SumoLogic · kimsauce · Jan 8, 2025 · Jan 7, 2025 · Jan 7, 2025 · Jan 7, 2025
@@ -88,7 +88,7 @@ Sumo Logic has several deployments that are assigned depending on the geographic
 
 Sumo Logic redirects your browser to the correct login URL and also redirects Collectors to the correct endpoint. However, if you're using an API you'll need to manually direct your API client to the correct Sumo Logic API URL.
 
-<table>
+<table><small>
   <tr>
    <td>Deployment</td>
    <td>Service Endpoint (login URL)</td>
@@ -192,7 +192,7 @@ https://endpoint9.collection.us2.sumologic.com/</td>
    <td>syslog.collection.us2.sumologic.com</td>
    <td>https://open-collectors.us2.sumologic.com</td>
   </tr>
-
+  </small>
   </table>
 
 ### Which endpoint should I should use?

@@ -28,7 +28,7 @@ With the Organizations Management API, you can get the credits usage details of
 | JP         | https://api.jp.sumologic.com/docs/#tag/orgsManagement  |
 | KR         | https://api.kr.sumologic.com/docs/#tag/orgsManagement  |
 | US1        | https://api.sumologic.com/docs/#tag/orgsManagement     |
-| US2        | https://api.us2.sumologic.com/docs/#tag/orgsManagement<br/>https://organizations.sumologic.com/docs/#tag/organizationsManagement* <br/> *This assembly is exclusive to the US2 deployment and is designed to manage APIs for Sumo Logic orgs that are not tied to a specific deployment. For example, a parent organization might have child organizations across different deployments. As a result, the [List Organizations API](https://organizations.sumologic.com/docs/#operation/listOrganizations), which lists child organizations, is included in this assembly to accommodate child organizations spread across multiple deployments. |
+| US2        | https://api.us2.sumologic.com/docs/#tag/orgsManagement<br/>https://organizations.sumologic.com/docs/#tag/organizationsManagement* <br/><small> *This assembly is exclusive to the US2 deployment and is designed to manage APIs for Sumo Logic orgs that are not tied to a specific deployment. For example, a parent organization might have child organizations across different deployments. As a result, the [List Organizations API](https://organizations.sumologic.com/docs/#operation/listOrganizations), which lists child organizations, is included in this assembly to accommodate child organizations spread across multiple deployments.</small> |
 
 <!-- ## Required role capabilities
 

@@ -37,7 +37,7 @@ With the NLB-created and ALB-registered as a target, requests over AWS PrivateL
 
 Sumo Logic exposes AWS PrivateLink endpoints to different [regions that depend on your Sumo Logic deployment](/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security). If you're using the VPC in a different region where the Sumo Logic PrivateLink endpoint service is set up, you need to set up VPC peering. Either way, you need to create an endpoint.
 
-<table>
+<table><small>
   <tr>
     <td><strong>Deployment</strong></td>
     <td><strong>Collection Endpoint</strong></td>
@@ -119,7 +119,7 @@ https://endpoint9.collection.us2.sumologic.com</td>
     <td>https://open-collectors.us2.sumologic.com</td>
     <td>us-west-2</td>
   </tr>
-</table>
+</small></table>
 
 ### Create an endpoint to connect with the Sumo Logic endpoint service
 

@@ -51,7 +51,7 @@ This application relies on 45 Scheduled Searches that Save to two different Inde
 <details>
 <summary>View the list of Scheduled Searches (<strong>click to expand</strong>)</summary>
 
-<table>
+<table><small>
   <tr>
     <td><strong>Folder</strong></td>
     <td><strong>Scheduled Search Name (prefixed with gis_benchmarks)</strong></td>
@@ -282,7 +282,7 @@ This application relies on 45 Scheduled Searches that Save to two different Inde
     <td>S3_ListBuckets</td>
     <td>Counts S3 events related to listing buckets.</td>
   </tr>
-</table>
+</small></table>
 
 * To reduce false positives, the benchmarks and application filter out AWS CloudTrail events from legitimate cloud services including AWS itself and CloudHealth by VMware.
 * Security posture requirements may vary between AWS accounts for a given customer. For example, development accounts might have less strict controls than production accounts. The app supports filtering findings by AWS account ID to facilitate AWS account level posture assessment.

@@ -200,7 +200,7 @@ To collect the metrics in Sumo Logic, follow the steps below:
 
 Once Provisioned Concurrency is enabled and you start collecting CloudWatch metrics, the following new metrics will be available:
 
-<table>
+<table><small>
   <tr>
    <td>Metric   </td>
    <td>Description   </td>
@@ -220,7 +220,7 @@ Once Provisioned Concurrency is enabled and you start collecting CloudWatch metr
   <tr>
    <td><strong>ProvisionedConcurrencySpilloverInvocations</strong>   </td>
    <td>Number of Invocations that are above Provisioned Concurrency   </td>
-  </tr>
+  </tr></small>
 </table>
 
 

@@ -114,7 +114,7 @@ In this step, you configure four local file sources, one for each log source lis
 
 The following suffixes are required. For example, you could use `_sourceCategory=<Foo>/artifactory/console`, but the suffix **artifactory/console** must be used.
 
