diff --git a/blog-service/2024-12-02-copilot.md b/blog-service/2024-12-02-copilot.md
new file mode 100644
index 0000000000..0a6be70a4b
--- /dev/null
+++ b/blog-service/2024-12-02-copilot.md
@@ -0,0 +1,25 @@
+---
+title: Sumo Logic Copilot (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+ - copilot
+ - artificial intelligence
+ - ai
+ - machine learning
+ - ml
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+})
+
+We're excited to introduce Copilot, an AI-powered assistant that accelerates log investigations and troubleshooting. With natural language query capabilities and contextual suggestions, Copilot helps security first responders and on-call engineers resolve incidents quickly and efficiently. [Learn more](/docs/search/copilot).
+
+* Ask questions in plain English to generate actionable log insights.
+* Get tailored suggestions relevant to your troubleshooting and investigation context.
+* Leverage conversation history to save and resume sessions without losing context.
+* Auto-visualize charts from search results and add them directly to dashboards.
+* Use auto-complete for natural language queries to access insights faster.
+
+})
diff --git a/docs/search/copilot.md b/docs/search/copilot.md
index 65f9ec1e0d..8e4fbfcf48 100644
--- a/docs/search/copilot.md
+++ b/docs/search/copilot.md
@@ -1,7 +1,7 @@
---
id: copilot
-title: Sumo Logic Copilot - Feature Preview
-sidebar_label: Copilot - Preview
+title: Sumo Logic Copilot
+sidebar_label: Copilot
description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant designed to simplify log analysis by allowing you to ask questions in plain English and providing search suggestions without the need to write log queries.
keywords:
- copilot
@@ -14,8 +14,8 @@ keywords:
import Iframe from 'react-iframe';
import useBaseUrl from '@docusaurus/useBaseUrl';
-:::sumo Preview release
-This is a Preview release. To learn more, contact your Sumo Logic account executive. To opt out, please open a [support ticket](https://support.sumologic.com/support/s/).
+:::note
+If you need to opt out, please open a [support ticket](https://support.sumologic.com/support/s/).
:::
Sumo Logic Copilot is our AI-powered assistant that accelerates investigations and troubleshooting in logs by allowing you to ask questions in plain English and get contextual suggestions, helping first responders get to answers faster.
@@ -41,7 +41,7 @@ Copilot accelerates incident response by combining prebuilt contextual insights
* **Natural language queries**. Ask questions in plain English.
* **Contextual suggestions**. Get suggestions relevant to your troubleshooting and investigations context.
* **Conversation history**. Save and resume troubleshooting or investigation sessions without losing context.
-* **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards.
+* **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards, reducing time and effort in data interpretation.
* **Log compatibility**. Copilot supports structured logs, semi-structured logs (partial JSON), and unstructured logs (e.g., Palo Alto Firewall) when Field Extraction Rules (FERs) are applied. This ensures valuable insights across a variety of log formats.
* **Enhanced query experience**. Auto-complete to streamline natural language queries.
@@ -60,6 +60,9 @@ Copilot is ideal for users of all skill levels:
* **On-call engineers**. Accelerate time to resolution by surfacing key troubleshooting insights.
* **Security engineers**. Obtain security insights rapidly for faster security incident resolution.
+* **Early career professionals**. Simplifies troubleshooting with natural language queries, making incident resolution accessible to those unfamiliar with query syntax.
+* **Practitioners**. Speeds up workflows with auto-complete and context-aware suggestions for frequent tasks.
+* **Experts**. Provides IDE-style assistance for crafting complex queries efficiently.
## How to use Copilot
@@ -112,17 +115,14 @@ Broad questions may not yield accurate results. For best outcomes, frame your qu
Break your questions into smaller, specific requirements to help Copilot provide more accurate answers.
})
-
-
#### Tips and tricks
* **Start with a broad query**. Begin with a query like `Show me the most recent logs` to understand the structure and available fields in your logs.
* **Disambiguate field names**. If fields have similar names and cause confusion, explicitly specify the field (e.g., ``) to improve accuracy.
* **Experiment with phrasing**. Try multiple variations of a query to provide context and receive more relevant suggestions.
* **Include time or variations to add `timeslice` as a dimension**. When timeslicing data, include the term `time` in your query. For example: `Count requests, every 1m, different code challenges and user used during login attempts by time`.
+* **Explore context-aware suggestions**. Use prompts like `Calculate 95th percentile latency` or `Visualize request volumes over time` to quickly surface key metrics.
+* **Detect malicious activity**. Try queries like `Count register requests by 503 status code, IP, and threat confidence` to uncover potential DDoS attacks.
Below are examples of how you can phrase queries if the autocompletions and contextual suggestions are not relevant to you:
@@ -136,6 +136,23 @@ Below are examples of how you can phrase queries if the autocompletions and cont
:::
* `Apply logreduce to logs`
+More examples:
+
+* Detecting malicious activity:
+ ```
+ Count logs by action. Sort the results.
+ Filter results by action contains Malicious.
+ ```
+* Advanced analysis with users and URLs:
+ ```
+ Count logs by action, url, user.
+ Sort the results. Filter results by action contains Malicious.
+ ```
+* Root cause analysis for latency:
+ ```
+ Calculate 95th percentile latency by service and API.
+ ```
+
Additional prompts can trigger more advanced activities (e.g., mapping network activity against CrowdStrike):
* `Analyze risk and severity of network activity`
@@ -171,7 +188,7 @@ If required, select your preferred chart type, such as **Table**, **Bar**, **Col
You can manually edit your log search query code if needed.
-1. Click in the code editor field and edit your search. Not familiar with Sumo Logic query language? See [Search Query Language](/docs/search/search-query-language) to learn more.
})
+1. Click in the code editor field and edit your search. New to Sumo Logic query language? Learn more in the [Search Query Language](/docs/search/search-query-language) guide.
1. When you're done, press Enter or click the search button.
})
:::tip
@@ -196,13 +213,15 @@ If your log query contains a mix of JSON and non-JSON formatting (i.e., a log fi
#### History
-Often, users work on multiple incidents at the same time. To view Copilot interactions related to these incidents, click **History**.
})
+Conversation History saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, revisit earlier queries to explore other hypotheses.
-You can resume a conversation in two ways:
+This functionality comes in handy when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.
+
-First, the Resume conversation icon picks up from the last query in a conversation.
})
+You can resume a conversation in two ways:
-Second, you can resume from a specific query in a conversation by clicking on the row in the conversation history and then clicking on the gray area on the right side, as shown below.
})
+* Click the **Resume conversation** icon to pick up from the last query in a conversation.
+* Click on the row in the conversation history, and then click the gray area on the right side to resume from a specific query in a conversation.
#### New Conversation
diff --git a/static/img/search/copilot/ga-releasenote.png b/static/img/search/copilot/ga-releasenote.png
new file mode 100644
index 0000000000..9c3b89fb9b
Binary files /dev/null and b/static/img/search/copilot/ga-releasenote.png differ
diff --git a/static/img/search/copilot/resume-convo-history2.png b/static/img/search/copilot/resume-convo-history2.png
index a637ce9817..456e85d6eb 100644
Binary files a/static/img/search/copilot/resume-convo-history2.png and b/static/img/search/copilot/resume-convo-history2.png differ