})
1. Keep in mind:
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
+ * })
* **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
* **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
diff --git a/docs/integrations/google/bigquery.md b/docs/integrations/google/bigquery.md
index ec7b866257..76eb44a7e6 100644
--- a/docs/integrations/google/bigquery.md
+++ b/docs/integrations/google/bigquery.md
@@ -93,8 +93,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only
5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters.
6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters.
7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly:
- *  If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
- *  If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step.
+ * }){kind=small}
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * }){kind=small}
An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
7. Set any of the following under **Advanced**:
* **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed.
* **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected.
diff --git a/docs/manage/data-archiving/archive.md b/docs/manage/data-archiving/archive.md
index 74d0dba8f9..b894cbabb1 100644
--- a/docs/manage/data-archiving/archive.md
+++ b/docs/manage/data-archiving/archive.md
@@ -154,8 +154,8 @@ To use JSON to create an AWS S3 Archive Source reference our AWS Log Source
:::note
Fields specified on an AWS S3 Archive Source take precedence if the archived data has the same fields.
:::
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step Grant Sumo Logic access to an AWS Product.
* For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role.
* For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details.
diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md
index e5ad8bce87..fb746238f4 100644
--- a/docs/manage/field-extractions/index.md
+++ b/docs/manage/field-extractions/index.md
@@ -34,7 +34,7 @@ The Field Extraction Rules page displays the following information:
When hovering over a row in the table there are icons that appear on the far right for editing, disabling and deleting the rule.
-* **Status** shows a checkmark in a green circle  to indicate if the Rule is actively being applied or an exclamation mark in a red circle  to indicate if the Rule is disabled.
+* **Status** shows a checkmark in a green circle  to indicate if the Rule is actively being applied or an exclamation mark in a red circle  to indicate if the Rule is disabled.
* **Rule Name**
* **Applied At** indicates when the field extraction process occurs, either at Ingest or Run time.
* **Scope**
diff --git a/docs/manage/fields.md b/docs/manage/fields.md
index e557563504..6b0668cdab 100644
--- a/docs/manage/fields.md
+++ b/docs/manage/fields.md
@@ -22,8 +22,7 @@ The order of precedence for field assignment from highest to lowest is:
So, if you have a field defined at the Collector or Source level, and you create a FER against the same source of data with the same field name, the FER will win the field assignment.
-Any fields you want assigned to log data need to exist in a Fields schema. Each account has its own Fields schema that is available to manage in the Sumo web interface. When a field is defined and enabled in the Fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo that does not exist in the Fields
-schema it is ignored, known as dropped.
+Any fields you want assigned to log data need to exist in a Fields schema. Each account has its own Fields schema that is available to manage in the Sumo web interface. When a field is defined and enabled in the Fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
Fields specified in field extraction rules are automatically added and enabled in your Fields schema.
@@ -60,8 +59,8 @@ Fields can be assigned to a Collector and Source using the **Fields** input ta
1. Create or find and select the Collector or Source you want to assign fields to.
1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Automatically activate all fields on save**.
@@ -229,7 +228,7 @@ You need the **Manage Fields** [role capability](users-roles/roles/role-capab
The Fields page displays the following information:
-* **Status** shows a checkmark in a green circle  to indicate if the field is actively being applied or an exclamation mark in a red circle  to indicate if the field is disabled and being dropped.
+* **Status** shows a checkmark in a green circle to indicate if the field is actively being applied or an exclamation mark in a red circle  to indicate if the field is disabled and being dropped.
* **Field Name** is the name of the field, known as the key in the key-value pair.
* **Data Type** shows the data type of the field.
* **Field Extraction Rules** shows the number of Field Extraction Rules that reference the field.
diff --git a/docs/observability/kubernetes/monitoring.md b/docs/observability/kubernetes/monitoring.md
index 135134e150..96af6c2321 100644
--- a/docs/observability/kubernetes/monitoring.md
+++ b/docs/observability/kubernetes/monitoring.md
@@ -4,6 +4,8 @@ title: Monitoring Your K8s Environment
description: Learn how to effectively monitor your Kubernetes environment according to the individual areas of the Kubernetes architecture.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
This page provides insights for effectively monitoring your Kubernetes environment with Sumo Logic, and is organized according to the individual areas of the Kubernetes architecture.
## Navigating your Kubernetes environment
@@ -153,8 +155,8 @@ To add a custom field to a collector, do the following:
The Edit Collector dialog appears.
1. Click **Add Field**. 1. Enter a Field Name and Value in the respective text fields. In this example, we created a field for a **cluster** with the label **k8s.dev** and a pod with the name **pod_test** and label **k8s.test**. This allows you to easily search for log data for that cluster or pod. - *  A green circle with a check mark appears when the field exists and is enabled in the Fields table schema. - *  An orange triangle with an exclamation point appears when the field doesn't exist yet, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
 + *
A green circle with a check mark appears when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point appears when the field doesn't exist yet, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. Click **Save**. Now, any logs sent to this Collector will have these key-value pairs associated with it. With this association, you can search for `cluster=k8s.dev` or `pod_test=k8s.test` to return your logs. diff --git a/docs/reuse/apps/app-collection-option-1.md b/docs/reuse/apps/app-collection-option-1.md index 7a12519bd5..141e836f5a 100644 --- a/docs/reuse/apps/app-collection-option-1.md +++ b/docs/reuse/apps/app-collection-option-1.md @@ -12,8 +12,8 @@ To set up collection and install the app, do the following: 1. **Collector Name**. Enter a Name to display the Source in the Sumo Logic web application. The description is optional. 1. **Timezone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. (Optional) **Metadata**. Click the **+Add Metadata** link to add a custom log [Metadata Fields](/docs/manage/fields). Define the fields you want to associate, each metadata field needs a name (key) and value. - *  A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + *
A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema.
+ * 
An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Click **Next**.
1. Configure the source as specified in the `Info` box above, ensuring all required fields are included.
1. In the **Configure** section of your respective app, complete the following fields.
diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md
index 81a80166b2..57739c679a 100644
--- a/docs/reuse/apps/create-aws-s3-source.md
+++ b/docs/reuse/apps/create-aws-s3-source.md
@@ -46,8 +46,8 @@ These configuration instructions apply to log collection from all AWS Source typ
* Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
* Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists.
* Add an **accountId** field and assign it the value of the respective AWS account id which is being used.
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
11. For **AWS Access**, choose between the two **Access Method** options below, based on the AWS authentication you are providing.
* For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role. Role-based access is recommended (this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product)).
* For **Key access**, enter the **Access Key ID** and **Secret Access Key**. See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details.
diff --git a/docs/reuse/aws-cost-explorer.md b/docs/reuse/aws-cost-explorer.md
index 4a5081e04d..5abff28ca1 100644
--- a/docs/reuse/aws-cost-explorer.md
+++ b/docs/reuse/aws-cost-explorer.md
@@ -6,8 +6,8 @@ To configure an AWS Cost Explorer Source:
1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
 + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json { diff --git a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md index f7a53d9977..3700ba3684 100644 --- a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md +++ b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md @@ -73,7 +73,7 @@ To configure an Azure Event Hubs Source: 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format:
```xml
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format:
```
. Stopped Collectors and Sources are marked with . Stopped Collectors do not send any data.
If a Collector is stopped, you can verify the Collector's status and restart it if necessary.
diff --git a/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md b/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md
index f7091c9e01..1a46384ad0 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md
@@ -63,8 +63,8 @@ To create an Amazon Security Lake Source, follow the steps below:
1. In the **Source Category**, enter any string to tag the output collected from this distinct source. (Category metadata is stored in a searchable field called **_sourceCategory**).
