SumoLogic · kimsauce · Dec 2, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 20, 2024
@@ -0,0 +1,25 @@
+---
+title: Sumo Logic Copilot (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - copilot
+  - artificial intelligence
+  - ai
+  - machine learning
+  - ml
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce Copilot, an AI-powered assistant that accelerates log investigations and troubleshooting. With natural language query capabilities and contextual suggestions, Copilot helps security first responders and on-call engineers resolve incidents quickly and efficiently. [Learn more](/docs/search/copilot).
+
+* Ask questions in plain English to generate actionable log insights.
+* Get tailored suggestions relevant to your troubleshooting and investigation context.
+* Leverage conversation history to save and resume sessions without losing context.
+* Auto-visualize charts from search results and add them directly to dashboards.
+* Use auto-complete for natural language queries to access insights faster.
+
+<img src={useBaseUrl('img/search/copilot/ga-releasenote.png')} alt="Copilot UI with the query Analyze the geographic distribution of requests by source IP" style={{border: '1px solid gray'}} width="800" />
@@ -1,7 +1,7 @@
 ---
 id: copilot
-title: Sumo Logic Copilot - Feature Preview
-sidebar_label: Copilot - Preview
+title: Sumo Logic Copilot
+sidebar_label: Copilot
 description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant designed to simplify log analysis by allowing you to ask questions in plain English and providing search suggestions without the need to write log queries.
 keywords:
   - copilot
@@ -14,8 +14,8 @@ keywords:
 import Iframe from 'react-iframe';
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-:::sumo Preview release
-This is a Preview release. To learn more, contact your Sumo Logic account executive. To opt out, please open a [support ticket](https://support.sumologic.com/support/s/).
+:::note
+If you need to opt out, please open a [support ticket](https://support.sumologic.com/support/s/).
 :::
 
 Sumo Logic Copilot is our AI-powered assistant that accelerates investigations and troubleshooting in logs by allowing you to ask questions in plain English and get contextual suggestions, helping first responders get to answers faster.
@@ -41,7 +41,7 @@ Copilot accelerates incident response by combining prebuilt contextual insights
 * **Natural language queries**. Ask questions in plain English.
 * **Contextual suggestions**. Get suggestions relevant to your troubleshooting and investigations context.
 * **Conversation history**. Save and resume troubleshooting or investigation sessions without losing context.
-* **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards.
+* **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards, reducing time and effort in data interpretation.
 * **Log compatibility**. Copilot supports structured logs, semi-structured logs (partial JSON), and unstructured logs (e.g., Palo Alto Firewall) when Field Extraction Rules (FERs) are applied. This ensures valuable insights across a variety of log formats.
 * **Enhanced query experience**. Auto-complete to streamline natural language queries.
 
@@ -60,6 +60,9 @@ Copilot is ideal for users of all skill levels:
 
 * **On-call engineers**. Accelerate time to resolution by surfacing key troubleshooting insights.
 * **Security engineers**. Obtain security insights rapidly for faster security incident resolution.
+* **Early career professionals**. Simplifies troubleshooting with natural language queries, making incident resolution accessible to those unfamiliar with query syntax.
+* **Practitioners**. Speeds up workflows with auto-complete and context-aware suggestions for frequent tasks.
+* **Experts**. Provides IDE-style assistance for crafting complex queries efficiently.
 
 ## How to use Copilot
 
@@ -112,17 +115,14 @@ Broad questions may not yield accurate results. For best outcomes, frame your qu
 
 Break your questions into smaller, specific requirements to help Copilot provide more accurate answers.<br/><img src={useBaseUrl('img/search/copilot/copilot-periods.gif')} alt="Copilot time period" style={{border: '1px solid gray'}} width="700" />
 
-<!-- TO DO
-##### Autocompletion for natural language
-see https://drive.google.com/file/d/10XUn4DQD3K91V3Qf5heCizkHJneTaBJ7/view?usp=sharing
---->
-
 #### Tips and tricks
 
 * **Start with a broad query**. Begin with a query like `Show me the most recent logs` to understand the structure and available fields in your logs.  
 * **Disambiguate field names**. If fields have similar names and cause confusion, explicitly specify the field (e.g., `<field_name>`) to improve accuracy.  
 * **Experiment with phrasing**. Try multiple variations of a query to provide context and receive more relevant suggestions.  
 * **Include time or variations to add `timeslice` as a dimension**. When timeslicing data, include the term `time` in your query. For example: `Count requests, every 1m, different code challenges and user used during login attempts by time`.
+* **Explore context-aware suggestions**. Use prompts like `Calculate 95th percentile latency` or `Visualize request volumes over time` to quickly surface key metrics.
+* **Detect malicious activity**. Try queries like `Count register requests by 503 status code, IP, and threat confidence` to uncover potential DDoS attacks.
 
 Below are examples of how you can phrase queries if the autocompletions and contextual suggestions are not relevant to you:
 
@@ -136,6 +136,23 @@ Below are examples of how you can phrase queries if the autocompletions and cont
    :::
 * `Apply logreduce to logs`
 
+More examples:
+
+* Detecting malicious activity:
+   ```
+   Count logs by action. Sort the results.
+   Filter results by action contains Malicious.
+   ```
+* Advanced analysis with users and URLs:
+   ```
+   Count logs by action, url, user.
+   Sort the results. Filter results by action contains Malicious.
+   ```  
+* Root cause analysis for latency:
+   ```
+   Calculate 95th percentile latency by service and API.
+   ```
+
 Additional prompts can trigger more advanced activities (e.g., mapping network activity against CrowdStrike):
 
 * `Analyze risk and severity of network activity`
@@ -171,7 +188,7 @@ If required, select your preferred chart type, such as **Table**, **Bar**, **Col
 
 You can manually edit your log search query code if needed.
 
-1. Click in the code editor field and edit your search. Not familiar with Sumo Logic query language? See [Search Query Language](/docs/search/search-query-language) to learn more.<br/><img src={useBaseUrl('img/search/copilot/code-editor.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="500" />
+1. Click in the code editor field and edit your search. New to Sumo Logic query language? Learn more in the [Search Query Language](/docs/search/search-query-language) guide.<br/><img src={useBaseUrl('img/search/copilot/code-editor.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="500" />
 1. When you're done, press Enter or click the search button.<br/><img src={useBaseUrl('img/search/copilot/play.png')} alt="Copilot time period" style={{border: '1px solid gray'}} width="500" />
 
 :::tip
@@ -196,13 +213,15 @@ If your log query contains a mix of JSON and non-JSON formatting (i.e., a log fi
 
 #### History
 
-Often, users work on multiple incidents at the same time. To view Copilot interactions related to these incidents, click **History**.<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
+Conversation History saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, revisit earlier queries to explore other hypotheses.
 
-You can resume a conversation in two ways:
+This functionality comes in handy when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.
+<br/><img src={useBaseUrl('img/search/copilot/history.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
 
-First, the Resume conversation icon picks up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
+You can resume a conversation in two ways:
 
-Second, you can resume from a specific query in a conversation by clicking on the row in the conversation history and then clicking on the gray area on the right side, as shown below.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="700" />
+* Click the **Resume conversation** icon to pick up from the last query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history1.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
+* Click on the row in the conversation history, and then click the gray area on the right side to resume from a specific query in a conversation.<br/><img src={useBaseUrl('img/search/copilot/resume-convo-history2.png')} alt="Copilot History" style={{border: '1px solid gray'}} width="600" />
 
 #### New Conversation