Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOCS-362 - Log Search Behavior Insights refactor #4869

Merged
merged 8 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion blog-service/2021/12-31.md
Original file line number Diff line number Diff line change
Expand Up @@ -566,7 +566,7 @@ Update - The [alert variable](/docs/alerts/monitors/alert-variables) `Results
---
## April 7, 2021 (Search)

Update - The LogReduce operator now provides an [optimize option](/docs/search/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
Update - The LogReduce operator now provides an [optimize option](/docs/search/behavior-insights/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.

---
## April 6, 2021 (Dashboard)
Expand Down
78 changes: 43 additions & 35 deletions cid-redirects.json
Original file line number Diff line number Diff line change
Expand Up @@ -370,8 +370,8 @@
"/05Search/Anomaly-Detection/Anomalies-Page/Drill-Down-into-Events": "/docs/dashboards/drill-down-to-discover-root-causes",
"/05Search/Behavior_Insights": "/docs/search/behavior-insights",
"/05Search/Behavior_Insights/LogExplain": "/docs/search/behavior-insights/logexplain",
"/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce-keys",
"/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce-values",
"/05Search/Behavior_Insights/LogReduce_Keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
"/05Search/Behavior_Insights/LogReduce_Values": "/docs/search/behavior-insights/logreduce/logreduce-values",
"/05Search/Get-Started-with-Search": "/docs/search/get-started-with-search",
"/05Search/Get-Started-with-Search/How-to-Build-a-Search": "/docs/search/get-started-with-search/build-search",
"/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices%3A-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
Expand Down Expand Up @@ -435,17 +435,17 @@
"/05Search/Live-Tail/Live-Tail-Show-in-Search": "/docs/search/live-tail/live-tail-show-in-search",
"/05Search/Live-Tail/Multiple-Live-Tails": "/docs/search/live-tail/multiple-live-tails",
"/05Search/Live-Tail/Troubleshooting-Live-Tail": "/docs/search/live-tail/troubleshooting-live-tail",
"/05Search/LogCompare": "/docs/search/logcompare",
"/05Search/LogCompare/About-LogCompare": "/docs/search/logcompare",
"/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/logcompare",
"/05Search/LogCompare/LogCompare-Syntax": "/docs/search/logcompare",
"/05Search/LogCompare/Run-LogCompare": "/docs/search/logcompare",
"/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/logcompare",
"/05Search/LogReduce": "/docs/search/logreduce/logreduce-operator",
"/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/logreduce/logreduce-operator",
"/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/logreduce/detect-patterns-with-logreduce",
"/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/logreduce/influence-the-logreduce-outcome",
"/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
"/05Search/LogCompare": "/docs/search/behavior-insights/logcompare",
"/05Search/LogCompare/About-LogCompare": "/docs/search/behavior-insights/logcompare",
"/05Search/LogCompare/Create-a-LogCompare-Email-Alert": "/docs/search/behavior-insights/logcompare",
"/05Search/LogCompare/LogCompare-Syntax": "/docs/search/behavior-insights/logcompare",
"/05Search/LogCompare/Run-LogCompare": "/docs/search/behavior-insights/logcompare",
"/05Search/LogCompare/Understand-LogCompare-Results": "/docs/search/behavior-insights/logcompare",
"/05Search/LogReduce": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/05Search/LogReduce/01-LogReduce-Operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/05Search/LogReduce/Detect-Patterns-with-LogReduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
"/05Search/LogReduce/Influence-the-LogReduce-Outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
"/05Search/LogReduce/Understand-the-LogReduce-Relevance-Column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
"/05Search/Lookup_Tables": "/docs/search/lookup-tables",
"/05Search/Lookup_Tables/01_Create_a_Lookup_Table0": "/docs/search/lookup-tables/create-lookup-table",
"/05Search/Lookup_Tables/01_Create_a_Lookup_Table": "/docs/search/lookup-tables/create-lookup-table",
Expand Down Expand Up @@ -1700,7 +1700,7 @@
"/cid/10450": "/docs/alerts/webhook-connections/microsoft-teams",
"/cid/1046": "/docs/alerts/webhook-connections/pagerduty",
"/cid/1047": "/docs/alerts/webhook-connections/datadog",
"/cid/1048": "/docs/search/logcompare",
"/cid/1048": "/docs/search/behavior-insights/logcompare",
"/cid/1049": "/docs/get-started",
"/cid/1050": "/docs/integrations/amazon-aws/s3-audit",
"/cid/1051": "/docs/integrations/amazon-aws/vpc-flow-logs",
Expand All @@ -1717,8 +1717,8 @@
"/cid/1061": "/release-notes-collector",