7. In **Fields**. Click the **+Add Field** link to add custom log metadata fields.
8. Enter the required fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a checkmark shows up when a field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point shows up when the field doesn't exist or is disabled in the **Fields table schema**.
+ * A green circle with a checkmark shows up when a field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point shows up when the field doesn't exist or is disabled in the **Fields table schema**.
:::important
In this case, an option to automatically add or enable the nonexistent fields to the **Fields table schema** is provided. If a field is sent to Sumo logic that does not exist in the **Fields table schema** or is disabled, it will be ignored and known as dropped field.
:::
diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md
index 08f4d7c870..9a0ca0ae9b 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md
@@ -56,8 +56,8 @@ To create an AWS Kinesis Firehose for Logs Source:
1. **SIEM Processing**. Check the checkbox to forward your data to Cloud SIEM.
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Set any of the following options under **Advanced**. Advanced options do *not* apply to uploaded metrics.
diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
index 6f32675c93..198c8c7881 100644
--- a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
+++ b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md
@@ -114,8 +114,8 @@ You can adjust the configuration of when and how AWS handles communication attem
1. For **Source Category**, enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called _sourceCategory.)
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
:::note
If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM:
* Click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM.
diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md
index 5e19233b6f..887a21df96 100644
--- a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md
+++ b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md
@@ -50,8 +50,8 @@ To configure a cloud syslog source, do the following:
1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.)
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Set any of the following under **Advanced**:
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md
index 42bed8ac69..cbb67d2728 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md
@@ -51,8 +51,8 @@ You'll need a 1Password API token and your customer-specif
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Base URL**. Provide your 1Password customer-specific domain, for example `events.1password.com`.
1. **API Token**. Enter the [1Password API token](#vendor-configuration).
1. **Supported APIs to collect**. Select one or more of the available APIs, **Item Usage** and **Sign-in Attempts**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md
index 4d7d21b3b0..6840b65f16 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md
@@ -47,8 +47,8 @@ To configure an Abnormal Security Source, follow the steps below:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped.
1. Enter the **Access Token** for authorization collected from the [Abnormal Security platform](#vendor-configuration).
1. Additionally, if you like to collect the case data, enter **cases** in the **Supported APIs to collect** section. Threat data will be collected by default. But, if you like to collect only case data, you can unselect **threats** from the **Supported APIs to collect** section.
1. When you are finished configuring the Source, click **Save**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md
index 0c39fb720a..b1b9a5953c 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md
@@ -52,8 +52,8 @@ To configure an Airtable Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse). A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. In **Account ID**, enter an account ID that will be a unique identifier for your enterprise account.
1. In **Personal Access Token**, enter the access token that you have generated in the [Vendor configuration](#vendor-configuration) section.
1. When you are finished configuring the Source, click **Save**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md
index cca9ca28a9..450afb9b41 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md
@@ -41,8 +41,8 @@ To configure an Akamai CPC Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a checkmark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped).
+ * A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped).
1. **Client Token**. Enter the Client token value collected from the Akamai platform.
1. **Client Secret**. Enter the Client secret value collected from the Akamai platform.
1. **Access Token**. Enter the Access token value collected from the Akamai platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md
index 28bd5e17b4..2cc6e82a20 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md
@@ -48,8 +48,8 @@ To configure an Armis Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a checkmark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped).
+ * A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. In **Instance URL**, enter the Armis hostname.
:::info
Armis Instance URL is the Armis hostname. For example, `https://armis-instance.armis.com`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md
index 065a408d43..0e629e26ec 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md
@@ -53,8 +53,8 @@ To configure an Asana Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. Enter the Personal Access Token (PAT) from the Asana platform.
1. Enter the unique workspace ID for the users service account.
1. When you are finished configuring the Source, click **Save**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md
index 8c3270505f..ff9a412905 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md
@@ -51,8 +51,8 @@ To configure an Atlassian Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Organizations**. Click the **+Add** button to enter the Organizations you want to associate. Each Organizations needs a API Key value. This is the value that you generated from the [Atlassian platform](#vendor-configuration).
:::info
The authorization will fail if the API key value used is expired. To re-generate the API key, follow the steps mentioned in [vendor configuration](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md
index a7a66ef236..c6b47af574 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md
@@ -44,8 +44,8 @@ To configure a Automox Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields).
* Define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. In **Bearer Token**, enter the bearer token collected from the Automox platform.
1. In **Organization ID**, enter the Organization ID collected from the Automox platform.
1. Select the **Collect Audit Trail Logs** checkbox to collect the audit details.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md
index 7235b6b1fa..2809732c47 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md
@@ -34,8 +34,8 @@ To configure an AWS Cost Explorer Source:
1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
 + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md index b270b56901..d23a4928e7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md @@ -77,8 +77,8 @@ To configure an Azure Event Hubs Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name.
1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md
index 71addb6de5..5021eac9fc 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md
@@ -46,8 +46,8 @@ To configure the Bitwarden Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Bitwarden API Server Base URL**, enter the API Base URL for your Bitwarden installation.
1. (Optional) In **Self Hosted API Base URL**, enter the API Base URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL.
1. (Optional) In **OAuth 2.0 Token Url**, enter the OAuth 2.0 Token URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md
index 3f192214b2..558be9f5f7 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md
@@ -44,8 +44,8 @@ To configure a Box Source:
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Upload the JSON file.
1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
1. When you are finished configuring the Source, click **Submit**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md
index eca2f28ea2..64cdfd8382 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md
@@ -57,8 +57,8 @@ To configure a Carbon Black Cloud Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **CB Cloud Domain**. Enter your Carbon Black Cloud domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use.
1. **API Key**. Enter the Carbon Black Cloud API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section.
1. **API ID**. Enter your Carbon Black Cloud API ID correlated to your API key.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md
index e9bf908168..7f1d418030 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md
@@ -42,8 +42,8 @@ To configure a Carbon Black Inventory Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **CB Cloud Domain**. Enter your Carbon Black domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use.
1. **API Key**. Enter the Carbon Black API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section.
1. **API ID**. Enter your Carbon Black API ID correlated to your API key.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md
index 69783837e8..ebce07fc27 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md
@@ -63,8 +63,8 @@ To configure a Cato Networks Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. Enter the **API Key** for Cato Networks account.
1. Enter the **Account ID** for Cato Networks account.
1. Select the **Data Types**. You can select one or both of the data sources.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md
index b544cc4071..cff099cda5 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md
@@ -40,8 +40,8 @@ To configure a Cisco AMP Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Client ID**. Provide the Client ID you want to use to authenticate collection requests.
1. **API Region** (Optional). Select the appropriate region of your API Key. The default is `api.amp.cisco.com`.
1. **API Key**. Provide the API Key you want to use to authenticate collection requests.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md
index 6d1fbbc2b5..e38daf527d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md
@@ -57,8 +57,8 @@ To configure Cisco Meraki Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a checkmark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped).
+ * A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Base URL**. It refers to the default URL where your Meraki account is hosted. If you are located in China, you have the option to modify the base URL.
1. **API Key**. Provide the API key you generated from your Meraki account.
1. **Meraki Organization ID**. Provide the numeric Meraki organization ID of the Meraki org you want to collect data from. You can only provide one ID. Please create multiple sources for multiple Meraki organizations.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md
index 5dbe2a3986..ebce20a3ed 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md
@@ -51,8 +51,8 @@ Only administrators are allowed to retrieve the key. For more information, refer
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Base URL**. Provide your Cisco Vulnerability Management customer-specific domain, for example, `https://api.kennasecurity.com`.
