Merge branch 'main' into windowsSTMasking

SumoLogic · Oct 24, 2024 · 889fe8c · 889fe8c
2 parents d43707d + b977dc5
commit 889fe8c
Show file tree

Hide file tree

Showing 36 changed files with 452 additions and 219 deletions.
diff --git a/blog-service/2024-10-21-collection.md b/blog-service/2024-10-21-collection.md
@@ -0,0 +1,14 @@
+---
+title: Digital Guardian C2C Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - collection
+  - digital-guardian
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce the release of our new cloud-to-cloud source for Digital Guardian. This source helps you to collect export data logs using the Export API and uses Acknowledge API to advance the bookmark value to obtain the next chunk of data from export endpoint to ingests it into Sumo Logic. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source).
diff --git a/blog-service/2024-10-22-alerts.md b/blog-service/2024-10-22-alerts.md
@@ -0,0 +1,25 @@
+---
+title: AI-Driven Alerts for Metrics Anomalies (Monitors)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - metrics
+  - monitors
+  - alerts
+  - anomalies
+  - ai
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce the general availability of AI-driven alerts for metrics anomalies, extending our AI-driven alerting to metrics-based monitors. This release helps reduce alert fatigue and enables faster incident resolution with automated playbooks.
+
+### Key Features
+
+* **Advanced anomaly detection**. Uses 30 days of historical metrics data to establish baselines and detect critical anomalies.
+* **Customizable detection**. Configure detection based on specific criteria, like multiple anomalous data points within a time window.
+* **Playbook integration**. Automate responses by linking playbooks to streamline diagnosis and recovery.
+
+[Learn more](/docs/alerts/monitors/create-monitor)
diff --git a/blog-service/2024-10-22-monitors.md b/blog-service/2024-10-22-monitors.md
@@ -0,0 +1,14 @@
+---
+title: Convert to Anomaly Feature for Log Monitors (Monitors)
+image: https://www.sumologic.com/img/logo.svg
+keywords:
+  - monitors
+  - alerts
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We’ve added the **Convert to Anomaly** option, allowing you to convert outlier monitors into anomaly-based monitors for more efficient data usage and reduced alert noise. Please note that this feature is only available for log monitors at this time. [Learn more](/docs/alerts/monitors/settings).
diff --git a/cid-redirects.json b/cid-redirects.json
@@ -2694,6 +2694,7 @@
   "/cid/30040": "/docs/integrations/microsoft-azure/azure-hdinsight",
   "/cid/21001": "/docs/integrations/google/cloud-alloydb-for-postgresql",
   "/cid/21342": "/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source",
+  "/cid/21343": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source",
   "/cid/21002": "/docs/integrations/google/cloud-api-gateway",
   "/cid/21003": "/docs/integrations/google/cloud-apis",
   "/cid/21004": "/docs/integrations/google/cloud-armor",

diff --git a/docs/alerts/monitors/create-monitor.md b/docs/alerts/monitors/create-monitor.md
diff --git a/docs/alerts/monitors/settings.md b/docs/alerts/monitors/settings.md
@@ -8,14 +8,14 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 The monitors page allows you to view, create, manage, and organize your monitors. To access it from the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), select **Manage Data > Monitoring > Monitors**; from the [**New UI**](/docs/get-started/sumo-logic-ui/), select **Alerts > Monitors**.
 
-![monitors page](/img/alerts/monitors/monitors-page.png)
+<img src={useBaseUrl('img/alerts/monitors/monitors-page.png')} alt="Monitors page" style={{border: '1px solid gray'}} width="800" />
 
 ## Monitor attributes
 
 Each monitor is assigned the following attributes:
 * **Name**. Name of the monitor.
 * **Status**. Shows the status of the monitor - **Normal, Critical, Warning, or Missing Data**. A monitor can be in multiple states at the same time. Normal indicates none of the trigger conditions are met and your data is actively being monitored.
-   * For **Critical** and **Missing Data** monitors, hover your cursor over its **Status** and click the open icon to view all alerts triggered by that monitor.<br/><img src={useBaseUrl('img/alerts/monitors/monitors-shortcut.png')} alt="monitor shortcut" width="300" />
+   * For **Critical** and **Missing Data** monitors, hover your cursor over its **Status** and click the open icon to view all alerts triggered by that monitor.<br/><img src={useBaseUrl('img/alerts/monitors/monitors-shortcut.png')} alt="monitor shortcut" style={{border: '1px solid gray'}} width="300" />
 * **Subscribed**. Indicates whether or not you're subscribed to receive alerts from a monitor.
 * **Type**. Indicates whether the monitor type is either logs or metrics.
 * **Tags**. Lists the [tag(s)](#tags) applied to a monitor.
@@ -26,23 +26,23 @@ Each monitor is assigned the following attributes:
 ## Search and filter monitors
 