-<table>
+<table><small>
   <tr>
    <td><strong>Log source</strong></td>
    <td><strong>File Path</strong></td>
@@ -139,7 +139,7 @@ The following suffixes are required. For example, you could use `_sourceCategory
    <td>Traffic</td>
    <td>$JFROG_HOME/&#60;product&#62;/var/log/artifactory-traffic.*.log</td>
    <td>artifactory/traffic</td>
-  </tr>
+  </tr></small>
 </table>
 
 :::note

@@ -228,7 +228,7 @@ Advanced configuration can be used with all JFrog Xray script-based collection c
 
 This section provides a list of variables for Jfrog Xray that you can define in the configuration file.
 
-<table>
+<table><small>
   <tr>
    <td>Variable   </td>
    <td>Usage   </td>
@@ -272,7 +272,7 @@ This section provides a list of variables for Jfrog Xray that you can define in
   <tr>
    <td>HTTP_LOGS_ENDPOINT in SumoLogic sectio   </td>
    <td>HTTP source endpoint url created in Sumo Logic for ingesting Logs.   </td>
-  </tr>
+  </tr></small>
 </table>
 
 </details>

@@ -126,7 +126,7 @@ There are alternative methods for collecting Docker logs and metrics. See [Docke
 There will be no **Network** metrics if you use the `host` network mode for the container.
 :::
 
-<table>
+<table><small>
   <tr>
    <td><strong>Metrics Name</strong></td>
    <td><strong>Unit</strong></td>
@@ -451,7 +451,7 @@ There will be no **Network** metrics if you use the `host` network mode for the
    <td>current </td>
    <td>Count </td>
    <td>Number of PIDs (Not available on Windows) </td>
-  </tr>
+  </tr></small>
 </table>
 
 
@@ -491,7 +491,7 @@ The table below defines the types of variables you can use.
 
 Docker engine event log data doesn't support the tagging with metadata.
 
-<table>
+<table><small>
   <tr>
    <td><strong>Namespace/VAR_TYPE</strong> </td>
    <td><strong>Description</strong> </td>
@@ -521,7 +521,7 @@ Docker engine event log data doesn't support the tagging with metadata.
    <td>User-defined container environment variables that are set with <code>--env|-e</code> flags when starting a container. </td>
    <td>The name of the variable.
 <br/>Dot characters (<code>.</code>) are not supported. </td>
-  </tr>
+  </tr></small>
 </table>
 
 

@@ -826,7 +826,7 @@ This section describes the monitors provided with the MySQL app. These monitors
 
 Here are the Telegraf metrics for MySQL collected by the MySQL app.
 
-<table>
+<table><small>
   <tr>
    <td>mysql_aborted_clients<br/>
 mysql_aborted_connects<br/>
@@ -927,5 +927,5 @@ mysql_threads_connected<br/>
 mysql_threads_created<br/>
 mysql_threads_running<br/>
 mysql_uptime</td>
-  </tr>
+  </tr></small>
 </table>
@@ -619,7 +619,7 @@ Use this dashboard to:
 
 Here are the metrics available for PostgreSQL.
 
-<table>
+<table><small>
   <tr>
    <td>PostgreSQL Metrics List</td>
   </tr>
@@ -757,7 +757,7 @@ Here are the metrics available for PostgreSQL.
   </tr>
   <tr>
    <td>postgresql_table_size   </td>
-  </tr>
+  </tr></small>
 </table>
 
 

@@ -157,7 +157,7 @@ In the future, if Google adds a new alert type do the following to add new alert
 
 This section provides a list of environment variables for Google Workspace Alert Center and their usage. For information on how to set these environment variables, refer to this [Google Cloud document](https://cloud.google.com/functions/docs/env-var).
 
-<table>
+<table><small>
   <tr>
    <td>Environment Variable </td>
    <td>Usage </td>
@@ -227,7 +227,7 @@ This section provides a list of environment variables for Google Workspace Alert
   <tr>
    <td><code>SUMO_ENDPOINT</code>   </td>
    <td>HTTP source endpoint url created in Sumo Logic. </td>
-  </tr>
+  </tr></small>
 </table>
 
 #### Troubleshooting the GCP Function
@@ -298,7 +298,7 @@ This section provides a list of environment variables for Google Workspace Alert
 
 For information on how to set these environment variables, refer to this [Google Cloud document](https://cloud.google.com/functions/docs/env-var).
 
