From deb61d44a34587b02f4b63c96f8c4b16e24848b1 Mon Sep 17 00:00:00 2001
From: Kim Pohas <kpohas@sumologic.com>
Date: Thu, 27 Mar 2025 14:59:15 -0700
Subject: [PATCH 01/12] Real-time sched search deprecation

---
 .../difference-from-scheduled-searches.md     |  2 +-
 .../create-real-time-alert.md                 |  4 +-
 docs/alerts/scheduled-searches/deprecation.md | 45 ++++++++++++-------
 docs/alerts/scheduled-searches/index.md       |  4 +-
 docs/search/subqueries.md                     |  2 +-
 5 files changed, 34 insertions(+), 23 deletions(-)

diff --git a/docs/alerts/difference-from-scheduled-searches.md b/docs/alerts/difference-from-scheduled-searches.md
index a00f156849..caca96be08 100644
--- a/docs/alerts/difference-from-scheduled-searches.md
+++ b/docs/alerts/difference-from-scheduled-searches.md
@@ -16,7 +16,7 @@ Scheduled Searches address two primary use cases:
 
 ## Monitors
 
-Monitors are specifically designed for the first use case: alerting. They offer additional capabilities such as auto-resolution and support for multiple notification channels. Any Scheduled Searches created for alerting purposes can be moved to Monitors, including [real-time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
+Monitors are specifically designed for the first use case: alerting. They offer additional capabilities such as auto-resolution and support for multiple notification channels. Any Scheduled Searches created for alerting purposes can be moved to Monitors.
 
 ## Feature differences
 
diff --git a/docs/alerts/scheduled-searches/create-real-time-alert.md b/docs/alerts/scheduled-searches/create-real-time-alert.md
index 5d83c7c66e..2eb7ffb515 100644
--- a/docs/alerts/scheduled-searches/create-real-time-alert.md
+++ b/docs/alerts/scheduled-searches/create-real-time-alert.md
@@ -1,11 +1,11 @@
 ---
 id: create-real-time-alert
-title: Create a Scheduled Search Real-Time Alert
+title: Manage Real-Time Scheduled Search Alerts (Deprecated)
 description: Real-time alerts notify you of error conditions right when they occur.
 ---
 
 :::warning Solution Deprecated
-The ability to create new real-time alert scheduled searches has been deprecated. While you can no longer create new real-time alerts, existing real-time alerts will continue to function as before. [Learn more](/docs/alerts/scheduled-searches/deprecation).
+Real-Time Scheduled Searches will be deprecated on May 15, 2025. Existing searches will be automatically converted to [15-minute scheduled search frequency windows](/docs/alerts/scheduled-searches/schedule-search/#step-2-set-run-frequency) unless your account was explicitly excluded. If you need real-time alerts, we recommend transitioning to [Monitors](/docs/alerts/monitors/overview).
 :::
 
 Real-time alerts are scheduled searches that run nearly continuously. This means that you're informed in real time when error conditions exist.
diff --git a/docs/alerts/scheduled-searches/deprecation.md b/docs/alerts/scheduled-searches/deprecation.md
index 41c85ce684..2541ccf8b9 100644
--- a/docs/alerts/scheduled-searches/deprecation.md
+++ b/docs/alerts/scheduled-searches/deprecation.md
@@ -3,34 +3,45 @@ id: deprecation
 title: Deprecation of Real-Time Scheduled Searches
 ---
 
-As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). In particular, we will remove the option to create new Real-Time Scheduled Searches on **May 29, 2024**. Existing Real-Time Scheduled Searches will continue to function until **May 15, 2025**. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals. These options are discussed below.
+:::warning Deprecation Notice
+Real-Time Scheduled Searches will be deprecated on **May 15, 2025**. As of **May 29, 2024**, creating new Real-Time Scheduled Searches is no longer supported. Existing Real-Time Searches will continue to function until the deprecation date, at which point they will automatically convert to 15-minute schedules. See below for full details.
+:::
 
-In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality, but has continued to exist in the Sumo Logic Platform.
+As part of our ongoing platform improvements, we are deprecating [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). While this functionality has supported real-time alerting for many years, our modern alerting framework, [Monitors](/docs/alerts/monitors/overview), offers a more powerful and flexible experience for real-time and scheduled alerts.
 
-## Why is this happening?
-
-Monitors provide the same functionality as a Real-Time Scheduled Search, but offer a number of additional features and significant enhancements such as:
+## Deprecation timeline
 
-* [Multiple Trigger Conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
-* [Alert Grouping](/docs/alerts/monitors/alert-grouping/)
-* [Playbook Support](/docs/alerts/monitors/alert-response/#alert-details)
-* [Integration into our Alert Response Page](/docs/alerts/monitors/alert-response/)
-* [AI-Driven Alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
+| Date | Change |
+|:-----|:-------|
+| **May 29, 2024** | Creation of new Real-Time Scheduled Searches was disabled across all Sumo Logic accounts |
+| **May 15, 2025** | All remaining Real-Time Searches will automatically convert to 15-minute schedules (except for a small number of customers with exceptions). Each conversion will be recorded via audit log. Real-Time frequency will no longer be editable. |
 
-Furthermore, Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting.
+## Why is this happening?
 