 At the top of the page, you can:
-* **Search Monitors**. If you know a monitor's name or partial name, enter that in the input field to run a search. <br/><img src={useBaseUrl('img/alerts/monitors/search-monitors.png')} alt="search monitors input" width="600"/>
-   * **Add a filter**. Click in this field to view a list of available filters, such as Status and Tag, to search monitor attributes. To view all monitors that are currently triggered, click **Status: All Triggered**. <br/><img src={useBaseUrl('img/alerts/monitors/filter-monitors.png')} alt="search monitors input" width="600"/>
-* **Add** > **New Folder**. Creates a folder to organize your monitors.<br/><img src={useBaseUrl('img/alerts/monitors/new-folder.png')} alt="import-folder" width="200"/>
-* **Add** > **New Monitor**. Creates a [new monitor](/docs/alerts/monitors/create-monitor).<br/><img src={useBaseUrl('img/alerts/monitors/new-monitor.png')} alt="new-monitor" width="200"/>
-* **Add** > **Import**. Imports monitors from the exported JSON you copied from the **More Actions** menu in the [Details pane](#monitor-details-pane) of the original monitor.<br/><img src={useBaseUrl('img/alerts/monitors/import-monitor.png')} alt="import-monitor" width="200"/>
+* **Search Monitors**. If you know a monitor's name or partial name, enter that in the input field to run a search. <br/><img src={useBaseUrl('img/alerts/monitors/search-monitors.png')} alt="search monitors input" style={{border: '1px solid gray'}} width="600"/>
+   * **Add a filter**. Click in this field to view a list of available filters, such as Status and Tag, to search monitor attributes. To view all monitors that are currently triggered, click **Status: All Triggered**. <br/><img src={useBaseUrl('img/alerts/monitors/filter-monitors.png')} alt="search monitors input" style={{border: '1px solid gray'}} width="600"/>
+* **Add** > **New Folder**. Creates a folder to organize your monitors.<br/><img src={useBaseUrl('img/alerts/monitors/new-folder.png')} alt="import-folder" style={{border: '1px solid gray'}} width="200"/>
+* **Add** > **New Monitor**. Creates a [new monitor](/docs/alerts/monitors/create-monitor).<br/><img src={useBaseUrl('img/alerts/monitors/new-monitor.png')} alt="new-monitor" style={{border: '1px solid gray'}} width="200"/>
+* **Add** > **Import**. Imports monitors from the exported JSON you copied from the **More Actions** menu in the [Details pane](#monitor-details-pane) of the original monitor.<br/><img src={useBaseUrl('img/alerts/monitors/import-monitor.png')} alt="import-monitor" style={{border: '1px solid gray'}} width="200"/>
 
 :::important
 The **Import** function is provided for you to transfer data immediately. The Sumo Logic JSON format may change without notice. There is no guarantee that you will be able to import the JSON in the future.
 :::
 
 ## Quick menu
 
-The quick menu allows you to make changes to the monitor without opening the Details pane. Find and hover your mouse over a monitor in the monitors table. A three-dot kebab icon appears on the right of the row. Click the three-dot kebab icon to view a menu with all of the options available in the [Details pane](#monitor-details-pane).<br/>![quick menu](/img/alerts/monitors/quick-menu-monitors.png)
+The quick menu allows you to make changes to the monitor without opening the Details pane. Find and hover your mouse over a monitor in the monitors table. A three-dot kebab icon appears on the right of the row. Click the three-dot kebab icon to view a menu with all of the options available in the [Details pane](#monitor-details-pane).<br/><img src={useBaseUrl('img/alerts/monitors/quick-menu-monitors.png')} alt="Quick menu.png" style={{border: '1px solid gray'}} width="800"/>
 