"/cid/1062": "/docs/alerts/webhook-connections",
"/cid/1063": "/docs/alerts/webhook-connections/aws-lambda",
"/cid/1064": "/docs/search/logreduce/logreduce-operator",
"/cid/1065": "/docs/search/logreduce/logreduce-operator",
"/cid/1064": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/cid/1065": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/cid/1066": "/docs/send-data/hosted-collectors/cloud-syslog-source",
"/cid/1067": "/docs/search/live-tail/live-tail-cli",
"/cid/1068": "/docs/search/live-tail/about-live-tail",
Expand Down Expand Up @@ -1874,7 +1874,7 @@
"/cid/2005": "/docs/search/get-started-with-search",
"/cid/2006": "/docs/search/search-query-language/search-operators/manually-cast-data-string-number",
"/cid/2008": "/docs/send-data/installed-collectors/linux",
"/cid/2009": "/docs/search/logcompare",
"/cid/2009": "/docs/search/behavior-insights/logcompare",
"/cid/2010": "/docs/search/search-query-language/search-operators/if",
"/cid/2011": "/docs/get-started/help",
"/cid/2012": "/docs/manage/security/enable-support-account",
Expand All @@ -1885,15 +1885,15 @@
"/cid/2017": "/docs/manage/users-roles/users/delete-user",
"/cid/2018": "/docs/send-data/installed-collectors/windows",
"/cid/2019": "/docs/integrations/pci-compliance/linux",
"/cid/2021": "/docs/search/logreduce/detect-patterns-with-logreduce",
"/cid/2021": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
"/cid/2022": "/docs/send-data/installed-collectors",
"/cid/2023": "/docs/send-data/collection/edit-collector",
"/cid/2024": "/docs/search/get-started-with-search/search-basics/export-search-results",
"/cid/2026": "/",
"/cid/2027": "/docs/search/get-started-with-search/build-search/keyword-search-expressions",
"/cid/2028": "/docs/search/get-started-with-search",
"/cid/2030": "/docs/search/search-query-language/group-aggregate-operators",
"/cid/2032": "/docs/search/logreduce/influence-the-logreduce-outcome",
"/cid/2032": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
"/cid/2033": "/docs/get-started",
"/cid/2036": "/docs/integrations/hosts-operating-systems/linux",
"/cid/2038": "/docs/search/search-query-language/math-expressions",
Expand All @@ -1908,20 +1908,20 @@
"/cid/2047": "/docs/search/get-started-with-search/search-basics/pause-cancel-search",
"/cid/2049": "/docs/send-data/installed-collectors/sources/remote-file-source/prerequisites-windows-remote-file-collection",
"/cid/2050": "/docs/get-started",
"/cid/2057": "/docs/search/logcompare",
"/cid/2057": "/docs/search/behavior-insights/logcompare",
"/cid/2058": "/docs/alerts/scheduled-searches/create-email-alert",
"/cid/2059": "/docs/search/get-started-with-search/search-basics/save-search",
"/cid/2060": "/docs/search/logcompare",
"/cid/2060": "/docs/search/behavior-insights/logcompare",
"/cid/2064": "/docs/search/search-cheat-sheets/general-search-examples",
"/cid/2066": "/docs/search/get-started-with-search/search-basics/search-surrounding-messages",
"/cid/2068": "/docs/integrations/saas-cloud/fastly",
"/cid/2069": "/docs/integrations/app-development/gitlab",
"/cid/2070": "/docs/search/search-query-language/search-operators/sort",
"/cid/2071": "/docs/send-data/collection/start-stop-collector-using-scripts",
"/cid/2072": "/docs/search/get-started-with-search/suggested-searches",
"/cid/2073": "/docs/search/logcompare",
"/cid/2074": "/docs/search/logreduce/logreduce-operator",
"/cid/2075": "/docs/search/logreduce/logreduce-operator",
"/cid/2073": "/docs/search/behavior-insights/logcompare",
"/cid/2074": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/cid/2075": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/cid/2076": "/docs/get-started",
"/cid/2077": "/docs/get-started",
"/cid/2078": "/docs/search/search-query-language/search-operators/if",
Expand Down Expand Up @@ -2086,7 +2086,7 @@
"/cid/4412": "/docs/integrations/saas-cloud/crowdstrike-fdr-host-inventory",
"/cid/44122": "/docs/integrations/saas-cloud/crowdstrike-spotlight",
"/cid/44123": "/docs/integrations/saas-cloud/crowdstrike-falcon-filevantage",
"/cid/4020": "/docs/search/logreduce",
"/cid/4020": "/docs/search/behavior-insights/logreduce",
"/cid/4021": "/docs/search/search-query-language/search-operators/accum",
"/cid/40001": "/docs/search/search-query-language/search-operators/as",
"/cid/40002": "/docs/search/search-query-language/search-operators/asn-lookup",
Expand Down Expand Up @@ -2282,7 +2282,7 @@
"/cid/5134": "/docs/dashboards/panels",
"/cid/5135": "/docs/dashboards/drill-down-to-discover-root-causes",
"/cid/5136": "/docs/get-started/library",
"/cid/5138": "/docs/search/logreduce/influence-the-logreduce-outcome",
"/cid/5138": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
"/cid/5139": "/docs/send-data/collection/edit-source",
"/cid/5140": "/docs/get-started/library",
