SumoLogic · kimsauce · Jul 1, 2024 · Jun 23, 2024 · Jul 1, 2024 · Jul 1, 2024
@@ -27,7 +27,7 @@ The `{AppName}` App uses...
 
 \Enter a list of log types, usually hyperlinked to vendor docs.\
 
-## Sample Log and Metrics messages
+## Sample log and metrics messages
 
 ### Log message
 

@@ -62,7 +62,7 @@ account="account" region="region" namespace="AWS/ApplicationELB"
 account="account" region="region" Namespace="AWS/ApplicationELB" loadbalancer="loadbalancer" AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_5XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone
 ```
 
-## Collecting Logs and Metrics for the AWS Application Load Balancer
+## Collecting logs and metrics for the AWS Application Load Balancer
 
 ### Collecting Metrics
 

@@ -19,7 +19,7 @@ The Sumo Logic for CIS AWS Foundations Benchmark App maps to Section 3 (Monitori
 The Sumo Logic App for CIS AWS Foundations Benchmark uses [CloudTrail](/docs/integrations/amazon-aws/cloudtrail.md) logs. For details on the specifics of which attributes are used, refer to Section 3 (Monitoring) of the [CIS AWS Benchmarks Foundation](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf).
 
 
-## Collecting Logs for the CIS AWS Foundation Benchmark App
+## Collecting logs for the CIS AWS Foundation Benchmark App
 
 ### Configure Collector and Source
 

@@ -63,7 +63,7 @@ Statistic=Sum | sum by account, region, namespace, loadbalancername
 ```
 
 
-## Collecting Logs and Metrics for the AWS Classic Load Balancer
+## Collecting logs and metrics for the AWS Classic Load Balancer
 
 ### Collect Metrics for AWS Classic Load Balancer
 

@@ -28,7 +28,7 @@ _sourceCategory= aws/cf | parse "*\t*\t*\t*\t*\t*\t*\t*\t*\t*\t*\t*\t*\t*\t*" as
 | sort by count
 ```
 
-## Collecting Logs for the Amazon CloudFront app
+## Collecting logs for the Amazon CloudFront app
 
 ### Prerequisites
 

@@ -12,7 +12,7 @@ The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail
 
 
 
-## Collecting Logs for the PCI Compliance for AWS CloudTrail App
+## Collecting logs for the PCI Compliance for AWS CloudTrail App
 
 This section provides instructions for collecting logs for the the PCI Compliance for AWS CloudTrail App.
 

@@ -64,7 +64,7 @@ Before you begin, you must configure AWS CloudTrail logging to an S3 bucket in y
 2. Confirm that logs are being delivered to the Amazon S3 bucket.
 
 
-## Collecting Logs for the AWS CloudTrail App
+## Collecting logs for the AWS CloudTrail App
 
 This section has instructions for configuring log collection for the AWS CloudTrail app. If you have more than one environment that generates CloudTrail data (such as ops, dev, and so on) you’ll need to configure a separate S3 Source for each environment. Learn more [here](#configuring-the-aws-cloudtrail-app-in-multiple-environments).
 

@@ -71,7 +71,7 @@ _sourceCategory=AWS_Config Notification ConfigurationItemChangeNotification
 | sort _count
 ```
 
-## Collecting Logs for the AWS Config App
+## Collecting logs for the AWS Config App
 
 ### Prerequisites
 

@@ -16,7 +16,7 @@ The Sumo Logic App for AWS Cost Explorer lets you visualize, understand, and man
 
 The **AWS Cost Explorer** App uses the JSON formatted logs collected using **AWS Cost Explorer** source.
 
-### Sample Log
+### Sample log messages
 
 ```json
 {
@@ -56,7 +56,7 @@ When you create an AWS Cost Explorer collector Source, you add it to an existing
 ## Field-in-Field Schema
 
 1. <!--Kanso [**Classic UI**](/docs/get-started/sumo-logic-ui/). Kanso--> In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. <!--Kanso <br/>[**New UI**](/docs/get-started/sumo-logic-ui-new/). In the top menu select **Configuration**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**. Kanso-->
-1. Search for the **account** and **linkedaccount** field. 
+1. Search for the **account** and **linkedaccount** field.
 1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields#manage-fields).
 
 ## Field Extraction Rules

@@ -21,7 +21,7 @@ This section describes the AWS EC2 app's data sources and instructions for setti
 
 For details on the metrics of AWS EC2, see [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html).
 
-### Sample log
+### Sample log messages
 
 ```json title="Sample CloudTrail Log"
 {
@@ -155,7 +155,7 @@ To configure a CloudTrail Source, perform these steps:
 ### Field in Field Schema
 
 1. <!--Kanso [**Classic UI**](/docs/get-started/sumo-logic-ui/). Kanso--> In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. <!--Kanso <br/>[**New UI**](/docs/get-started/sumo-logic-ui-new/). In the top menu select **Configuration**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**. Kanso-->
-1. Search for the “**instanceid**” field. 
+1. Search for the “**instanceid**” field.
 1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields).
 
