From 79a9a31f2f9ed3ddd09a1c1090d76c2dc4531e68 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Mon, 28 Jul 2025 23:18:29 -0400 Subject: [PATCH 1/4] Replace green check and orange warning icons for Fields docs --- .../amazon-aws/amazon-ec2-auto-scaling.md | 8 ++++---- .../amazon-aws/application-load-balancer.md | 12 ++++++------ .../amazon-aws/classic-load-balancer.md | 12 ++++++------ .../amazon-aws/elastic-container-service.md | 8 ++++---- .../amazon-aws/network-load-balancer.md | 8 ++++---- docs/integrations/amazon-aws/ses.md | 4 ++-- .../containers-orchestration/docker-ulm.md | 4 ++-- docs/integrations/google/app-engine.md | 4 ++-- docs/integrations/google/bigquery.md | 4 ++-- docs/integrations/google/cloud-audit.md | 4 ++-- docs/integrations/google/cloud-firewall.md | 4 ++-- docs/integrations/google/cloud-functions.md | 4 ++-- docs/integrations/google/cloud-iam.md | 4 ++-- .../google/cloud-load-balancing.md | 4 ++-- docs/integrations/google/cloud-sql.md | 4 ++-- docs/integrations/google/cloud-storage.md | 4 ++-- docs/integrations/google/cloud-vpc.md | 4 ++-- docs/integrations/google/compute-engine.md | 4 ++-- docs/integrations/saas-cloud/acquia.md | 8 ++++---- docs/manage/data-archiving/archive.md | 4 ++-- docs/manage/field-extractions/index.md | 2 +- docs/manage/fields.md | 6 +++--- docs/observability/kubernetes/monitoring.md | 4 ++-- docs/reuse/apps/app-collection-option-1.md | 4 ++-- docs/reuse/apps/create-aws-s3-source.md | 4 ++-- docs/reuse/aws-cost-explorer.md | 4 ++-- docs/send-data/collection/edit-collector.md | 8 ++++---- docs/send-data/collector-faq.md | 2 +- .../amazon-aws/amazon-security-lake-source.md | 4 ++-- .../aws-kinesis-firehose-logs-source.md | 4 ++-- .../amazon-aws/aws-s3-source.md | 4 ++-- .../cloud-syslog-source/index.md | 4 ++-- .../1password-source.md | 4 ++-- .../abnormal-security-source.md | 4 ++-- .../airtable-source.md | 4 ++-- .../akamai-cpc-source.md | 4 ++-- .../armis-api-source.md | 4 ++-- .../asana-source.md | 4 ++-- .../atlassian-source.md | 4 ++-- .../automox-source.md | 4 ++-- .../aws-cost-explorer-source.md | 4 ++-- .../azure-event-hubs-source.md | 4 ++-- .../bitwarden.md | 4 ++-- .../box-source.md | 4 ++-- .../carbon-black-cloud-source.md | 4 ++-- .../carbon-black-inventory-source.md | 4 ++-- .../cato-networks-source.md | 4 ++-- .../cisco-amp-source.md | 4 ++-- .../cisco-meraki-source.md | 4 ++-- .../cisco-vulnerability-management-source.md | 4 ++-- .../citrix-cloud-source.md | 4 ++-- .../code42-incydr-source.md | 4 ++-- .../confluent-cloud-metrics-source.md | 4 ++-- .../crowdstrike-fdr-host-inventory.md | 4 ++-- .../crowdstrike-fdr-source.md | 4 ++-- .../crowdstrike-filevantage.md | 4 ++-- .../crowdstrike-source.md | 4 ++-- .../crowdstrike-spotlight-source.md | 4 ++-- .../crowdstrike-threat-intel-source.md | 4 ++-- .../cse-aws-ec-inventory-source.md | 4 ++-- .../cyberark-audit-source.md | 4 ++-- .../cyberark-source.md | 4 ++-- .../cybereason-source.md | 4 ++-- .../digital-guardian-source.md | 4 ++-- .../docusign-source.md | 4 ++-- .../dragos-source.md | 4 ++-- .../dropbox-source.md | 4 ++-- .../druva-cyber-resilience-source.md | 4 ++-- .../druva-source.md | 4 ++-- .../duo-source.md | 4 ++-- .../gmail-tracelogs-source.md | 4 ++-- .../google-bigquery-source.md | 4 ++-- .../google-workspace-alertcenter.md | 4 ++-- .../google-workspace-source.md | 4 ++-- .../intel-471-threat-intel-source.md | 4 ++-- .../jamf-source.md | 4 ++-- .../jfrog-xray.md | 4 ++-- .../jumpcloud-directory-insights-source.md | 4 ++-- .../kaltura-source.md | 4 ++-- .../kandji-source.md | 4 ++-- .../knowbe4-api-source.md | 4 ++-- .../lastpass-source.md | 4 ++-- .../mandiant-threat-intel-source.md | 4 ++-- .../microsoft-azure-ad-inventory-source.md | 4 ++-- .../microsoft-exchange-trace-logs.md | 4 ++-- ...icrosoft-graph-azure-ad-reporting-source.md | 4 ++-- ...crosoft-graph-identity-protection-source.md | 4 ++-- .../microsoft-graph-security-api-source.md | 4 ++-- .../mimecast-source.md | 4 ++-- .../netskope-source.md | 4 ++-- .../netskope-webtx-source.md | 4 ++-- .../okta-source.md | 4 ++-- .../palo-alto-cortex-xdr-source.md | 4 ++-- .../proofpoint-on-demand-source.md | 4 ++-- .../proofpoint-tap-source.md | 4 ++-- .../qualys-vmdr-source.md | 4 ++-- .../rapid7-source.md | 4 ++-- .../sailpoint-source.md | 4 ++-- .../salesforce-source.md | 4 ++-- .../sentinelone-mgmt-api-source.md | 4 ++-- .../slack-source.md | 4 ++-- .../smartsheet-source.md | 4 ++-- .../snowflake-logs-source.md | 4 ++-- .../snowflake-sql-api.md | 4 ++-- .../sophos-central-source.md | 4 ++-- .../stix-taxii-1-client-source.md | 4 ++-- .../stix-taxii-2-client-source.md | 4 ++-- .../sumo-collection-source.md | 4 ++-- .../symantec-endpoint-security-source.md | 4 ++-- .../symantec-web-security-service-source.md | 4 ++-- .../sysdig-secure-source.md | 4 ++-- .../tenable-source.md | 4 ++-- .../trellix-mvisio-epo-source.md | 4 ++-- .../trend-micro-source.md | 4 ++-- .../trust-login-source.md | 4 ++-- .../universal-connector-source.md | 4 ++-- .../vectra-source.md | 4 ++-- .../vmware-workspace-one-source.md | 4 ++-- .../webex-source.md | 4 ++-- .../workday-source.md | 4 ++-- .../zendesk-source.md | 4 ++-- .../zero-networks-segment-source.md | 4 ++-- .../zerofox-intel-source.md | 4 ++-- .../zimperium-mtd-source.md | 4 ++-- .../configure-hosted-collector.md | 4 ++-- .../google-source/gcp-metrics-source.md | 4 ++-- .../google-cloud-platform-source.md | 4 ++-- .../google-workspace-apps-audit-source.md | 4 ++-- .../http-source/logs-metrics/index.md | 4 ++-- .../hosted-collectors/http-source/otlp.md | 4 ++-- .../microsoft-source/azure-metrics-source.md | 4 ++-- .../microsoft-source/ms-office-audit-source.md | 4 ++-- .../hosted-collectors/webhook-sources/zoom.md | 4 ++-- ...forwarded-events-windows-event-collector.md | 4 ++-- .../sources/docker-sources.md | 4 ++-- .../sources/local-file-source.md | 4 ++-- .../sources/local-windows-event-log-source.md | 4 ++-- ...l-windows-performance-monitor-log-source.md | 4 ++-- .../sources/remote-file-source/index.md | 4 ++-- .../sources/remote-windows-event-log-source.md | 4 ++-- ...e-windows-performance-monitor-log-source.md | 4 ++-- .../sources/script-source/index.md | 4 ++-- .../sources/syslog-source.md | 4 ++-- ...indows-active-directory-inventory-source.md | 4 ++-- static/img/reuse/green-check-circle.png | Bin 556 -> 5331 bytes static/img/reuse/orange-exclamation-point.png | Bin 436 -> 4377 bytes 146 files changed, 305 insertions(+), 305 deletions(-) diff --git a/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md b/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md index 0b9ac11c13..561fd2f05a 100644 --- a/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md +++ b/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md @@ -107,8 +107,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect metrics @@ -118,8 +118,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. :::note Namespace for Amazon EC2 Auto Scaling Service is AWS/AutoScaling. ::: diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md index 1a24a818b9..ca7637b46d 100644 --- a/docs/integrations/amazon-aws/application-load-balancer.md +++ b/docs/integrations/amazon-aws/application-load-balancer.md @@ -73,8 +73,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect access logs @@ -93,8 +93,8 @@ Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, co 1. Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect Cloudtrail logs @@ -102,8 +102,8 @@ Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, co 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. :::note Namespace for AWS Application Load Balancer Service is AWS/ApplicationELB. diff --git a/docs/integrations/amazon-aws/classic-load-balancer.md b/docs/integrations/amazon-aws/classic-load-balancer.md index 09f5d83098..5dd0a77591 100644 --- a/docs/integrations/amazon-aws/classic-load-balancer.md +++ b/docs/integrations/amazon-aws/classic-load-balancer.md @@ -74,8 +74,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect access logs @@ -95,8 +95,8 @@ Before you can begin to use the AWS Classic Load Balancing (ELB) App, complete t 1. Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect Cloudtrail logs @@ -104,8 +104,8 @@ Before you can begin to use the AWS Classic Load Balancing (ELB) App, complete t 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. :::note Namespace for **AWS Classic Load Balancer** Service is **AWS/ELB**. diff --git a/docs/integrations/amazon-aws/elastic-container-service.md b/docs/integrations/amazon-aws/elastic-container-service.md index cb5cee6fc7..db07d43af3 100644 --- a/docs/integrations/amazon-aws/elastic-container-service.md +++ b/docs/integrations/amazon-aws/elastic-container-service.md @@ -323,8 +323,8 @@ This section has instructions for collecting logs and metrics for the Amazon ECS 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect ECS events using CloudTrail @@ -333,8 +333,8 @@ This section has instructions for collecting logs and metrics for the Amazon ECS 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ## Installing the Amazon ECS app diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 486a09daf9..937466a621 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -34,8 +34,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.Metadata 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. ### Collect Cloudtrail logs @@ -43,8 +43,8 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. :::note Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. diff --git a/docs/integrations/amazon-aws/ses.md b/docs/integrations/amazon-aws/ses.md index 04f48d6e68..bf4bd45d15 100644 --- a/docs/integrations/amazon-aws/ses.md +++ b/docs/integrations/amazon-aws/ses.md @@ -134,8 +134,8 @@ Selecting an AWS GovCloud region means your data will be leaving a FedRAMP-high ::: 9. For **Source Category**, enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called `_sourceCategory`.) 10. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Then define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 11. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product). * For **Role-based access** enter the Role ARN that was provided by AWS after creating the role. * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/integrations/containers-orchestration/docker-ulm.md b/docs/integrations/containers-orchestration/docker-ulm.md index 02dc1e7f8a..6b4309f23c 100644 --- a/docs/integrations/containers-orchestration/docker-ulm.md +++ b/docs/integrations/containers-orchestration/docker-ulm.md @@ -76,8 +76,8 @@ There are alternative methods for collecting Docker logs and metrics. See [Docke * **Source Host**. Enter the hostname or IP address of the source host. If not specified, it’s assumed that the host is the machine where Docker is running. The hostname can be a maximum of 128 characters. If desired, you can use Docker variables to construct the Source Host value. For more information, see [Configure `sourceCategory` and `sourceHost` using variables](#configure-sourcecategory-and-sourcehost-using-variables). * **Source Category**. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field, so running a search on **`_sourceCategory=web_apps`** would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions) and our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). If desired, you can use Docker variables to construct the Source Category value. For more information, see [Configure `sourceCategory` and `sourceHost` using variables](#configure-sourcecategory-and-sourcehost-using-variables). * **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 5. Configure the Advanced options. * **Enable Timestamp Parsing**. This option is checked by default and **required**. * **Time Zone**. Default is “Use time zone from log file”. diff --git a/docs/integrations/google/app-engine.md b/docs/integrations/google/app-engine.md index 7710660a64..97ac14118f 100644 --- a/docs/integrations/google/app-engine.md +++ b/docs/integrations/google/app-engine.md @@ -263,8 +263,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/bigquery.md b/docs/integrations/google/bigquery.md index ec7b866257..5a60a6b979 100644 --- a/docs/integrations/google/bigquery.md +++ b/docs/integrations/google/bigquery.md @@ -93,8 +93,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-audit.md b/docs/integrations/google/cloud-audit.md index 6b227ec643..3ece4deae0 100644 --- a/docs/integrations/google/cloud-audit.md +++ b/docs/integrations/google/cloud-audit.md @@ -135,8 +135,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-firewall.md b/docs/integrations/google/cloud-firewall.md index 7beafd123b..513ea601c1 100644 --- a/docs/integrations/google/cloud-firewall.md +++ b/docs/integrations/google/cloud-firewall.md @@ -98,8 +98,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-functions.md b/docs/integrations/google/cloud-functions.md index fa91b73245..6d0c5bab07 100644 --- a/docs/integrations/google/cloud-functions.md +++ b/docs/integrations/google/cloud-functions.md @@ -81,8 +81,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-iam.md b/docs/integrations/google/cloud-iam.md index 7a5bfec131..f3bd04ce60 100644 --- a/docs/integrations/google/cloud-iam.md +++ b/docs/integrations/google/cloud-iam.md @@ -141,8 +141,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-load-balancing.md b/docs/integrations/google/cloud-load-balancing.md index 84ba52b18c..3c1b26ccdd 100644 --- a/docs/integrations/google/cloud-load-balancing.md +++ b/docs/integrations/google/cloud-load-balancing.md @@ -109,8 +109,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-sql.md b/docs/integrations/google/cloud-sql.md index 24f08b92b8..7b89f3d21d 100644 --- a/docs/integrations/google/cloud-sql.md +++ b/docs/integrations/google/cloud-sql.md @@ -82,8 +82,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/cloud-storage.md b/docs/integrations/google/cloud-storage.md index 3fd25078fd..fe7b8af2a8 100644 --- a/docs/integrations/google/cloud-storage.md +++ b/docs/integrations/google/cloud-storage.md @@ -139,8 +139,8 @@ This Source will be a Google Pub/Sub-only Source, indicating that it will only b 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations diff --git a/docs/integrations/google/cloud-vpc.md b/docs/integrations/google/cloud-vpc.md index fd09486423..be6a29bf5b 100644 --- a/docs/integrations/google/cloud-vpc.md +++ b/docs/integrations/google/cloud-vpc.md @@ -145,8 +145,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) If a green circle with a checkmark is shown, the field exists and is already enabled in the Fields table schema. Proceed to the next step. + * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/google/compute-engine.md b/docs/integrations/google/compute-engine.md index 5eacafaf6f..1de2b2052c 100644 --- a/docs/integrations/google/compute-engine.md +++ b/docs/integrations/google/compute-engine.md @@ -84,8 +84,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceHost`. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields.md), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/integrations/saas-cloud/acquia.md b/docs/integrations/saas-cloud/acquia.md index 7f3c9dff11..ae1ca88bfc 100644 --- a/docs/integrations/saas-cloud/acquia.md +++ b/docs/integrations/saas-cloud/acquia.md @@ -157,8 +157,8 @@ To create a new Sumo Logic hosted collector, do the following: 5. A **description** is optional. 6. **Category**. Enter any string to tag the logs collected from this Collector. This Source Category value is stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). 7. Click the **+Add Field** link in the **Fields** section to define the [fields](/docs/manage/fields) you want to associate, each field needs a key and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 8. **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ``` () () @@ -210,8 +210,8 @@ To configure a cloud syslog source, do the following: 4. Enter a **Name** to display for this source in Sumo. Description is optional. 5. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`). 6. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 7. Set any of the following under **Advanced**: * **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/manage/data-archiving/archive.md b/docs/manage/data-archiving/archive.md index 74d0dba8f9..b894cbabb1 100644 --- a/docs/manage/data-archiving/archive.md +++ b/docs/manage/data-archiving/archive.md @@ -154,8 +154,8 @@ To use JSON to create an AWS S3 Archive Source reference our AWS Log Source  :::note Fields specified on an AWS S3 Archive Source take precedence if the archived data has the same fields. ::: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step Grant Sumo Logic access to an AWS Product. * For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role.  * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md index e5ad8bce87..fb746238f4 100644 --- a/docs/manage/field-extractions/index.md +++ b/docs/manage/field-extractions/index.md @@ -34,7 +34,7 @@ The Field Extraction Rules page displays the following information:  When hovering over a row in the table there are icons that appear on the far right for editing, disabling and deleting the rule. -* **Status** shows a checkmark in a green circle ![check in green circle.png](/img/reuse/check-green-circle.png) to indicate if the Rule is actively being applied or an exclamation mark in a red circle ![exclamation in red circle.png](/img/reuse/exclamation-red-circle.png) to indicate if the Rule is disabled. +* **Status** shows a checkmark in a green circle ![check in green circle.png](/img/reuse/green-check-circle.png) to indicate if the Rule is actively being applied or an exclamation mark in a red circle ![exclamation in red circle.png](/img/reuse/exclamation-red-circle.png) to indicate if the Rule is disabled. * **Rule Name** * **Applied At** indicates when the field extraction process occurs, either at Ingest or Run time. * **Scope**  diff --git a/docs/manage/fields.md b/docs/manage/fields.md index e557563504..00c6e2fac4 100644 --- a/docs/manage/fields.md +++ b/docs/manage/fields.md @@ -60,8 +60,8 @@ Fields can be assigned to a Collector and Source using the **Fields** input ta 1. Create or find and select the Collector or Source you want to assign fields to. 1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Automatically activate all fields on save**.  @@ -229,7 +229,7 @@ You need the **Manage Fields** [role capability](users-roles/roles/role-capab The Fields page displays the following information:  -* **Status** shows a checkmark in a green circle ![green check circle.png](/img/reuse/green-check-circle.png) to indicate if the field is actively being applied or an exclamation mark in a red circle ![red-exclamation-circle.png](/img/fields/red-exclamation-circle.png) to indicate if the field is disabled and being dropped. +* **Status** shows a checkmark in a green circle green check circle.png to indicate if the field is actively being applied or an exclamation mark in a red circle ![red-exclamation-circle.png](/img/fields/red-exclamation-circle.png) to indicate if the field is disabled and being dropped. * **Field Name** is the name of the field, known as the key in the key-value pair. * **Data Type** shows the data type of the field. * **Field Extraction Rules** shows the number of Field Extraction Rules that reference the field. diff --git a/docs/observability/kubernetes/monitoring.md b/docs/observability/kubernetes/monitoring.md index 135134e150..1bcffb8f22 100644 --- a/docs/observability/kubernetes/monitoring.md +++ b/docs/observability/kubernetes/monitoring.md @@ -153,8 +153,8 @@ To add a custom field to a collector, do the following: The Edit Collector dialog appears. 1. Click **Add Field**.
