From 44585a3fbf6beb4ae6beb6f07a96868935282c57 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 30 May 2025 16:44:16 -0400 Subject: [PATCH 1/5] Copilot GA - Unstructured logs + multi-turn conversations --- cid-redirects.json | 1 + docs/search/copilot-unstructured-logs-beta.md | 48 ------------------- docs/search/copilot.md | 21 ++++++-- 3 files changed, 18 insertions(+), 52 deletions(-) delete mode 100644 docs/search/copilot-unstructured-logs-beta.md diff --git a/cid-redirects.json b/cid-redirects.json index 9e77ad0308..0074fcc5cd 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -4377,6 +4377,7 @@ "/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome", "/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column", "/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values", + "/docs/search/copilot-unstructured-logs-beta": "/docs/search/copilot", "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-cloud-to-cloud-source-migration":"/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration", "/docs/manage/manage-subscription/upgrade-sumo-logic-credits-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-sumo-logic-flex-account", "/docs/manage/manage-subscription/upgrade-cloud-flex-legacy-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account", diff --git a/docs/search/copilot-unstructured-logs-beta.md b/docs/search/copilot-unstructured-logs-beta.md deleted file mode 100644 index 6c99c40b66..0000000000 --- a/docs/search/copilot-unstructured-logs-beta.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -id: copilot-unstructured-logs-beta -title: Sumo Logic Copilot - Unstructured Logs Support (Beta) -description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant that simplifies log analysis by letting you ask questions in plain English, even for logs without a well-defined structure. ---- - -import useBaseUrl from '@docusaurus/useBaseUrl'; - - - - - -

Beta

- -This feature is in Beta. For more information, contact your Sumo Logic account executive. - -Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). - -## What's new - -Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured. - -At this stage, Copilot prioritizes unstructured logs that are already used in dashboards, allowing it to surface insights from high-value log sources out-of-the-box. This means it won’t interpret all raw logs yet, but we’re actively working to broaden this support beyond dashboards. - -* **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types. -* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs. -* **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. -* **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. - - - -### Common use cases - -* **General log exploration**. Ask questions about unstructured logs that are already used in your dashboards, even if they lack predefined fields. -* **Error triage**. Investigate frequently visualized log data to surface patterns and recurring issues in unstructured formats. -* **Security insights**. Detect anomalies or signs of failed logins by querying raw logs already powering security dashboards. -* **Smarter prioritization**. Copilot focuses on unstructured logs that are visualized in dashboards, helping you get meaningful insights from high-value data sources. - -## FAQ - -**Will Copilot interpret all my logs?**
-Copilot prioritizes unstructured logs that are already used in dashboards. This improves the relevance of insights and helps focus on high-value logs. - -**How is this different from structured log support?**
-Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. diff --git a/docs/search/copilot.md b/docs/search/copilot.md index 0d16f9fcf0..fd16c241f3 100644 --- a/docs/search/copilot.md +++ b/docs/search/copilot.md @@ -49,6 +49,20 @@ Copilot accelerates incident response by combining prebuilt contextual insights * **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards, reducing time and effort in data interpretation. * **Log compatibility**. Copilot supports structured logs, semi-structured logs (partial JSON), and unstructured logs (e.g., Palo Alto Firewall) when Field Extraction Rules (FERs) are applied. This ensures valuable insights across a variety of log formats. * **Enhanced query experience**. Auto-complete to streamline natural language queries. +* **Multi-turn conversations**. Ask follow-up questions without repeating yourself. + +## Support for unstructured logs + +Copilot now supports unstructured logs, including raw text logs with no predefined fields or Field Extraction Rules (FERs). If these logs are already visualized in dashboards, Copilot automatically parses them and surfaces insights using natural language queries. + +This capability is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), which infers structure from patterns already used in your dashboards. Behind the scenes, Copilot injects the `intelliparse` operator into queries to extract fields on the fly—no FER setup required. + +Here are some use cases: +* Explore raw logs without defined fields +* Triage errors and detect patterns +* Investigate anomalies in security dashboards + +Copilot does not currently interpret all unstructured logs. It prioritizes those already visualized in dashboards to ensure the most relevant and accurate insights. Unlike structured logs, which contain clearly defined fields, unstructured logs require Copilot to infer structure at query time using AI and pattern recognition. ## Security and compliance @@ -211,7 +225,8 @@ To save space, you can use the **Hide Log Query** icon to collapse the log query #### Compatible Log Formats -Copilot querying is compatible with JSON logs, partial JSON logs, and unstructured logs with Field Extraction Rules. It cannot be used to query metrics or trace telemetry. +* **Supported**. JSON, partial JSON, unstructured logs (with or without FERs). +* **Not supported**. Metrics or trace telemetry. To retrieve a list of `_sourceCategories` with JSON data, use the following query: @@ -258,8 +273,6 @@ There are two ways to do this: ### Logs for security - - In the video, Copilot is used to investigate a security issue involving the potential leak of AWS CloudTrail access keys outside the organization. The video demonstrates how to use Copilot to analyze AWS CloudTrail data, review AI-curated suggestions, refine searches using natural language prompts, and generate an AI-driven dashboard for root cause analysis and sharing. @@ -344,7 +357,7 @@ Sumo Logic Copilot (also referred to as Sumo Logic Mo Copilot) is an AI assistan
Can I use Copilot to analyze unstructured logs? -Yes, Copilot can extract relevant insights from unstructured logs, provided Field Extraction Rules (FERs) are applied. It also supports semi-structured logs (JSON + unstructured payloads). +Yes. Copilot can parse raw logs without FERs. It also supports semi-structured logs (JSON + unstructured payloads).
From 4429d2c34ceb71a0ce01c461ac5623673448b389 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 30 May 2025 17:18:27 -0400 Subject: [PATCH 2/5] space fix --- docs/search/copilot.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/search/copilot.md b/docs/search/copilot.md index fd16c241f3..3cda6940e1 100644 --- a/docs/search/copilot.md +++ b/docs/search/copilot.md @@ -434,7 +434,6 @@ Each major capability added to Copilot undergoes legal, compliance, and applicat If you prefer not to use Sumo Logic Copilot, please contact our [support team](https://support.sumologic.com/support/s/). Your account will be updated accordingly.
- ## Feedback We want your feedback! Let us know what you think by clicking the thumbs up or thumbs down icon and entering the context of your query. From 5f3c2012db6a51e562675c60e2b3e724ebee7e08 Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 30 May 2025 17:26:32 -0400 Subject: [PATCH 3/5] add release notes --- blog-service/2025-07-01-search.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 blog-service/2025-07-01-search.md diff --git a/blog-service/2025-07-01-search.md b/blog-service/2025-07-01-search.md new file mode 100644 index 0000000000..77f9ea1b9a --- /dev/null +++ b/blog-service/2025-07-01-search.md @@ -0,0 +1,18 @@ +--- +title: New in Copilot - Unstructured Logs and Multi-Turn Conversations (Search) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - copilot + - log-search + - search +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Sumo Logic Copilot is now generally available with two major enhancements that improve usability and investigation speed: + +* **Unstructured Logs Support**. Copilot can now analyze raw, text-based logs that don't follow a structured format—no Field Extraction Rules (FERs) required. If your logs are already visualized in dashboards, Copilot automatically parses them and delivers insights using natural language. +* **Multi-Turn Conversations**. You can now ask follow-up questions without repeating your search context. Copilot remembers your investigation flow, making it easier to refine queries, explore related issues, and resolve incidents faster. + +These updates build on Copilot’s AI-assisted search capabilities and are available to all customers using the new Sumo Logic UI. [Learn more](/docs/search/copilot/). From ece50274101b78fd6b09cd646198d166253c4f0c Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Fri, 30 May 2025 17:34:33 -0400 Subject: [PATCH 4/5] link fix --- .../get-started-with-search/build-search/intelliparse-beta.