 ## Monitor details pane
 
-The monitor details pane provides additional information about a selected monitor, like its query, trigger conditions, and notification preferences. Select any monitor from your **Monitors** list, and a details pane will appear to the right of the table.<br/><img src={useBaseUrl('img/alerts/monitors/monitor-details.png')} alt="monitor-details.png" width="600"/>
+The monitor details pane provides additional information about a selected monitor, like its query, trigger conditions, and notification preferences. Select any monitor from your **Monitors** list, and a details pane will appear to the right of the table.<br/><img src={useBaseUrl('img/alerts/monitors/monitor-details.png')} alt="monitor-details.png" style={{border: '1px solid gray'}} width="600"/>
 
 In addition to the details listed under [Monitor attributes](#monitor-attributes), you'll also see the following:
 
@@ -56,6 +56,24 @@ In addition to the details listed under [Monitor attributes](#monitor-attributes
 * **Alert Grouping**.
 * **Trigger Conditions**. Thresholds value that must met for monitor to trigger an alert.  Applicable values include Critical, Warning, and Missing Data. These values are set when you create a monitor and can be based on a variety of metrics such as CPU usage, network latency, application response time.
 
+
+### Convert to anomaly
+
+:::note Log monitors only  
+Metrics monitors not supported at this time.  
+:::
+
+Outlier monitors are functionally similar to anomaly monitors, but they tend to generate more noise. From a data usage perspective, anomaly monitors are more cost-effective.
+
+To reduce data usage and alert frequency, you can convert an existing outlier monitor to an anomaly-based monitor by clicking **Convert to Anomaly**. This action will open a monitor configuration window with the [detection method](/docs/alerts/monitors/create-monitor/#detection-method) preset to **Anomaly**, and you can adjust other settings as needed. You’ll then have the option to either disable the original outlier monitor or keep it active.<br/><img src={useBaseUrl('img/alerts/monitors/convert-to-anomaly.png')} alt="convert-to-anomaly" style={{border: '1px solid gray'}} width="600"/>
+
+Alternatively, you can do this from the **Scan Estimates** pop-up.<br/><img src={useBaseUrl('img/alerts/monitors/scan-estimates-anomaly.png')} alt="convert-to-anomaly from scan estimates" style={{border: '1px solid gray'}} width="600"/>
+
+For more guidance on optimizing scan costs on Flex Pricing plans, see:
+* [Scan estimates](/docs/manage/partitions/flex/estimate-scan-data)
+* [Optimizing scan costs for monitors](/docs/alerts/monitors/monitor-faq/#how-can-i-optimize-scan-costs-for-monitors-when-using-flex-pricing)
+
+
 ### View in Log Search
 
 The **View in Log Search** button opens a new **Log Search** page with the monitor’s query preloaded in the search field. You can run the query to compare the search results against the threshold values set in your monitor.
@@ -79,19 +97,19 @@ Note that the same threshold translating functionality supports to [Creating Mon
 
 Click the **Edit** button to make changes to the selected monitor.
 
-<img src={useBaseUrl('img/alerts/monitors/edit-monitor.png')} alt="edit-monitor" width="500"/>
+<img src={useBaseUrl('img/alerts/monitors/edit-monitor.png')} alt="edit-monitor" style={{border: '1px solid gray'}} width="500"/>
 
 ### Disable a monitor
 
 Click the **Disable** button put the monitor in a disabled state so it will not fire any notifications.
 
-<img src={useBaseUrl('img/alerts/monitors/disable-monitor.png')} alt="disable-monitor" width="500"/>
+<img src={useBaseUrl('img/alerts/monitors/disable-monitor.png')} alt="disable-monitor" style={{border: '1px solid gray'}} width="500"/>
 
 ### Mute a monitor
 
 Click the **Mute** button mute the monitor. See also: [Muting Schedules](/docs/alerts/monitors/muting-schedules).
 
-<img src={useBaseUrl('img/alerts/monitors/mute-monitor.png')} alt="mute-monitor" width="500"/>
+<img src={useBaseUrl('img/alerts/monitors/mute-monitor.png')} alt="mute-monitor" style={{border: '1px solid gray'}} width="500"/>
 
 ### More actions
 
@@ -102,7 +120,7 @@ Click the **More Actions** menu to view more options, including:
 * **Move**. Moves the monitor to a different path.
 * **Export**. Provides JSON of the monitor, allowing you to transfer content within Sumo Logic by copying this JSON, then pasting it into the import dialog in the [Library](/docs/get-started/library) location you choose. This JSON format may change without notice. 
 