1. **API Key**. Enter the [Cisco Vulnerability Management API key](#vendor-configuration).
1. **Data Collection**. Select one or more of the data types, **Assets** and **Vulnerabilities**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md
index d58e789187..97a9919b7d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md
@@ -78,8 +78,8 @@ To configure the Citrix Cloud API:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Base URL**. Choose the URL where your Citrix Cloud account is located. See [Base URL](#base-url) section to know your base URL.
1. **Customer ID**. Enter the Customer ID you generated and secured from the [API Client](#api-client) section in step 6.
1. **Client ID**. Enter the Client ID you generated and secured from the [API Client](#api-client) section in step 5.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md
index 73896df98f..f3752cca36 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md
@@ -51,8 +51,8 @@ To configure a Code42 Incydr Source:
1. Enter a **Name** for the source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Base URL**, select the domain from which you want to retrieve the source data from the Incydr API.
1. In **Client ID**, enter the Client ID you generated from the Code42 Incydr platform.
1. In **Secret Key**, enter the Secret Key you generated from the Code42 Incydr platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md
index c2282dd4ac..3373f0b769 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md
@@ -44,8 +44,8 @@ To configure a Confluent Cloud Metrics source:
1. Enter a **Name** for the source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **API Key ID**. Enter the Client ID collected from the [vendor configuration](#vendor-configuration). For example, `U5XXXYZYGAXXXFRZ`.
1. **API Secret**. Enter the Client Secret collected from the [vendor configuration](#vendor-configuration). For example, `psYDINXXXG9eYi9hF/X20SZAI4YEn5IZ0cXXXuZ556WIbKYvHPHSCTXXXyF`.
1. **Resource Filters**. Select the checkbox to collect metrics for the required resources, and then enter the ID of the relevant resource to export metrics.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md
index c98b0b590f..19e87a1b8c 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md
@@ -71,8 +71,8 @@ To configure the CrowdStrike FDR Host Inventory API:
5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) as inventory. A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
8. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region.
9. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section.
10. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md
index bf8fc99eaa..0c87327f30 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md
@@ -46,8 +46,8 @@ To configure a CrowdStrike FDR Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **AWS Access Key ID**: Provide your AWS Access Key ID you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section.
1. **AWS Secret Access Key**: Provide your AWS Secret Access Key you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section.
1. **SQS Queue URL**. Provide your SQS Queue URL you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md
index 3a35b309dd..8b47f63b0a 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md
@@ -71,8 +71,8 @@ To configure the CrowdStrike FileVantage Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **CrowdStrike Base URL**, choose the region as per your Base URL. See [Region](#region) section to know your region.
1. In **API Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section.
1. In **API Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md
index 52ffb00c63..c42a3a5bf6 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md
@@ -56,8 +56,8 @@ To configure a CrowdStrike Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **CrowdStrike domain**: Provide your [CrowdStrike domain](https://falcon.crowdstrike.com/support/documentation/89/event-streams-apis ), for example, `api.crowdstrike.com`.
1. **Client ID**: Provide the CrowdStrike Client ID you want to use to authenticate collection requests.
1. **Secret Key**. Provide the CrowdStrike API key you want to use to authenticate collection requests.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md
index c2e2746f58..6a63ac5b06 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md
@@ -70,8 +70,8 @@ To configure the CrowdStrike Spotlight Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region.
1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section.
1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md
index 53539e58ce..771a96257d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md
@@ -70,8 +70,8 @@ To configure the CrowdStrike Threat Intel Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region.
1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section.
1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md
index b9ddb536b1..41074859cd 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md
@@ -54,8 +54,8 @@ To configure a Cloud SIEM AWS EC2 Inventory Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **AWS Access**. The integration is configured for either role based AWS authentication or key based AWS authentication.
- **Role Based Access**. AWS Role ARN is required for Role based Access. Use the information provided on the source page to configure the role.})
- **Key Access**. Enter the IAM user access key ID and secret key you want to use to authenticate collection requests.})
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md
index b1fbf9aa28..cc85d29e03 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md
@@ -49,8 +49,8 @@ To configure a CyberArk Audit source, follow the steps below:
1. **Name**. Enter a name to display for the source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **Identity ID**. Enter your identity ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `ac212`.
1. **Web Application ID**. Enter your application ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `sumologic`.
1. **Username**. Enter your username(client-id) collected from the [Vendor configuration](#vendor-configuration) section. For example, `user@cyberark.cloud.1234`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md
index 7f1c96fec9..e8959718fa 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md
@@ -50,8 +50,8 @@ To configure a CyberArk EPM Source, follow the steps below:
1. **Source Category**. Enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **EPM Username**. Enter your EPM username from the [Vendor configuration](#vendor-configuration) section.
1. **EPM User Password**. Enter your EPM password from the [Vendor configuration](#vendor-configuration) section.
1. **CyberArk EPM Dispatch Server**. Enter your CyberArk EPM Dispatch Server URL, it is the dispatch server for your region. Following are some examples of dispatch server URLs:
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md
index 15377ad9a3..1a7decc0e3 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md
@@ -45,8 +45,8 @@ To configure a Cybereason Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Cybereason Host**. Provide your customer-specific host, such as `mydomain.cybereason.net`. If you have a customer-specific port this should be included, such as `mydomain.cybereason.net:8443`.
1. **User email** and **password**. Provide the Cybereason user credentials you want to use to authenticate collection requests.
1. (Optional) The **Polling Interval** is set for 300 seconds by default, you can adjust it based on your needs. This sets how often the Source checks for new data.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md
index db5443c94a..816e4de01a 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md
@@ -46,8 +46,8 @@ To configure Digital Guardian Source:
1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **API Gateway URL**, enter the API Gateway URL of your account.
1. In **Authorization Server URL**, enter the Authorization Server URL of your account.
1. In **API Client ID**, enter the API Client ID you generated from the Digital Guardian platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md
index 6240a6fbe5..c0284a6d60 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md
@@ -90,8 +90,8 @@ To configure the DocuSign source:
4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
7. In **DocuSign Environment**, choose the environment of your DocuSign account.
8. In **User ID**, enter the User ID of your account. See [User ID](#user-id) section to help find your User ID.
9. In **Integration Key**, enter the integration key you generated. See step 5 of [App](#app) section.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md
index b0de1f2501..3d5889aa94 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md
@@ -57,8 +57,8 @@ To configure a Dragos Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **Endpoint URL**. Enter the Dragos platform endpoint URL. For example, `https://test.cxc.dragos.cloud/`.
1. **API ID**. Enter the API ID of your account collected from the [Dragos platform](#vendor-configuration). For example, `036fxxxx-b642-xxxx-99d3-fcxxxx2exxxx`.
1. **API Secret**. Enter the API Secret of your account collected from the [Dragos platform](#vendor-configuration).. For example, `xxxU1TxxxxxxxxKSJwHYOpK37xxxxxxxxrEHAkU91xxxxxxxxxFrrJ06xxx`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md
index 3279be0a34..07bd4ba53b 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md
@@ -50,8 +50,8 @@ To configure a Dropbox source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **App Key**, **App Secret**, and **Access Code**. Provide your Dropbox [authentication](#vendor-configuration) credentials.
1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
1. When you are finished configuring the Source, click **Submit**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md
index b2235cdb76..563619e286 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md
@@ -45,8 +45,8 @@ To configure a Druva Cyber Resilience Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **API Endpoint URL**. Enter the API Endpoint URL collected from the [Druva Cyber Resilience platform](#vendor-configuration).
1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds).