-<table>
+<table><small>
   <tr>
    <td>Environment Variable</td>
    <td>Usage </td>
@@ -368,7 +368,7 @@ For information on how to set these environment variables, refer to this [Google
   <tr>
    <td><code>SUMO_ENDPOINT</code> </td>
    <td>HTTP source endpoint url created in Sumo Logic.</td>
-  </tr>
+  </tr></small>
 </table>
 
 

@@ -20,12 +20,24 @@ Each Google Workspace app has its own log that tracks actions in JSON format. Th
 
 The common areas of the logs are:
 
-| Event   | Description     |
-|:-------------|:-----------------------------|
-| Id          | Contains `applicationName` (for example, `drive` or `admin`).                                   |
-| Actor       | Contains `email`, which is the Google email address of the person performing the action.     |
-| ipAddress   | The IP address of the user performing the action.    |
-
+<table>
+  <tr>
+   <td><strong>Event</strong></td>
+   <td><strong>Description</strong></td>
+  </tr>
+  <tr>
+   <td>Id</td>
+   <td>Contains applicationName (for example, drive or admin).</td>
+  </tr>
+  <tr>
+   <td>Actor</td>
+   <td>Contains email, which is the Google email address of the person performing the action.</td>
+  </tr>
+  <tr>
+   <td>ipAddress</td>
+   <td>The IP address of the user performing the action.</td>
+  </tr>
+</table>
 
 
 The events sections of logs are:
@@ -34,24 +46,47 @@ The events sections of logs are:
 
 ### Google Workspace Login App
 
-| Event            | Description         |
-|:---------------------|:---------------------------------------------------------------|
-| Login type name       | Equivalent of status or type of activity: `login_success`, `logout`, or `login_failure`. In the Login Dashboard, there is also a panel showing `login_failure_type`, which displays a reason for the login failure. |
-| login_challenge       | Records action related to a Login Challenge for suspicious sign-ins. Specific results are logged in `login_challenge_status`, where possible values are `Challenge Failed` or `Challenge Passed`. For more information on `login_challenge`, refer to the [Google documentation](https://support.google.com/a/answer/6002699?hl=en). |
-
+<table>
+  <tr>
+   <td><strong>Event</strong> </td>
+   <td><strong>Description</strong> </td>
+  </tr>
+  <tr>
+   <td>Login type name   </td>
+   <td>Equivalent of status or type of activity: login_success, logout, or login_failure. In the Login Dashboard, we also have a Panel showing login_failure_type, which displays a reason for the login failure.   </td>
+  </tr>
+  <tr>
+   <td>login_challenge   </td>
+   <td>Records action related to a Login Challenge for suspicious sign ins. Specific results are logged in the login_challenge_status, where the possible values are Challenge Failed or Challenge Passed. For more information on login_challenge, refer to Google documentation:
+<p><a href="https://support.google.com/a/answer/6002699?hl=en">https://support.google.com/a/answer/6002699?hl=en</a></p>   </td>
+  </tr>
+</table>
 
 
 
 ### Google Workspace Admin and Token Apps
 
 These are actions performed by Google site administrators.
 
-| Event         | Description                                            |
-|:--------------------|:---------------------------------------------------------|
-| USER_SETTINGS      | These are actions performed at the individual user level, such as `CREATE_USER`, `DELETE_USER`, `CHANGE_PASSWORD`. A specific type of individual user action is `CREATE_DATA_TRANSFER_REQUEST`. This typically occurs after a user has been deleted, and the user’s contents, such as Drive, are transferred to that user’s manager. |
-| GROUP_SETTINGS     | These are actions such as adding and removing users from groups.        |
-| Other              | Other types of actions take place, but they are less common (for example, `CHROME_OS_SETTINGS`, `DEVICE_SETTINGS`).    |
-
+<table>
+  <tr>
+   <td>Event </td>
+   <td>Description </td>
+  </tr>
+  <tr>
+   <td>USER_SETTINGS   </td>
+   <td>These are actions performed at the individual user level, such as CREATE_USER, DELETE_USER, CHANGE_PASSWORD.
+<p>A specific type of individual user action is CREATE_DATA_TRANSFER_REQUEST. This typically occurs after a user has been deleted, and the user’s contents, such as Drive, are transferred to that user’s manager.</p>   </td>
+  </tr>
+  <tr>
+   <td>GROUP_SETTINGS</td>
+   <td>These are actions such as adding and removing users from groups.   </td>
+  </tr>
+  <tr>
+   <td>Other   </td>
+   <td>Other types of actions take place, but they are less common (for example, CHROME_OS_SETTINGS, DEVICE_SETTINGS).   </td>
+  </tr>
+</table>