From 5f409b4e232df6b7f85c1880dc942e6ee08f2b1d Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:39:12 +0530 Subject: [PATCH 1/3] Update logs-to-metrics.md --- docs/metrics/logs-to-metrics.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/metrics/logs-to-metrics.md b/docs/metrics/logs-to-metrics.md index c85cd53f46..4f8b533a5f 100644 --- a/docs/metrics/logs-to-metrics.md +++ b/docs/metrics/logs-to-metrics.md @@ -83,11 +83,13 @@ Not all Sumo parsing operators are supported. For more information, see [Create You cannot use a scheduled view or an index in the scope of a Logs-to-Metrics rule. In other words, you shouldn't use a log search scope that includes `_view` or `_index`.  -### Using Logs-to-Metrics in the frequent or infrequent tier +### Using Logs-to-Metrics for partitions not included in default scope -Since `_index` is not accepted in logs-to-metrics rules, you can just skip it and still get results for the data assigned to frequent and infrequent tier. +In the data tier model, frequent and infrequent partitions are excluded from the default search scope. If your organization is configured for the flex pricing model, you can selectively choose which partitions to include or exclude from the [default search scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope). -If you want to create a Logs-to-Metrics rule for the scope of frequent or infrequent tier partition, you can create the rule with the same log search scope as the partition where the data lives. For example, if you have a partition, `_index=foo`, whose routing expression is `_sourceCategory=foo`, then you should use the same routing expression, `_sourceCategory=foo`, to scope the Logs-to-Metrics rule. +For cases involving partitions that fall outside the default scope, you can create a Logs-to-Metrics rule for the scope of frequent tier partition, infrequent tier partition, or for the partitions excluded in the flex pricing model. To do this, set the rule using the same log search scope as the partition where the data resides. + +For example, if you have a partition with the index `_index=foo`, and its routing expression is `_sourceCategory=foo`, you should use the same routing expression, `_sourceCategory=foo`, when scoping the Logs-to-Metrics rule. ### _dataTier search modifier is not supported From 670311338fb6eb467f94bb0e9ae1cb0742f349d6 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:49:04 +0530 Subject: [PATCH 2/3] Update logs-to-metrics.md --- docs/metrics/logs-to-metrics.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/metrics/logs-to-metrics.md b/docs/metrics/logs-to-metrics.md index 4f8b533a5f..73eea60535 100644 --- a/docs/metrics/logs-to-metrics.md +++ b/docs/metrics/logs-to-metrics.md @@ -85,9 +85,9 @@ You cannot use a scheduled view or an index in the scope of a Logs-to-Metrics ru ### Using Logs-to-Metrics for partitions not included in default scope -In the data tier model, frequent and infrequent partitions are excluded from the default search scope. If your organization is configured for the flex pricing model, you can selectively choose which partitions to include or exclude from the [default search scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope). +In the data tier model, frequent and infrequent partitions are excluded from the default search scope. While, if your organization is configured for the flex pricing model, you can selectively choose which partitions to include or exclude from the [default search scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope). -For cases involving partitions that fall outside the default scope, you can create a Logs-to-Metrics rule for the scope of frequent tier partition, infrequent tier partition, or for the partitions excluded in the flex pricing model. To do this, set the rule using the same log search scope as the partition where the data resides. +For cases involving partitions that fall outside the default scope, you can create a Logs-to-Metrics rule for the frequent tier partition, infrequent tier partition, or for the partitions excluded in the flex pricing model. To do this, set the rule using the same log search scope as the partition where the data resides. For example, if you have a partition with the index `_index=foo`, and its routing expression is `_sourceCategory=foo`, you should use the same routing expression, `_sourceCategory=foo`, when scoping the Logs-to-Metrics rule. From 3a1e1850eb5758afb604fdb1ad000311714cad44 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:30:18 +0530 Subject: [PATCH 3/3] Update docs/metrics/logs-to-metrics.md Co-authored-by: John Pipkin (Sumo Logic) --- docs/metrics/logs-to-metrics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/metrics/logs-to-metrics.md b/docs/metrics/logs-to-metrics.md index 73eea60535..6641d574e2 100644 --- a/docs/metrics/logs-to-metrics.md +++ b/docs/metrics/logs-to-metrics.md @@ -85,7 +85,7 @@ You cannot use a scheduled view or an index in the scope of a Logs-to-Metrics ru ### Using Logs-to-Metrics for partitions not included in default scope -In the data tier model, frequent and infrequent partitions are excluded from the default search scope. While, if your organization is configured for the flex pricing model, you can selectively choose which partitions to include or exclude from the [default search scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope). +In the data tier model, frequent and infrequent partitions are excluded from the default search scope. However, if your organization is configured for the flex pricing model, you can selectively choose which partitions to include or exclude from the [default search scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope). For cases involving partitions that fall outside the default scope, you can create a Logs-to-Metrics rule for the frequent tier partition, infrequent tier partition, or for the partitions excluded in the flex pricing model. To do this, set the rule using the same log search scope as the partition where the data resides.