1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md
index e26868c0d4..ff81890296 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md
@@ -67,8 +67,8 @@ To configure a Druva Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **API Endpoint URL**. Enter your API Endpoint URL. To get API Endpoint URL, follow the instructions from [Create and Manage Druva API Credentials](https://developer.druva.com/docs/migration-process).
1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials).
1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md
index d67a36ac4e..a50a44fad2 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md
@@ -40,8 +40,8 @@ To configure a Duo Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
:::note
If you are using the Duo Federal edition service when connecting APIs, it's recommended to use `duofederal.com` instead of the default `duosecurity.com` domain. Our Duo C2C lets you allow to configure the API domain as it contains the specific customer ID information. For example, you can use `api-xxxx-duosecurity.com` or `api-xxxx-duofederal.com` if the Duo Federal edition service has been opted in. For more information, refer to the [Duo Federal Edition Guide](https://duo.com/docs/duo-federal-guide#duo-service-connectivity).
:::
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md
index 618cef6cdc..074292d291 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md
@@ -54,8 +54,8 @@ To configure Gmail Trace Logs Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Project ID**. Enter the unique identifier number. You can find this from the Google Cloud Console.
1. **Dataset ID**. Enter the ID. The Dataset ID is the project-wise unique identifier for your dataset.
1. **Data Location**. Enter the location of DataSet which is set while creating Dataset in BigQuery.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md
index 692f0997a4..9ebb233941 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md
@@ -52,8 +52,8 @@ To configure an Google BigQuery Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Project ID**. Enter the unique identifier number for your BigQuery project. You can find this from the Google Cloud Console.
1. **Checkpoint Field**. Enter the name of the field in the query result to be used for checkpointing. This field has to be increasing and of type number or timestamp.
1. **Checkpoint Start**. Enter the first value for the checkpoint that the integration will plug into the query.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md
index 1b46e8a6f1..bc8563cb51 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md
@@ -56,8 +56,8 @@ Follow the below steps to create Google Workspace AlertCenter service account cr
1. **Source Category.** Enter a string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Click if you want the Source to forward the logs it ingests to [Cloud SIEM](/docs/cse/). A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Delegated User Email.** Enter the admin email address for the domain. This email should be the address that is configured for the specific service account in the Google Cloud console.
1. **Google Workspace AlertCenter Credentials**. You can authenticate your service account credentials directly by uploading a JSON file credentials instead of breaking down the file into different sections for the UI schema. Click **Upload** and select the JSON file that you downloaded in the [Service Account Credentials section](#vendor-configuration).
1. **Exclude Alert Types**. (Optional) Enter the data alert types and scope that you do not want to send to Sumo Logic.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md
index 83ba536de0..4fa671cc2f 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md
@@ -91,8 +91,8 @@ To configure a Google Workspace User Inventory source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) so it becomes part of User Inventory. A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. The **Delegated User Email** is the email address of the user you want to call the API on behalf of. This user should have the necessary [permissions](https://support.google.com/a/answer/7519580?hl=en) to view the details of other users in your Google Workspace domain, such as an Admin role. At a minimum, the user should have the `Users:Read permission`.
Learn more about Domain-Wide Delegation of Authority:
* [Domain-Wide Delegation of Authority](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md
index 6a2ba6c338..269d66b980 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md
@@ -44,8 +44,8 @@ To configure an Intel471 Threat Intel source:
1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Username**. Enter your login ID or email address.
1. **API Key**. Enter the API key of the user account collected from the [Intel471 Threat Intel platform](#vendor-configuration).
1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Intel 471 source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Intel 471 threat intelligence indicators will be stored in this source. Do not use spaces in the name.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md
index 0031175842..2b5bae2237 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md
@@ -41,8 +41,8 @@ To configure the Jamf Source:
1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Base URL**, enter your Jamf instance domain, `https://yourServer.jamfcloud.com`.
1. In **Client ID**, enter the Client ID you generated from the Jamf platform.
1. In **Client Secret**, enter the Client Secret you generated from the Jamf platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md
index a4a2d37e6c..ae7ac84d33 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md
@@ -39,8 +39,8 @@ To configure the JFrog Xray Source:
1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **JFrog Base URL**, enter your JFrog instance domain (for example, `https://acme.jfrog.io`).
1. In **HTTP Basic Auth Username**, enter your JFrog username you created.
1. In **HTTP Basic Auth Password**, enter your JFrog password you created.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md
index 452588828d..d3e9ed2190 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md
@@ -42,8 +42,8 @@ To configure a JumpCloud Directory Insights source:
1. Enter a **Name** for the source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **API Key**, enter the API Key you generated from the JumpCloud Directory Insights platform.
1. In **Organization ID**, enter the Organization ID you generated from the JumpCloud Directory Insights platform.
1. In **Service**, select the type of logs to collect. This allows you to limit the response to just the data you want.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md
index d3aa6f5b77..0b1cbc4848 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md
@@ -63,8 +63,8 @@ To configure a Kaltura source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Base URL**. Enter the API **Base URL**.
1. **Partner ID**. Enter the **Partner ID** collected from the [Vendor configuration](#create-a-new-app-token).
1. **App Token ID**. Enter the **App Token ID** collected from the [Vendor configuration](#create-a-new-app-token).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md
index a85bb4da6a..f907419762 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md
@@ -54,8 +54,8 @@ To configure Kandji Source:
1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Endpoint URL**, enter the endpoint URL collected from the Kandji platform.
1. In **Bearer Token**, enter the bearer token collected from the Kandji platform.
1. Select the **Collect Threat Details** checkbox to collect threat data. By default, **Collect Threat Details** checkbox will be selected.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md
index e15027008a..823b32a367 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md
@@ -68,8 +68,8 @@ To configure the KnowBe4 API Source:
4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
7. In **Region**, choose the region where your KnowBe4 account is located. See [Region](#region) section to know your Region.
1. In **API Key**, authenticate your account by entering your secret API key. You can access your API key or generate a new one from **User Event API Management Console**. See [API Token](#api-token) section.
1. In **Data Types**, you can select the **Phishing Tests** data type to fetch a list of all recipients for each phishing security test on your KnowBe4 account.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md
index bbd2fe4f65..757e259347 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md
@@ -37,8 +37,8 @@ To configure the LastPass Source:
1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **CID (Account Number)**, enter your CID account number collected from the LastPass platform.
1. In **API Secret**, enter your API Secret ID collected from the LastPass platform.
1. In **TimeZone**, enter the timezone of admin LastPass account.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md
index 9991e4fa5d..56f4440b6a 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md
@@ -43,8 +43,8 @@ To configure a Mandiant Threat Intel source:
1. Enter a **Name** for the source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **API Key ID**. Enter the API key ID collected from the Mandiant Threat Intel platform.
1. **API Secret**. Enter the API secret collected from the from the Mandiant Threat Intel platform.
1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Mandiant source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Mandiant threat intelligence indicators will be stored in this source. Do not use spaces in the name.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md
index 0cc7599fde..7f7d317577 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md
@@ -79,8 +79,8 @@ To configure a Microsoft Azure AD Inventory Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section.
1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section.
1. **Supported APIs to collect**. Select one or more of the available APIs: **Devices** and **Users**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md
index 0a3c078449..025c9da1e7 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md
@@ -99,8 +99,8 @@ To configure a Microsoft Exchange Trace Logs Source:
4. Enter a **Name** for the Source. The description is optional.
5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
6. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
8. **Application (client) ID**. Enter your client ID from your Azure Application. This should be a Globally Unique Identifier aka GUID.
9. **Directory (tenant) ID**. Enter your tenant ID from your Azure Application. This should be a Globally Unique Identifier aka GUID.