 

@@ -124,7 +124,7 @@ and _sourceName = kube-apiserver-audit*
 | limit 10
 ```
 
-## Collecting Logs and Metrics for the Amazon EKS - Control Plane app
+## Collecting logs and metrics for the Amazon EKS - Control Plane app
 
 This section has instructions for collecting logs and metrics for the Sumo app for Amazon EKS - Control Plane. This is a two step process:
 * Setting up collection and installing the Sumo Logic Kubernetes app.

@@ -47,7 +47,7 @@ _sourceCategory=elb*
 ```
 
 
-## Collecting Logs for the AWS Elastic Load Balancing App
+## Collecting logs for the AWS Elastic Load Balancing App
 
 This procedure documents how to enable access to your Amazon Web Services (AWS) Elastic Load Balancing (ELB) logs and ingest them into Sumo Logic.
 

@@ -146,7 +146,7 @@ on t1.denomGroup = t2.denomGroup
 
 </details>
 
-## Collecting Logs for the Global Intelligence for AWS CloudTrail DevOps App
+## Collecting logs for the Global Intelligence for AWS CloudTrail DevOps App
 
 If you already have AWS CloudTrail logs flowing into Sumo Logic, you can skip the steps in this section and go to [Installing the App](#installing-the-global-intelligence-for-aws-cloudtrail-devops-app).
 

@@ -355,7 +355,7 @@ _sourceCategory=Labs/AWS/CloudTrail/Analytics
 In some cases, your query results may show `"HIDDEN_DUE_TO_SECURITY_REASONS"` as the value of the `userName` field. That's because AWS does not log the user name that was entered when a sign-in failure is caused by an incorrect user name.
 
 
-## Collecting Logs for the GI for AWS CloudTrail SecOps App
+## Collecting logs for the GI for AWS CloudTrail SecOps App
 
 This section provides an overview of the log collection process and instructions for configuring log collection for the Sumo Logic App for Gl CloudTrail.
 

@@ -176,7 +176,7 @@ _sourceCategory=aws/guardduty
 
 </details>
 
-## Collecting Logs for the Amazon GuardDuty App
+## Collecting logs for the Amazon GuardDuty App
 
 This section has instructions for collecting logs for the Amazon GuardDuty App.
 

@@ -64,7 +64,7 @@ _sourceCategory=aws/kinesis* "kinesis.amazonaws.com" errorCode
 | count by error_code, error_msg, eventName, userName, sourceIPAddress
 ```
 
-## Collecting Logs and Metrics for the Amazon Kinesis - Streams app
+## Collecting logs and metrics for the Amazon Kinesis - Streams app
 
 ### Collecting Metrics
 

@@ -137,7 +137,7 @@ account={{account}} region={{region}} Namespace={{namespace}}
 namespace=aws/lambda metric=Errors statistic=Sum account=* region=* functionname=* Resource=* | su
 ```
 
-## Collecting Logs for the AWS Lambda App
+## Collecting logs for the AWS Lambda App
 
 This section provides instructions for setting up log and metric collection.
 

@@ -24,7 +24,7 @@ Before you begin, you must:
 3. [Grant Sumo Logic Access to the Amazon S3 Bucket](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product).
 
 
-## Collecting Logs for AWS Network Firewall
+## Collecting logs for AWS Network Firewall
 
 This section has instructions for collecting logs for the Sumo Logic App for AWS Network Firewall Logs.
 

@@ -270,7 +270,7 @@ account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error
 | sort by _timeslice
 ```
 
-## Collecting Logs and Metrics for the Amazon RDS app
+## Collecting logs and metrics for the Amazon RDS app
 
 Sumo Logic supports collecting metrics using two source types:
 * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended); or

@@ -14,23 +14,23 @@ Amazon Simple Storage Service (S3) provides a simple web services interface that
 
 Amazon S3 Audit uses Server Access Logs (activity logs). For more information, see [Amazon S3 server access log format](http://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html).
 
-### Sample log message
+### Sample log messages
 
 The server access log files consist of a sequence of new-line delimited log records. Each log record represents one request and consists of space delimited fields. The following is an example log consisting of six log records.
 