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/search/get-started-with-search/build-search/intelliparse-beta.md b/docs/search/get-started-with-search/build-search/intelliparse-beta.md index 47fe0f9040..7131242f46 100644 --- a/docs/search/get-started-with-search/build-search/intelliparse-beta.md +++ b/docs/search/get-started-with-search/build-search/intelliparse-beta.md @@ -75,5 +75,5 @@ Copilot uses Intelliparse mode in the background to: This integration allows Copilot to work with raw, unstructured log data; no setup required on your part. :::tip -Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot-unstructured-logs-beta). +Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot/#support-for-unstructured-logs). ::: From d74dbded6fc8bd6ad1cd1595d8fddb13c3c0748b Mon Sep 17 00:00:00 2001 From: Kim Pohas Date: Tue, 3 Jun 2025 10:11:12 -0400 Subject: [PATCH 5/5] Remove references to unstructured logs GA --- blog-service/2025-07-01-search.md | 18 ------- blog-service/2025-07-02-search.md | 15 ++++++ cid-redirects.json | 1 - docs/search/copilot-unstructured-logs-beta.md | 48 +++++++++++++++++++ docs/search/copilot.md | 19 ++------ .../build-search/intelliparse-beta.md | 2 +- 6 files changed, 67 insertions(+), 36 deletions(-) delete mode 100644 blog-service/2025-07-01-search.md create mode 100644 blog-service/2025-07-02-search.md create mode 100644 docs/search/copilot-unstructured-logs-beta.md diff --git a/blog-service/2025-07-01-search.md b/blog-service/2025-07-01-search.md deleted file mode 100644 index 77f9ea1b9a..0000000000 --- a/blog-service/2025-07-01-search.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: New in Copilot - Unstructured Logs and Multi-Turn Conversations (Search) -image: https://help.sumologic.com/img/sumo-square.png -keywords: - - copilot - - log-search - - search -hide_table_of_contents: true ---- - -import useBaseUrl from '@docusaurus/useBaseUrl'; - -Sumo Logic Copilot is now generally available with two major enhancements that improve usability and investigation speed: - -* **Unstructured Logs Support**. Copilot can now analyze raw, text-based logs that don't follow a structured format—no Field Extraction Rules (FERs) required. If your logs are already visualized in dashboards, Copilot automatically parses them and delivers insights using natural language. -* **Multi-Turn Conversations**. You can now ask follow-up questions without repeating your search context. Copilot remembers your investigation flow, making it easier to refine queries, explore related issues, and resolve incidents faster. - -These updates build on Copilot’s AI-assisted search capabilities and are available to all customers using the new Sumo Logic UI. [Learn more](/docs/search/copilot/). diff --git a/blog-service/2025-07-02-search.md b/blog-service/2025-07-02-search.md new file mode 100644 index 0000000000..2bf280cc97 --- /dev/null +++ b/blog-service/2025-07-02-search.md @@ -0,0 +1,15 @@ +--- +title: New in Copilot - Multi-Turn Conversations (Search) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - copilot + - log-search + - search +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Copilot now supports multi-turn conversations, allowing you to ask follow-up questions without repeating your original search context. This enhancement enables more natural, iterative investigations. Copilot keeps track of your query history so you can refine searches, dig deeper into results, and troubleshoot faster. + +This feature is available in the new Sumo Logic UI for all users with Copilot access. [Learn more](/docs/search/copilot/). diff --git a/cid-redirects.json b/cid-redirects.json index 0074fcc5cd..9e77ad0308 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -4377,7 +4377,6 @@ "/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome", "/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column", "/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values", - "/docs/search/copilot-unstructured-logs-beta": "/docs/search/copilot", "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-cloud-to-cloud-source-migration":"/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration", "/docs/manage/manage-subscription/upgrade-sumo-logic-credits-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-sumo-logic-flex-account", "/docs/manage/manage-subscription/upgrade-cloud-flex-legacy-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account", diff --git a/docs/search/copilot-unstructured-logs-beta.md b/docs/search/copilot-unstructured-logs-beta.md new file mode 100644 index 0000000000..6c99c40b66 --- /dev/null +++ b/docs/search/copilot-unstructured-logs-beta.md @@ -0,0 +1,48 @@ +--- +id: copilot-unstructured-logs-beta +title: Sumo Logic Copilot - Unstructured Logs Support (Beta) +description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant that simplifies log analysis by letting you ask questions in plain English, even for logs without a well-defined structure. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + + + + + +

Beta