![MM_Add-Field.png](/img/kubernetes/MM_Add-Field.png) 1. Enter a Field Name and Value in the respective text fields. In this example, we created a field for a **cluster** with the label **k8s.dev** and a pod with the name **pod_test** and label **k8s.test**. This allows you to easily search for log data for that cluster or pod. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark appears when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point appears when the field doesn't exist yet, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
![MM_Fields_Key-Value-Pairs.png](/img/kubernetes/MM_Fields_Key-Value-Pairs.png) + * green check circle.png A green circle with a check mark appears when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point appears when the field doesn't exist yet, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
![MM_Fields_Key-Value-Pairs.png](/img/kubernetes/MM_Fields_Key-Value-Pairs.png) 1. Click **Save**. Now, any logs sent to this Collector will have these key-value pairs associated with it. With this association, you can search for `cluster=k8s.dev` or `pod_test=k8s.test` to return your logs. diff --git a/docs/reuse/apps/app-collection-option-1.md b/docs/reuse/apps/app-collection-option-1.md index 7a12519bd5..39432f6125 100644 --- a/docs/reuse/apps/app-collection-option-1.md +++ b/docs/reuse/apps/app-collection-option-1.md @@ -12,8 +12,8 @@ To set up collection and install the app, do the following: 1. **Collector Name**. Enter a Name to display the Source in the Sumo Logic web application. The description is optional. 1. **Timezone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. (Optional) **Metadata**. Click the **+Add Metadata** link to add a custom log [Metadata Fields](/docs/manage/fields). Define the fields you want to associate, each metadata field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. Click **Next**. 1. Configure the source as specified in the `Info` box above, ensuring all required fields are included. 1. In the **Configure** section of your respective app, complete the following fields. diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md index 81a80166b2..eeebf4e78d 100644 --- a/docs/reuse/apps/create-aws-s3-source.md +++ b/docs/reuse/apps/create-aws-s3-source.md @@ -46,8 +46,8 @@ These configuration instructions apply to log collection from all AWS Source typ * Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. * Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. * Add an **accountId** field and assign it the value of the respective AWS account id which is being used. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 11. For **AWS Access**, choose between the two **Access Method** options below, based on the AWS authentication you are providing. * For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role. Role-based access is recommended (this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product)). * For **Key access**, enter the **Access Key ID** and **Secret Access Key**. See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/reuse/aws-cost-explorer.md b/docs/reuse/aws-cost-explorer.md index 4a5081e04d..a5cd147786 100644 --- a/docs/reuse/aws-cost-explorer.md +++ b/docs/reuse/aws-cost-explorer.md @@ -6,8 +6,8 @@ To configure an AWS Cost Explorer Source: 1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional.
cost-explorer-v2-1-1.png 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json { diff --git a/docs/send-data/collection/edit-collector.md b/docs/send-data/collection/edit-collector.md index 317ce6c68b..b8c41b173a 100644 --- a/docs/send-data/collection/edit-collector.md +++ b/docs/send-data/collection/edit-collector.md @@ -19,8 +19,8 @@ Changes to metadata are applied to messages going forward from this point in tim * The Collector version is provided for reference and can be changed. * If you set **Host Name** or **Category** at the Collector level, then all Sources belonging to this Collector are tagged with these metadata fields. If you later specify metadata at the Source level, the Collector metadata will be overwritten. * Click the **Add Field** link in the **Fields** section if you want to assign metadata [fields](/docs/manage/fields) to the Collector. Define the fields you want to associate, each field needs a key and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ```xml () () @@ -35,8 +35,8 @@ Changes to metadata are applied to messages going forward from this point in tim 1. Change the name or change the metadata fields as needed. Note that updated metadata is only be applied to newly ingested data; previously uploaded data retains its original metadata. * If you set **Category** at the collector level, then all sources belonging to this collector are tagged with that value. If you later specify metadata at the source level, the collector metadata will be overwritten. * Define the [**Fields**](/docs/manage/fields) you want to associate, each field needs a key and value.  - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ``` () () diff --git a/docs/send-data/collector-faq.md b/docs/send-data/collector-faq.md index f6e7b0d0ba..9b20fe94c5 100644 --- a/docs/send-data/collector-faq.md +++ b/docs/send-data/collector-faq.md @@ -572,7 +572,7 @@ If your user account is not an administrator check your Role assignment for any #### Verify that your Collectors are running -Collectors and Sources in your account are listed on the Collectors page. Collectors and Sources that are running (able to communicate with Sumo Logic and configured to send data) are marked with ![green check circle.png](/img/reuse/green-check-circle.png). Stopped Collectors and Sources are marked with ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png). Stopped Collectors do not send any data. +Collectors and Sources in your account are listed on the Collectors page. Collectors and Sources that are running (able to communicate with Sumo Logic and configured to send data) are marked with green check circle.png. Stopped Collectors and Sources are marked with orange exclamation point.png. Stopped Collectors do not send any data. If a Collector is stopped, you can verify the Collector's status and restart it if necessary. diff --git a/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md b/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md index f7091c9e01..1a46384ad0 100644 --- a/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md +++ b/docs/send-data/hosted-collectors/amazon-aws/amazon-security-lake-source.md @@ -63,8 +63,8 @@ To create an Amazon Security Lake Source, follow the steps below: 1. In the **Source Category**, enter any string to tag the output collected from this distinct source. (Category metadata is stored in a searchable field called **_sourceCategory**). 7. In **Fields**. Click the **+Add Field** link to add custom log metadata fields. 8. Enter the required fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark shows up when a field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point shows up when the field doesn't exist or is disabled in the **Fields table schema**. + * green check circle.png A green circle with a checkmark shows up when a field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point shows up when the field doesn't exist or is disabled in the **Fields table schema**. :::important In this case, an option to automatically add or enable the nonexistent fields to the **Fields table schema** is provided. If a field is sent to Sumo logic that does not exist in the **Fields table schema** or is disabled, it will be ignored and known as dropped field. ::: diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md index 08f4d7c870..4a857f9e5a 100644 --- a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md +++ b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md @@ -56,8 +56,8 @@ To create an AWS Kinesis Firehose for Logs Source: 1. **SIEM Processing**. Check the checkbox to forward your data to Cloud SIEM.   1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.   + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.   1. Set any of the following options under **Advanced**. Advanced options do *not* apply to uploaded metrics. diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md index 6f32675c93..8590dafef0 100644 --- a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md +++ b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md @@ -114,8 +114,8 @@ You can adjust the configuration of when and how AWS handles communication attem 1. For **Source Category**, enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called _sourceCategory.) 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM: * Click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md index 5e19233b6f..9ab8a830c0 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md @@ -50,8 +50,8 @@ To configure a cloud syslog source, do the following: 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.) 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Set any of the following under **Advanced**: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md index 42bed8ac69..8f758c223a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md @@ -51,8 +51,8 @@ You'll need a 1Password API token and your customer-specif 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse).
1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. **Base URL**. Provide your 1Password customer-specific domain, for example `events.1password.com`. 1. **API Token**. Enter the [1Password API token](#vendor-configuration). 1. **Supported APIs to collect**. Select one or more of the available APIs, **Item Usage** and **Sign-in Attempts**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md index 4d7d21b3b0..8e7e08dc0e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md @@ -47,8 +47,8 @@ To configure an Abnormal Security Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. 1. Enter the **Access Token** for authorization collected from the [Abnormal Security platform](#vendor-configuration). 1. Additionally, if you like to collect the case data, enter **cases** in the **Supported APIs to collect** section. Threat data will be collected by default. But, if you like to collect only case data, you can unselect **threats** from the **Supported APIs to collect** section. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md index 0c39fb720a..a061c67f52 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md @@ -52,8 +52,8 @@ To configure an Airtable Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Account ID**, enter an account ID that will be a unique identifier for your enterprise account. 1. In **Personal Access Token**, enter the access token that you have generated in the [Vendor configuration](#vendor-configuration) section. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md index cca9ca28a9..ae40af4e45 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md @@ -41,8 +41,8 @@ To configure an Akamai CPC Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped). + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped). 1. **Client Token**. Enter the Client token value collected from the Akamai platform. 1. **Client Secret**. Enter the Client secret value collected from the Akamai platform. 1. **Access Token**. Enter the Access token value collected from the Akamai platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md index 28bd5e17b4..3ea3c39b51 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md @@ -48,8 +48,8 @@ To configure an Armis Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). 1. In **Instance URL**, enter the Armis hostname. :::info Armis Instance URL is the Armis hostname. For example, `https://armis-instance.armis.com`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md index 065a408d43..6f73082b55 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md @@ -53,8 +53,8 @@ To configure an Asana Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the Personal Access Token (PAT) from the Asana platform. 1. Enter the unique workspace ID for the users service account. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md index 8c3270505f..dcb40ef3d7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md @@ -51,8 +51,8 @@ To configure an Atlassian Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Organizations**. Click the **+Add** button to enter the Organizations you want to associate. Each Organizations needs a API Key value. This is the value that you generated from the [Atlassian platform](#vendor-configuration). :::info The authorization will fail if the API key value used is expired. To re-generate the API key, follow the steps mentioned in [vendor configuration](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md index a7a66ef236..b7bfa53ec6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md @@ -44,8 +44,8 @@ To configure a Automox Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. In **Bearer Token**, enter the bearer token collected from the Automox platform. 1. In **Organization ID**, enter the Organization ID collected from the Automox platform. 1. Select the **Collect Audit Trail Logs** checkbox to collect the audit details. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md index 7235b6b1fa..cf446ff159 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md @@ -34,8 +34,8 @@ To configure an AWS Cost Explorer Source: 1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md index b270b56901..6add812782 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md @@ -77,8 +77,8 @@ To configure an Azure Event Hubs Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name.  1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name. 1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md index 71addb6de5..cc90877a3b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md @@ -46,8 +46,8 @@ To configure the Bitwarden Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Bitwarden API Server Base URL**, enter the API Base URL for your Bitwarden installation. 1. (Optional) In **Self Hosted API Base URL**, enter the API Base URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL. 1. (Optional) In **OAuth 2.0 Token Url**, enter the OAuth 2.0 Token URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md index 3f192214b2..928851f328 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md @@ -44,8 +44,8 @@ To configure a Box Source: 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. Upload the JSON file. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md index eca2f28ea2..c76541122a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md @@ -57,8 +57,8 @@ To configure a Carbon Black Cloud Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the [fields](/docs/manage/fields) you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **CB Cloud Domain**. Enter your Carbon Black Cloud domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use. 1. **API Key**. Enter the Carbon Black Cloud API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section. 1. **API ID**. Enter your Carbon Black Cloud API ID correlated to your API key. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md index e9bf908168..c02e5f18df 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md @@ -42,8 +42,8 @@ To configure a Carbon Black Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **CB Cloud Domain**. Enter your Carbon Black domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use. 1. **API Key**. Enter the Carbon Black API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section. 1. **API ID**. Enter your Carbon Black API ID correlated to your API key. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md index 69783837e8..aa1de11e81 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md @@ -63,8 +63,8 @@ To configure a Cato Networks Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **API Key** for Cato Networks account. 1. Enter the **Account ID** for Cato Networks account. 1. Select the **Data Types**. You can select one or both of the data sources. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md index b544cc4071..2a20eb80b8 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md @@ -40,8 +40,8 @@ To configure a Cisco AMP Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Client ID**. Provide the Client ID you want to use to authenticate collection requests. 1. **API Region** (Optional). Select the appropriate region of your API Key. The default is `api.amp.cisco.com`. 1. **API Key**. Provide the API Key you want to use to authenticate collection requests.  diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md index 6d1fbbc2b5..231ad0182f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md @@ -57,8 +57,8 @@ To configure Cisco Meraki Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). 1. **Base URL**. It refers to the default URL where your Meraki account is hosted. If you are located in China, you have the option to modify the base URL. 1. **API Key**. Provide the API key you generated from your Meraki account. 1. **Meraki Organization ID**. Provide the numeric Meraki organization ID of the Meraki org you want to collect data from. You can only provide one ID. Please create multiple sources for multiple Meraki organizations. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md index 5dbe2a3986..9aa803ffb9 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md @@ -51,8 +51,8 @@ Only administrators are allowed to retrieve the key. For more information, refer 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. **Base URL**. Provide your Cisco Vulnerability Management customer-specific domain, for example, `https://api.kennasecurity.com`. 1. **API Key**. Enter the [Cisco Vulnerability Management API key](#vendor-configuration). 1. **Data Collection**. Select one or more of the data types, **Assets** and **Vulnerabilities**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md index d58e789187..f9afb87a90 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md @@ -78,8 +78,8 @@ To configure the Citrix Cloud API: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Choose the URL where your Citrix Cloud account is located. See [Base URL](#base-url) section to know your base URL. 1. **Customer ID**. Enter the Customer ID you generated and secured from the [API Client](#api-client) section in step 6. 1. **Client ID**. Enter the Client ID you generated and secured from the [API Client](#api-client) section in step 5. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md index 73896df98f..3445261c77 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md @@ -51,8 +51,8 @@ To configure a Code42 Incydr Source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Base URL**, select the domain from which you want to retrieve the source data from the Incydr API. 1. In **Client ID**, enter the Client ID you generated from the Code42 Incydr platform. 1. In **Secret Key**, enter the Secret Key you generated from the Code42 Incydr platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md index c2282dd4ac..0e11227c1d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md @@ -44,8 +44,8 @@ To configure a Confluent Cloud Metrics source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **API Key ID**. Enter the Client ID collected from the [vendor configuration](#vendor-configuration). For example, `U5XXXYZYGAXXXFRZ`. 1. **API Secret**. Enter the Client Secret collected from the [vendor configuration](#vendor-configuration). For example, `psYDINXXXG9eYi9hF/X20SZAI4YEn5IZ0cXXXuZ556WIbKYvHPHSCTXXXyF`. 1. **Resource Filters**. Select the checkbox to collect metrics for the required resources, and then enter the ID of the relevant resource to export metrics. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md index c98b0b590f..5e16f60829 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md @@ -71,8 +71,8 @@ To configure the CrowdStrike FDR Host Inventory API: 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) as inventory.
7. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 8. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 9. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 10. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md index bf8fc99eaa..7a33d8e77a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md @@ -46,8 +46,8 @@ To configure a CrowdStrike FDR Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **AWS Access Key ID**: Provide your AWS Access Key ID you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. 1. **AWS Secret Access Key**: Provide your AWS Secret Access Key you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. 1. **SQS Queue URL**. Provide your SQS Queue URL you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md index 3a35b309dd..b6e19ee4ef 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md @@ -71,8 +71,8 @@ To configure the CrowdStrike FileVantage Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **CrowdStrike Base URL**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **API Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **API Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md index 52ffb00c63..485931b348 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md @@ -56,8 +56,8 @@ To configure a CrowdStrike Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **CrowdStrike domain**: Provide your [CrowdStrike domain](https://falcon.crowdstrike.com/support/documentation/89/event-streams-apis ), for example, `api.crowdstrike.com`. 1. **Client ID**: Provide the CrowdStrike Client ID you want to use to authenticate collection requests. 1. **Secret Key**. Provide the CrowdStrike API key you want to use to authenticate collection requests. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md index c2e2746f58..b165f5882f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md @@ -70,8 +70,8 @@ To configure the CrowdStrike Spotlight Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md index 53539e58ce..6becbc8bed 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md @@ -70,8 +70,8 @@ To configure the CrowdStrike Threat Intel Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md index b9ddb536b1..4812215cf6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md @@ -54,8 +54,8 @@ To configure a Cloud SIEM AWS EC2 Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **AWS Access**. The integration is configured for either role based AWS authentication or key based AWS authentication. - **Role Based Access**. AWS Role ARN is required for Role based Access. Use the information provided on the source page to configure the role.
role-based - **Key Access**. Enter the IAM user access key ID and secret key you want to use to authenticate collection requests.
key-based diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md index b1fbf9aa28..ed461d8ce6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md @@ -49,8 +49,8 @@ To configure a CyberArk Audit source, follow the steps below: 1. **Name**. Enter a name to display for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Identity ID**. Enter your identity ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `ac212`. 1. **Web Application ID**. Enter your application ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `sumologic`. 1. **Username**. Enter your username(client-id) collected from the [Vendor configuration](#vendor-configuration) section. For example, `user@cyberark.cloud.1234`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md index 7f1c96fec9..49c472d693 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md @@ -50,8 +50,8 @@ To configure a CyberArk EPM Source, follow the steps below: 1. **Source Category**. Enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. Fields. (Optional) Click **+Add** to ad additional fields; each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. **EPM Username**. Enter your EPM username from the [Vendor configuration](#vendor-configuration) section. 1. **EPM User Password**. Enter your EPM password from the [Vendor configuration](#vendor-configuration) section. 1. **CyberArk EPM Dispatch Server**. Enter your CyberArk EPM Dispatch Server URL, it is the dispatch server for your region. Following are some examples of dispatch server URLs: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md index 15377ad9a3..e090440160 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md @@ -45,8 +45,8 @@ To configure a Cybereason Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Cybereason Host**. Provide your customer-specific host, such as `mydomain.cybereason.net`. If you have a customer-specific port this should be included, such as `mydomain.cybereason.net:8443`. 1. **User email** and **password**. Provide the Cybereason user credentials you want to use to authenticate collection requests. 1. (Optional) The **Polling Interval** is set for 300 seconds by default, you can adjust it based on your needs. This sets how often the Source checks for new data. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md index db5443c94a..d6c5d5303f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md @@ -46,8 +46,8 @@ To configure Digital Guardian Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **API Gateway URL**, enter the API Gateway URL of your account. 1. In **Authorization Server URL**, enter the Authorization Server URL of your account. 1. In **API Client ID**, enter the API Client ID you generated from the Digital Guardian platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md index 6240a6fbe5..5c3457f2ff 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md @@ -90,8 +90,8 @@ To configure the DocuSign source: 4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 7. In **DocuSign Environment**, choose the environment of your DocuSign account. 8. In **User ID**, enter the User ID of your account. See [User ID](#user-id) section to help find your User ID. 9. In **Integration Key**, enter the integration key you generated. See step 5 of [App](#app) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md index b0de1f2501..867c83d6d8 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md @@ -57,8 +57,8 @@ To configure a Dragos Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Endpoint URL**. Enter the Dragos platform endpoint URL. For example, `https://test.cxc.dragos.cloud/`. 1. **API ID**. Enter the API ID of your account collected from the [Dragos platform](#vendor-configuration). For example, `036fxxxx-b642-xxxx-99d3-fcxxxx2exxxx`. 1. **API Secret**. Enter the API Secret of your account collected from the [Dragos platform](#vendor-configuration).. For example, `xxxU1TxxxxxxxxKSJwHYOpK37xxxxxxxxrEHAkU91xxxxxxxxxFrrJ06xxx`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md index 3279be0a34..d02c1b98c3 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md @@ -50,8 +50,8 @@ To configure a Dropbox source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **App Key**, **App Secret**, and **Access Code**. Provide your Dropbox [authentication](#vendor-configuration) credentials. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md index b2235cdb76..9f1846a023 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md @@ -45,8 +45,8 @@ To configure a Druva Cyber Resilience Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Endpoint URL**. Enter the API Endpoint URL collected from the [Druva Cyber Resilience platform](#vendor-configuration). 1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds). 1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md index e26868c0d4..cda0117c44 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md @@ -67,8 +67,8 @@ To configure a Druva Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Endpoint URL**. Enter your API Endpoint URL. To get API Endpoint URL, follow the instructions from [Create and Manage Druva API Credentials](https://developer.druva.com/docs/migration-process). 1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials). 1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md index d67a36ac4e..f7e96cfb61 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md @@ -40,8 +40,8 @@ To configure a Duo Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. :::note If you are using the Duo Federal edition service when connecting APIs, it's recommended to use `duofederal.com` instead of the default `duosecurity.com` domain. Our Duo C2C lets you allow to configure the API domain as it contains the specific customer ID information. For example, you can use `api-xxxx-duosecurity.com` or `api-xxxx-duofederal.com` if the Duo Federal edition service has been opted in. For more information, refer to the [Duo Federal Edition Guide](https://duo.com/docs/duo-federal-guide#duo-service-connectivity). ::: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md index 618cef6cdc..2d68c98fee 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md @@ -54,8 +54,8 @@ To configure Gmail Trace Logs Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Project ID**. Enter the unique identifier number. You can find this from the Google Cloud Console. 1. **Dataset ID**. Enter the ID. The Dataset ID is the project-wise unique identifier for your dataset. 1. **Data Location**. Enter the location of DataSet which is set while creating Dataset in BigQuery. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md index 692f0997a4..43d15640f3 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md @@ -52,8 +52,8 @@ To configure an Google BigQuery Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Project ID**. Enter the unique identifier number for your BigQuery project. You can find this from the Google Cloud Console. 1. **Checkpoint Field**. Enter the name of the field in the query result to be used for checkpointing. This field has to be increasing and of type number or timestamp. 1. **Checkpoint Start**. Enter the first value for the checkpoint that the integration will plug into the query. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md index 1b46e8a6f1..06eecf5f45 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md @@ -56,8 +56,8 @@ Follow the below steps to create Google Workspace AlertCenter service account cr 1. **Source Category.** Enter a string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Click if you want the Source to forward the logs it ingests to [Cloud SIEM](/docs/cse/).