10. **Secret**. Enter your client secret generated within your Azure Application.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md
index d8dc1c5386..e574e147a9 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md
@@ -78,8 +78,8 @@ To configure a Microsoft Graph Azure AD Reporting Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section.
1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section.
1. **Supported APIs to collect**. Select one or more of the available APIs: **Directory Audit**, **Sign-in**, and **Provisioning**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md
index b3e60871f6..2db0d3b819 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md
@@ -73,8 +73,8 @@ To configure a Microsoft Graph Identity Protection Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section.
1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section.
1. **Supported APIs to collect**. Select one or more of the available APIs, **riskDetections** and **riskyUsers**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
index 7462bb7fcb..b2c0f71b5a 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
@@ -72,8 +72,8 @@ To configure a Microsoft Graph Security API Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Enter the **Directory (tenant) ID**, **Application (client) ID**, and **Application Client Secret Value** you got from the Application you created in the [Vendor configuration](#vendor-configuration) section.
1. The **Polling Interval** is set to 5 minutes by default. You can adjust it based on your needs.
1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md
index d851fb852d..461ed643b6 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md
@@ -49,8 +49,8 @@ To configure a Mimecast Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Client ID**. Enter the Client ID of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client ID.
1. **Client Secret**. Enter the Client Secret key of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client Secret.
1. **Supported API to collect**. Select the type of Mimecast data source that you want to collect.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md
index ce608ad927..146487323d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md
@@ -78,8 +78,8 @@ To configure a Netskope Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Enter your Netskope customer specific **Tenant ID**. Do not provide the entire URL, just the Tenant ID. For example, if your URL is `https://tenant.eu.sumologic.com`, then `tenant.eu` will be your Tenant ID.
1. Enter the Netskope **API Token** you want to use to authenticate requests.
1. **Event Types** (Optional). By default, *all* event types are collected. You can specify certain event types to collect. Make sure to have the corresponding token privileges to the event types. If this field is empty, all event types are collected. Be aware that if you want to collect all event types, and a new event type is added in the future, your token might need to be updated accordingly.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md
index cb9c960393..927134b06e 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md
@@ -49,8 +49,8 @@ When you create a Netskope WebTx API Source, you add it to a Hosted Collector. B
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Netskope Streaming Credentials**. Upload the JSON file downloaded from google cloud platform.
1. When you are finished configuring the Source, click **Save**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md
index bb282ce3b3..260914b198 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md
@@ -41,8 +41,8 @@ To configure an Okta Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Okta API Key**. Provide the Okta API key you want to use to authenticate collection requests.
1. **Okta Domain**. Provide your specific Okta domain, such as `mydomain.okta.com`.
1. **Okta Event Types to Request**. By default, the Source will ingest all Okta events. You can instead configure a subset of events to collect. Click **Select Events** to specify the events you want to collect.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md
index b22d2e764f..0279494bc0 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md
@@ -74,8 +74,8 @@ To configure a Palo Alto Cortex XDR Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **API Key**. Enter the API Key that you generated and secured in step 7 of the [API Key](#getting-cortex-xdr-api-key) section.
1. **API ID**. Enter the API ID that you generated and secured in step 2 of the [API ID](#getting-cortex-xdr-api-id) section.
1. **Tenant FQDN**. Enter the FQDN that you obtained when you generated the API Key and API ID, as explained in the [FQDN](#getting-cortex-xdr-fqdn) section. The FQDN is a unique host and domain name associated with each tenant.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md
index f5f51f40e8..d7095910db 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md
@@ -49,8 +49,8 @@ To configure a Proofpoint On Demand Source:
5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
8. **Cluster ID** and **Token**. Provide the Proofpoint authentication credentials you want to use to [authenticate](#configuration-object) collection requests.
9. **Supported Events**. There are two types of events you can collect. Select one or both of the options, **message** and **maillog**. The following shows the main fields returned from each type:
* **message**: `guid`, `connection`, `envelope`, `msg`, `msgParts`, `filter`, `pps`
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md
index 27f08f6054..c994a11c74 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md
@@ -188,8 +188,8 @@ To configure a Proofpoint TAP Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Proofpoint Domain**. Provide a Proofpoint endpoint if different from the default, `tap-api-v2.proofpoint.com`.
1. **API Secret**. Provide the Proofpoint API Secret for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above).
1. **Service Principal**. Provide the Proofpoint Service Principal for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md
index f98a12a2cc..f30a05f0f8 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md
@@ -39,8 +39,8 @@ To configure a Qualys VMDR Source:
1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Qualys API Server URL** and **Qualys API Gateway URL**. Provide the Qualys API server URLs. Use the [Qualys Platform Identification](https://www.qualys.com/platform-identification) page and scroll down to **API URLs** to for a reference to your Qualys deployment location.
1. **Username** and **Password**. Use your Qualys account username and password for API authentication.
1. The next section covers the type of data to collect and how often.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md
index 30589e8828..f2af0d48b4 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md
@@ -37,8 +37,8 @@ To configure an Rapid7 Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. Enter the **Region** of Rapid7 InsightVM platform.
1. Enter the **API Key** for authorization.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md
index 3a252fa336..5af3c8d4e2 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md
@@ -53,8 +53,8 @@ To configure a Duo Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Tenant Name**. Provide your SailPoint customer-specific organization name, such as `{organization}.identitynow.com`.
1. **Client ID** and **Client Secret**. Enter the ID and Secret you got from creating your SailPoint access token in the [Vendor configuration section](#vendor-configuration) above.
1. **Supported APIs to collect**. Select one or more of the available APIs, **Events** and **Users**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md
index 4ee85598eb..0d63b4edfe 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md
@@ -70,8 +70,8 @@ To configure a Salesforce Source:
1. For **Source Category (Optional)**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **SignOn URL.** Enter your Sign on URL. For example, `https:// A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Base URL**. Provide your SentinelOne Management URL. It's in this format: `https:// A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **API Auth Bearer Token**. Enter the Slack App access token from the previous steps.
1. **Slack API Collection**. Select the Slack collection API you want to collect logs from (Web or Audit).
1. **Polling Interval in Minutes**. Enter the frequency in minutes for collecting the data. Default is 5 mins.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md
index 8a855d3dd6..727e3bf0b4 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md
@@ -37,8 +37,8 @@ To configure Smartsheet Source:
1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Application (client) ID**, paste in the Client ID from the vendor's setup "Create a Developer Account and Register an App" steps.
1. In **Client Secret**, paste in the Client Secret from the vendor's setup "Create a Developer Account and Register an App" steps.
1. In **Oauth 2.0 Authorization Code**, paste in the Authorization Code from the vendor's setup "Create a Developer Account and Register an App" steps.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md
index 11c37b207f..89971dc05d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md
@@ -51,8 +51,8 @@ To configure a Snowflake source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Snowflake Username**. Enter your Snowflake login [username](#vendor-configuration).
1. **Snowflake Password**. Enter your Snowflake login [password](#vendor-configuration).
1. **Snowflake Account Identifier**. Enter your Snowflake account [name](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md
index 0239ac1a11..ee0121f4e4 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md
@@ -39,8 +39,8 @@ To configure the Snowflake SQL API Source:
1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. In **Snowflake Username**, enter your Snowflake account username.
1. In **Snowflake Password**, enter the Snowflake account password associated with your user.
1. In **Snowflake Account Identifier**, enter your Snowflake account identifier obtained from the vendor configuration above. The identifier should look something like this: `wp00000.us-east-2.aws`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md
index ff391e8f86..c4bba821bc 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md
@@ -50,8 +50,8 @@ To configure a Sophos Central Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Client ID**. Provide the Sophos Central Client ID you want to use to authenticate collection requests.