"/cid/5143": "/docs/manage/users-roles/roles/create-manage-roles",
Expand Down Expand Up @@ -2420,7 +2420,7 @@
"/cid/5334": "/docs/search/get-started-with-search/suggested-searches/microsoft-iis-parser",
"/cid/5335": "/docs/search",
"/cid/5336": "/docs/send-data/collection/search-for-a-collector-or-source",
"/cid/5339": "/docs/search/logreduce",
"/cid/5339": "/docs/search/behavior-insights/logreduce",
"/cid/5340": "/docs/integrations/sumo-apps/security-analytics",
"/cid/5341": "/docs/integrations/sumo-apps/security-analytics",
"/cid/5342": "/docs/alerts/webhook-connections/servicenow",
Expand All @@ -2436,7 +2436,7 @@
"/cid/5356": "/docs/dashboards/panels/modify-chart",
"/cid/5368": "/docs/dashboards/panels/single-value-charts",
"/cid/5375": "/",
"/cid/5377": "/docs/search/logreduce/understand-the-logreduce-relevance-column",
"/cid/5377": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
"/cid/5378": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
"/cid/5379": "/docs/integrations/amazon-aws/elastic-load-balancing",
"/cid/5380": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-cloudtrail",
Expand Down Expand Up @@ -2475,7 +2475,7 @@
"/cid/5444": "/docs/integrations/web-servers/varnish",
"/cid/5445": "/docs/integrations/web-servers/varnish",
"/cid/5446": "/docs/integrations/containers-orchestration/vmware-legacy",
"/cid/5448": "/docs/search/logreduce/detect-patterns-with-logreduce",
"/cid/5448": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
"/cid/5449": "/docs/integrations/containers-orchestration/vmware-legacy",
"/cid/5450": "/",
"/cid/5454": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
Expand Down Expand Up @@ -2684,8 +2684,8 @@
"/cid/23411": "/docs/integrations/saas-cloud/sophos",
"/cid/9078": "/docs/manage/users-roles/roles/construct-search-filter-for-role",
"/cid/915200739": "/docs/observability/sdo/about-sdo",
"/cid/9201": "/docs/search/behavior-insights/logreduce-keys",
"/cid/9202": "/docs/search/behavior-insights/logreduce-values",
"/cid/9201": "/docs/search/behavior-insights/logreduce/logreduce-keys",
"/cid/9202": "/docs/search/behavior-insights/logreduce/logreduce-values",
"/cid/9205": "/docs/search/behavior-insights/logexplain",
"/cid/96734": "/docs/send-data/hosted-collectors/http-source/troubleshooting",
"/cid/97652": "/docs/integrations/saas-cloud/qualys-vmdr",
Expand Down Expand Up @@ -3796,9 +3796,9 @@
"/Search/Get_Started_with_Search/Search_Basics/Search_Metadata": "/docs/search/get-started-with-search/search-basics",
"/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App": "/docs/integrations/sumo-apps/data-volume",
"/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App/Data-Volume-App-Dashboards": "/docs/integrations/sumo-apps/data-volume",
"/Search/LogCompare": "/docs/search/logcompare",
"/Search/LogCompare/About_LogCompare": "/docs/search/logcompare",
"/Search/LogReduce": "/docs/search/logreduce",
"/Search/LogCompare": "/docs/search/behavior-insights/logcompare",
"/Search/LogCompare/About_LogCompare": "/docs/search/behavior-insights/logcompare",
"/Search/LogReduce": "/docs/search/behavior-insights/logreduce",
"/Query_Language": "/docs/search/search-query-language",
"/Search/Search_Query_Language": "/docs/search/search-query-language",
"/Search/Search_Query_Language/Parse_Operators/CSV_Operator": "/docs/search/search-query-language/parse-operators/parse-csv-formatted-logs",
Expand Down Expand Up @@ -4183,5 +4183,13 @@
"/docs/integrations/amazon-aws/aurora-mysql-ulm": "/docs/integrations/amazon-aws/rds",
"/docs/integrations/amazon-aws/aurora-postgresql-ulm": "/docs/integrations/amazon-aws/rds",
"/docs/integrations/amazon-aws/elastic-load-balancer-app": "/docs/integrations/amazon-aws/application-load-balancer",
"/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer"
"/docs/integrations/amazon-aws/elastic-load-balancing-classic": "/docs/integrations/amazon-aws/classic-load-balancer",
"/docs/search/logcompare": "/docs/search/behavior-insights/logcompare",
"/docs/search/behavior-insights/logreduce-keys": "/docs/search/behavior-insights/logreduce/logreduce-keys",
"/docs/search/logreduce": "/docs/search/behavior-insights/logreduce",
"/docs/search/logreduce/logreduce-operator": "/docs/search/behavior-insights/logreduce/logreduce-operator",
"/docs/search/logreduce/detect-patterns-with-logreduce": "/docs/search/behavior-insights/logreduce/detect-patterns-with-logreduce",
"/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
"/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
"/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values"
}
2 changes: 1 addition & 1 deletion docs/alerts/monitors/alert-response-faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ Sumo Logic detects and maintains a signature library. It does that by analyzing

