](/img/metrics/outlier-operator.png) diff --git a/docs/search/get-started-with-search/search-basics/comments-search-queries.md b/docs/search/get-started-with-search/search-basics/comments-search-queries.md index e433991bdd..bbc6b8befa 100644 --- a/docs/search/get-started-with-search/search-basics/comments-search-queries.md +++ b/docs/search/get-started-with-search/search-basics/comments-search-queries.md @@ -33,6 +33,8 @@ The following is a multi-line comment. ![multi line comment.png](/img/search/get-started-search/search-basics/comments-search-queries/multi-line-comment.png) -## Pro Tip: Sumo Logic App Queries as Examples +## Pro Tip: Leverage pre-built Sumo Logic app queries -Sumo Logic Apps are a great resource of example search queries. You can review and even [run searches from Sumo Logic Apps](/docs/get-started/apps-integrations#run-searches-from-sumo-logic-apps) without installing them. To view available Sumo Logic Apps, click the **Library** icon Library icon at the top of the UI (**Library > Apps** in the classic UI). You can also [copy content from the Library](/docs/get-started/library), and use it as a starting point to create your own queries. When you do that, you can comment out the aggregation lines of the query and replace them with your own. You can also delete them of course, but commenting them out instead would make them available for reference later. +Sumo Logic apps are a great resource for example search queries. You can preview and even [run a Log Search a from Sumo Logic app](/docs/get-started/apps-integrations#run-searches-from-sumo-logic-apps) without installing it. + +To view available Sumo Logic apps, click the **Library** icon Library icon at the top of the UI (**Library > Apps** in the Classic UI). You can also [copy content from the Library](/docs/get-started/library), and use it as a starting point to create your own queries. When you do that, you can comment out the aggregation lines of the query and replace them with your own. You can also delete them of course, but commenting them out instead would make them available for reference later. From ad8a1aa4f7b5ffaa0e343de1cd8a6db8e9e4a043 Mon Sep 17 00:00:00 2001 From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com> Date: Tue, 14 May 2024 14:26:31 -0700 Subject: [PATCH 3/4] Update docs/send-data/collection/processing-rules/create-processing-rule.md --- .../collection/processing-rules/create-processing-rule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/send-data/collection/processing-rules/create-processing-rule.md b/docs/send-data/collection/processing-rules/create-processing-rule.md index 5d9614780a..8c3cc40755 100644 --- a/docs/send-data/collection/processing-rules/create-processing-rule.md +++ b/docs/send-data/collection/processing-rules/create-processing-rule.md @@ -1,7 +1,7 @@ --- id: create-processing-rule title: Create a Processing Rule -description: Processing rules filter and forward data sent to Sumo Logic from a Source. +description: Use processing rules to filter and forward data sent from a source to Sumo Logic. --- This document describes how to create a Processing Rule. From 53a5f2a6b77b85c2a9c816e70ac9b45bf821f98e Mon Sep 17 00:00:00 2001 From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com> Date: Tue, 14 May 2024 14:26:57 -0700 Subject: [PATCH 4/4] Update docs/send-data/collection/processing-rules/create-processing-rule.md --- .../collection/processing-rules/create-processing-rule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/send-data/collection/processing-rules/create-processing-rule.md b/docs/send-data/collection/processing-rules/create-processing-rule.md index 8c3cc40755..94e5d40e90 100644 --- a/docs/send-data/collection/processing-rules/create-processing-rule.md +++ b/docs/send-data/collection/processing-rules/create-processing-rule.md @@ -4,7 +4,7 @@ title: Create a Processing Rule description: Use processing rules to filter and forward data sent from a source to Sumo Logic. --- -This document describes how to create a Processing Rule. +This document describes how to create a processing rule. You can add a processing rule to an existing Source or create one when you configure a new Source.