1. **Fields.** (Optional) Click **+Add Field** to define the fields you want to associate, each field needs a name (key) and value. For more information, see [Fields](/docs/manage/fields). - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). 1. **Delegated User Email.** Enter the admin email address for the domain. This email should be the address that is configured for the specific service account in the Google Cloud console. 1. **Google Workspace AlertCenter Credentials**. You can authenticate your service account credentials directly by uploading a JSON file credentials instead of breaking down the file into different sections for the UI schema. Click **Upload** and select the JSON file that you downloaded in the [Service Account Credentials section](#vendor-configuration). 1. **Exclude Alert Types**. (Optional) Enter the data alert types and scope that you do not want to send to Sumo Logic. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md index 83ba536de0..7bbd77388a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md @@ -91,8 +91,8 @@ To configure a Google Workspace User Inventory source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) so it becomes part of User Inventory.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. The **Delegated User Email** is the email address of the user you want to call the API on behalf of. This user should have the necessary [permissions](https://support.google.com/a/answer/7519580?hl=en) to view the details of other users in your Google Workspace domain, such as an Admin role. At a minimum, the user should have the `Users:Read permission`. Learn more about Domain-Wide Delegation of Authority: * [Domain-Wide Delegation of Authority](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md index 6a2ba6c338..3704953726 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md @@ -44,8 +44,8 @@ To configure an Intel471 Threat Intel source: 1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Username**. Enter your login ID or email address. 1. **API Key**. Enter the API key of the user account collected from the [Intel471 Threat Intel platform](#vendor-configuration). 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Intel 471 source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Intel 471 threat intelligence indicators will be stored in this source. Do not use spaces in the name. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md index 0031175842..591dcf785d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md @@ -41,8 +41,8 @@ To configure the Jamf Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Base URL**, enter your Jamf instance domain, `https://yourServer.jamfcloud.com`. 1. In **Client ID**, enter the Client ID you generated from the Jamf platform. 1. In **Client Secret**, enter the Client Secret you generated from the Jamf platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md index a4a2d37e6c..39ac554491 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md @@ -39,8 +39,8 @@ To configure the JFrog Xray Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **JFrog Base URL**, enter your JFrog instance domain (for example, `https://acme.jfrog.io`). 1. In **HTTP Basic Auth Username**, enter your JFrog username you created. 1. In **HTTP Basic Auth Password**, enter your JFrog password you created. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md index 452588828d..b94931ba8c 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md @@ -42,8 +42,8 @@ To configure a JumpCloud Directory Insights source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **API Key**, enter the API Key you generated from the JumpCloud Directory Insights platform. 1. In **Organization ID**, enter the Organization ID you generated from the JumpCloud Directory Insights platform. 1. In **Service**, select the type of logs to collect. This allows you to limit the response to just the data you want. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md index d3aa6f5b77..943e7683c7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md @@ -63,8 +63,8 @@ To configure a Kaltura source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Enter the API **Base URL**. 1. **Partner ID**. Enter the **Partner ID** collected from the [Vendor configuration](#create-a-new-app-token). 1. **App Token ID**. Enter the **App Token ID** collected from the [Vendor configuration](#create-a-new-app-token). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md index a85bb4da6a..f907419762 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source.md @@ -54,8 +54,8 @@ To configure Kandji Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Endpoint URL**, enter the endpoint URL collected from the Kandji platform. 1. In **Bearer Token**, enter the bearer token collected from the Kandji platform. 1. Select the **Collect Threat Details** checkbox to collect threat data. By default, **Collect Threat Details** checkbox will be selected. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md index e15027008a..cf998cee51 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md @@ -68,8 +68,8 @@ To configure the KnowBe4 API Source: 4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 7. In **Region**, choose the region where your KnowBe4 account is located. See [Region](#region) section to know your Region. 1. In **API Key**, authenticate your account by entering your secret API key. You can access your API key or generate a new one from **User Event API Management Console**. See [API Token](#api-token) section. 1. In **Data Types**, you can select the **Phishing Tests** data type to fetch a list of all recipients for each phishing security test on your KnowBe4 account. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md index bbd2fe4f65..efb9f7300a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md @@ -37,8 +37,8 @@ To configure the LastPass Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **CID (Account Number)**, enter your CID account number collected from the LastPass platform. 1. In **API Secret**, enter your API Secret ID collected from the LastPass platform. 1. In **TimeZone**, enter the timezone of admin LastPass account. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md index 9991e4fa5d..56f4440b6a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md @@ -43,8 +43,8 @@ To configure a Mandiant Threat Intel source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Key ID**. Enter the API key ID collected from the Mandiant Threat Intel platform. 1. **API Secret**. Enter the API secret collected from the from the Mandiant Threat Intel platform. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Mandiant source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Mandiant threat intelligence indicators will be stored in this source. Do not use spaces in the name. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md index 0cc7599fde..a7925e108d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md @@ -79,8 +79,8 @@ To configure a Microsoft Azure AD Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Devices** and **Users**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md index 0a3c078449..1405765254 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md @@ -99,8 +99,8 @@ To configure a Microsoft Exchange Trace Logs Source: 4. Enter a **Name** for the Source. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 8. **Application (client) ID**. Enter your client ID from your Azure Application. This should be a Globally Unique Identifier aka GUID. 9. **Directory (tenant) ID**. Enter your tenant ID from your Azure Application. This should be a Globally Unique Identifier aka GUID. 10. **Secret**. Enter your client secret generated within your Azure Application. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md index d8dc1c5386..69d8d8b589 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md @@ -78,8 +78,8 @@ To configure a Microsoft Graph Azure AD Reporting Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Directory Audit**, **Sign-in**, and **Provisioning**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md index b3e60871f6..38886d46ff 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md @@ -73,8 +73,8 @@ To configure a Microsoft Graph Identity Protection Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs, **riskDetections** and **riskyUsers**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md index 7462bb7fcb..295132fefb 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md @@ -72,8 +72,8 @@ To configure a Microsoft Graph Security API Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **Directory (tenant) ID**, **Application (client) ID**, and **Application Client Secret Value** you got from the Application you created in the [Vendor configuration](#vendor-configuration) section. 1. The **Polling Interval** is set to 5 minutes by default. You can adjust it based on your needs. 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md index d851fb852d..a74c60358f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md @@ -49,8 +49,8 @@ To configure a Mimecast Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Client ID**. Enter the Client ID of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client ID. 1. **Client Secret**. Enter the Client Secret key of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client Secret. 1. **Supported API to collect**. Select the type of Mimecast data source that you want to collect. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md index ce608ad927..e11d207aa3 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md @@ -78,8 +78,8 @@ To configure a Netskope Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. Enter your Netskope customer specific **Tenant ID**. Do not provide the entire URL, just the Tenant ID. For example, if your URL is `https://tenant.eu.sumologic.com`, then `tenant.eu` will be your Tenant ID. 1. Enter the Netskope **API Token** you want to use to authenticate requests. 1. **Event Types** (Optional). By default, *all* event types are collected. You can specify certain event types to collect. Make sure to have the corresponding token privileges to the event types. If this field is empty, all event types are collected. Be aware that if you want to collect all event types, and a new event type is added in the future, your token might need to be updated accordingly. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md index cb9c960393..662596796b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md @@ -49,8 +49,8 @@ When you create a Netskope WebTx API Source, you add it to a Hosted Collector. B 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Netskope Streaming Credentials**. Upload the JSON file downloaded from google cloud platform. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md index bb282ce3b3..af5efe0a7e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md @@ -41,8 +41,8 @@ To configure an Okta Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Okta API Key**. Provide the Okta API key you want to use to authenticate collection requests. 1. **Okta Domain**. Provide your specific Okta domain, such as `mydomain.okta.com`. 1. **Okta Event Types to Request**. By default, the Source will ingest all Okta events. You can instead configure a subset of events to collect. Click **Select Events** to specify the events you want to collect. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md index b22d2e764f..34acf9d477 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md @@ -74,8 +74,8 @@ To configure a Palo Alto Cortex XDR Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Key**. Enter the API Key that you generated and secured in step 7 of the [API Key](#getting-cortex-xdr-api-key) section. 1. **API ID**. Enter the API ID that you generated and secured in step 2 of the [API ID](#getting-cortex-xdr-api-id) section. 1. **Tenant FQDN**. Enter the FQDN that you obtained when you generated the API Key and API ID, as explained in the [FQDN](#getting-cortex-xdr-fqdn) section. The FQDN is a unique host and domain name associated with each tenant. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md index f5f51f40e8..d382fe1eda 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md @@ -49,8 +49,8 @@ To configure a Proofpoint On Demand Source: 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
7. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 8. **Cluster ID** and **Token**. Provide the Proofpoint authentication credentials you want to use to [authenticate](#configuration-object) collection requests. 9. **Supported Events**. There are two types of events you can collect. Select one or both of the options, **message** and **maillog**. The following shows the main fields returned from each type: * **message**: `guid`, `connection`, `envelope`, `msg`, `msgParts`, `filter`, `pps` diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md index 27f08f6054..fb89dc1e4b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md @@ -188,8 +188,8 @@ To configure a Proofpoint TAP Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Proofpoint Domain**. Provide a Proofpoint endpoint if different from the default, `tap-api-v2.proofpoint.com`. 1. **API Secret**. Provide the Proofpoint API Secret for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above). 1. **Service Principal**. Provide the Proofpoint Service Principal for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md index f98a12a2cc..ccf968e3f2 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md @@ -39,8 +39,8 @@ To configure a Qualys VMDR Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Qualys API Server URL** and **Qualys API Gateway URL**. Provide the Qualys API server URLs. Use the [Qualys Platform Identification](https://www.qualys.com/platform-identification) page and scroll down to **API URLs** to for a reference to your Qualys deployment location. 1. **Username** and **Password**. Use your Qualys account username and password for API authentication. 1. The next section covers the type of data to collect and how often. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md index 30589e8828..11d989b99e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md @@ -37,8 +37,8 @@ To configure an Rapid7 Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **Region** of Rapid7 InsightVM platform. 1. Enter the **API Key** for authorization. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md index 3a252fa336..c85c7612e7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md @@ -53,8 +53,8 @@ To configure a Duo Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Tenant Name**. Provide your SailPoint customer-specific organization name, such as `{organization}.identitynow.com`. 1. **Client ID** and **Client Secret**. Enter the ID and Secret you got from creating your SailPoint access token in the [Vendor configuration section](#vendor-configuration) above. 1. **Supported APIs to collect**. Select one or more of the available APIs, **Events** and **Users**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md index 4ee85598eb..e83c04de42 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md @@ -70,8 +70,8 @@ To configure a Salesforce Source: 1. For **Source Category (Optional)**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **SignOn URL.** Enter your Sign on URL. For example, `https://.my.salesforce.com/services/oauth2/token`. 1. **Client ID.** Enter the Consumer Key of the ConnectedApp.  1. **Client Secret.** Enter the Consumer Secret of the ConnectedApp.  diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md index ad55ae1555..a09c96148f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md @@ -58,8 +58,8 @@ To configure a SentinelOne Mgmt API Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Base URL**. Provide your SentinelOne Management URL. It's in this format: `https://`. 1. **API Token**. Provide the API Token you got from the SentinelOne Management Console. See Authentication above for details. 1. **Supported APIs to collect**. Select one or more of the available APIs: **activities**, **agents**, and **threats**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md index e703966ced..4194c60d0d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md @@ -122,8 +122,8 @@ To configure a Slack Source: 1. Enter a **Name** for the Source. The **Description** is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Auth Bearer Token**. Enter the Slack App access token from the previous steps. 1. **Slack API Collection**. Select the Slack collection API you want to collect logs from (Web or Audit). 1. **Polling Interval in Minutes**. Enter the frequency in minutes for collecting the data. Default is 5 mins. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md index 8a855d3dd6..54e46efeb4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md @@ -37,8 +37,8 @@ To configure Smartsheet Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Application (client) ID**, paste in the Client ID from the vendor's setup "Create a Developer Account and Register an App" steps. 1. In **Client Secret**, paste in the Client Secret from the vendor's setup "Create a Developer Account and Register an App" steps. 1. In **Oauth 2.0 Authorization Code**, paste in the Authorization Code from the vendor's setup "Create a Developer Account and Register an App" steps. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md index 11c37b207f..6ed6a94688 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md @@ -51,8 +51,8 @@ To configure a Snowflake source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Snowflake Username**. Enter your Snowflake login [username](#vendor-configuration). 1. **Snowflake Password**. Enter your Snowflake login [password](#vendor-configuration). 1. **Snowflake Account Identifier**. Enter your Snowflake account [name](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md index 0239ac1a11..294eb07e37 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md @@ -39,8 +39,8 @@ To configure the Snowflake SQL API Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Snowflake Username**, enter your Snowflake account username. 1. In **Snowflake Password**, enter the Snowflake account password associated with your user. 1. In **Snowflake Account Identifier**, enter your Snowflake account identifier obtained from the vendor configuration above. The identifier should look something like this: `wp00000.us-east-2.aws`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md index ff391e8f86..9652703ddd 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md @@ -50,8 +50,8 @@ To configure a Sophos Central Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Client ID**. Provide the Sophos Central Client ID you want to use to authenticate collection requests. 1. **Client Secret**. Provide the Sophos Central Client Secret you want to use to authenticate collection requests. 1. **Supported APIs to collect**. Select one or more of the available APIs, **Alerts** and **Events**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md index aaa8460fe3..3cad1b13b7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md @@ -48,8 +48,8 @@ To configure a TAXII 1 Client Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name. 1. **STIX/TAXII Configuration**: * **Discovery URL**. Enter the TAXII Discovery URL provided by the vendor (optional). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md index 37d502d370..f236c0af03 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md @@ -47,8 +47,8 @@ To configure a TAXII 2 Client Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name. 1. **Authentication**. Select the authentication type: * **Basic**. Provide your vendor username and password. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md index 3c23f381d8..1abff6c933 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md @@ -65,8 +65,8 @@ To configure a Sumo Collection Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Deployment**. Select the deployment region from the dropdown. For example, `AU`. 1. **Access ID**. Enter the Access ID collected from the [vendor configuration](#access-id-and-access-key). For example, `sug2lhtaa1g6xk`. 1. **Access Key**. Enter the Access Key collected from the [vendor configuration](#access-id-and-access-key). For example, `00xxxxxx-xxx2-9316-7xx42xxx1x41`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md index 9e422be547..2682b64805 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md @@ -44,8 +44,8 @@ To configure a Symantec Endpoint Security Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. 1. In **Client ID**, enter the Client ID you generated from the Symantec Endpoint Security platform. 2. In **Client Secret**, enter the Client Secret you generated from the Symantec Endpoint Security platform. 3. (Optional) In **Initial LookBack**, enter the first collection start time. Default is 1 day and maximum is 30 days. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md index 96128dcfaa..aaf028bc67 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md @@ -60,8 +60,8 @@ To configure a Symantec Web Security Service Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Username** and **Password**. Provide the Symantec Web Security Service user credentials you want to use to authenticate collection requests. This was copied during the [Vendor configuration](#vendor-configuration) steps above. 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md index eb08df298b..b8d97f574b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md @@ -62,8 +62,8 @@ To configure a Sysdig Secure Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Base URL**. Enter the [Sysdig Secure platform](#base-url) Base URL. For example, `https://api.us2.sysdig.com`. 1. **Bearer Token**. Enter the Sysdig Secure API token collected from the [Sysdig Secure](#bearer-token) platform. For example, `t3fPdsbxxxxxxxxxp4D6hbi4`. 1. (Optional) **Filters**. Click the **+Add** button to define the filters you want to associate. Each filter needs a **Field Name** (key) and **Field Value** (value). For key-value pairs, the length is set to 256 characters and the API accepts a maximum length of 1024 characters for the filter. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md index 1af040076e..125402c3b6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md @@ -49,8 +49,8 @@ To configure a Tenable source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Provide the **Access Key** and **Secret Key** to authenticate requests. 1. (Optional) **Include unlicensed objects**. Select the checkbox if you want to collect unlicensed objects. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Vulnerability Data**, **Audit Logs**, and **Asset Data**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md index 1d59aae491..8922b784e9 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md @@ -45,8 +45,8 @@ To configure a Trellix mVision ePO Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **Client ID** of your Trellix platform. 1. Enter the **Client Secret** of your Trellix platform. 1. Enter the **API Key** for authorization collected from the Trellix platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md index 7d4853c34f..768f331420 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md @@ -54,8 +54,8 @@ To configure a Trend Micro source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Base URL**. Enter the [Base URL](#vendor-configuration) to fetch the data from the Trend Micro Vision One source. 1. **Auth Token**. Enter the authentication token collected from the [Trend Micro platform](#vendor-configuration). 1. **Polling Interval**. The polling interval is set for 15 minutes by default. You can adjust it based on your needs. This sets how often the source checks for new data. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md index cb319b5e4a..cde35ddf77 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md @@ -43,8 +43,8 @@ To configure a Trust Login Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Bearer Token**. Provide the bearer token collected from the Trust Login platform. 1. The **Polling Interval** is set for five minutes by default, you can adjust it based on your needs. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md index 201e561861..19670aaca8 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md @@ -48,8 +48,8 @@ When you create an Universal Connector Source, you add it to a Hosted Collector. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Parser path**. If **Forward to SIEM** option is selected, provide a [parser path](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/parsers/README.md). 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - - ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - - ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + - green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + - orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Configuration Sections**. Expand each section to learn more about the options available for configuration.
Authentication Configuration diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md index 3c452e0e2b..f0d68c1a55 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md @@ -37,8 +37,8 @@ To configure a Vectra Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Account URL**. Enter the account URL value `https://{vectra_portal_url}/api/v3.3/detections`. Replace `vectra_portal_url` with your subdomain value. For example, `https://308714519558.cc1.portal.vectra.ai`. 1. **Client ID**. Enter the client ID value collected from the [Vectra platform](#vendor-configuration). 1. **Client Secret**. Enter the client secret value collected from the [Vectra platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md index eb4f33c734..611d6b57da 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md @@ -67,8 +67,8 @@ To configure a VMware Workspace One Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Endpoint URL**. Enter the [VMware Workspace One platform](#vendor-configuration) endpoint URL. 1. **Auth URL**. Enter the API region URL to fetch the auth token collected from the [VMware Workspace One platform](#auth-url). For example, `https://uat.uemauth.vmwservices.com`. 1. **Client ID**. Enter the Client ID of your account collected from the [VMware Workspace One platform](#client-id-and-client-secret). For example, `cfea26d59bd542488ea706b025564d42`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md index f5505b62e7..67063af354 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md @@ -77,8 +77,8 @@ To configure an Webex source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Client ID**. Enter the **Client ID** collected from the [new Webex Integration app](#create-a-new-webex-integration-app). 1. **Client Secret**. Enter the **Client Secret** collected from the [new Webex Integration app](#create-a-new-webex-integration-app). 1. **OAuth 2.0 Authorization Code**. Enter the **OAuth 2.0 Authorization Code** collected from the [URL](#oauth-20-authorization-code). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md index 07666f21ad..e56c5e5fe1 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md @@ -135,8 +135,8 @@ To configure a Workday Source, follow the steps below: 5. For **Source Category** (Optional), enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata/) is stored in a searchable field called `_sourceCategory`. 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
7. **Fields** (Optional). Click the **+Add** field link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a checkmark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 8. **SignOn Report URL**. Paste the SignOn Report URL from the [Vendor configuration: Step 5](#step-5-create-a-custom-sign-on-report). 9. **Integration System User Name**. Name of the account (SumoLogic_ISU) created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user). 10. **Integration System User Password**. The password of the account created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md index 4719455508..6f72bd1e2f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md @@ -37,8 +37,8 @@ To configure a Zendesk Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Enter the Base URL value `https://{subdomain}.zendesk.com`. Replace `subdomain` with your subdomain value. For example, `https://unityd.zendesk.com`. 1. **Email Address**. Enter your Zendesk account email address. 1. **API Token**. Enter the **API Token** for authorization collected from the [Zendesk platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md index 0a5b558242..596b1d9600 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md @@ -44,8 +44,8 @@ To configure a Zero Networks Segment Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **API Key** for authorization collected from the Zero Networks platform. 1. Select **Collect Network Activity Data**, to collect network activity data. 1. (Optional) For **Network Activity Filters**, enter the filters you want to apply for network activity data collected from the Zero Networks platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md index f7b6e47f78..087ea98ef9 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md @@ -45,8 +45,8 @@ To configure an ZeroFox Threat Intel source: 1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  1. **Username**. Enter your ZeroFox username. 1. **Password**. Enter your Zerofox password. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the ZeroFox source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The ZeroFox threat intelligence indicators will be stored in this source. Do not use spaces in the name. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md index a62e8cc747..a4c6a871f9 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md @@ -53,8 +53,8 @@ To configure a Zimperium MTD source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Account URL**. Enter your [Account URL](#vendor-configuration). 1. **Client ID**. Enter your [Client ID](#vendor-configuration). 1. **Client Secret**. Enter your [Client Secret](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/configure-hosted-collector.md b/docs/send-data/hosted-collectors/configure-hosted-collector.md index fa44db3a9e..f666ce8250 100644 --- a/docs/send-data/hosted-collectors/configure-hosted-collector.md +++ b/docs/send-data/hosted-collectors/configure-hosted-collector.md @@ -23,8 +23,8 @@ Steps to configure a Hosted Collector: 1. Provide a **Name** for the Collector. **Description** is optional. 1. **Category**. Enter any string to tag the logs collected from this Collector. This Source Category value is stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). 1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Assign to a Budget** allows you to assign an ingest budget to the Collector. The dropdown displays your ingest budgets in the following format: ` () ()` 1. **Time Zone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. Review your input and when finished click **Save**.
![Screenshot of the 'Add Hosted Collector' dialog box in Sumo Logic. The form includes fields for 'Name' (with 'Sumo' entered), 'Description,' 'Category,' and 'Fields' with an option to '+Add Field.' Additional options include 'Assign to a Budget,' set to 'Not Assigned,' and 'Time Zone,' set to '(UTC) Etc/UTC.' At the bottom are 'Cancel' and 'Save' buttons.](/img/send-data/add-hosted-collector.png) diff --git a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md index 47850e377e..25ef86d01e 100644 --- a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md +++ b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md @@ -123,8 +123,8 @@ For information on available metrics, see [GCP Metrics](https://cloud.google.com ::: 10. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 1,024 characters. 11. **Fields**. Click the **+Add link** to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 12. **GCP Access**. Upload the JSON Google service account credentials file. This allows Sumo Logic to make API calls to Google Cloud. diff --git a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md index 7fa31539a4..338b9aab1b 100644 --- a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md +++ b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md @@ -32,8 +32,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable metadata field called `_sourceHost`. Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 1,024 characters. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Advanced Options for Logs**.
GCP advanced options * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md index c243855fa5..9b0ffda1bc 100644 --- a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md +++ b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md @@ -63,8 +63,8 @@ To configure a Google Workspace Apps Audit Source: 1. **Source Category**. Enter a string to tag the output collected from the source. The string that you supply will be saved in a metadata field called `_sourceCategory`. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md index 7c962a095d..361ee5e2f6 100644 --- a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md +++ b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md @@ -32,8 +32,8 @@ To configure an HTTP Logs and Metrics Source: 1. (Optional) For **Source Host **and** Source Category**, enter any string to tag the output collected from the source. (Category metadata is stored in a searchable field called _sourceCategory.) 1. **Forward to SIEM**. This option is present if [Cloud SIEM](/docs/cse/) is enabled. Click the checkbox to send the logs collected by the source to Cloud SIEM. 1. **Fields/Metadata.** Click the **+Add** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Advanced Options for Logs.** Advanced options do *not* apply to uploaded metrics.
A screenshot of the 'Advanced Options for Logs' settings in Sumo Logic. The options include 'Extract timestamp information from log file entries' (checked), 'Default Time Zone' with options to 'Use time zone from log file. If not detected, use default time zone' (selected) and 'Ignore time zone from log file and instead use default time zone'. The 'Timestamp Format' settings offer 'Automatically detect the format' (selected) and 'Specify a format'. The 'Message Processing' section has 'Multiline Processing' checked. The 'Infer Message Boundaries' options include 'Detect Automatically' (selected) and 'Add Boundary Regex'. Finally, there is an unchecked option for 'One Message Per Request', which notes that each request will be treated as a single message, ignoring line breaks. * **Timestamp Parsing.** This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone.** There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/http-source/otlp.md b/docs/send-data/hosted-collectors/http-source/otlp.md index 3533b24c0c..455f765d39 100644 --- a/docs/send-data/hosted-collectors/http-source/otlp.md +++ b/docs/send-data/hosted-collectors/http-source/otlp.md @@ -28,8 +28,8 @@ To configure an OTLP/HTTP Source: 1. Enter a **Name** for the Source. A description is optional. 