1. **Client Secret**. Provide the Sophos Central Client Secret you want to use to authenticate collection requests.
1. **Supported APIs to collect**. Select one or more of the available APIs, **Alerts** and **Events**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md
index aaa8460fe3..ad6163179f 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md
@@ -48,8 +48,8 @@ To configure a TAXII 1 Client Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name.
1. **STIX/TAXII Configuration**:
* **Discovery URL**. Enter the TAXII Discovery URL provided by the vendor (optional).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md
index 37d502d370..e5fb134824 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md
@@ -47,8 +47,8 @@ To configure a TAXII 2 Client Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name.
1. **Authentication**. Select the authentication type:
* **Basic**. Provide your vendor username and password.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md
index 3c23f381d8..695e0b48b7 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md
@@ -65,8 +65,8 @@ To configure a Sumo Collection Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **Deployment**. Select the deployment region from the dropdown. For example, `AU`.
1. **Access ID**. Enter the Access ID collected from the [vendor configuration](#access-id-and-access-key). For example, `sug2lhtaa1g6xk`.
1. **Access Key**. Enter the Access Key collected from the [vendor configuration](#access-id-and-access-key). For example, `00xxxxxx-xxx2-9316-7xx42xxx1x41`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md
index 9e422be547..01bd76b441 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md
@@ -44,8 +44,8 @@ To configure a Symantec Endpoint Security Source, follow the steps below:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped.
1. In **Client ID**, enter the Client ID you generated from the Symantec Endpoint Security platform.
2. In **Client Secret**, enter the Client Secret you generated from the Symantec Endpoint Security platform.
3. (Optional) In **Initial LookBack**, enter the first collection start time. Default is 1 day and maximum is 30 days.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md
index 96128dcfaa..8acbdf67a0 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md
@@ -60,8 +60,8 @@ To configure a Symantec Web Security Service Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **API Username** and **Password**. Provide the Symantec Web Security Service user credentials you want to use to authenticate collection requests. This was copied during the [Vendor configuration](#vendor-configuration) steps above.
1. When you are finished configuring the Source, click **Submit**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md
index eb08df298b..64d2be5c96 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md
@@ -62,8 +62,8 @@ To configure a Sysdig Secure Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **Base URL**. Enter the [Sysdig Secure platform](#base-url) Base URL. For example, `https://api.us2.sysdig.com`.
1. **Bearer Token**. Enter the Sysdig Secure API token collected from the [Sysdig Secure](#bearer-token) platform. For example, `t3fPdsbxxxxxxxxxp4D6hbi4`.
1. (Optional) **Filters**. Click the **+Add** button to define the filters you want to associate. Each filter needs a **Field Name** (key) and **Field Value** (value). For key-value pairs, the length is set to 256 characters and the API accepts a maximum length of 1024 characters for the filter.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md
index 1af040076e..041740fb21 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md
@@ -49,8 +49,8 @@ To configure a Tenable source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Provide the **Access Key** and **Secret Key** to authenticate requests.
1. (Optional) **Include unlicensed objects**. Select the checkbox if you want to collect unlicensed objects.
1. **Supported APIs to collect**. Select one or more of the available APIs: **Vulnerability Data**, **Audit Logs**, and **Asset Data**.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md
index 1d59aae491..2ad962df0b 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md
@@ -45,8 +45,8 @@ To configure a Trellix mVision ePO Source, follow the steps below:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. Enter the **Client ID** of your Trellix platform.
1. Enter the **Client Secret** of your Trellix platform.
1. Enter the **API Key** for authorization collected from the Trellix platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md
index 7d4853c34f..ed0d6e0eed 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md
@@ -54,8 +54,8 @@ To configure a Trend Micro source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **API Base URL**. Enter the [Base URL](#vendor-configuration) to fetch the data from the Trend Micro Vision One source.
1. **Auth Token**. Enter the authentication token collected from the [Trend Micro platform](#vendor-configuration).
1. **Polling Interval**. The polling interval is set for 15 minutes by default. You can adjust it based on your needs. This sets how often the source checks for new data.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md
index cb319b5e4a..1cfca89653 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md
@@ -43,8 +43,8 @@ To configure a Trust Login Source:
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Bearer Token**. Provide the bearer token collected from the Trust Login platform.
1. The **Polling Interval** is set for five minutes by default, you can adjust it based on your needs.
1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md
index 201e561861..7e4a5f8fb4 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md
@@ -48,8 +48,8 @@ When you create an Universal Connector Source, you add it to a Hosted Collector.
1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ - An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Configuration Sections**. Expand each section to learn more about the options available for configuration.
Authentication Configuration
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md index 3c452e0e2b..8fe637b31c 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md @@ -37,8 +37,8 @@ To configure a Vectra Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - *  A green circle with a check mark is shown when the field exists in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Account URL**. Enter the account URL value `https://{vectra_portal_url}/api/v3.3/detections`. Replace `vectra_portal_url` with your subdomain value. For example, `https://308714519558.cc1.portal.vectra.ai`.
1. **Client ID**. Enter the client ID value collected from the [Vectra platform](#vendor-configuration).
1. **Client Secret**. Enter the client secret value collected from the [Vectra platform](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md
index eb4f33c734..1f731c29db 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md
@@ -67,8 +67,8 @@ To configure a VMware Workspace One Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped.
1. **Endpoint URL**. Enter the [VMware Workspace One platform](#vendor-configuration) endpoint URL.
1. **Auth URL**. Enter the API region URL to fetch the auth token collected from the [VMware Workspace One platform](#auth-url). For example, `https://uat.uemauth.vmwservices.com`.
1. **Client ID**. Enter the Client ID of your account collected from the [VMware Workspace One platform](#client-id-and-client-secret). For example, `cfea26d59bd542488ea706b025564d42`.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md
index f5505b62e7..684eea38c0 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md
@@ -77,8 +77,8 @@ To configure an Webex source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Client ID**. Enter the **Client ID** collected from the [new Webex Integration app](#create-a-new-webex-integration-app).
1. **Client Secret**. Enter the **Client Secret** collected from the [new Webex Integration app](#create-a-new-webex-integration-app).
1. **OAuth 2.0 Authorization Code**. Enter the **OAuth 2.0 Authorization Code** collected from the [URL](#oauth-20-authorization-code).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md
index 07666f21ad..3e000b1cfb 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md
@@ -135,8 +135,8 @@ To configure a Workday Source, follow the steps below:
5. For **Source Category** (Optional), enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata/) is stored in a searchable field called `_sourceCategory`.
6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). A green circle with a checkmark is shown when the field exists in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
8. **SignOn Report URL**. Paste the SignOn Report URL from the [Vendor configuration: Step 5](#step-5-create-a-custom-sign-on-report).
9. **Integration System User Name**. Name of the account (SumoLogic_ISU) created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user).
10. **Integration System User Password**. The password of the account created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md
index 4719455508..934f271379 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md
@@ -37,8 +37,8 @@ To configure a Zendesk Source, follow the steps below:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Base URL**. Enter the Base URL value `https://{subdomain}.zendesk.com`. Replace `subdomain` with your subdomain value. For example, `https://unityd.zendesk.com`.
1. **Email Address**. Enter your Zendesk account email address.
1. **API Token**. Enter the **API Token** for authorization collected from the [Zendesk platform](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md
index 0a5b558242..8eff391bb6 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md
@@ -44,8 +44,8 @@ To configure a Zero Networks Segment Source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. Enter the **API Key** for authorization collected from the Zero Networks platform.