There could be cases where the process has still not cataloged a new log message to a signature. As a result, it would get bundled into the "Others" category. This problem should be fixed automatically after some time (when the background process runs).

You can also force run the signature cataloging process manually, by calling the [LogCompare](../../search/logcompare.md) or [LogReduce](/docs/search/logreduce) operators from the Log Search page. 
You can also force run the signature cataloging process manually, by calling the [LogCompare](/docs/search/behavior-insights/logcompare) or [LogReduce](/docs/search/behavior-insights/logreduce) operators from the Log Search page. 

## I don’t see the Dimensional Explanation card for logs-based alert

Expand Down
2 changes: 1 addition & 1 deletion docs/alerts/monitors/alert-response.md
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ See [Using tags in alerts](/docs/alerts/monitors/settings/#using-tags-in-alerts)

### Log fluctuations

This card detects different signatures in your log messages using [LogReduce](/docs/search/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.
This card detects different signatures in your log messages using [LogReduce](/docs/search/behavior-insights/logreduce) such as errors, exceptions, timeouts, and successes. It compares log signatures trends with a normal baseline period and surfaces noteworthy changes in signatures.

* **New**. Log signatures that were only seen after the Alert was triggered but not one hour prior to the Alert start time.
* **Gone**. Log signatures that are not present after the Alert was created but were present one hour prior to the Alert start time, such as **Transaction Succeeded** or **Success**.
Expand Down
2 changes: 1 addition & 1 deletion docs/alerts/monitors/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ Custom variables used inside the Action Payload.
### General

* [Receipt Time](../../search/get-started-with-search/build-search/use-receipt-time.md) is not supported.
* [LogReduce](/docs/search/logreduce/logreduce-operator) / [LogCompare](../../search/logcompare.md) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.
* [LogReduce](/docs/search/behavior-insights/logreduce/logreduce-operator) / [LogCompare](/docs/search/behavior-insights/logcompare) operators are not supported in monitors. If your query contains these operators, you will not be able to create the monitor.
* Monitors only support the [Continuous data tier](/docs/manage/partitions/data-tiers).
* An aggregate Metric Monitor can evaluate up to 15,000 time series. A non-aggregate Metric Monitor can evaluate up to 3,000 time series.
* [Save to Index](../scheduled-searches/save-to-index.md) and [Save to Lookup](../scheduled-searches/save-to-lookup.md) are not supported.
Expand Down
4 changes: 2 additions & 2 deletions docs/contributing/glossary.md
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,9 @@ We also maintain a [DevOps and Security Glossary](https://www.sumologic.com/glos

**[Local Configuration File Management](/docs/send-data/use-json-configure-sources/local-configuration-file-management)**. Local Configuration File Management allows you to set up and manage Sources on an Installed Collector using one or more JSON files.

**[LogCompare](/docs/search/logcompare)**. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns.
**[LogCompare](/docs/search/behavior-insights/logcompare)**. LogCompare allows you to compare a section of your log messages from one point in time with the same section at another point in time, and display the changes in patterns.

**[LogReduce](/docs/search/logreduce)**. LogReduce uses fuzzy logic to cluster messages together based on string and pattern similarity. Use the LogReduce button and operator to quickly assess activity patterns for things like a range of devices or traffic on a website.
**[LogReduce](/docs/search/behavior-insights/logreduce)**. LogReduce uses fuzzy logic to cluster messages together based on string and pattern similarity. Use the LogReduce button and operator to quickly assess activity patterns for things like a range of devices or traffic on a website.

**[Logs-to-Metrics](/docs/metrics/logs-to-metrics)**. A Sumo Logic feature you can use to extract or create metrics from log data. You can extract metrics that are embedded in logs, or count logs as a metric.

Expand Down
Loading
Loading