![OTLP:HTTP basic configuration settings.png](/img/send-data/OTLP-HTTP-basic-configuration-settings.png) 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data. 1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Set any of the following under **Advanced Options for Logs**: 
![OTLP advanced options part 1.png](/img/send-data/OTLP-advanced-options-part-1.png) * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md index 79736d0699..7b1da199e1 100644 --- a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md +++ b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md @@ -55,8 +55,8 @@ To configure the Azure Metrics Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Tenant Id**. Enter the Tenant Id collected from [Azure platform](#vendor-configuration). 1. **Client Id**. Enter the Client Id collected from [Azure platform](#vendor-configuration). 1. **Client Secret**. Enter the Client Secret collected from [Azure platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md index 6402f93ae1..ed7d8fea31 100644 --- a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md +++ b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md @@ -107,8 +107,8 @@ During the configuration, you will need to authenticate to Microsoft using sta * For Exchange: **O365/Exchange** * For Azure: **O365/Azure** 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/hosted-collectors/webhook-sources/zoom.md b/docs/send-data/hosted-collectors/webhook-sources/zoom.md index 5be16bc508..6a780e267e 100644 --- a/docs/send-data/hosted-collectors/webhook-sources/zoom.md +++ b/docs/send-data/hosted-collectors/webhook-sources/zoom.md @@ -50,8 +50,8 @@ To configure a Zoom Source: 1. Enter a **Name** for the Source. A description is optional. 
zoom-configuration-settings 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data.For Source Category, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Zoom Secret Token**. Enter the Zoom secret token from the Zoom Marketplace platform. 1. Set any of the following under **Advanced Options for Logs**: 
Zoom advanced options * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md index b80ebb2f54..ff2f38a98f 100644 --- a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md +++ b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md @@ -49,8 +49,8 @@ To configure a Windows Event Log Source: * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Windows Domain. (Remote Source only)** Type the name of the Windows domain, the username for this host, and the password.  * **Event Format**. Select how you want your event logs formatted: diff --git a/docs/send-data/installed-collectors/sources/docker-sources.md b/docs/send-data/installed-collectors/sources/docker-sources.md index 1d3d4a0097..2765d44fc6 100644 --- a/docs/send-data/installed-collectors/sources/docker-sources.md +++ b/docs/send-data/installed-collectors/sources/docker-sources.md @@ -67,8 +67,8 @@ There are alternative methods for collecting Docker logs and metrics. See [Dock * **Source Category**. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing **`web_apps`** tags all the logs from this Source in the sourceCategory field, so running a search on **`_sourceCategory=web_apps`** would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). If desired, you can use Docker variables to construct the Source Category value. For more information, see [Configure sourceCategory and sourceHost using variables.](#configure-sourcecategory-and-sourcehost-using-variables) * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Configure the Advanced options. diff --git a/docs/send-data/installed-collectors/sources/local-file-source.md b/docs/send-data/installed-collectors/sources/local-file-source.md index 0d869824aa..375d425c10 100644 --- a/docs/send-data/installed-collectors/sources/local-file-source.md +++ b/docs/send-data/installed-collectors/sources/local-file-source.md @@ -87,8 +87,8 @@ When the Sumo collector accesses a log file to read its content, the collector o * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Set any of the following options under **Advanced**: Advanced options for log diff --git a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md index 883b390fdc..45561d7cf7 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md @@ -39,8 +39,8 @@ To configure a Local Windows Event Log Source: * **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Event Format**. Select how you want your event logs formatted: ![JSON format name update.png](/img/send-data/JSON-format-name-update.png) * **Collect using legacy format**. Events retain their default text format from Windows. diff --git a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md index 31b88e9841..798d90c7c7 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md @@ -28,8 +28,8 @@ To configure a Local Windows Performance Monitor Log Source: * **Source Category.** Enter a string used to tag the logs collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](local-windows-performance-monitor-log-source.md) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. **Processing Rules.** (Optional.) To add rules or filters click **Add Rule**. Enter a name, a filter, and select the type. Then click **Apply**. 1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query. diff --git a/docs/send-data/installed-collectors/sources/remote-file-source/index.md b/docs/send-data/installed-collectors/sources/remote-file-source/index.md index 3f6987063a..ce076ab347 100644 --- a/docs/send-data/installed-collectors/sources/remote-file-source/index.md +++ b/docs/send-data/installed-collectors/sources/remote-file-source/index.md @@ -40,8 +40,8 @@ To configure a Remote File Source: * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. Choose the type of Credentials used for this Source: diff --git a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md index ea9168a35a..0c215022f7 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md @@ -44,8 +44,8 @@ To configure a remote Windows Event Log Source: * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Windows Domain.** Type the name of the Windows domain, the username for this host, and the password.  * **Event Format**. Select how you want your event logs formatted: ![JSON format name update.png](/img/send-data/JSON-format-name-update.png) diff --git a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md index 288d7ccd4e..544217be90 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md @@ -35,8 +35,8 @@ To configure a remote Windows Performance Monitor Log Source: * **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md). * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Windows Domain.** Type the name of the Windows Domain, the Username for this host, and the Password. 1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query. diff --git a/docs/send-data/installed-collectors/sources/script-source/index.md b/docs/send-data/installed-collectors/sources/script-source/index.md index cca093aaf7..6c97eaf475 100644 --- a/docs/send-data/installed-collectors/sources/script-source/index.md +++ b/docs/send-data/installed-collectors/sources/script-source/index.md @@ -45,8 +45,8 @@ To configure a Script Source: 1. For **Source Category**, enter any information you'd like to include in the metadata. This Source Category value is stored in a searchable metadata field called _sourceCategory. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory and sourceHost using variables](#configuring-sourcecategory-and-sourcehost-using-variables), below. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 1. For **Frequency**, choose one of the following: * An option to run the script at the selected frequency. diff --git a/docs/send-data/installed-collectors/sources/syslog-source.md b/docs/send-data/installed-collectors/sources/syslog-source.md index 524a326710..5ef8b3ba6c 100644 --- a/docs/send-data/installed-collectors/sources/syslog-source.md +++ b/docs/send-data/installed-collectors/sources/syslog-source.md @@ -25,8 +25,8 @@ If you are editing a Source, metadata changes are reflected going forward. Metad 1. **Port.** Enter the port number for the Source to listen to. If the collector runs as root (default), use 514. Otherwise, consider 1514 or 5140. Make sure the devices are sending to the same port. 1. **Source Category.** Enter a string to tag the collected messages with the searchable metadata field `_sourceCategory`. For example, enter **firewall** to tag all collected messages in a field called `_sourceCategory`. Enter *`_sourceCategory=firewall`* in the Search field to return results from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate; each field needs a name (key) and value.
- * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md index 6b36f1828d..d061400f9e 100644 --- a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md +++ b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md @@ -49,8 +49,8 @@ To configure a Windows Active Directory Inventory Source: * `_siemProduct`: Windows * `_siemForward`: true * `_siemDataType`: Inventory - * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema. - * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. * **Active Directory Attributes**. (Optional) * **Additional Attributes**. Provide a semi-colon separated list of the LDAP Names of Active Directory attributes to report, in addition to the default list: * Username diff --git a/static/img/reuse/green-check-circle.png b/static/img/reuse/green-check-circle.png index 3e102080afcf12a5482d189a5de90faac0916b15..d8e666bb5503b334e3192c7eed0f313dabef94f6 100644 GIT binary patch literal 5331 zcmZ`+2RK|?*B(X-Q9|@KdLqmyqj#fsqegFo(aR`N5-n=}2oMWqd6egbv4ID73OG+R-`LTGWxRjpS)RqlGbF>g{BiM zFShHIwNByfXp;DxPFmKvNz$5@uc#nXN(hLKd3tfA(%%mcV=vm)HV)1t@WgpR5}&fx zy^nKZ$Rx!>XT=i9&sv{&2Ph~{y<|~9*w1JL9$f2!l@hyuP-3_%WZ|hR$mZ=f??}xD zwhMalIqmQ~=gU>`CuMZe0q+ji9am{aPtN{m&5#%P?iRtqyrfoyku0ks?u$Udw@)9= zeUhO~XV#~VVe8~eWM!2uh)+R$3bDrB_F3)4weE?tje3*_Jb^#f4=Ca^m}0?bU3fx8 zFu{`KMvCJl_hbJ~Xa$~puuSokd!x8(as zW)3|S5>O|scjj9Gl@c{u1? zr2d4(j23RY9jCPUJ+aM^?jF_?Sys#+x$YPj&CFVWQ%Hv)8wbOZu7P3#?{J}RFGf7m zAaD^xIsf1+g%!rY8lsqR=cHxYi77?Ymv%BEYxf=)*;~t0dH_D`np=U_i9t7VKrIyA-{jnth?eT| zK2aj{C#+>6N0hY=#ebeW$PMs}@CzRrx&WWcPK6WKc2ZcMSBy>ZZgWjM697xyj zRlroltCtuK-`BNITb*C@28(t~_SbTh^ykmjPt^CFRux0cp%Uix)b%>~{5DJdr2!PU zk9p;|vgFXvq}8SEC7hri=Xrk3&2bx7WuX2E*SQcWz@EtH4!}pamvZ5cjhl>^h(;nm9z7DiU)aM6DJwZ`bYx z29C9H@i5*Eg_mQNVv}3&PvI1|4_PqU0|wAk!q|hMF=);@LIX_>Un0LY?F0f``1%qaP!L?|m+A_(7xq7ralUZ08llYTzVDYi%?9c++!=ac%1 zX?|U@SY5V8C#Fr`3EL3;s@XW9nEXA3Ud1AHH?y+ox=s=la{%@1_Qk7Ww zq6FoL>nM|>raRL+3p!&vB|7suy_aBCkSIAmkVry+k~XX4{cK$|Bh49gQP~E$P1a_P zl0@}h@QQ^8{zF+Xb6TQLB5^V#F*`v@8+u>=E=1+7yi&T%Lyc(-OVMm2jdyuj`SZCg`Z_xN20wLUw8=^abRHPYmUt`dw9MdoIeYngmH8Dn$OfjL zX&mNl3XPkO*+U&Oq`04^Y8oq)v?K7S2&iVMIjCQW%F)x(XKB=Eyd4}8brzLqm}w|$h-w(~df-L8 z;myPQMj*MT9|5-8wKlVU{DpsFc|GbNb$xupbkx64N_N5AJm36vtKwDhr6Mp@CP5~y zT_qGJv@yIcx7qU9BD6z2oP)4YasAmI0~3`tpVdO7u|iQ|vv%o-TAs7QJB8+M_HL$b z`0`E;H!6ioP4q>!uu6LRKXH9gv#c2} z9oSB;k9`#KDDjlxXCs9!L5+NP7flRB41=mppL=Q*mm|09L+#Qj{fGKnr5eV~RW%hF zm1Z_yEiS$&EQH(X*y}iY_N3Zw*@=zUd_Ib%ABl5Lv#uT4eJ$be-8LIxj(pON;pOH- zBIbm$XH=%z5P|bmI;?mpdMUF6Q+}>6FL^7otg(%ct_{u_r<_YXw778 zXRub$F`kIl6xx71ctGh-8LV2+m%>}k+iv|W4oUZObi7?}rJ?sQoVLR`bC$W5q875t zu*-KWdJHC3jfch)GE7d3ZrdNhkEk_6?1I)zhHQt3&34UB&CZ)He|R4Z?$57Yph^b} zN2YeH8P8sv?*-PJp-w6T#sX?jyid|k_b-ZnF`O8m5M212NG)E!_eB~-Aefmz8w^~` zdH3eJs(M9WMO#8!Qd*2LTYGx@hjs}j7bbpKTsWz02h1ScY>oOSRuhex z<_pEC?Q*ik%|-V`@dV9KmdpC_jbupj`%zAjnA%N6aD-MA*?XBQfKP!x(r-O>sin!SJz^#W*sHdA#)^MV8dpAr?N>U-fu&z4QF`A9XDs* zN>sW{6NxZq-*fGs43;{3hi}|P9DR=6f}Mi>y^u{~R?5_|!Nzav_Bpkxt@!=h;9p2~ zNgbXlMCx?uY1Qt~xBhui-1KD0LPS~D+*41nwWs|hS(>l1`LB+d*Iw(%yHc=n+Z)+8 zxy^r!kP7>yWn8Mw^`NEYlmE!Kt`n>Mr5ZNt)Kc>wALI-@%D&WBmmd6tw~u;C#a&kX z>S;kx_syg>LKdn+>SQaIW>i{J#!IU8$;(`xrb!n;Gg z2|dJY1)XCQ$qG!s!zHNkD z(w%r(zq0;1A<-{U;NNc6HE-9Nf8pV5e$tY9v3=pyYIM=C2w0X@mVis;wG=XyUOOi#d3lmT z#>+9I5uPpX$$9c+e=KuMaquJ)DY@l!gcdof5C6Hlwq^X)i1^p;(Rr}oam^V410@Z_ z&&5J}vHnW23ZR{l7cU z&uV^GnWt@ff7y2Fc4j@=!;$?akUbE5Wp!Mz;dnAB7WgPI5Z>}^;p#yU#_9+=Fvvg* zBZm#x7PO|Yi8X#&-U=$_cb3Aux>YimaM48{BzmIBI7WEoQU)yd5d%zUWoO|_LkWX? zHG|@)`E_xJJTBHW5KJGd+Edpd8;>^73wOuU55!s{YNg+9;)mB>VRkPt`7hP4FLNu9RN_lp#58iW8C|L!2|#zkN~Vd7^7=> zGZL=nHT#dm%)$H{p^*dpTUWb*+PTELUW;39N)J5&01CF7iJ=T<-2(tHGm*N6C_{BM zQEOLcu%(Tw6$0$*>~_Nfi2I6OtIi0NCCJy=$;DIDSAzL3gy^+?V}>w;{(_(!C72D> zwLmae4+KaM%me0Omc$2vK;j-YwxV!3g+KJ`D+y+M6v|B$0`c+j0sHWST|Mj|ydokZ z5FS1VA0PKMg4^?v3(C@$+r^XRcaZ;$BZu&`_CUI!kghJEo4A%%u3jh!X6Bnje~;hm zL?LbelgY*NPg&OmLT)?|UN8^j-)IP5R-b+<_3i$nhI zJW2e=4C?}b>nBE8PDa-kW9MaKC85mS@MCR;AUTB;(tD)xucPInR+3ouDVWm$n#^dd zrqD3XTWq;lD&*;5LKat^zpQuW1C0Zxze=F^#*RO7CI&C29!3NmZuZ6Wj?fu` ziyFfX$>}V|0jrpisM}jQJ%jHYI4fxC(z3G#@PCRtXOy-jT(k8(pz>7rx3^#%@v&rf0d@HI8qFy4P=VM2&qDGHQjU5 zoEMLLOv;OMWP-ED(;zE|)4q6X`z(QhufbbV!2mCdaxRH7lqBF1>l^19Hf8a)1M1cW z6+&`cq`gZcNi}HYM>_`{hp;)DfugGF@!LWC-PV~)m9`IrRUyVnGj5q5hm?HEq)Zo0 zGDw|dXE5y^JRf~X?8R^EeqN~kiY}2~ zI9(W%bxeU9Iw6$OiJH~Jcf=_~woTagRqNWnziLWKv^u{{1ZjIl1JoBmHM+=92 zdC4cbwGf3K&&2}S4oPmG!+hcHd4Y76m8AaM?r zLNJbhjB`+Z2$F(;3e?x*V=W_LB=^_Mo{>!QGg~)S>JZYG<^*OB?B6W#3){H;%6JN2E?E2! z&fbbU3*abtf!|kZfN$n#|E5T=Erp>h>;=Jl0q99P88C1L5FwY$Mexl`XYmj~*wSYi zeL_)3(?L$pWWRWbInZrGKo{=FJ&r^lViF3zbb!rJ2(!-Mu{7)A-G9$v52ny}`=A$r ziw>D2gH9oJXh+woIGOo^4%*KkR~Z<4B*FrqEPpdF@_X(~mhsDj#}bj6iGCiPn=)OU zjY3&sr-l)n&LfXIdi_-E8omjheZ!8Bz5l(ha$oy>(6@})bsZ8qifEER!J06~+t3qg ztO(hhD@a=hGdY~b7bF)9lYxF3C*Ehni4}g`j&YYFrr;wGIuK7cxH?f-RN$;r4sgf` zRwotK?JQKCYh#wQYFi)SjD5@=3Inoq0IM?t9VqIw7iAC?B^>0oW>xLEGEMj~dDD2X zS}f>^2^JlV?E0hiR7~%6q@|lvHAj#L0pOy-G=_6 Tg2hO0KF!MV8ggZ_79sxwt^9u6 literal 556 zcmV+{0@MA8P)Px$=1D|BR5%f1WME+U55!alOjI`!Y9I^D;Q#-r<8VesMzE2zcQMT6$n>}0pBWB6 zSkLhM^Ie7~pKpPsWO&sWBzct?Y!w0-xLA3Sm7}mh?gobedQd$2aD!p~g&KyhzdxX8 zfN{841sDW~J?H?Q++Y$fzdnR9 zvC=96#tdOPB@6!}P&v zc4lq{kREh^;bMLc5r$xmA{2Gk-yX$kC`b`VEl3YKz?$57$m0FSRl#*7uq>%=Zj)lkf z-aFr%bLZYO=g$0?A9K#c>glKv5zr9;001Hlb!F&1!|tJjhjX8s##ev}w zRj{W8*i3#Jky2Y)0!^J~(o`zXd&1(X1gQ1~K9DM;2WOY!Y8C*_5AdTWn}q979WO5|q+JCjz%PJ^W#Fu;0J@ul zxvO=+SMdM>)J40ul^R({R-XeqK43#l>XsJXV(FgL%qsadteI8* zjr!VU)uxeD9)v`XYz_(oe{6+5EmKIw_uhJ9w#-Ks$4Pn(+53<#p@MhxG{z;5C@Zym z!oDb^DD_fe_=HtkPTmu*%z9gJU7^w&9P+3bO!N!)AInI1~OJq^V%I zg-=OocHhHnaQ9ws^yAv}CBBUHO95X%gJFTiJjOHZ!1kpO8p0{|w{GM(-pYTE$ige} zR6-R?XWXmQ-;x%sx(7K1E1;eDUI`8-Fje${l^a<#7a3N4{S+6LXTky-B#o|oD@Em{ ztv0x=Qie(5VVB{D*knjT5RmW@TpQOwL7cSSTf(bL#z^d=(lrw^$ak_ypb(9eXfrA+I{Yml}6+@(p4WUR_`}=3?SBcdl1> z4DQB~B)I3{BF%~@ndN$6Ui6E(koe_hZc(_J`{&$;vT^b~J{Rgl0Yvqzly>Fqqe%nP zCwYOM(f(1RqZol}rI{#_`fe(l>&o#Np*_B-H(~%PA1p+-StUgCY0WCr>DPwNS?g;| zf2efV^iVx_*-+s^<5c6|Wp%0Gb5YsnjkJvhg(9}AL+C&%++ZPPzHH@X(YG6`d#gCe zzt;u+t*wdMcjYWYQ?3hP@_;{5W7E^;^AZAkcz|}_4&!f~u37x_!DbTxNl(4pWXfVm z3qRHl30%elIWQc=hva|Lhur{nT_y=rposw;vCwLTE!uZ_3xLNv_?|F742M>L(Abo4 zkr|xQ&QUnC17LWWMiP4@Jbsy{fyh{w+n3nC!~74vA}P5NgeC@P9cRKy97Fg`H86#R z0~D+BHbsbBQe#!vGm!+yAb;E;kn0q9m73Q<}Jw+gmIq zO<-5RAj*)S#+{$BWmrRM86yB0{K?}bVV1-M87(mWNqizT7Z21Tvax>op1rrX!Q>$- z%nmN>ObiQ4dtqe4IE9sSY=;K#_R1|QXN6X~sWpT_j<76{x;>lA&yEOM=)U&pE~g(| z`;y$IDX`O!G2mHYF}--on))O`PwNr;9t#6YRzyHa>K~Lkhj6U8GD!nvM`HOa-h0Chuq^FLoGAiIc;gBCgmNDR_?MC?S6rExCeo$k^ozJ z%Ig%8RKb*-WO;qj$FPTjnh#afGZamAW_29%Epok}a{9H!;)cvlPsKh+=a}hyDabBd z%xi-g7>F1j8^-HXlnop38qb&csP4DT;d;Ax2Y8qJmo_N{WnAf;7VJn&J|A}wMP$nJ zN1}AiRm<`ii+&ZfPQx7}9sh_%(0PjSi0z08IJV>(Y{9&UgUDNxtyGtE+Z7I{3LVT4 z9%7f7o}#>BBu-Y-dz01<2~%-n1LJ0;wa<3ZQwAuP+}Nh&cyfE=16F1y23i` z@Ms8W=4rWUKT0bz(lci3)ajIrj7qym%Qnq5l{dvUjeGNYlWhAu5&A5a+Bak;V1Hm^ zWfMFhGPSl9dxF}U+_oGGD3VuNdj7odd49XvUFoeF7^Rr3nAoWqjuYM-)sWZv;?0U^ zmv$64QM20Cn?FpfH2T8UOEKoE#VM`&=$~2zE~;NtTYI^BS$m;tr@eg%&D!s|ZnL0qI&4!sp6TQ84S9ks`(K7uBQ6v8JH<-7p-I7T3uJEQ)OlQ3yzskU5c_da4{!Da9x2gYmkT2_W_%g@txnoEt(A(`bsf@Fi1G5IrwiHyj%4ywO z&08(eCe-H3S`hbVg9w8ZgYfZqeN+Kd^$UZy|Aeu<#HPjO{z$zVB8iyZQnbnOgqJ#i zI`rA6!8D;7p-!9MiH;1%W0Rdm>rMTqQS@CdS@Uf5RP}-fOb5c}(&qvs&yqxwh?u5l zrS}}ppl7tYVfM&Pi_w>(BvuDjmsZy;w|{+3MvfLYFka|klbPTpnRcZVgAqK+*{h&f*;#R4p`8d`&2BhCoJgNV>z$L#(^^OYiCN{C;jUR)Iv=3}=TT*pl zy}{Dmbq&0l-nXPvp{>VJ!!br-K!G4%;>70qqPasO?{u?ww3$kj+S8x#xbR)~JI2SY z6k%NGk3TYYP-a>FF8RaV+Z3ZZ!ddTRwtv`O+1{>W93yH9Yb+geF72s?97$OR=Ld*OR?oVavhoumB0Ez zVBSL#ca7bKorZl_#HlkcZ;5EK_1}GPP5bQS)5i}4ZXCJf44zcmp=QyS)d!=$hZd!A zGg9S>?8;&)xapr{TuujcCN(GVw{LY^v9Mn=M2Q`Z|@23IB&)cvW91}ZR9ZHAr;@*%8ciA5&Bx3W)X6SpH(*Y5_i~(k zXbv9zIYI%FMJ>ZAMM!*T&72|0-z~yk)rXwE1ZBYf5%V_ESKoRnMY* zdm+Zd<@rS$3bTjtZa2d;tpL^(G-RRj1#LyFWqAccjg=VqOec!#@H4nw3R71-i*Edz ze2}*hT@p>rbRYxuEj%wiaX7CWvLP|&s$Y^fBZyzYvSiJDH(-^$sEc|Q2!?b0Wkbg*Df)3;`i zTc`EOGX(zhD+}G$MR$nr+V=3m2SHcLg)6UsMaFL*-!^By9z3A^Rd&^NkR;1^z!-gi zyXYE3dcJ%H>FnA}T2GRDEfA;`U~$%cqA_fcUNmgkX-S= z>(%M@n>(j{+NJSJ=vmd_OEX z4&n+DxU)Y0w2io!mI?9;3WB!1S-Rsz0ylngfsw{Cz+6sn2Xa$&2W#@OqMfBw#6=!- zhhH|5jOk%SN?+(Qj}zU!DhF4*mH|xZ{?OKoic&%MS2U;*g>*!SxG z;{eD3>HpQLz()Y^f9oIsAleat^?#4fJ^vHQ_xPvhe+lS zCUhVa0&{fgx#dew&xa3uRzXV6#{8o5vr-4St?gtlwz(cJC=orE43~0JX;?axk9t!p z)G0g>2VdcH$6~afCC078fp-7peQ1I-BYbSe7LN_10d18r@TWuq%_%^SOdQmpE({e! zPAVNKhV&qGlo{EpcYk?tOt5R&Oe7J~adT-k&Ed63J#$m_jxVSC1XQ_Zid!GQUxgVF z0}WMLDNH3Qs92F*_GdNeF zhxi|=D?tc5_lB=|rcQ7L+SQe~Ky!_o*hQ!o^^`+>bF&7oM5MUey=ZIdw%DJGag)zElKUpd#&w zxL>t2U$Xt?U;>OzmY$L$@ci%@0&ANoE6JllyEAkt&e|L7pj}E3+qX0>VOo>52uiX? zBN}w0v+f1aW~_CV7OvGYBzZi=e%fTH6TVC4cQbLP761Vn@xHV=Po48S=gSjmj#9hO z{ges?#;gLYY!R!uXmhfoj%;^l?a)m;7fQZ9^_`WXzyu1acz6H@+Q$96*`*PVjFQ6C zC?b}R&?f@PH-4$AQR`O$`6AL`QBXL?F@xt6sqr<4A8*Ocom_+XP4B72W!lXk@3g56 zTag3%>Hc&`Tte=YO?Zw!!V1Z_VbuC8J$8?CCZ(dZUw~rv!Tn69&&LX-b0P3(Gkb+v zqS871Jv{{fz)gc`<)y%y4pAsR-wnw0s-&^^k5uAHaCBgzb8lt=#RbuzK5Y(G%e?aa PZ2)Mf=qQ&f!NdLoMy)54 literal 436 zcmV;l0ZaagP)Px$Zb?KzR7efYRn1DnKoI^SK7l>x3kZVZ&ByQo`h?yT6;$*f9tDflgGgh35K9%3 zs>Oy%3vs4vx(S=zZi4{_hJHIc^L?4kWa|J($!oKv+L(WdmotGh{o6(y$C*;s-oau5 zZ}$NE0yaA$s~Z1Aq^)jSrE`*f2jL|U-3e!GX?6mmPryHxl#IUza&16%0>K3^>`5BN z{<&Nm(0qZu2YCCy$`-J@C!8_IK0*Vv*qSd8($n)dG8sxT#vJp{WK4t10^Mt%dnHQ8 ziKNId@AXov0)i~z{lD&j}rId}GXx(;u!!1pRgmk Date: Mon, 28 Jul 2025 23:24:15 -0400 Subject: [PATCH 2/4] rm duplicate img --- static/img/reuse/check-green-circle.png | Bin 726 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 static/img/reuse/check-green-circle.png diff --git a/static/img/reuse/check-green-circle.png b/static/img/reuse/check-green-circle.png deleted file mode 100644 index 02c15df13253da19527973c186bc69d69d877ac1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 726 zcmV;{0xA88P)Px%kV!;AR5%g6lS^n5Q51&%nP!@H6s1j5(}MVFeNYqBDvA^Zmx9ZJ7Qu}Q-HJsK zx)2n^$5uoOZbYz4!Qw^`TDmZ4#Wn#uN~Mc7k9MlinwaJ>o^#`!m^jf^j0ciCGxyx@ zp8MbbC;%+_RVCD_P=7#O5^h=l?f{CS2<-o{*N4T*N z5*qVm`U6vB8PP0jQ=X!E**p6yNJX`gkw0TJRISi#MSa;o!H((8x`(7olW7i{|YqKP2f9t zLmO&j#cV!P&K2*DvUteHilQRA^a)QVZh|%L?zoJez%>CIj1<94VQV(kxBjw$BfOm& zgquaB4c^6G Date: Tue, 29 Jul 2025 00:06:34 -0400 Subject: [PATCH 3/4] Replace green check and orange warning icons for Fields docs --- docs/observability/kubernetes/monitoring.md | 2 ++ docs/reuse/apps/app-collection-option-1.md | 4 ++-- docs/reuse/apps/create-aws-s3-source.md | 4 ++-- docs/reuse/aws-cost-explorer.md | 5 +++-- docs/send-data/collection/edit-collector.md | 1 + docs/send-data/collector-faq.md | 2 ++ .../collect-forwarded-events-windows-event-collector.md | 1 + .../send-data/installed-collectors/sources/docker-sources.md | 2 +- .../sources/local-windows-event-log-source.md | 1 + .../sources/local-windows-performance-monitor-log-source.md | 2 +- .../sources/remote-windows-event-log-source.md | 1 + .../sources/remote-windows-performance-monitor-log-source.md | 1 + .../installed-collectors/sources/script-source/index.md | 2 +- docs/send-data/installed-collectors/sources/syslog-source.md | 1 + 14 files changed, 20 insertions(+), 9 deletions(-) diff --git a/docs/observability/kubernetes/monitoring.md b/docs/observability/kubernetes/monitoring.md index 1bcffb8f22..96af6c2321 100644 --- a/docs/observability/kubernetes/monitoring.md +++ b/docs/observability/kubernetes/monitoring.md @@ -4,6 +4,8 @@ title: Monitoring Your K8s Environment description: Learn how to effectively monitor your Kubernetes environment according to the individual areas of the Kubernetes architecture. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + This page provides insights for effectively monitoring your Kubernetes environment with Sumo Logic, and is organized according to the individual areas of the Kubernetes architecture. ## Navigating your Kubernetes environment diff --git a/docs/reuse/apps/app-collection-option-1.md b/docs/reuse/apps/app-collection-option-1.md index 39432f6125..0b38a0dedb 100644 --- a/docs/reuse/apps/app-collection-option-1.md +++ b/docs/reuse/apps/app-collection-option-1.md @@ -12,8 +12,8 @@ To set up collection and install the app, do the following: 1. **Collector Name**. Enter a Name to display the Source in the Sumo Logic web application. The description is optional. 1. **Timezone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. (Optional) **Metadata**. Click the **+Add Metadata** link to add a custom log [Metadata Fields](/docs/manage/fields). Define the fields you want to associate, each metadata field needs a name (key) and value. - * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 1. Click **Next**. 1. Configure the source as specified in the `Info` box above, ensuring all required fields are included. 1. In the **Configure** section of your respective app, complete the following fields. diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md index eeebf4e78d..364ee2ee31 100644 --- a/docs/reuse/apps/create-aws-s3-source.md +++ b/docs/reuse/apps/create-aws-s3-source.md @@ -46,8 +46,8 @@ These configuration instructions apply to log collection from all AWS Source typ * Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. * Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. * Add an **accountId** field and assign it the value of the respective AWS account id which is being used. - * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. 11. For **AWS Access**, choose between the two **Access Method** options below, based on the AWS authentication you are providing. * For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role. Role-based access is recommended (this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product)). * For **Key access**, enter the **Access Key ID** and **Secret Access Key**. See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/reuse/aws-cost-explorer.md b/docs/reuse/aws-cost-explorer.md index a5cd147786..670f059118 100644 --- a/docs/reuse/aws-cost-explorer.md +++ b/docs/reuse/aws-cost-explorer.md @@ -6,8 +6,9 @@ To configure an AWS Cost Explorer Source: 1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional.