1. Select **Collect Network Activity Data**, to collect network activity data.
1. (Optional) For **Network Activity Filters**, enter the filters you want to apply for network activity data collected from the Zero Networks platform.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md
index f7b6e47f78..009cf78a7d 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md
@@ -45,8 +45,8 @@ To configure an ZeroFox Threat Intel source:
1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Username**. Enter your ZeroFox username.
1. **Password**. Enter your Zerofox password.
1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the ZeroFox source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The ZeroFox threat intelligence indicators will be stored in this source. Do not use spaces in the name.
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md
index a62e8cc747..39b9e0711f 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md
@@ -53,8 +53,8 @@ To configure a Zimperium MTD source:
1. Enter a **Name** for the Source. The description is optional.
1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Account URL**. Enter your [Account URL](#vendor-configuration).
1. **Client ID**. Enter your [Client ID](#vendor-configuration).
1. **Client Secret**. Enter your [Client Secret](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/configure-hosted-collector.md b/docs/send-data/hosted-collectors/configure-hosted-collector.md
index fa44db3a9e..1f4244f97b 100644
--- a/docs/send-data/hosted-collectors/configure-hosted-collector.md
+++ b/docs/send-data/hosted-collectors/configure-hosted-collector.md
@@ -23,8 +23,8 @@ Steps to configure a Hosted Collector:
1. Provide a **Name** for the Collector. **Description** is optional.
1. **Category**. Enter any string to tag the logs collected from this Collector. This Source Category value is stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories).
1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Assign to a Budget** allows you to assign an ingest budget to the Collector. The dropdown displays your ingest budgets in the following format: ` diff --git a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md index 47850e377e..07510c7410 100644 --- a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md +++ b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md @@ -123,8 +123,8 @@ For information on available metrics, see [GCP Metrics](https://cloud.google.com ::: 10. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 1,024 characters. 11. **Fields**. Click the **+Add link** to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - *  A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
12. **GCP Access**. Upload the JSON Google service account credentials file. This allows Sumo Logic to make API calls to Google Cloud.
diff --git a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md
index 7fa31539a4..47e00668e1 100644
--- a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md
+++ b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md
@@ -32,8 +32,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only
1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable metadata field called `_sourceHost`. Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 128 characters.
1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 1,024 characters.
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Advanced Options for Logs**.})
* **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
* **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
diff --git a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md
index c243855fa5..07707f45fe 100644
--- a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md
+++ b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md
@@ -63,8 +63,8 @@ To configure a Google Workspace Apps Audit Source:
1. **Source Category**. Enter a string to tag the output collected from the source. The string that you supply will be saved in a metadata field called `_sourceCategory`.
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
:::note
If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM.
:::
diff --git a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md
index 7c962a095d..365ab5bd8d 100644
--- a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md
+++ b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md
@@ -32,8 +32,8 @@ To configure an HTTP Logs and Metrics Source:
1. (Optional) For **Source Host **and** Source Category**, enter any string to tag the output collected from the source. (Category metadata is stored in a searchable field called _sourceCategory.)
1. **Forward to SIEM**. This option is present if [Cloud SIEM](/docs/cse/) is enabled. Click the checkbox to send the logs collected by the source to Cloud SIEM.
1. **Fields/Metadata.** Click the **+Add** link to define the fields you want to associate. Each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Advanced Options for Logs.** Advanced options do *not* apply to uploaded metrics.})
* **Timestamp Parsing.** This option is selected by default. If it's deselected, no timestamp information is parsed at all.
* **Time Zone.** There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
diff --git a/docs/send-data/hosted-collectors/http-source/otlp.md b/docs/send-data/hosted-collectors/http-source/otlp.md
index 3533b24c0c..cc2e21b55f 100644
--- a/docs/send-data/hosted-collectors/http-source/otlp.md
+++ b/docs/send-data/hosted-collectors/http-source/otlp.md
@@ -28,8 +28,8 @@ To configure an OTLP/HTTP Source:
1. Enter a **Name** for the Source. A description is optional.  1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data. 1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - *  A green circle with a check mark is shown when the field exists in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Set any of the following under **Advanced Options for Logs**:  * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md index 79736d0699..87ad284ad4 100644 --- a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md +++ b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md @@ -55,8 +55,8 @@ To configure the Azure Metrics Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - *  A green circle with a check mark is shown when the field exists in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Tenant Id**. Enter the Tenant Id collected from [Azure platform](#vendor-configuration).
1. **Client Id**. Enter the Client Id collected from [Azure platform](#vendor-configuration).
1. **Client Secret**. Enter the Client Secret collected from [Azure platform](#vendor-configuration).
diff --git a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
index 6402f93ae1..b1c0150fa6 100644
--- a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
+++ b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
@@ -107,8 +107,8 @@ During the configuration, you will need to authenticate to Microsoft using sta
* For Exchange: **O365/Exchange**
* For Azure: **O365/Azure**
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
:::note
If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM.
:::
diff --git a/docs/send-data/hosted-collectors/webhook-sources/zoom.md b/docs/send-data/hosted-collectors/webhook-sources/zoom.md
index 5be16bc508..cae995f933 100644
--- a/docs/send-data/hosted-collectors/webhook-sources/zoom.md
+++ b/docs/send-data/hosted-collectors/webhook-sources/zoom.md
@@ -50,8 +50,8 @@ To configure a Zoom Source:
1. Enter a **Name** for the Source. A description is optional. })
1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data.For Source Category, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Zoom Secret Token**. Enter the Zoom secret token from the Zoom Marketplace platform.
1. Set any of the following under **Advanced Options for Logs**: })
* **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
diff --git a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md
index b80ebb2f54..7b0a9aecaf 100644
--- a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md
+++ b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md
@@ -4,6 +4,7 @@ title: Collect Forwarded Events from a Windows Event Collector
description: Use a Windows Event Source to collect forwarded events from a Windows Event Collector.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
import CollBegin from '../../../reuse/collection-should-begin-note.md';
A Sumo Logic Windows Event Log Source can track and collect forwarded events from a [Windows Event Collector](https://docs.microsoft.com/en-us/windows/win32/wec/windows-event-collector). A Windows Event Collector receives forwarded events from other remote Windows computers.
@@ -49,8 +50,8 @@ To configure a Windows Event Log Source:
* **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Windows Domain. (Remote Source only)** Type the name of the Windows domain, the username for this host, and the password.
* **Event Format**. Select how you want your event logs formatted:
diff --git a/docs/send-data/installed-collectors/sources/docker-sources.md b/docs/send-data/installed-collectors/sources/docker-sources.md
index 1d3d4a0097..2c9e4beeea 100644
--- a/docs/send-data/installed-collectors/sources/docker-sources.md
+++ b/docs/send-data/installed-collectors/sources/docker-sources.md
@@ -4,7 +4,7 @@ title: Docker Sources
description: Configure a Docker Logs or Docker Stats Source.
---
-
+import useBaseUrl from '@docusaurus/useBaseUrl';
Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment.