 ```json
 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 3E57427F3EXAMPLE REST.GET.VERSIONING - "GET /mybucket?versioning HTTP/1.1" 200 - 113 - 7 - "-" "S3Console/0.4" - 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 891CE47D2EXAMPLE REST.GET.LOGGING_STATUS - "GET /mybucket?logging HTTP/1.1" 200 - 242 - 11 - "-" "S3Console/0.4" - 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - "GET /mybucket?policy HTTP/1.1" 404 NoSuchBucketPolicy 297 - 38 - "-" "S3Console/0.4" - 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - "GET /mybucket?versioning HTTP/1.1" 200 - 113 - 33 - "-" "S3Console/0.4" - 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf "PUT /mybucket/s3-dg.pdf HTTP/1.1" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be mybucket [06/Feb/2014:00:03:21 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be BC3C074D0EXAMPLE REST.GET.VERSIONING - "GET /mybucket?versioning HTTP/1.1" 200 - 113 - 28 - "-" "S3Console/0.4" -
 ```
 
-### Sample query
+### Sample queries
 
 ```sql
 | parse "* * [*] * * * * * \"* HTTP/1.1\" * * * * * * * \"*\" *" as bucket_owner, bucket, time, remoteIP, requester, request_ID, operation, key, request_URI, status_code, error_code, bytes_sent, object_size, total_time, turn_time, referrer, user_agent, version_ID
 | parse regex field=operation "[A-Z]+\.(?<operation>[\w.]+)"
 | count by operation
 ```
 
-## Collecting Logs for the Amazon S3 Audit app
+## Collecting logs for the Amazon S3 Audit app
 
 Amazon Simple Storage Service (S3) provides a simple web services interface that can be used to store and retrieve any amount of data from anywhere on the web.
 

@@ -212,7 +212,7 @@ To deploy an AWS Security Hub App collector:
 6. Scroll to the bottom of the window and click **Deploy**.
 
 
-### Sample Log
+### Sample log messages
 
 ```json title="AWS Security Hub log"
 {

@@ -73,7 +73,7 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventsource\":\
 account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum
 ```
 
-## Collecting Logs and Metrics for the Amazon SNS app
+## Collecting logs and metrics for the Amazon SNS app
 
 ### Collecting Metrics for Amazon SNS  
 

@@ -90,7 +90,7 @@ account=* region=* namespace=aws/sqs eventname eventsource "sqs.amazonaws.com"
 | top 10 username by event_count, username asc
 ```
 
-## Collecting Logs and Metrics for the Amazon SQS app
+## Collecting logs and metrics for the Amazon SQS app
 
 ### Collect Metrics for AmazonSQS
 

@@ -62,7 +62,7 @@ _sourceCategory=AWS/WAF {{client_ip}}
 | lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=clientip
 ```
 
-## Collecting Logs for the AWS WAF app
+## Collecting logs for the AWS WAF app
 
 Follow the "Before you begin" section in the "Collect Logs" help page and then use the in-product instructions in Sumo Logic to set up the app.
 

@@ -14,7 +14,7 @@ The Sumo Logic App for Bitbucket provides insights to development teams into how
 The Bitbucket App supports only Bitbucket Cloud.
 
 
-## Event Types
+## Event types
 
 Sumo Logic analyzes the following required types of logs for more efficient monitoring.
 
@@ -41,7 +41,7 @@ Refer to the [event documentation](https://confluence.atlassian.com/bitbucket/ev
 
 For log samples, refer to [Bitbucket Event Documentation](https://confluence.atlassian.com/bitbucket/event-payloads-740262817.html)
 
-### Sample Log
+### Sample log messages
 
 **Deploy Events** are triggered whenever code is pushed to test, staging, or production environments.
 * Success Code Deploys
@@ -98,7 +98,7 @@ _sourceCategory="bitbucket" production  deploymentEnvironment pipe_result_link d
 ```
 
 
-## Collecting Logs for Bitbucket App
+## Collecting logs for Bitbucket App
 
 This section provides instructions for configuring log collection for the Bitbucket App. Configuring log collection consists of the following tasks:
 

@@ -22,7 +22,7 @@ Make sure not to select the same webhook event type at multiple levels (i.e., en
 
 This app includes dashboards for GHAS, but to be able to ingest GHAS events you must have a separate GHAS license.
 
-## Event Types
+## Event types
 
 The Sumo Logic App for GitHub ingests GitHub events via a webhook. Sumo Logic ingests all events, but only uses the following events in the Dashboards:
 * Fork
@@ -116,7 +116,7 @@ GitHub sends all fields in the payload, documented according to [Event Type](htt
 ```
 
 
-## Collecting Logs for GitHub
+## Collecting logs for GitHub
 
 The Sumo Logic App for GitHub connects to your GitHub repository at the Organization or Repository level and ingests GitHub events via a webhook. These events populate the preconfigured dashboards to give you a complete overview of your GitHub’s branch, issues, pull requests, user activity, and security events.
 

@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 The Sumo Logic App for GitLab provides you a complete overview of your GitLab’s builds, deployments, pipelines, issues, merge requests, and commits. The integration listens for GitLab events and uses the event data to populate the pre-configured Dashboards.
 
 
-## Event Types
+## Event types
 
 The Sumo Logic App for GitLab ingests GitLab events using a webhook. Sumo Logic ingests all events, but only uses the following events in the Dashboards:
 
@@ -26,7 +26,7 @@ The Sumo Logic App for GitLab ingests GitLab events using a webhook. Sumo Logic
 For information on GitLab events, refer to [GitLab documentation](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html). For troubleshooting, see the [GitLab Troubleshooting](#troubleshooting) section.
 
 
-### Sample Logs
+### Sample log messages
 
 For more information about log messages, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html).
 
@@ -47,7 +47,7 @@ _sourceCategory="sumo/GitLab" and _collector="GitLab" %"x-GitLab-event"="Merge R
 ```
 