cost-explorer-v2-1-1.png 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) + * green check circle.png +A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json { diff --git a/docs/send-data/collection/edit-collector.md b/docs/send-data/collection/edit-collector.md index b8c41b173a..4cb3230089 100644 --- a/docs/send-data/collection/edit-collector.md +++ b/docs/send-data/collection/edit-collector.md @@ -4,6 +4,7 @@ title: Edit a Collector description: Edit some characteristics of a Collector, including its name, version, description, Host Name, and Category. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; From the **Manage Collection** page, you can edit some characteristics of a Collector, including its name, description, Host Name, and Category. diff --git a/docs/send-data/collector-faq.md b/docs/send-data/collector-faq.md index 9b20fe94c5..ac291f47fc 100644 --- a/docs/send-data/collector-faq.md +++ b/docs/send-data/collector-faq.md @@ -5,6 +5,8 @@ sidebar_label: Troubleshooting description: Frequently asked questions about collecting data into Sumo Logic that provide the how-to answers you need to setup and troubleshoot collectors. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + :::sumo To interact with other Sumo Logic users, post feedback, or ask a question, visit the [Sumo Logic Community Collect Data Forum](https://support.sumologic.com/support/s/topic/0TO6Q000000gTCOWA2/collectors?tabset-cabe3=2). ::: diff --git a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md index ff2f38a98f..53b790e95a 100644 --- a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md +++ b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md @@ -4,6 +4,7 @@ title: Collect Forwarded Events from a Windows Event Collector description: Use a Windows Event Source to collect forwarded events from a Windows Event Collector. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; import CollBegin from '../../../reuse/collection-should-begin-note.md'; A Sumo Logic Windows Event Log Source can track and collect forwarded events from a [Windows Event Collector](https://docs.microsoft.com/en-us/windows/win32/wec/windows-event-collector). A Windows Event Collector receives forwarded events from other remote Windows computers. diff --git a/docs/send-data/installed-collectors/sources/docker-sources.md b/docs/send-data/installed-collectors/sources/docker-sources.md index 2765d44fc6..fca21a244b 100644 --- a/docs/send-data/installed-collectors/sources/docker-sources.md +++ b/docs/send-data/installed-collectors/sources/docker-sources.md @@ -4,7 +4,7 @@ title: Docker Sources description: Configure a Docker Logs or Docker Stats Source. --- - +import useBaseUrl from '@docusaurus/useBaseUrl'; Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment. diff --git a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md index 45561d7cf7..5aace3b0ce 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md @@ -4,6 +4,7 @@ title: Local Windows Event Log Source description: You can collect local events from the Windows Events Viewer. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; import CollBegin from '../../../reuse/collection-should-begin-note.md'; Set up a Local Windows Event Log Source to collect local events you would normally see in the Windows Event Viewer. Setting up a Local Windows Event Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so. diff --git a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md index 798d90c7c7..7d5ac0b10a 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md @@ -4,7 +4,7 @@ title: Local Windows Performance Monitor Log Source description: Collect local performance data from the Windows Performance Monitor. --- - +import useBaseUrl from '@docusaurus/useBaseUrl'; Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so. diff --git a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md index 0c215022f7..ead7e4ca2d 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md @@ -4,6 +4,7 @@ title: Remote Windows Event Log Source description: Collect Windows event logs from a remote machine. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; import CollBegin from '../../../reuse/collection-should-begin-note.md'; Set up a Remote Windows Event Log Source to use a single Sumo Logic Collector to collect Windows event log entries from multiple remote systems. diff --git a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md index 544217be90..a034a317b4 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md @@ -4,6 +4,7 @@ title: Remote Windows Performance Monitor Log Source description: Set up a Remote Windows Performance Monitor Log Source to collect remote performance data from Windows Performance Monitor. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; :::important This Source is no longer supported or available with Collector version 19.361-8. diff --git a/docs/send-data/installed-collectors/sources/script-source/index.md b/docs/send-data/installed-collectors/sources/script-source/index.md index 6c97eaf475..5ece1c05ef 100644 --- a/docs/send-data/installed-collectors/sources/script-source/index.md +++ b/docs/send-data/installed-collectors/sources/script-source/index.md @@ -4,7 +4,7 @@ title: Script Source description: Uses a script to fetch from custom sources of data, such a database or a third-party monitoring app. --- - +import useBaseUrl from '@docusaurus/useBaseUrl'; If you need to collect data that isn't stored in log files, like system performance metrics, database records, or perhaps data output from third-party monitoring solutions you can use a Script Source that runs a script to fetch those custom sources of data from your machine's standard output and error streams. The script executes at defined intervals and then sends the data to Sumo for analysis. This allows you to collect all sorts of data from any supported OS, including data from command-line tools such as iostat, transient, or unstable data sources. diff --git a/docs/send-data/installed-collectors/sources/syslog-source.md b/docs/send-data/installed-collectors/sources/syslog-source.md index 5ef8b3ba6c..a3a0dd633d 100644 --- a/docs/send-data/installed-collectors/sources/syslog-source.md +++ b/docs/send-data/installed-collectors/sources/syslog-source.md @@ -4,6 +4,7 @@ title: Syslog Source description: The Syslog Source obtains syslog messages by listening on a designated port. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; A Syslog Source operates like a syslog server listening on the designated port to receive syslog messages. You set your hosts or syslog-enabled devices to send syslog data to the same port you specify when you configure the Syslog Source.    From ddf08a1d6350d20f55ff56586e58f0bf561ff88d Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Wed, 30 Jul 2025 23:52:24 -0400 Subject: [PATCH 4/4] align all wording --- docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md | 4 ++-- docs/integrations/amazon-aws/application-load-balancer.md | 6 +++--- docs/integrations/amazon-aws/classic-load-balancer.md | 6 +++--- docs/integrations/amazon-aws/elastic-container-service.md | 4 ++-- docs/integrations/amazon-aws/network-load-balancer.md | 4 ++-- docs/integrations/amazon-aws/ses.md | 2 +- docs/integrations/containers-orchestration/docker-ulm.md | 2 +- docs/integrations/google/app-engine.md | 2 +- docs/integrations/google/bigquery.md | 2 +- docs/integrations/google/cloud-audit.md | 2 +- docs/integrations/google/cloud-firewall.md | 2 +- docs/integrations/google/cloud-functions.md | 2 +- docs/integrations/google/cloud-iam.md | 2 +- docs/integrations/google/cloud-load-balancing.md | 2 +- docs/integrations/google/cloud-sql.md | 2 +- docs/integrations/google/cloud-storage.md | 2 +- docs/integrations/google/cloud-vpc.md | 2 +- docs/integrations/google/compute-engine.md | 2 +- docs/integrations/saas-cloud/acquia.md | 4 ++-- docs/manage/fields.md | 7 +++---- docs/reuse/apps/app-collection-option-1.md | 2 +- docs/reuse/apps/create-aws-s3-source.md | 2 +- docs/reuse/aws-cost-explorer.md | 5 ++--- .../azure-monitoring/ms-azure-event-hubs-source.md | 2 +- docs/send-data/collection/edit-collector.md | 8 ++++---- .../amazon-aws/aws-kinesis-firehose-logs-source.md | 4 ++-- .../hosted-collectors/amazon-aws/aws-s3-source.md | 4 ++-- .../hosted-collectors/cloud-syslog-source/index.md | 4 ++-- .../1password-source.md | 2 +- .../abnormal-security-source.md | 4 ++-- .../airtable-source.md | 2 +- .../akamai-cpc-source.md | 2 +- .../armis-api-source.md | 2 +- .../cloud-to-cloud-integration-framework/asana-source.md | 4 ++-- .../atlassian-source.md | 4 ++-- .../automox-source.md | 2 +- .../aws-cost-explorer-source.md | 2 +- .../azure-event-hubs-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/bitwarden.md | 4 ++-- .../cloud-to-cloud-integration-framework/box-source.md | 2 +- .../carbon-black-cloud-source.md | 4 ++-- .../carbon-black-inventory-source.md | 4 ++-- .../cato-networks-source.md | 4 ++-- .../cisco-amp-source.md | 4 ++-- .../cisco-meraki-source.md | 2 +- .../cisco-vulnerability-management-source.md | 2 +- .../citrix-cloud-source.md | 4 ++-- .../code42-incydr-source.md | 4 ++-- .../confluent-cloud-metrics-source.md | 4 ++-- .../crowdstrike-fdr-host-inventory.md | 4 ++-- .../crowdstrike-fdr-source.md | 4 ++-- .../crowdstrike-filevantage.md | 4 ++-- .../crowdstrike-source.md | 4 ++-- .../crowdstrike-spotlight-source.md | 4 ++-- .../crowdstrike-threat-intel-source.md | 4 ++-- .../cse-aws-ec-inventory-source.md | 4 ++-- .../cyberark-audit-source.md | 4 ++-- .../cyberark-source.md | 2 +- .../cybereason-source.md | 2 +- .../digital-guardian-source.md | 4 ++-- .../docusign-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/dragos-source.md | 4 ++-- .../dropbox-source.md | 4 ++-- .../druva-cyber-resilience-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/druva-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/duo-source.md | 4 ++-- .../gmail-tracelogs-source.md | 4 ++-- .../google-bigquery-source.md | 4 ++-- .../google-workspace-alertcenter.md | 2 +- .../google-workspace-source.md | 4 ++-- .../intel-471-threat-intel-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/jamf-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/jfrog-xray.md | 4 ++-- .../jumpcloud-directory-insights-source.md | 4 ++-- .../kaltura-source.md | 4 ++-- .../knowbe4-api-source.md | 4 ++-- .../lastpass-source.md | 4 ++-- .../microsoft-azure-ad-inventory-source.md | 4 ++-- .../microsoft-exchange-trace-logs.md | 4 ++-- .../microsoft-graph-azure-ad-reporting-source.md | 4 ++-- .../microsoft-graph-identity-protection-source.md | 4 ++-- .../microsoft-graph-security-api-source.md | 4 ++-- .../mimecast-source.md | 4 ++-- .../netskope-source.md | 4 ++-- .../netskope-webtx-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/okta-source.md | 4 ++-- .../palo-alto-cortex-xdr-source.md | 4 ++-- .../proofpoint-on-demand-source.md | 4 ++-- .../proofpoint-tap-source.md | 4 ++-- .../qualys-vmdr-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/rapid7-source.md | 4 ++-- .../sailpoint-source.md | 4 ++-- .../salesforce-source.md | 4 ++-- .../sentinelone-mgmt-api-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/slack-source.md | 4 ++-- .../smartsheet-source.md | 4 ++-- .../snowflake-logs-source.md | 4 ++-- .../snowflake-sql-api.md | 4 ++-- .../sophos-central-source.md | 4 ++-- .../stix-taxii-1-client-source.md | 4 ++-- .../stix-taxii-2-client-source.md | 4 ++-- .../sumo-collection-source.md | 4 ++-- .../symantec-endpoint-security-source.md | 4 ++-- .../symantec-web-security-service-source.md | 4 ++-- .../sysdig-secure-source.md | 4 ++-- .../tenable-source.md | 4 ++-- .../trellix-mvisio-epo-source.md | 4 ++-- .../trend-micro-source.md | 4 ++-- .../trust-login-source.md | 4 ++-- .../universal-connector-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/vectra-source.md | 4 ++-- .../vmware-workspace-one-source.md | 4 ++-- .../cloud-to-cloud-integration-framework/webex-source.md | 4 ++-- .../workday-source.md | 2 +- .../zendesk-source.md | 4 ++-- .../zero-networks-segment-source.md | 4 ++-- .../zerofox-intel-source.md | 4 ++-- .../zimperium-mtd-source.md | 4 ++-- .../hosted-collectors/configure-hosted-collector.md | 4 ++-- .../hosted-collectors/google-source/gcp-metrics-source.md | 2 +- .../google-source/google-cloud-platform-source.md | 4 ++-- .../google-source/google-workspace-apps-audit-source.md | 4 ++-- .../hosted-collectors/http-source/logs-metrics/index.md | 4 ++-- docs/send-data/hosted-collectors/http-source/otlp.md | 4 ++-- .../microsoft-source/azure-metrics-source.md | 4 ++-- .../microsoft-source/ms-office-audit-source.md | 4 ++-- docs/send-data/hosted-collectors/webhook-sources/zoom.md | 4 ++-- .../collect-forwarded-events-windows-event-collector.md | 4 ++-- .../installed-collectors/sources/docker-sources.md | 4 ++-- .../installed-collectors/sources/local-file-source.md | 4 ++-- .../sources/local-windows-event-log-source.md | 4 ++-- .../local-windows-performance-monitor-log-source.md | 4 ++-- .../sources/remote-file-source/index.md | 4 ++-- .../sources/remote-windows-event-log-source.md | 4 ++-- .../remote-windows-performance-monitor-log-source.md | 4 ++-- .../installed-collectors/sources/script-source/index.md | 4 ++-- .../installed-collectors/sources/syslog-source.md | 4 ++-- .../sources/windows-active-directory-inventory-source.md | 4 ++-- 138 files changed, 251 insertions(+), 253 deletions(-) diff --git a/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md b/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md index 561fd2f05a..b44a7647ec 100644 --- a/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md +++ b/docs/integrations/amazon-aws/amazon-ec2-auto-scaling.md @@ -108,7 +108,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect metrics @@ -119,7 +119,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note Namespace for Amazon EC2 Auto Scaling Service is AWS/AutoScaling. ::: diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md index ca7637b46d..4f4dd8dffd 100644 --- a/docs/integrations/amazon-aws/application-load-balancer.md +++ b/docs/integrations/amazon-aws/application-load-balancer.md @@ -74,7 +74,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect access logs @@ -94,7 +94,7 @@ Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, co 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect Cloudtrail logs @@ -103,7 +103,7 @@ Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, co 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note Namespace for AWS Application Load Balancer Service is AWS/ApplicationELB. diff --git a/docs/integrations/amazon-aws/classic-load-balancer.md b/docs/integrations/amazon-aws/classic-load-balancer.md index 5dd0a77591..84cd07c5db 100644 --- a/docs/integrations/amazon-aws/classic-load-balancer.md +++ b/docs/integrations/amazon-aws/classic-load-balancer.md @@ -75,7 +75,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect access logs @@ -96,7 +96,7 @@ Before you can begin to use the AWS Classic Load Balancing (ELB) App, complete t 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect Cloudtrail logs @@ -105,7 +105,7 @@ Before you can begin to use the AWS Classic Load Balancing (ELB) App, complete t 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note Namespace for **AWS Classic Load Balancer** Service is **AWS/ELB**. diff --git a/docs/integrations/amazon-aws/elastic-container-service.md b/docs/integrations/amazon-aws/elastic-container-service.md index db07d43af3..fd8e26df23 100644 --- a/docs/integrations/amazon-aws/elastic-container-service.md +++ b/docs/integrations/amazon-aws/elastic-container-service.md @@ -324,7 +324,7 @@ This section has instructions for collecting logs and metrics for the Amazon ECS 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect ECS events using CloudTrail @@ -334,7 +334,7 @@ This section has instructions for collecting logs and metrics for the Amazon ECS 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ## Installing the Amazon ECS app diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 937466a621..8f2277c9ce 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -35,7 +35,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.Metadata 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. ### Collect Cloudtrail logs @@ -44,7 +44,7 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. 1. Keep in mind: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. diff --git a/docs/integrations/amazon-aws/ses.md b/docs/integrations/amazon-aws/ses.md index bf4bd45d15..8a372e7dfd 100644 --- a/docs/integrations/amazon-aws/ses.md +++ b/docs/integrations/amazon-aws/ses.md @@ -135,7 +135,7 @@ Selecting an AWS GovCloud region means your data will be leaving a FedRAMP-high 9. For **Source Category**, enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called `_sourceCategory`.) 10. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Then define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 11. For **AWS Access** you have two **Access Method** options. Select **Role-based access** or **Key access** based on the AWS authentication you are providing. Role-based access is preferred, this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product). * For **Role-based access** enter the Role ARN that was provided by AWS after creating the role. * For **Key access** enter the **Access Key ID **and** Secret Access Key.** See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/integrations/containers-orchestration/docker-ulm.md b/docs/integrations/containers-orchestration/docker-ulm.md index 6b4309f23c..241056e0f4 100644 --- a/docs/integrations/containers-orchestration/docker-ulm.md +++ b/docs/integrations/containers-orchestration/docker-ulm.md @@ -77,7 +77,7 @@ There are alternative methods for collecting Docker logs and metrics. See [Docke * **Source Category**. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field, so running a search on **`_sourceCategory=web_apps`** would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions) and our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). If desired, you can use Docker variables to construct the Source Category value. For more information, see [Configure `sourceCategory` and `sourceHost` using variables](#configure-sourcecategory-and-sourcehost-using-variables). * **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 5. Configure the Advanced options. * **Enable Timestamp Parsing**. This option is checked by default and **required**. * **Time Zone**. Default is “Use time zone from log file”. diff --git a/docs/integrations/google/app-engine.md b/docs/integrations/google/app-engine.md index 97ac14118f..504c169550 100644 --- a/docs/integrations/google/app-engine.md +++ b/docs/integrations/google/app-engine.md @@ -263,7 +263,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/bigquery.md b/docs/integrations/google/bigquery.md index 5a60a6b979..76eb44a7e6 100644 --- a/docs/integrations/google/bigquery.md +++ b/docs/integrations/google/bigquery.md @@ -93,7 +93,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-audit.md b/docs/integrations/google/cloud-audit.md index 3ece4deae0..2af6bf7c1b 100644 --- a/docs/integrations/google/cloud-audit.md +++ b/docs/integrations/google/cloud-audit.md @@ -135,7 +135,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-firewall.md b/docs/integrations/google/cloud-firewall.md index 513ea601c1..4ca4025d32 100644 --- a/docs/integrations/google/cloud-firewall.md +++ b/docs/integrations/google/cloud-firewall.md @@ -98,7 +98,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-functions.md b/docs/integrations/google/cloud-functions.md index 6d0c5bab07..bf0ece4741 100644 --- a/docs/integrations/google/cloud-functions.md +++ b/docs/integrations/google/cloud-functions.md @@ -81,7 +81,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-iam.md b/docs/integrations/google/cloud-iam.md index f3bd04ce60..84c7f66f0f 100644 --- a/docs/integrations/google/cloud-iam.md +++ b/docs/integrations/google/cloud-iam.md @@ -141,7 +141,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-load-balancing.md b/docs/integrations/google/cloud-load-balancing.md index 3c1b26ccdd..84f14e6102 100644 --- a/docs/integrations/google/cloud-load-balancing.md +++ b/docs/integrations/google/cloud-load-balancing.md @@ -109,7 +109,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 5. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-sql.md b/docs/integrations/google/cloud-sql.md index 7b89f3d21d..480aa012f9 100644 --- a/docs/integrations/google/cloud-sql.md +++ b/docs/integrations/google/cloud-sql.md @@ -82,7 +82,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/cloud-storage.md b/docs/integrations/google/cloud-storage.md index fe7b8af2a8..85e24d92af 100644 --- a/docs/integrations/google/cloud-storage.md +++ b/docs/integrations/google/cloud-storage.md @@ -139,7 +139,7 @@ This Source will be a Google Pub/Sub-only Source, indicating that it will only b 6. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 7. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 8. **Advanced Options for Logs**.