@@ -67,8 +67,8 @@ There are alternative methods for collecting Docker logs and metrics. See [Dock
* **Source Category**. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing **`web_apps`** tags all the logs from this Source in the sourceCategory field, so running a search on **`_sourceCategory=web_apps`** would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). If desired, you can use Docker variables to construct the Source Category value. For more information, see [Configure sourceCategory and sourceHost using variables.](#configure-sourcecategory-and-sourcehost-using-variables)
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Configure the Advanced options.
diff --git a/docs/send-data/installed-collectors/sources/local-file-source.md b/docs/send-data/installed-collectors/sources/local-file-source.md
index 0d869824aa..0e1f776a3a 100644
--- a/docs/send-data/installed-collectors/sources/local-file-source.md
+++ b/docs/send-data/installed-collectors/sources/local-file-source.md
@@ -87,8 +87,8 @@ When the Sumo collector accesses a log file to read its content, the collector o
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Set any of the following options under **Advanced**:
})
diff --git a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md
index 883b390fdc..2593ffdf48 100644
--- a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md
+++ b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md
@@ -4,6 +4,7 @@ title: Local Windows Event Log Source
description: You can collect local events from the Windows Events Viewer.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
import CollBegin from '../../../reuse/collection-should-begin-note.md';
Set up a Local Windows Event Log Source to collect local events you would normally see in the Windows Event Viewer. Setting up a Local Windows Event Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.
@@ -39,8 +40,8 @@ To configure a Local Windows Event Log Source:
* **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Event Format**. Select how you want your event logs formatted:
* **Collect using legacy format**. Events retain their default text format from Windows.
diff --git a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md
index 31b88e9841..1f15245ddb 100644
--- a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md
+++ b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md
@@ -4,7 +4,7 @@ title: Local Windows Performance Monitor Log Source
description: Collect local performance data from the Windows Performance Monitor.
---
-
+import useBaseUrl from '@docusaurus/useBaseUrl';
Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.
@@ -28,8 +28,8 @@ To configure a Local Windows Performance Monitor Log Source:
* **Source Category.** Enter a string used to tag the logs collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](local-windows-performance-monitor-log-source.md) below.
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. **Processing Rules.** (Optional.) To add rules or filters click **Add Rule**. Enter a name, a filter, and select the type. Then click **Apply**.
1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query.
diff --git a/docs/send-data/installed-collectors/sources/remote-file-source/index.md b/docs/send-data/installed-collectors/sources/remote-file-source/index.md
index 3f6987063a..dd63d89d62 100644
--- a/docs/send-data/installed-collectors/sources/remote-file-source/index.md
+++ b/docs/send-data/installed-collectors/sources/remote-file-source/index.md
@@ -40,8 +40,8 @@ To configure a Remote File Source:
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. Choose the type of Credentials used for this Source:
diff --git a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md
index ea9168a35a..005ac55dbe 100644
--- a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md
+++ b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md
@@ -4,6 +4,7 @@ title: Remote Windows Event Log Source
description: Collect Windows event logs from a remote machine.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
import CollBegin from '../../../reuse/collection-should-begin-note.md';
Set up a Remote Windows Event Log Source to use a single Sumo Logic Collector to collect Windows event log entries from multiple remote systems.
@@ -44,8 +45,8 @@ To configure a remote Windows Event Log Source:
* **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Windows Domain.** Type the name of the Windows domain, the username for this host, and the password.
* **Event Format**. Select how you want your event logs formatted:
diff --git a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md
index 288d7ccd4e..e321c0f7e3 100644
--- a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md
+++ b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md
@@ -4,6 +4,7 @@ title: Remote Windows Performance Monitor Log Source
description: Set up a Remote Windows Performance Monitor Log Source to collect remote performance data from Windows Performance Monitor.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
:::important
This Source is no longer supported or available with Collector version 19.361-8.
@@ -35,8 +36,8 @@ To configure a remote Windows Performance Monitor Log Source:
* **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md).
* **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Windows Domain.** Type the name of the Windows Domain, the Username for this host, and the Password.
1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query.
diff --git a/docs/send-data/installed-collectors/sources/script-source/index.md b/docs/send-data/installed-collectors/sources/script-source/index.md
index cca093aaf7..8705d4d82d 100644
--- a/docs/send-data/installed-collectors/sources/script-source/index.md
+++ b/docs/send-data/installed-collectors/sources/script-source/index.md
@@ -4,7 +4,7 @@ title: Script Source
description: Uses a script to fetch from custom sources of data, such a database or a third-party monitoring app.
---
-
+import useBaseUrl from '@docusaurus/useBaseUrl';
If you need to collect data that isn't stored in log files, like system performance metrics, database records, or perhaps data output from third-party monitoring solutions you can use a Script Source that runs a script to fetch those custom sources of data from your machine's standard output and error streams. The script executes at defined intervals and then sends the data to Sumo for analysis. This allows you to collect all sorts of data from any supported OS, including data from command-line tools such as iostat, transient, or unstable data sources.
@@ -45,8 +45,8 @@ To configure a Script Source:
1. For **Source Category**, enter any information you'd like to include in the metadata. This Source Category value is stored in a searchable metadata field called _sourceCategory. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory and sourceHost using variables](#configuring-sourcecategory-and-sourcehost-using-variables), below.
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
1. For **Frequency**, choose one of the following:
* An option to run the script at the selected frequency.
diff --git a/docs/send-data/installed-collectors/sources/syslog-source.md b/docs/send-data/installed-collectors/sources/syslog-source.md
index 524a326710..0a27db7973 100644
--- a/docs/send-data/installed-collectors/sources/syslog-source.md
+++ b/docs/send-data/installed-collectors/sources/syslog-source.md
@@ -4,6 +4,7 @@ title: Syslog Source
description: The Syslog Source obtains syslog messages by listening on a designated port.
---
+import useBaseUrl from '@docusaurus/useBaseUrl';
A Syslog Source operates like a syslog server listening on the designated port to receive syslog messages. You set your hosts or syslog-enabled devices to send syslog data to the same port you specify when you configure the Syslog Source.
@@ -25,8 +26,8 @@ If you are editing a Source, metadata changes are reflected going forward. Metad
1. **Port.** Enter the port number for the Source to listen to. If the collector runs as root (default), use 514. Otherwise, consider 1514 or 5140. Make sure the devices are sending to the same port.
1. **Source Category.** Enter a string to tag the collected messages with the searchable metadata field `_sourceCategory`. For example, enter **firewall** to tag all collected messages in a field called `_sourceCategory`. Enter *`_sourceCategory=firewall`* in the Search field to return results from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories).
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate; each field needs a name (key) and value. - *  A green circle with a check mark is shown when the field exists in the Fields table schema. - *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + *
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
:::note
If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM.
:::
diff --git a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md
index 6b36f1828d..7a80e3f17e 100644
--- a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md
+++ b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md
@@ -49,8 +49,8 @@ To configure a Windows Active Directory Inventory Source:
* `_siemProduct`: Windows
* `_siemForward`: true
* `_siemDataType`: Inventory
- *  A green circle with a check mark is shown when the field exists in the Fields table schema.
- *  An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
+ * A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+ * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.
* **Active Directory Attributes**. (Optional)
* **Additional Attributes**. Provide a semi-colon separated list of the LDAP Names of Active Directory attributes to report, in addition to the default list:
* Username
diff --git a/static/img/reuse/check-green-circle.png b/static/img/reuse/check-green-circle.png
deleted file mode 100644
index 02c15df132..0000000000
Binary files a/static/img/reuse/check-green-circle.png and /dev/null differ
diff --git a/static/img/reuse/green-check-circle.png b/static/img/reuse/green-check-circle.png
index 3e102080af..d8e666bb55 100644
Binary files a/static/img/reuse/green-check-circle.png and b/static/img/reuse/green-check-circle.png differ
diff --git a/static/img/reuse/orange-exclamation-point.png b/static/img/reuse/orange-exclamation-point.png
index 1adb311f86..6c9a256f2b 100644
Binary files a/static/img/reuse/orange-exclamation-point.png and b/static/img/reuse/orange-exclamation-point.png differ