 
-## Collecting Logs for the GitLab App
+## Collecting logs for the GitLab App
 
 This guide provides instructions for collecting logs for the Sumo Logic App for GitLab.
 

@@ -262,7 +262,7 @@ The Jenkins app uses the following log types:
 
 </details>
 
-### Sample query
+### Sample queries
 
 This sample query is from the **Jobs in Progress** panel of the **Jenkins - Job Overview** dashboard.
 

@@ -37,7 +37,7 @@ For each JFrog service, you will find its active log files in the `$JFROG_HOME/<
 For more information, see JFrog's [Artifactory Log Files](https://www.jfrog.com/confluence/display/JFROG/Logging) and [Access Logs](https://www.jfrog.com/confluence/display/JFROG/Access+Log) documentation.
 
 
-### Sample logs
+### Sample log messages
 
 ```json title="Traffic"
 20201322001341|d29f485ce89ehh3i|0|DOWNLOAD|167.208.229.190

@@ -73,7 +73,7 @@ The JFrog Xray app uses the following log types:
 
 
 
-### Query Sample
+### Sample queries
 
 The sample query is from Watches Invoked panel of the **JFrog Xray - Overview** dashboard.
 
@@ -90,7 +90,7 @@ _sourceCategory = Labs/jfrog/xray
 | count_distinct(WatchName) as %"Number of Watches"
 ```
 
-## Collecting Logs for JFrog Xray
+## Collecting logs for JFrog Xray
 
 This section explains how to collect logs from JFrog Xray and ingest them into Sumo Logic for use with the JFrog Xray pre-defined dashboards and searches. To get the most of out this app, we recommend you also collect logs from Artifactory as well as Kubernetes.
 

@@ -60,7 +60,7 @@ _sourceCategory="jira_cloud" *issue*
 ```
 
 
-## Collecting Logs for the Jira Cloud App
+## Collecting logs for the Jira Cloud App
 
 This section provides instructions for configuring log collection for the Jira Cloud App.
 

@@ -378,7 +378,7 @@ _sourceCategory=Jira/events (user_created or user_deleted or user_updated)
 </details>
 
 
-## Collecting Logs for the Jira app
+## Collecting logs for the Jira app
 
 This section has instructions for collecting logs from Jira for the Sumo app for Jira.
 

@@ -11,7 +11,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 The focus of GuardDuty is on protecting AWS accounts, workloads, and data with intelligent threat detection. The corresponding Sumo Logic dashboards are designed to surface the most relevant security insights from that data to yield actionable processes to tackle specific security concerns within your AWS infrastructure. Utilizing this app allows you to stay ahead of changing attack surfaces in a repeatable way via cloud security monitoring and analytics dashboards that provide operational security awareness for Amazon GuardDuty data sources.
 
-## Collecting Logs
+## Collecting logs
 
 See [Collecting Logs for the Amazon GuardDuty App](/docs/integrations/amazon-aws/guardduty#collecting-logs-for-the-amazon-guardduty-app).
 

@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 This set of CloudTrail monitoring and analytics dashboards provide one dashboard for the most critical analytics. Think of this bundle of dashboards as a good starting place to see trends and outliers on specific aspects of your CloudTrail data -- including access monitoring, login activity, system monitoring, privileged activity, and threat intelligence.
 
 
-## Collecting Logs for the AWS CloudTrail PCI Compliance App
+## Collecting logs for the AWS CloudTrail PCI Compliance App
 
 This section has instructions for configuring log collection for the AWS CloudTrail app.
-Original file line number
+Diff line change
@@ Expand Up @@
     ```
-    ## Collecting Logs and Metrics for the AWS Classic Load Balancer
+    ## Collecting logs and metrics for the AWS Classic Load Balancer
     ### Collect Metrics for AWS Classic Load Balancer
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,7 +12,7 @@ The Sumo Logic App for Payment Card Industry (PCI) Compliance for AWS CloudTrail



		## Collecting Logs for the PCI Compliance for AWS CloudTrail App
		## Collecting logs for the PCI Compliance for AWS CloudTrail App

		This section provides instructions for collecting logs for the the PCI Compliance for AWS CloudTrail App.

Expand Down