Google integrations diff --git a/docs/integrations/google/cloud-vpc.md b/docs/integrations/google/cloud-vpc.md index be6a29bf5b..d47af5d50a 100644 --- a/docs/integrations/google/cloud-vpc.md +++ b/docs/integrations/google/cloud-vpc.md @@ -145,7 +145,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called _sourceHost. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png If an orange triangle with an exclamation point is shown, use the option to automatically add or enable the nonexistent fields before proceeding to the next step. The orange icon indicates that the field doesn't exist, or is disabled, in the Fields table schema. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. Proceed to the next step. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/google/compute-engine.md b/docs/integrations/google/compute-engine.md index 1de2b2052c..a6cf0709df 100644 --- a/docs/integrations/google/compute-engine.md +++ b/docs/integrations/google/compute-engine.md @@ -84,7 +84,7 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceHost`. Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions.md). This can be a maximum of 1,024 characters. 1. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields.md), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. 1. **Advanced Options for Logs**.
Google integrations * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/integrations/saas-cloud/acquia.md b/docs/integrations/saas-cloud/acquia.md index ae1ca88bfc..e3cdec8e23 100644 --- a/docs/integrations/saas-cloud/acquia.md +++ b/docs/integrations/saas-cloud/acquia.md @@ -158,7 +158,7 @@ To create a new Sumo Logic hosted collector, do the following: 6. **Category**. Enter any string to tag the logs collected from this Collector. This Source Category value is stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). 7. Click the **+Add Field** link in the **Fields** section to define the [fields](/docs/manage/fields) you want to associate, each field needs a key and value. * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 8. **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ``` () () @@ -211,7 +211,7 @@ To configure a cloud syslog source, do the following: 5. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`). 6. **Fields**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 7. Set any of the following under **Advanced**: * **Enable Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns the UTC time zone; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/manage/fields.md b/docs/manage/fields.md index 00c6e2fac4..6b0668cdab 100644 --- a/docs/manage/fields.md +++ b/docs/manage/fields.md @@ -22,8 +22,7 @@ The order of precedence for field assignment from highest to lowest is: So, if you have a field defined at the Collector or Source level, and you create a FER against the same source of data with the same field name, the FER will win the field assignment. -Any fields you want assigned to log data need to exist in a Fields schema. Each account has its own Fields schema that is available to manage in the Sumo web interface. When a field is defined and enabled in the Fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo that does not exist in the Fields -schema it is ignored, known as dropped. +Any fields you want assigned to log data need to exist in a Fields schema. Each account has its own Fields schema that is available to manage in the Sumo web interface. When a field is defined and enabled in the Fields schema it is assigned to the appropriate log data as configured. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. Fields specified in field extraction rules are automatically added and enabled in your Fields schema. @@ -60,8 +59,8 @@ Fields can be assigned to a Collector and Source using the **Fields** input ta 1. Create or find and select the Collector or Source you want to assign fields to. 1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Automatically activate all fields on save**.  diff --git a/docs/reuse/apps/app-collection-option-1.md b/docs/reuse/apps/app-collection-option-1.md index 0b38a0dedb..141e836f5a 100644 --- a/docs/reuse/apps/app-collection-option-1.md +++ b/docs/reuse/apps/app-collection-option-1.md @@ -13,7 +13,7 @@ To set up collection and install the app, do the following: 1. **Timezone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. (Optional) **Metadata**. Click the **+Add Metadata** link to add a custom log [Metadata Fields](/docs/manage/fields). Define the fields you want to associate, each metadata field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Click **Next**. 1. Configure the source as specified in the `Info` box above, ensuring all required fields are included. 1. In the **Configure** section of your respective app, complete the following fields. diff --git a/docs/reuse/apps/create-aws-s3-source.md b/docs/reuse/apps/create-aws-s3-source.md index 364ee2ee31..57739c679a 100644 --- a/docs/reuse/apps/create-aws-s3-source.md +++ b/docs/reuse/apps/create-aws-s3-source.md @@ -47,7 +47,7 @@ These configuration instructions apply to log collection from all AWS Source typ * Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. * Add an **accountId** field and assign it the value of the respective AWS account id which is being used. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 11. For **AWS Access**, choose between the two **Access Method** options below, based on the AWS authentication you are providing. * For **Role-based access**, enter the Role ARN that was provided by AWS after creating the role. Role-based access is recommended (this was completed in the prerequisite step [Grant Sumo Logic access to an AWS Product](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product)). * For **Key access**, enter the **Access Key ID** and **Secret Access Key**. See [AWS Access Key ID](http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html#RequestWithSTS) and [AWS Secret Access Key](https://aws.amazon.com/iam/) for details. diff --git a/docs/reuse/aws-cost-explorer.md b/docs/reuse/aws-cost-explorer.md index 670f059118..5abff28ca1 100644 --- a/docs/reuse/aws-cost-explorer.md +++ b/docs/reuse/aws-cost-explorer.md @@ -6,9 +6,8 @@ To configure an AWS Cost Explorer Source: 1. Enter a **Name** for the Source in the Sumo Logic console. The **Description** is optional.
cost-explorer-v2-1-1.png 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png -A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json { diff --git a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md index f7a53d9977..3700ba3684 100644 --- a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md +++ b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md @@ -73,7 +73,7 @@ To configure an Azure Event Hubs Source: 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
7. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. * A green circle with a check mark is shown when the field exists in the Fields table schema. - * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 8. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 9. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name. 10. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the Listen claim. diff --git a/docs/send-data/collection/edit-collector.md b/docs/send-data/collection/edit-collector.md index 4cb3230089..011fc82dd0 100644 --- a/docs/send-data/collection/edit-collector.md +++ b/docs/send-data/collection/edit-collector.md @@ -20,8 +20,8 @@ Changes to metadata are applied to messages going forward from this point in tim * The Collector version is provided for reference and can be changed. * If you set **Host Name** or **Category** at the Collector level, then all Sources belonging to this Collector are tagged with these metadata fields. If you later specify metadata at the Source level, the Collector metadata will be overwritten. * Click the **Add Field** link in the **Fields** section if you want to assign metadata [fields](/docs/manage/fields) to the Collector. Define the fields you want to associate, each field needs a key and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ```xml () () @@ -36,8 +36,8 @@ Changes to metadata are applied to messages going forward from this point in tim 1. Change the name or change the metadata fields as needed. Note that updated metadata is only be applied to newly ingested data; previously uploaded data retains its original metadata. * If you set **Category** at the collector level, then all sources belonging to this collector are tagged with that value. If you later specify metadata at the source level, the collector metadata will be overwritten. * Define the [**Fields**](/docs/manage/fields) you want to associate, each field needs a key and value.  - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Assign to a Budget** allows you to assign an [ingest budget](/docs/manage/ingestion-volume/ingest-budgets) to the Collector. The dropdown displays your ingest budgets in the following format: ``` () () diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md index 4a857f9e5a..9a0ca0ae9b 100644 --- a/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md +++ b/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source.md @@ -56,8 +56,8 @@ To create an AWS Kinesis Firehose for Logs Source: 1. **SIEM Processing**. Check the checkbox to forward your data to Cloud SIEM.   1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.   + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.   1. Set any of the following options under **Advanced**. Advanced options do *not* apply to uploaded metrics. diff --git a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md index 8590dafef0..198c8c7881 100644 --- a/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md +++ b/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source.md @@ -114,8 +114,8 @@ You can adjust the configuration of when and how AWS handles communication attem 1. For **Source Category**, enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called _sourceCategory.) 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM: * Click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. diff --git a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md index 9ab8a830c0..887a21df96 100644 --- a/docs/send-data/hosted-collectors/cloud-syslog-source/index.md +++ b/docs/send-data/hosted-collectors/cloud-syslog-source/index.md @@ -50,8 +50,8 @@ To configure a cloud syslog source, do the following: 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from this source. (Category metadata is stored in a searchable field called `_sourceCategory`.) 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Set any of the following under **Advanced**: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md index 8f758c223a..cbb67d2728 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md @@ -52,7 +52,7 @@ You'll need a 1Password API token and your customer-specif 1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Base URL**. Provide your 1Password customer-specific domain, for example `events.1password.com`. 1. **API Token**. Enter the [1Password API token](#vendor-configuration). 1. **Supported APIs to collect**. Select one or more of the available APIs, **Item Usage** and **Sign-in Attempts**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md index 8e7e08dc0e..6840b65f16 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source.md @@ -47,8 +47,8 @@ To configure an Abnormal Security Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. 1. Enter the **Access Token** for authorization collected from the [Abnormal Security platform](#vendor-configuration). 1. Additionally, if you like to collect the case data, enter **cases** in the **Supported APIs to collect** section. Threat data will be collected by default. But, if you like to collect only case data, you can unselect **threats** from the **Supported APIs to collect** section. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md index a061c67f52..b1b9a5953c 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/airtable-source.md @@ -53,7 +53,7 @@ To configure an Airtable Source: 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. In **Account ID**, enter an account ID that will be a unique identifier for your enterprise account. 1. In **Personal Access Token**, enter the access token that you have generated in the [Vendor configuration](#vendor-configuration) section. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md index ae40af4e45..450afb9b41 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source.md @@ -42,7 +42,7 @@ To configure an Akamai CPC Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped). + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (that is, dropped). 1. **Client Token**. Enter the Client token value collected from the Akamai platform. 1. **Client Secret**. Enter the Client secret value collected from the Akamai platform. 1. **Access Token**. Enter the Access token value collected from the Akamai platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md index 3ea3c39b51..2cc6e82a20 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/armis-api-source.md @@ -49,7 +49,7 @@ To configure an Armis Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. In **Instance URL**, enter the Armis hostname. :::info Armis Instance URL is the Armis hostname. For example, `https://armis-instance.armis.com`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md index 6f73082b55..0e629e26ec 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/asana-source.md @@ -53,8 +53,8 @@ To configure an Asana Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the Personal Access Token (PAT) from the Asana platform. 1. Enter the unique workspace ID for the users service account. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md index dcb40ef3d7..ff9a412905 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source.md @@ -51,8 +51,8 @@ To configure an Atlassian Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Organizations**. Click the **+Add** button to enter the Organizations you want to associate. Each Organizations needs a API Key value. This is the value that you generated from the [Atlassian platform](#vendor-configuration). :::info The authorization will fail if the API key value used is expired. To re-generate the API key, follow the steps mentioned in [vendor configuration](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md index b7bfa53ec6..c6b47af574 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md @@ -45,7 +45,7 @@ To configure a Automox Source: 1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. In **Bearer Token**, enter the bearer token collected from the Automox platform. 1. In **Organization ID**, enter the Organization ID collected from the Automox platform. 1. Select the **Collect Audit Trail Logs** checkbox to collect the audit details. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md index cf446ff159..2809732c47 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source.md @@ -35,7 +35,7 @@ To configure an AWS Cost Explorer Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. For [Fields](/docs/manage/fields), click the **+Add** link to add custom log metadata. Define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema or is disabled it is ignored, known as dropped.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.

It is preferable to add an **account** field (for the dashboards) and assign it a friendly name to identify the corresponding AWS account.
![accountField.png](/img/send-data/accountField.png) 1. For the **AWS Access Key** and **AWS Secret Key**, provide the IAM User access key and secret key you want to use to authenticate collection requests. Make sure your IAM user has the following IAM policy attached with it. ```json diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md index 6add812782..d23a4928e7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md @@ -77,8 +77,8 @@ To configure an Azure Event Hubs Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name.  1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name. 1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md index cc90877a3b..5021eac9fc 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden.md @@ -46,8 +46,8 @@ To configure the Bitwarden Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Bitwarden API Server Base URL**, enter the API Base URL for your Bitwarden installation. 1. (Optional) In **Self Hosted API Base URL**, enter the API Base URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL. 1. (Optional) In **OAuth 2.0 Token Url**, enter the OAuth 2.0 Token URL for your Self-Hosted Bitwarden installation. This field is only available if you select `Self-Hosted` for the server base URL. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md index 928851f328..558be9f5f7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source.md @@ -45,7 +45,7 @@ To configure a Box Source: 1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Upload the JSON file. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md index c76541122a..64cdfd8382 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source.md @@ -57,8 +57,8 @@ To configure a Carbon Black Cloud Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the [fields](/docs/manage/fields) you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **CB Cloud Domain**. Enter your Carbon Black Cloud domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use. 1. **API Key**. Enter the Carbon Black Cloud API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section. 1. **API ID**. Enter your Carbon Black Cloud API ID correlated to your API key. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md index c02e5f18df..7f1d418030 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source.md @@ -42,8 +42,8 @@ To configure a Carbon Black Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata.md) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **CB Cloud Domain**. Enter your Carbon Black domain, such as `dev-prod05.conferdeploy.net`. See [this knowledge base article](https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-api/ta-p/67346) to determine which domain to use. 1. **API Key**. Enter the Carbon Black API Key you want to use to authenticate requests. Ensure the key is granted the required permissions for all the APIs listed in the [Vendor configuration](#vendor-configuration) section. 1. **API ID**. Enter your Carbon Black API ID correlated to your API key. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md index aa1de11e81..ebce07fc27 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cato-networks-source.md @@ -63,8 +63,8 @@ To configure a Cato Networks Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **API Key** for Cato Networks account. 1. Enter the **Account ID** for Cato Networks account. 1. Select the **Data Types**. You can select one or both of the data sources. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md index 2a20eb80b8..cff099cda5 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source.md @@ -40,8 +40,8 @@ To configure a Cisco AMP Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Client ID**. Provide the Client ID you want to use to authenticate collection requests. 1. **API Region** (Optional). Select the appropriate region of your API Key. The default is `api.amp.cisco.com`. 1. **API Key**. Provide the API Key you want to use to authenticate collection requests.  diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md index 231ad0182f..e38daf527d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md @@ -58,7 +58,7 @@ To configure Cisco Meraki Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Base URL**. It refers to the default URL where your Meraki account is hosted. If you are located in China, you have the option to modify the base URL. 1. **API Key**. Provide the API key you generated from your Meraki account. 1. **Meraki Organization ID**. Provide the numeric Meraki organization ID of the Meraki org you want to collect data from. You can only provide one ID. Please create multiple sources for multiple Meraki organizations. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md index 9aa803ffb9..ebce20a3ed 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source.md @@ -52,7 +52,7 @@ Only administrators are allowed to retrieve the key. For more information, refer 1. (Optional) **Fields**. Click the **+Add** link to add custom log metadata [Fields](/docs/manage/fields). * Define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Base URL**. Provide your Cisco Vulnerability Management customer-specific domain, for example, `https://api.kennasecurity.com`. 1. **API Key**. Enter the [Cisco Vulnerability Management API key](#vendor-configuration). 1. **Data Collection**. Select one or more of the data types, **Assets** and **Vulnerabilities**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md index f9afb87a90..97a9919b7d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/citrix-cloud-source.md @@ -78,8 +78,8 @@ To configure the Citrix Cloud API: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Choose the URL where your Citrix Cloud account is located. See [Base URL](#base-url) section to know your base URL. 1. **Customer ID**. Enter the Customer ID you generated and secured from the [API Client](#api-client) section in step 6. 1. **Client ID**. Enter the Client ID you generated and secured from the [API Client](#api-client) section in step 5. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md index 3445261c77..f3752cca36 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/code42-incydr-source.md @@ -51,8 +51,8 @@ To configure a Code42 Incydr Source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Base URL**, select the domain from which you want to retrieve the source data from the Incydr API. 1. In **Client ID**, enter the Client ID you generated from the Code42 Incydr platform. 1. In **Secret Key**, enter the Secret Key you generated from the Code42 Incydr platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md index 0e11227c1d..3373f0b769 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source.md @@ -44,8 +44,8 @@ To configure a Confluent Cloud Metrics source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **API Key ID**. Enter the Client ID collected from the [vendor configuration](#vendor-configuration). For example, `U5XXXYZYGAXXXFRZ`. 1. **API Secret**. Enter the Client Secret collected from the [vendor configuration](#vendor-configuration). For example, `psYDINXXXG9eYi9hF/X20SZAI4YEn5IZ0cXXXuZ556WIbKYvHPHSCTXXXyF`. 1. **Resource Filters**. Select the checkbox to collect metrics for the required resources, and then enter the ID of the relevant resource to export metrics. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md index 5e16f60829..19e87a1b8c 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-host-inventory.md @@ -71,8 +71,8 @@ To configure the CrowdStrike FDR Host Inventory API: 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) as inventory.
7. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 8. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 9. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 10. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md index 7a33d8e77a..0c87327f30 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md @@ -46,8 +46,8 @@ To configure a CrowdStrike FDR Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **AWS Access Key ID**: Provide your AWS Access Key ID you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. 1. **AWS Secret Access Key**: Provide your AWS Secret Access Key you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. 1. **SQS Queue URL**. Provide your SQS Queue URL you copied from CrowdStrike, see the [Vendor configuration](#vendor-configuration) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md index b6e19ee4ef..8b47f63b0a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-filevantage.md @@ -71,8 +71,8 @@ To configure the CrowdStrike FileVantage Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **CrowdStrike Base URL**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **API Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **API Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md index 485931b348..c42a3a5bf6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md @@ -56,8 +56,8 @@ To configure a CrowdStrike Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **CrowdStrike domain**: Provide your [CrowdStrike domain](https://falcon.crowdstrike.com/support/documentation/89/event-streams-apis ), for example, `api.crowdstrike.com`. 1. **Client ID**: Provide the CrowdStrike Client ID you want to use to authenticate collection requests. 1. **Secret Key**. Provide the CrowdStrike API key you want to use to authenticate collection requests. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md index b165f5882f..6a63ac5b06 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-spotlight-source.md @@ -70,8 +70,8 @@ To configure the CrowdStrike Spotlight Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md index 6becbc8bed..771a96257d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md @@ -70,8 +70,8 @@ To configure the CrowdStrike Threat Intel Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region. 1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section. 1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md index 4812215cf6..41074859cd 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source.md @@ -54,8 +54,8 @@ To configure a Cloud SIEM AWS EC2 Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **AWS Access**. The integration is configured for either role based AWS authentication or key based AWS authentication. - **Role Based Access**. AWS Role ARN is required for Role based Access. Use the information provided on the source page to configure the role.
role-based - **Key Access**. Enter the IAM user access key ID and secret key you want to use to authenticate collection requests.
key-based diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md index ed461d8ce6..cc85d29e03 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-audit-source.md @@ -49,8 +49,8 @@ To configure a CyberArk Audit source, follow the steps below: 1. **Name**. Enter a name to display for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Identity ID**. Enter your identity ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `ac212`. 1. **Web Application ID**. Enter your application ID collected from the [Vendor configuration](#vendor-configuration) section. For example, `sumologic`. 1. **Username**. Enter your username(client-id) collected from the [Vendor configuration](#vendor-configuration) section. For example, `user@cyberark.cloud.1234`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md index 49c472d693..e8959718fa 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cyberark-source.md @@ -51,7 +51,7 @@ To configure a CyberArk EPM Source, follow the steps below: 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. Fields. (Optional) Click **+Add** to ad additional fields; each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **EPM Username**. Enter your EPM username from the [Vendor configuration](#vendor-configuration) section. 1. **EPM User Password**. Enter your EPM password from the [Vendor configuration](#vendor-configuration) section. 1. **CyberArk EPM Dispatch Server**. Enter your CyberArk EPM Dispatch Server URL, it is the dispatch server for your region. Following are some examples of dispatch server URLs: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md index e090440160..1a7decc0e3 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cybereason-source.md @@ -46,7 +46,7 @@ To configure a Cybereason Source: 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Cybereason Host**. Provide your customer-specific host, such as `mydomain.cybereason.net`. If you have a customer-specific port this should be included, such as `mydomain.cybereason.net:8443`. 1. **User email** and **password**. Provide the Cybereason user credentials you want to use to authenticate collection requests. 1. (Optional) The **Polling Interval** is set for 300 seconds by default, you can adjust it based on your needs. This sets how often the Source checks for new data. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md index d6c5d5303f..816e4de01a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source.md @@ -46,8 +46,8 @@ To configure Digital Guardian Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **API Gateway URL**, enter the API Gateway URL of your account. 1. In **Authorization Server URL**, enter the Authorization Server URL of your account. 1. In **API Client ID**, enter the API Client ID you generated from the Digital Guardian platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md index 5c3457f2ff..c0284a6d60 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source.md @@ -90,8 +90,8 @@ To configure the DocuSign source: 4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 7. In **DocuSign Environment**, choose the environment of your DocuSign account. 8. In **User ID**, enter the User ID of your account. See [User ID](#user-id) section to help find your User ID. 9. In **Integration Key**, enter the integration key you generated. See step 5 of [App](#app) section. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md index 867c83d6d8..3d5889aa94 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source.md @@ -57,8 +57,8 @@ To configure a Dragos Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Endpoint URL**. Enter the Dragos platform endpoint URL. For example, `https://test.cxc.dragos.cloud/`. 1. **API ID**. Enter the API ID of your account collected from the [Dragos platform](#vendor-configuration). For example, `036fxxxx-b642-xxxx-99d3-fcxxxx2exxxx`. 1. **API Secret**. Enter the API Secret of your account collected from the [Dragos platform](#vendor-configuration).. For example, `xxxU1TxxxxxxxxKSJwHYOpK37xxxxxxxxrEHAkU91xxxxxxxxxFrrJ06xxx`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md index d02c1b98c3..07bd4ba53b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source.md @@ -50,8 +50,8 @@ To configure a Dropbox source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **App Key**, **App Secret**, and **Access Code**. Provide your Dropbox [authentication](#vendor-configuration) credentials. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md index 9f1846a023..563619e286 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-cyber-resilience-source.md @@ -45,8 +45,8 @@ To configure a Druva Cyber Resilience Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Endpoint URL**. Enter the API Endpoint URL collected from the [Druva Cyber Resilience platform](#vendor-configuration). 1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds). 1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials#createnewcreds). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md index cda0117c44..ff81890296 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source.md @@ -67,8 +67,8 @@ To configure a Druva Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Endpoint URL**. Enter your API Endpoint URL. To get API Endpoint URL, follow the instructions from [Create and Manage Druva API Credentials](https://developer.druva.com/docs/migration-process). 1. **Client ID**. Enter your Client ID. To get Client ID, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials). 1. **Secret Key**. Enter your Secret Key. To get Secret Key, follow the instructions from [Create and Manage Druva API Credentials](https://docs.druva.com/Druva_Cloud_Platform/Integration_with_Druva_APIs/Create_and_Manage_API_Credentials). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md index f7e96cfb61..a50a44fad2 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md @@ -40,8 +40,8 @@ To configure a Duo Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note If you are using the Duo Federal edition service when connecting APIs, it's recommended to use `duofederal.com` instead of the default `duosecurity.com` domain. Our Duo C2C lets you allow to configure the API domain as it contains the specific customer ID information. For example, you can use `api-xxxx-duosecurity.com` or `api-xxxx-duofederal.com` if the Duo Federal edition service has been opted in. For more information, refer to the [Duo Federal Edition Guide](https://duo.com/docs/duo-federal-guide#duo-service-connectivity). ::: diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md index 2d68c98fee..074292d291 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md @@ -54,8 +54,8 @@ To configure Gmail Trace Logs Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Project ID**. Enter the unique identifier number. You can find this from the Google Cloud Console. 1. **Dataset ID**. Enter the ID. The Dataset ID is the project-wise unique identifier for your dataset. 1. **Data Location**. Enter the location of DataSet which is set while creating Dataset in BigQuery. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md index 43d15640f3..9ebb233941 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-bigquery-source.md @@ -52,8 +52,8 @@ To configure an Google BigQuery Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Project ID**. Enter the unique identifier number for your BigQuery project. You can find this from the Google Cloud Console. 1. **Checkpoint Field**. Enter the name of the field in the query result to be used for checkpointing. This field has to be increasing and of type number or timestamp. 1. **Checkpoint Start**. Enter the first value for the checkpoint that the integration will plug into the query. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md index 06eecf5f45..bc8563cb51 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md @@ -57,7 +57,7 @@ Follow the below steps to create Google Workspace AlertCenter service account cr 1. **Forward to SIEM**. Click if you want the Source to forward the logs it ingests to [Cloud SIEM](/docs/cse/).
1. **Fields.** (Optional) Click **+Add Field** to define the fields you want to associate, each field needs a name (key) and value. For more information, see [Fields](/docs/manage/fields). * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored (i.e., dropped). + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Delegated User Email.** Enter the admin email address for the domain. This email should be the address that is configured for the specific service account in the Google Cloud console. 1. **Google Workspace AlertCenter Credentials**. You can authenticate your service account credentials directly by uploading a JSON file credentials instead of breaking down the file into different sections for the UI schema. Click **Upload** and select the JSON file that you downloaded in the [Service Account Credentials section](#vendor-configuration). 1. **Exclude Alert Types**. (Optional) Enter the data alert types and scope that you do not want to send to Sumo Logic. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md index 7bbd77388a..4fa671cc2f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source.md @@ -91,8 +91,8 @@ To configure a Google Workspace User Inventory source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/) so it becomes part of User Inventory.
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. The **Delegated User Email** is the email address of the user you want to call the API on behalf of. This user should have the necessary [permissions](https://support.google.com/a/answer/7519580?hl=en) to view the details of other users in your Google Workspace domain, such as an Admin role. At a minimum, the user should have the `Users:Read permission`. Learn more about Domain-Wide Delegation of Authority: * [Domain-Wide Delegation of Authority](https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md index 3704953726..269d66b980 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md @@ -44,8 +44,8 @@ To configure an Intel471 Threat Intel source: 1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Username**. Enter your login ID or email address. 1. **API Key**. Enter the API key of the user account collected from the [Intel471 Threat Intel platform](#vendor-configuration). 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Intel 471 source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Intel 471 threat intelligence indicators will be stored in this source. Do not use spaces in the name. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md index 591dcf785d..2b5bae2237 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source.md @@ -41,8 +41,8 @@ To configure the Jamf Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Base URL**, enter your Jamf instance domain, `https://yourServer.jamfcloud.com`. 1. In **Client ID**, enter the Client ID you generated from the Jamf platform. 1. In **Client Secret**, enter the Client Secret you generated from the Jamf platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md index 39ac554491..ae7ac84d33 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray.md @@ -39,8 +39,8 @@ To configure the JFrog Xray Source: 1. Enter a **Name** to display for the Source in Sumo Logic. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **JFrog Base URL**, enter your JFrog instance domain (for example, `https://acme.jfrog.io`). 1. In **HTTP Basic Auth Username**, enter your JFrog username you created. 1. In **HTTP Basic Auth Password**, enter your JFrog password you created. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md index b94931ba8c..d3e9ed2190 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jumpcloud-directory-insights-source.md @@ -42,8 +42,8 @@ To configure a JumpCloud Directory Insights source: 1. Enter a **Name** for the source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **API Key**, enter the API Key you generated from the JumpCloud Directory Insights platform. 1. In **Organization ID**, enter the Organization ID you generated from the JumpCloud Directory Insights platform. 1. In **Service**, select the type of logs to collect. This allows you to limit the response to just the data you want. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md index 943e7683c7..0b1cbc4848 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kaltura-source.md @@ -63,8 +63,8 @@ To configure a Kaltura source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Enter the API **Base URL**. 1. **Partner ID**. Enter the **Partner ID** collected from the [Vendor configuration](#create-a-new-app-token). 1. **App Token ID**. Enter the **App Token ID** collected from the [Vendor configuration](#create-a-new-app-token). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md index cf998cee51..823b32a367 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/knowbe4-api-source.md @@ -68,8 +68,8 @@ To configure the KnowBe4 API Source: 4. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 7. In **Region**, choose the region where your KnowBe4 account is located. See [Region](#region) section to know your Region. 1. In **API Key**, authenticate your account by entering your secret API key. You can access your API key or generate a new one from **User Event API Management Console**. See [API Token](#api-token) section. 1. In **Data Types**, you can select the **Phishing Tests** data type to fetch a list of all recipients for each phishing security test on your KnowBe4 account. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md index efb9f7300a..757e259347 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/lastpass-source.md @@ -37,8 +37,8 @@ To configure the LastPass Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **CID (Account Number)**, enter your CID account number collected from the LastPass platform. 1. In **API Secret**, enter your API Secret ID collected from the LastPass platform. 1. In **TimeZone**, enter the timezone of admin LastPass account. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md index a7925e108d..7f7d317577 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md @@ -79,8 +79,8 @@ To configure a Microsoft Azure AD Inventory Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Devices** and **Users**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md index 1405765254..025c9da1e7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs.md @@ -99,8 +99,8 @@ To configure a Microsoft Exchange Trace Logs Source: 4. Enter a **Name** for the Source. The description is optional. 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 8. **Application (client) ID**. Enter your client ID from your Azure Application. This should be a Globally Unique Identifier aka GUID. 9. **Directory (tenant) ID**. Enter your tenant ID from your Azure Application. This should be a Globally Unique Identifier aka GUID. 10. **Secret**. Enter your client secret generated within your Azure Application. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md index 69d8d8b589..e574e147a9 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source.md @@ -78,8 +78,8 @@ To configure a Microsoft Graph Azure AD Reporting Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Directory Audit**, **Sign-in**, and **Provisioning**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md index 38886d46ff..2db0d3b819 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source.md @@ -73,8 +73,8 @@ To configure a Microsoft Graph Identity Protection Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. Provide the **Directory (tenant) ID** and **Application (client) ID** you got after you registered (created) the Azure Application in step 5 of the setup section. 1. **Application Client Secret Value**. Provide the Application Client Secret Value you created in step 7 of the setup section. 1. **Supported APIs to collect**. Select one or more of the available APIs, **riskDetections** and **riskyUsers**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md index 295132fefb..b2c0f71b5a 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md @@ -72,8 +72,8 @@ To configure a Microsoft Graph Security API Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Enter the **Directory (tenant) ID**, **Application (client) ID**, and **Application Client Secret Value** you got from the Application you created in the [Vendor configuration](#vendor-configuration) section. 1. The **Polling Interval** is set to 5 minutes by default. You can adjust it based on your needs. 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md index a74c60358f..461ed643b6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mimecast-source.md @@ -49,8 +49,8 @@ To configure a Mimecast Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Client ID**. Enter the Client ID of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client ID. 1. **Client Secret**. Enter the Client Secret key of the app. Refer to the [Mimecast documentation](https://developer.services.mimecast.com/api-overview#application-registration-credential-management) for guidance to create the Client Secret. 1. **Supported API to collect**. Select the type of Mimecast data source that you want to collect. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md index e11d207aa3..146487323d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source.md @@ -78,8 +78,8 @@ To configure a Netskope Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. Enter your Netskope customer specific **Tenant ID**. Do not provide the entire URL, just the Tenant ID. For example, if your URL is `https://tenant.eu.sumologic.com`, then `tenant.eu` will be your Tenant ID. 1. Enter the Netskope **API Token** you want to use to authenticate requests. 1. **Event Types** (Optional). By default, *all* event types are collected. You can specify certain event types to collect. Make sure to have the corresponding token privileges to the event types. If this field is empty, all event types are collected. Be aware that if you want to collect all event types, and a new event type is added in the future, your token might need to be updated accordingly. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md index 662596796b..927134b06e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source.md @@ -49,8 +49,8 @@ When you create a Netskope WebTx API Source, you add it to a Hosted Collector. B 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Netskope Streaming Credentials**. Upload the JSON file downloaded from google cloud platform. 1. When you are finished configuring the Source, click **Save**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md index af5efe0a7e..260914b198 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md @@ -41,8 +41,8 @@ To configure an Okta Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Okta API Key**. Provide the Okta API key you want to use to authenticate collection requests. 1. **Okta Domain**. Provide your specific Okta domain, such as `mydomain.okta.com`. 1. **Okta Event Types to Request**. By default, the Source will ingest all Okta events. You can instead configure a subset of events to collect. Click **Select Events** to specify the events you want to collect. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md index 34acf9d477..0279494bc0 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source.md @@ -74,8 +74,8 @@ To configure a Palo Alto Cortex XDR Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **API Key**. Enter the API Key that you generated and secured in step 7 of the [API Key](#getting-cortex-xdr-api-key) section. 1. **API ID**. Enter the API ID that you generated and secured in step 2 of the [API ID](#getting-cortex-xdr-api-id) section. 1. **Tenant FQDN**. Enter the FQDN that you obtained when you generated the API Key and API ID, as explained in the [FQDN](#getting-cortex-xdr-fqdn) section. The FQDN is a unique host and domain name associated with each tenant. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md index d382fe1eda..d7095910db 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-on-demand-source.md @@ -49,8 +49,8 @@ To configure a Proofpoint On Demand Source: 5. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
7. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 8. **Cluster ID** and **Token**. Provide the Proofpoint authentication credentials you want to use to [authenticate](#configuration-object) collection requests. 9. **Supported Events**. There are two types of events you can collect. Select one or both of the options, **message** and **maillog**. The following shows the main fields returned from each type: * **message**: `guid`, `connection`, `envelope`, `msg`, `msgParts`, `filter`, `pps` diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md index fb89dc1e4b..c994a11c74 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/proofpoint-tap-source.md @@ -188,8 +188,8 @@ To configure a Proofpoint TAP Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Proofpoint Domain**. Provide a Proofpoint endpoint if different from the default, `tap-api-v2.proofpoint.com`. 1. **API Secret**. Provide the Proofpoint API Secret for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above). 1. **Service Principal**. Provide the Proofpoint Service Principal for authenticating collection requests (copied in [Vendor configuration](#vendor-configuration) above). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md index ccf968e3f2..f30a05f0f8 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/qualys-vmdr-source.md @@ -39,8 +39,8 @@ To configure a Qualys VMDR Source: 1. Enter a **Name** to display for the Source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Qualys API Server URL** and **Qualys API Gateway URL**. Provide the Qualys API server URLs. Use the [Qualys Platform Identification](https://www.qualys.com/platform-identification) page and scroll down to **API URLs** to for a reference to your Qualys deployment location. 1. **Username** and **Password**. Use your Qualys account username and password for API authentication. 1. The next section covers the type of data to collect and how often. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md index 11d989b99e..f2af0d48b4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/rapid7-source.md @@ -37,8 +37,8 @@ To configure an Rapid7 Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **Region** of Rapid7 InsightVM platform. 1. Enter the **API Key** for authorization. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md index c85c7612e7..5af3c8d4e2 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sailpoint-source.md @@ -53,8 +53,8 @@ To configure a Duo Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Tenant Name**. Provide your SailPoint customer-specific organization name, such as `{organization}.identitynow.com`. 1. **Client ID** and **Client Secret**. Enter the ID and Secret you got from creating your SailPoint access token in the [Vendor configuration section](#vendor-configuration) above. 1. **Supported APIs to collect**. Select one or more of the available APIs, **Events** and **Users**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md index e83c04de42..0d63b4edfe 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source.md @@ -70,8 +70,8 @@ To configure a Salesforce Source: 1. For **Source Category (Optional)**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **SignOn URL.** Enter your Sign on URL. For example, `https://.my.salesforce.com/services/oauth2/token`. 1. **Client ID.** Enter the Consumer Key of the ConnectedApp.  1. **Client Secret.** Enter the Consumer Secret of the ConnectedApp.  diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md index a09c96148f..3b859708aa 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md @@ -58,8 +58,8 @@ To configure a SentinelOne Mgmt API Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Base URL**. Provide your SentinelOne Management URL. It's in this format: `https://`. 1. **API Token**. Provide the API Token you got from the SentinelOne Management Console. See Authentication above for details. 1. **Supported APIs to collect**. Select one or more of the available APIs: **activities**, **agents**, and **threats**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md index 4194c60d0d..ad1dc5a05b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md @@ -122,8 +122,8 @@ To configure a Slack Source: 1. Enter a **Name** for the Source. The **Description** is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **API Auth Bearer Token**. Enter the Slack App access token from the previous steps. 1. **Slack API Collection**. Select the Slack collection API you want to collect logs from (Web or Audit). 1. **Polling Interval in Minutes**. Enter the frequency in minutes for collecting the data. Default is 5 mins. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md index 54e46efeb4..727e3bf0b4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source.md @@ -37,8 +37,8 @@ To configure Smartsheet Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Application (client) ID**, paste in the Client ID from the vendor's setup "Create a Developer Account and Register an App" steps. 1. In **Client Secret**, paste in the Client Secret from the vendor's setup "Create a Developer Account and Register an App" steps. 1. In **Oauth 2.0 Authorization Code**, paste in the Authorization Code from the vendor's setup "Create a Developer Account and Register an App" steps. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md index 6ed6a94688..89971dc05d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source.md @@ -51,8 +51,8 @@ To configure a Snowflake source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Snowflake Username**. Enter your Snowflake login [username](#vendor-configuration). 1. **Snowflake Password**. Enter your Snowflake login [password](#vendor-configuration). 1. **Snowflake Account Identifier**. Enter your Snowflake account [name](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md index 294eb07e37..ee0121f4e4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api.md @@ -39,8 +39,8 @@ To configure the Snowflake SQL API Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. In **Snowflake Username**, enter your Snowflake account username. 1. In **Snowflake Password**, enter the Snowflake account password associated with your user. 1. In **Snowflake Account Identifier**, enter your Snowflake account identifier obtained from the vendor configuration above. The identifier should look something like this: `wp00000.us-east-2.aws`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md index 9652703ddd..c4bba821bc 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sophos-central-source.md @@ -50,8 +50,8 @@ To configure a Sophos Central Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Client ID**. Provide the Sophos Central Client ID you want to use to authenticate collection requests. 1. **Client Secret**. Provide the Sophos Central Client Secret you want to use to authenticate collection requests. 1. **Supported APIs to collect**. Select one or more of the available APIs, **Alerts** and **Events**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md index 3cad1b13b7..ad6163179f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md @@ -48,8 +48,8 @@ To configure a TAXII 1 Client Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name. 1. **STIX/TAXII Configuration**: * **Discovery URL**. Enter the TAXII Discovery URL provided by the vendor (optional). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md index f236c0af03..e5fb134824 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md @@ -47,8 +47,8 @@ To configure a TAXII 2 Client Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name. 1. **Authentication**. Select the authentication type: * **Basic**. Provide your vendor username and password. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md index 1abff6c933..695e0b48b7 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source.md @@ -65,8 +65,8 @@ To configure a Sumo Collection Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Deployment**. Select the deployment region from the dropdown. For example, `AU`. 1. **Access ID**. Enter the Access ID collected from the [vendor configuration](#access-id-and-access-key). For example, `sug2lhtaa1g6xk`. 1. **Access Key**. Enter the Access Key collected from the [vendor configuration](#access-id-and-access-key). For example, `00xxxxxx-xxx2-9316-7xx42xxx1x41`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md index 2682b64805..01bd76b441 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source.md @@ -44,8 +44,8 @@ To configure a Symantec Endpoint Security Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema, it is ignored, also known as dropped. 1. In **Client ID**, enter the Client ID you generated from the Symantec Endpoint Security platform. 2. In **Client Secret**, enter the Client Secret you generated from the Symantec Endpoint Security platform. 3. (Optional) In **Initial LookBack**, enter the first collection start time. Default is 1 day and maximum is 30 days. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md index aaf028bc67..8acbdf67a0 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-web-security-service-source.md @@ -60,8 +60,8 @@ To configure a Symantec Web Security Service Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **API Username** and **Password**. Provide the Symantec Web Security Service user credentials you want to use to authenticate collection requests. This was copied during the [Vendor configuration](#vendor-configuration) steps above. 1. When you are finished configuring the Source, click **Submit**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md index b8d97f574b..64d2be5c96 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source.md @@ -62,8 +62,8 @@ To configure a Sysdig Secure Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Base URL**. Enter the [Sysdig Secure platform](#base-url) Base URL. For example, `https://api.us2.sysdig.com`. 1. **Bearer Token**. Enter the Sysdig Secure API token collected from the [Sysdig Secure](#bearer-token) platform. For example, `t3fPdsbxxxxxxxxxp4D6hbi4`. 1. (Optional) **Filters**. Click the **+Add** button to define the filters you want to associate. Each filter needs a **Field Name** (key) and **Field Value** (value). For key-value pairs, the length is set to 256 characters and the API accepts a maximum length of 1024 characters for the filter. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md index 125402c3b6..041740fb21 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source.md @@ -49,8 +49,8 @@ To configure a Tenable source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Provide the **Access Key** and **Secret Key** to authenticate requests. 1. (Optional) **Include unlicensed objects**. Select the checkbox if you want to collect unlicensed objects. 1. **Supported APIs to collect**. Select one or more of the available APIs: **Vulnerability Data**, **Audit Logs**, and **Asset Data**. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md index 8922b784e9..2ad962df0b 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source.md @@ -45,8 +45,8 @@ To configure a Trellix mVision ePO Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **Client ID** of your Trellix platform. 1. Enter the **Client Secret** of your Trellix platform. 1. Enter the **API Key** for authorization collected from the Trellix platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md index 768f331420..ed0d6e0eed 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source.md @@ -54,8 +54,8 @@ To configure a Trend Micro source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **API Base URL**. Enter the [Base URL](#vendor-configuration) to fetch the data from the Trend Micro Vision One source. 1. **Auth Token**. Enter the authentication token collected from the [Trend Micro platform](#vendor-configuration). 1. **Polling Interval**. The polling interval is set for 15 minutes by default. You can adjust it based on your needs. This sets how often the source checks for new data. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md index cde35ddf77..1cfca89653 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source.md @@ -43,8 +43,8 @@ To configure a Trust Login Source: 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Bearer Token**. Provide the bearer token collected from the Trust Login platform. 1. The **Polling Interval** is set for five minutes by default, you can adjust it based on your needs. 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md index 19670aaca8..7e4a5f8fb4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source.md @@ -48,8 +48,8 @@ When you create an Universal Connector Source, you add it to a Hosted Collector. 1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
1. (Optional) **Parser path**. If **Forward to SIEM** option is selected, provide a [parser path](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/parsers/README.md). 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - - green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - - orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + - green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + - orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Configuration Sections**. Expand each section to learn more about the options available for configuration.