-<img src={useBaseUrl('img/alerts/monitors/more-actions.png')} alt="monitor more actions" width="600"/>
+<img src={useBaseUrl('img/alerts/monitors/more-actions.png')} alt="monitor more actions" style={{border: '1px solid gray'}} width="600"/>
 
 ## Tags
 
@@ -164,4 +182,4 @@ The permissions you set for a folder are inherited by that folder’s subfolders
 
 ## Monitor History
 
-In the **Monitor History** tab, you can view the history of all triggered alerts of your selected monitor.<br/><img src={useBaseUrl('img/alerts/monitors/monitor-history.png')} alt="monitor-history.png" width="300"/>
+In the **Monitor History** tab, you can view the history of all triggered alerts of your selected monitor.<br/><img src={useBaseUrl('img/alerts/monitors/monitor-history.png')} alt="monitor-history.png" style={{border: '1px solid gray'}} width="300"/>
diff --git a/docs/alerts/webhook-connections/servicenow/set-up-searches.md b/docs/alerts/webhook-connections/servicenow/set-up-searches.md
@@ -23,7 +23,6 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi
 1. Choose an option from the **Run Frequency** menu:
 
    * **Never.** Choose this option to temporarily **turn off a scheduled search**.
-   * **Real Time.** Enterprise and paid trial customers can use this option to set up [Real Time Alerts](../../../alerts/scheduled-searches/create-real-time-alert.md).
    * **Every 15 Minutes.** The search will run for the first time when you save the schedule, and then every 15 minutes after that.
    * **Hourly.** The search will run for the first time at the top of the next hour after you save the schedule, and then every hour after that. * **Every 2, 4, 6, 8, or 12 Hours.** The search will run for the first time at the top of the hour you choose.
    * **Daily.** Choose the time you'd like to run the search every day. A Daily search will cover exactly 24 hours of activity. You can change the schedule whenever you'd like.

diff --git a/docs/api/search-job.md b/docs/api/search-job.md
@@ -70,14 +70,14 @@ You can start requesting results asynchronously while the job is running and pag
 
 ## Search Job Result Limits
 
-| Data Tier | Non-aggregate Search (messages) |
+| Data Tier | Non-aggregate Search |
 | :- | :- |
-| Continuous | Can return up to 100K records per search. |
-| Frequent  | Can return up to 100K records per search. |
-| Infrequent  | Can return up to 100K records per search. |
+| Continuous | Can return up to 10M records and 100K messages per search. |
+| Frequent  | Can return up to 10M records and 100K messages per search. |
+| Infrequent  | Can return up to 10M records and 100K messages per search. |
 
 :::info
-Flex Licensing model can return up to 100K records per search.
+Flex Licensing model can return up to 10M records and 100K messages per search.
 :::
 
 If you need more results, you'll need to break up your search into several searches that span smaller blocks of the time range needed. For example, if your search runs for a week and returns 70 million records, consider breaking it into at least seven searches, each spanning a day.
@@ -110,7 +110,7 @@ The following figure shows the process flow for search jobs.
 2. **Response.** Sumo Logic responds with a job ID. If there’s a problem with the request, an error code is provided (see the list of error codes following the figure).
 3. **Request.** Use the job ID to request search status. This needs to be done at least every 20-30 seconds so the search session is not canceled due to inactivity.
 4. **Response.** Sumo Logic responds with job status. An error code (404) is returned if the request could not be completed. The status includes the current state of the search job (gathering results, done executing, etc.). It also includes the message and record counts based on how many results have already been found while executing the search. For non-aggregation queries, only the number of messages is reported. For aggregation queries, the number of records produced is also reported. The search job status provides access to an implicitly generated histogram of the distribution of found messages over the time range specified for the search job. During and after execution, the API can be used to request available messages and records in a paging fashion.
-5. **Request.** You request results. It’s not necessary for the search to be complete for the user to request results; the process works asynchronously. You can repeat the request as often as needed to keep seeing updated results, keeping in mind the rate limits. The Search Job API can return up to 100K records per search query.
+5. **Request.** You request results. It’s not necessary for the search to be complete for the user to request results; the process works asynchronously. You can repeat the request as often as needed to keep seeing updated results, keeping in mind the rate limits. The Search Job API can return up to 10M records and 100K messages per search.
 6. **Response.** Sumo Logic delivers JSON-formatted search results as requested. The API can deliver partial results that the user can start paging through, even as new results continue to come in. If there’s a problem with the results, an error code is provided (see the list of error codes following the figure).