+ +This feature is in Beta. For more information, contact your Sumo Logic account executive. + +Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs). + +## What's new + +Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured. + +At this stage, Copilot prioritizes unstructured logs that are already used in dashboards, allowing it to surface insights from high-value log sources out-of-the-box. This means it won’t interpret all raw logs yet, but we’re actively working to broaden this support beyond dashboards. + +* **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types. +* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs. +* **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience. +* **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation. + + + +### Common use cases + +* **General log exploration**. Ask questions about unstructured logs that are already used in your dashboards, even if they lack predefined fields. +* **Error triage**. Investigate frequently visualized log data to surface patterns and recurring issues in unstructured formats. +* **Security insights**. Detect anomalies or signs of failed logins by querying raw logs already powering security dashboards. +* **Smarter prioritization**. Copilot focuses on unstructured logs that are visualized in dashboards, helping you get meaningful insights from high-value data sources. + +## FAQ + +**Will Copilot interpret all my logs?**
+Copilot prioritizes unstructured logs that are already used in dashboards. This improves the relevance of insights and helps focus on high-value logs. + +**How is this different from structured log support?**
+Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly. diff --git a/docs/search/copilot.md b/docs/search/copilot.md index 3cda6940e1..1d6739f46d 100644 --- a/docs/search/copilot.md +++ b/docs/search/copilot.md @@ -51,19 +51,6 @@ Copilot accelerates incident response by combining prebuilt contextual insights * **Enhanced query experience**. Auto-complete to streamline natural language queries. * **Multi-turn conversations**. Ask follow-up questions without repeating yourself. -## Support for unstructured logs - -Copilot now supports unstructured logs, including raw text logs with no predefined fields or Field Extraction Rules (FERs). If these logs are already visualized in dashboards, Copilot automatically parses them and surfaces insights using natural language queries. - -This capability is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), which infers structure from patterns already used in your dashboards. Behind the scenes, Copilot injects the `intelliparse` operator into queries to extract fields on the fly—no FER setup required. - -Here are some use cases: -* Explore raw logs without defined fields -* Triage errors and detect patterns -* Investigate anomalies in security dashboards - -Copilot does not currently interpret all unstructured logs. It prioritizes those already visualized in dashboards to ensure the most relevant and accurate insights. Unlike structured logs, which contain clearly defined fields, unstructured logs require Copilot to infer structure at query time using AI and pattern recognition. - ## Security and compliance Sumo Logic Copilot leverages foundational models provided by Amazon Bedrock, inheriting their robust compliance and security posture. For detailed information, refer to the following Amazon Bedrock security and compliance resources: @@ -225,8 +212,7 @@ To save space, you can use the **Hide Log Query** icon to collapse the log query #### Compatible Log Formats -* **Supported**. JSON, partial JSON, unstructured logs (with or without FERs). -* **Not supported**. Metrics or trace telemetry. +Copilot querying is compatible with JSON logs, partial JSON logs, and unstructured logs with Field Extraction Rules. It cannot be used to query metrics or trace telemetry. To retrieve a list of `_sourceCategories` with JSON data, use the following query: @@ -357,7 +343,7 @@ Sumo Logic Copilot (also referred to as Sumo Logic Mo Copilot) is an AI assistan
Can I use Copilot to analyze unstructured logs? -Yes. Copilot can parse raw logs without FERs. It also supports semi-structured logs (JSON + unstructured payloads). +Yes, Copilot can extract relevant insights from unstructured logs, provided Field Extraction Rules (FERs) are applied. It also supports semi-structured logs (JSON + unstructured payloads).
@@ -434,6 +420,7 @@ Each major capability added to Copilot undergoes legal, compliance, and applicat If you prefer not to use Sumo Logic Copilot, please contact our [support team](https://support.sumologic.com/support/s/). Your account will be updated accordingly.
+ ## Feedback We want your feedback! Let us know what you think by clicking the thumbs up or thumbs down icon and entering the context of your query. diff --git a/docs/search/get-started-with-search/build-search/intelliparse-beta.md b/docs/search/get-started-with-search/build-search/intelliparse-beta.md index 7131242f46..47fe0f9040 100644 --- a/docs/search/get-started-with-search/build-search/intelliparse-beta.md +++ b/docs/search/get-started-with-search/build-search/intelliparse-beta.md @@ -75,5 +75,5 @@ Copilot uses Intelliparse mode in the background to: This integration allows Copilot to work with raw, unstructured log data; no setup required on your part. :::tip -Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot/#support-for-unstructured-logs). +Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot-unstructured-logs-beta). :::