Authentication Configuration diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md index f0d68c1a55..8fe637b31c 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source.md @@ -37,8 +37,8 @@ To configure a Vectra Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Account URL**. Enter the account URL value `https://{vectra_portal_url}/api/v3.3/detections`. Replace `vectra_portal_url` with your subdomain value. For example, `https://308714519558.cc1.portal.vectra.ai`. 1. **Client ID**. Enter the client ID value collected from the [Vectra platform](#vendor-configuration). 1. **Client Secret**. Enter the client secret value collected from the [Vectra platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md index 611d6b57da..1f731c29db 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source.md @@ -67,8 +67,8 @@ To configure a VMware Workspace One Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema is ignored, known as dropped. 1. **Endpoint URL**. Enter the [VMware Workspace One platform](#vendor-configuration) endpoint URL. 1. **Auth URL**. Enter the API region URL to fetch the auth token collected from the [VMware Workspace One platform](#auth-url). For example, `https://uat.uemauth.vmwservices.com`. 1. **Client ID**. Enter the Client ID of your account collected from the [VMware Workspace One platform](#client-id-and-client-secret). For example, `cfea26d59bd542488ea706b025564d42`. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md index 67063af354..684eea38c0 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/webex-source.md @@ -77,8 +77,8 @@ To configure an Webex source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Client ID**. Enter the **Client ID** collected from the [new Webex Integration app](#create-a-new-webex-integration-app). 1. **Client Secret**. Enter the **Client Secret** collected from the [new Webex Integration app](#create-a-new-webex-integration-app). 1. **OAuth 2.0 Authorization Code**. Enter the **OAuth 2.0 Authorization Code** collected from the [URL](#oauth-20-authorization-code). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md index e56c5e5fe1..3e000b1cfb 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source.md @@ -136,7 +136,7 @@ To configure a Workday Source, follow the steps below: 6. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/).
7. **Fields** (Optional). Click the **+Add** field link to define the fields you want to associate. Each field needs a name (key) and value. * green check circle.png A green circle with a checkmark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 8. **SignOn Report URL**. Paste the SignOn Report URL from the [Vendor configuration: Step 5](#step-5-create-a-custom-sign-on-report). 9. **Integration System User Name**. Name of the account (SumoLogic_ISU) created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user). 10. **Integration System User Password**. The password of the account created in [Vendor configuration: Step 1](#step-1-create-an-integration-system-user). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md index 6f72bd1e2f..934f271379 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source.md @@ -37,8 +37,8 @@ To configure a Zendesk Source, follow the steps below: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Base URL**. Enter the Base URL value `https://{subdomain}.zendesk.com`. Replace `subdomain` with your subdomain value. For example, `https://unityd.zendesk.com`. 1. **Email Address**. Enter your Zendesk account email address. 1. **API Token**. Enter the **API Token** for authorization collected from the [Zendesk platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md index 596b1d9600..8eff391bb6 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source.md @@ -44,8 +44,8 @@ To configure a Zero Networks Segment Source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. Enter the **API Key** for authorization collected from the Zero Networks platform. 1. Select **Collect Network Activity Data**, to collect network activity data. 1. (Optional) For **Network Activity Filters**, enter the filters you want to apply for network activity data collected from the Zero Networks platform. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md index 087ea98ef9..009cf78a7d 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md @@ -45,8 +45,8 @@ To configure an ZeroFox Threat Intel source: 1. Enter a **Name** to display for the Source in the Sumo web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.  + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  1. **Username**. Enter your ZeroFox username. 1. **Password**. Enter your Zerofox password. 1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the ZeroFox source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The ZeroFox threat intelligence indicators will be stored in this source. Do not use spaces in the name. diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md index a4c6a871f9..39b9e0711f 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source.md @@ -53,8 +53,8 @@ To configure a Zimperium MTD source: 1. Enter a **Name** for the Source. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Account URL**. Enter your [Account URL](#vendor-configuration). 1. **Client ID**. Enter your [Client ID](#vendor-configuration). 1. **Client Secret**. Enter your [Client Secret](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/configure-hosted-collector.md b/docs/send-data/hosted-collectors/configure-hosted-collector.md index f666ce8250..1f4244f97b 100644 --- a/docs/send-data/hosted-collectors/configure-hosted-collector.md +++ b/docs/send-data/hosted-collectors/configure-hosted-collector.md @@ -23,8 +23,8 @@ Steps to configure a Hosted Collector: 1. Provide a **Name** for the Collector. **Description** is optional. 1. **Category**. Enter any string to tag the logs collected from this Collector. This Source Category value is stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). 1. Click the **+Add Field** link in the **Fields** section. Define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Assign to a Budget** allows you to assign an ingest budget to the Collector. The dropdown displays your ingest budgets in the following format: ` () ()` 1. **Time Zone**. Set the default time zone when it is not extracted from the log timestamp. Time zone settings on Sources override a Collector time zone setting. 1. Review your input and when finished click **Save**.
![Screenshot of the 'Add Hosted Collector' dialog box in Sumo Logic. The form includes fields for 'Name' (with 'Sumo' entered), 'Description,' 'Category,' and 'Fields' with an option to '+Add Field.' Additional options include 'Assign to a Budget,' set to 'Not Assigned,' and 'Time Zone,' set to '(UTC) Etc/UTC.' At the bottom are 'Cancel' and 'Save' buttons.](/img/send-data/add-hosted-collector.png) diff --git a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md index 25ef86d01e..07510c7410 100644 --- a/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md +++ b/docs/send-data/hosted-collectors/google-source/gcp-metrics-source.md @@ -124,7 +124,7 @@ For information on available metrics, see [GCP Metrics](https://cloud.google.com 10. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field called `_sourceCategory`. See our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in [keyword search expressions](/docs/search/get-started-with-search/build-search/keyword-search-expressions). This can be a maximum of 1,024 characters. 11. **Fields**. Click the **+Add link** to add custom log metadata [Fields](/docs/manage/fields), then define the fields you want to associate. Each field needs a name (key) and value. Look for one of the following icons and act accordingly: * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 12. **GCP Access**. Upload the JSON Google service account credentials file. This allows Sumo Logic to make API calls to Google Cloud. diff --git a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md index 338b9aab1b..47e00668e1 100644 --- a/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md +++ b/docs/send-data/hosted-collectors/google-source/google-cloud-platform-source.md @@ -32,8 +32,8 @@ This Source will be a Google Pub/Sub-only Source, which means that it will only 1. **Source Host** (Optional). The Source Host value is tagged to each log and stored in a searchable metadata field called `_sourceHost`. Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 128 characters. 1. **Source Category** (Optional). The Source Category value is tagged to each log and stored in a searchable metadata field called `_sourceCategory`. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). Avoid using spaces so you do not have to quote them in keyword search expressions. This can be a maximum of 1,024 characters. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Advanced Options for Logs**.
GCP advanced options * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md index 9b0ffda1bc..07707f45fe 100644 --- a/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md +++ b/docs/send-data/hosted-collectors/google-source/google-workspace-apps-audit-source.md @@ -63,8 +63,8 @@ To configure a Google Workspace Apps Audit Source: 1. **Source Category**. Enter a string to tag the output collected from the source. The string that you supply will be saved in a metadata field called `_sourceCategory`. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md index 361ee5e2f6..365ab5bd8d 100644 --- a/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md +++ b/docs/send-data/hosted-collectors/http-source/logs-metrics/index.md @@ -32,8 +32,8 @@ To configure an HTTP Logs and Metrics Source: 1. (Optional) For **Source Host **and** Source Category**, enter any string to tag the output collected from the source. (Category metadata is stored in a searchable field called _sourceCategory.) 1. **Forward to SIEM**. This option is present if [Cloud SIEM](/docs/cse/) is enabled. Click the checkbox to send the logs collected by the source to Cloud SIEM. 1. **Fields/Metadata.** Click the **+Add** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Advanced Options for Logs.** Advanced options do *not* apply to uploaded metrics.
A screenshot of the 'Advanced Options for Logs' settings in Sumo Logic. The options include 'Extract timestamp information from log file entries' (checked), 'Default Time Zone' with options to 'Use time zone from log file. If not detected, use default time zone' (selected) and 'Ignore time zone from log file and instead use default time zone'. The 'Timestamp Format' settings offer 'Automatically detect the format' (selected) and 'Specify a format'. The 'Message Processing' section has 'Multiline Processing' checked. The 'Infer Message Boundaries' options include 'Detect Automatically' (selected) and 'Add Boundary Regex'. Finally, there is an unchecked option for 'One Message Per Request', which notes that each request will be treated as a single message, ignoring line breaks. * **Timestamp Parsing.** This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone.** There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/http-source/otlp.md b/docs/send-data/hosted-collectors/http-source/otlp.md index 455f765d39..cc2e21b55f 100644 --- a/docs/send-data/hosted-collectors/http-source/otlp.md +++ b/docs/send-data/hosted-collectors/http-source/otlp.md @@ -28,8 +28,8 @@ To configure an OTLP/HTTP Source: 1. Enter a **Name** for the Source. A description is optional. 
![OTLP:HTTP basic configuration settings.png](/img/send-data/OTLP-HTTP-basic-configuration-settings.png) 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data. 1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Set any of the following under **Advanced Options for Logs**: 
![OTLP advanced options part 1.png](/img/send-data/OTLP-advanced-options-part-1.png) * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected. diff --git a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md index 7b1da199e1..87ad284ad4 100644 --- a/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md +++ b/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source.md @@ -55,8 +55,8 @@ To configure the Azure Metrics Source: 1. Enter a **Name** to display for the source in the Sumo Logic web application. The description is optional. 1. (Optional) For **Source Category**, enter any string to tag the output collected from the source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. (Optional) **Fields**. Click the **+Add Field** link to define the fields you want to associate. Each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped. 1. **Tenant Id**. Enter the Tenant Id collected from [Azure platform](#vendor-configuration). 1. **Client Id**. Enter the Client Id collected from [Azure platform](#vendor-configuration). 1. **Client Secret**. Enter the Client Secret collected from [Azure platform](#vendor-configuration). diff --git a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md index ed7d8fea31..b1c0150fa6 100644 --- a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md +++ b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md @@ -107,8 +107,8 @@ During the configuration, you will need to authenticate to Microsoft using sta * For Exchange: **O365/Exchange** * For Azure: **O365/Azure** 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/hosted-collectors/webhook-sources/zoom.md b/docs/send-data/hosted-collectors/webhook-sources/zoom.md index 6a780e267e..cae995f933 100644 --- a/docs/send-data/hosted-collectors/webhook-sources/zoom.md +++ b/docs/send-data/hosted-collectors/webhook-sources/zoom.md @@ -50,8 +50,8 @@ To configure a Zoom Source: 1. Enter a **Name** for the Source. A description is optional. 
zoom-configuration-settings 1. (Optional) For **Source Host** and **Source Category**, enter any string to tag the output collected from the source. These are [built-in metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) fields that allow you to organize your data.For Source Category, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`. 1. **Fields**. Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Zoom Secret Token**. Enter the Zoom secret token from the Zoom Marketplace platform. 1. Set any of the following under **Advanced Options for Logs**: 
Zoom advanced options * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all. diff --git a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md index 53b790e95a..7b0a9aecaf 100644 --- a/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md +++ b/docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md @@ -50,8 +50,8 @@ To configure a Windows Event Log Source: * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Windows Domain. (Remote Source only)** Type the name of the Windows domain, the username for this host, and the password.  * **Event Format**. Select how you want your event logs formatted: diff --git a/docs/send-data/installed-collectors/sources/docker-sources.md b/docs/send-data/installed-collectors/sources/docker-sources.md index fca21a244b..2c9e4beeea 100644 --- a/docs/send-data/installed-collectors/sources/docker-sources.md +++ b/docs/send-data/installed-collectors/sources/docker-sources.md @@ -67,8 +67,8 @@ There are alternative methods for collecting Docker logs and metrics. See [Dock * **Source Category**. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing **`web_apps`** tags all the logs from this Source in the sourceCategory field, so running a search on **`_sourceCategory=web_apps`** would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). If desired, you can use Docker variables to construct the Source Category value. For more information, see [Configure sourceCategory and sourceHost using variables.](#configure-sourcecategory-and-sourcehost-using-variables) * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Configure the Advanced options. diff --git a/docs/send-data/installed-collectors/sources/local-file-source.md b/docs/send-data/installed-collectors/sources/local-file-source.md index 375d425c10..0e1f776a3a 100644 --- a/docs/send-data/installed-collectors/sources/local-file-source.md +++ b/docs/send-data/installed-collectors/sources/local-file-source.md @@ -87,8 +87,8 @@ When the Sumo collector accesses a log file to read its content, the collector o * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Set any of the following options under **Advanced**: Advanced options for log diff --git a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md index 5aace3b0ce..2593ffdf48 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-event-log-source.md @@ -40,8 +40,8 @@ To configure a Local Windows Event Log Source: * **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Event Format**. Select how you want your event logs formatted: ![JSON format name update.png](/img/send-data/JSON-format-name-update.png) * **Collect using legacy format**. Events retain their default text format from Windows. diff --git a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md index 7d5ac0b10a..1f15245ddb 100644 --- a/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source.md @@ -28,8 +28,8 @@ To configure a Local Windows Performance Monitor Log Source: * **Source Category.** Enter a string used to tag the logs collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good Source Category, Bad Source Category](/docs/send-data/best-practices). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](local-windows-performance-monitor-log-source.md) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. **Processing Rules.** (Optional.) To add rules or filters click **Add Rule**. Enter a name, a filter, and select the type. Then click **Apply**. 1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query. diff --git a/docs/send-data/installed-collectors/sources/remote-file-source/index.md b/docs/send-data/installed-collectors/sources/remote-file-source/index.md index ce076ab347..dd63d89d62 100644 --- a/docs/send-data/installed-collectors/sources/remote-file-source/index.md +++ b/docs/send-data/installed-collectors/sources/remote-file-source/index.md @@ -40,8 +40,8 @@ To configure a Remote File Source: * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. Choose the type of Credentials used for this Source: diff --git a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md index ead7e4ca2d..005ac55dbe 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md @@ -45,8 +45,8 @@ To configure a remote Windows Event Log Source: * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below. * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Windows Domain.** Type the name of the Windows domain, the username for this host, and the password.  * **Event Format**. Select how you want your event logs formatted: ![JSON format name update.png](/img/send-data/JSON-format-name-update.png) diff --git a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md index a034a317b4..e321c0f7e3 100644 --- a/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md +++ b/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source.md @@ -36,8 +36,8 @@ To configure a remote Windows Performance Monitor Log Source: * **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md). * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Windows Domain.** Type the name of the Windows Domain, the Username for this host, and the Password. 1. **Perfmon Queries.** Select from the provided default Perfmon Queries, or create your own custom query. diff --git a/docs/send-data/installed-collectors/sources/script-source/index.md b/docs/send-data/installed-collectors/sources/script-source/index.md index 5ece1c05ef..8705d4d82d 100644 --- a/docs/send-data/installed-collectors/sources/script-source/index.md +++ b/docs/send-data/installed-collectors/sources/script-source/index.md @@ -45,8 +45,8 @@ To configure a Script Source: 1. For **Source Category**, enter any information you'd like to include in the metadata. This Source Category value is stored in a searchable metadata field called _sourceCategory. See our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory and sourceHost using variables](#configuring-sourcecategory-and-sourcehost-using-variables), below. 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value. - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. 1. For **Frequency**, choose one of the following: * An option to run the script at the selected frequency. diff --git a/docs/send-data/installed-collectors/sources/syslog-source.md b/docs/send-data/installed-collectors/sources/syslog-source.md index a3a0dd633d..0a27db7973 100644 --- a/docs/send-data/installed-collectors/sources/syslog-source.md +++ b/docs/send-data/installed-collectors/sources/syslog-source.md @@ -26,8 +26,8 @@ If you are editing a Source, metadata changes are reflected going forward. Metad 1. **Port.** Enter the port number for the Source to listen to. If the collector runs as root (default), use 514. Otherwise, consider 1514 or 5140. Make sure the devices are sending to the same port. 1. **Source Category.** Enter a string to tag the collected messages with the searchable metadata field `_sourceCategory`. For example, enter **firewall** to tag all collected messages in a field called `_sourceCategory`. Enter *`_sourceCategory=firewall`* in the Search field to return results from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). 1. **Fields.** Click the **+Add Field** link to define the fields you want to associate; each field needs a name (key) and value.
- * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. :::note If you have [Cloud SIEM](/docs/cse) installed and you want to forward log data to Cloud SIEM, click the **+Add Field** link and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM. ::: diff --git a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md index d061400f9e..7a80e3f17e 100644 --- a/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md +++ b/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source.md @@ -49,8 +49,8 @@ To configure a Windows Active Directory Inventory Source: * `_siemProduct`: Windows * `_siemForward`: true * `_siemDataType`: Inventory - * green check circle.png A green circle with a check mark is shown when the field exists in the Fields table schema. - * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. + * green check circle.png A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. + * orange exclamation point.png An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. * **Active Directory Attributes**. (Optional) * **Additional Attributes**. Provide a semi-colon separated list of the LDAP Names of Active Directory attributes to report, in addition to the default list: * Username