-## What is happening?
+[Monitors](/docs/alerts/monitors/overview) support real-time alerting on both logs and metrics, and offer significant advantages over Scheduled Searches, including:
 
-After **May 29, 2024**, it will no longer be possible to create a new Scheduled Search with a frequency of Real-Time. We recommend you create a Monitor to address this use case. Note that this does not have any effect on the creation of new Scheduled Searches with other frequencies of 15 Minutes, Hourly, Daily, Weekly, or a specific Cron schedule for example.
+* [Multiple trigger conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
+* [Alert grouping](/docs/alerts/monitors/alert-grouping/)
+* [Playbook support](/docs/alerts/monitors/alert-response/#alert-details)
+* [AI-driven alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
+* [Integration with the Alert Response page](/docs/alerts/monitors/alert-response/)
 
-Real-Time Scheduled Searches that were created up until **May 29, 2024** will continue to function without any interruption for 1 year until **May 15, 2025**, and any edits to those schedules will still be supported until the next year. Please note, however, that if the frequency of an existing Real-Time Scheduled search is modified to a different parameter, it will not be able to be changed back to Real-Time.
+Monitors are the primary focus for our Product and Engineering Teams for alerting features and enhancements.
 
 ## What do I need to do?
 
-Before **May 15, 2025**, please migrate any Real-Time Scheduled Searches to either Monitors or reduce their frequency to the minimum of 15m or another suitable time range. Any Real-Time Scheduled Searches that remain after the deprecation date will automatically be converted to 15m schedules. For each automatic conversion, there will be a corresponding audit log for this activity written to your Sumo Logic instance. 
+Before **May 15, 2025**, we recommend:
+
+* If you need real-time alerting, recreate your Real-Time Scheduled Searches as [Monitors](/docs/alerts/monitors/overview).
+   :::note Can I import a Scheduled Search into a Monitor?
+   No. Scheduled Searches and Monitors use different JSON structures. You’ll need to recreate the search logic manually in the [Monitor creation UI](/docs/alerts/monitors/create-monitor/).
+   :::
+* If real-time execution isn’t required, you can manually update your Scheduled Search to run every 15 minutes or longer.
 
-### Can I import a scheduled search into a monitor?
+After the deprecation date, all remaining Real-Time Scheduled Searches will be automatically updated to run at 15-minute intervals. An audit log entry will be generated for each conversion.
 
-No. Because the JSON formatting of Scheduled Searches differs from monitors, you'll need to create a monitor manually from the Search UI for your real-time use cases.
+:::note
+If you edit an existing Real-Time Scheduled Search and change the frequency, you will not be able to revert it back to Real-Time.
+:::
 
 If you have any questions, please reach out to your account team or open a [Support ticket](https://support.sumologic.com/support/s/).
diff --git a/docs/alerts/scheduled-searches/index.md b/docs/alerts/scheduled-searches/index.md
index 7550fef83c..ba502d00e8 100644
--- a/docs/alerts/scheduled-searches/index.md
+++ b/docs/alerts/scheduled-searches/index.md
@@ -23,8 +23,8 @@ A _Scheduled Search_ is a standard [Log Search](/docs/search) that you save and
 </div>
 <div className="box smallbox card">
   <div className="container">
-  <a href="/docs/alerts/scheduled-searches/create-real-time-alert"><img src={useBaseUrl('img/icons/general/calendar.png')} alt="icon" width="40"/><h4>Create a Scheduled Search Real-Time Alert</h4></a>
-  <p>Learn how to create an alert to get notified in real-time when error conditions exist.</p>
+  <a href="/docs/alerts/scheduled-searches/create-real-time-alert"><img src={useBaseUrl('img/icons/general/calendar.png')} alt="icon" width="40"/><h4>Manage Real-Time Scheduled Search Alerts (Deprecated) </h4></a>
+  <p>Learn how to manage existing alerts to get notified in real-time when error conditions exist.</p>
   </div>
 </div>
 <div className="box smallbox card">
diff --git a/docs/search/subqueries.md b/docs/search/subqueries.md
index d6922776b9..b9206c0ff2 100644
--- a/docs/search/subqueries.md
+++ b/docs/search/subqueries.md
@@ -15,7 +15,7 @@ In a subquery, the parent query contains the main body of the query while the c
 * **Parent query**. Depends on the input from a child query or queries to finish its execution.
 
 :::note Limitations
-Subqueries are not supported in auto refresh dashboards, real-time Scheduled Searches, Field Extraction Rules, and Scheduled Views.
+Subqueries are not supported in auto refresh dashboards, Field Extraction Rules, and Scheduled Views.
 :::
 
 ## Syntax

From 569dddbec7917cb3d5c5cc153e730cb0e2d14451 Mon Sep 17 00:00:00 2001
From: Kim Pohas <kpohas@sumologic.com>
Date: Thu, 27 Mar 2025 16:16:32 -0700
Subject: [PATCH 02/12] Remove mentions of RT SS

---
 blog-service/2021/12-31.md                                 | 4 ++--
 docs/contributing/glossary.md                              | 2 +-
 docs/contributing/word-list.md                             | 2 --
 docs/get-started/account-settings-preferences.md           | 2 +-
 .../manage-subscription/cloud-flex-legacy-accounts.md      | 5 ++---
 .../manage-subscription/sumo-logic-credits-accounts.md     | 1 -
 .../manage/manage-subscription/sumo-logic-flex-accounts.md | 1 -
 docs/manage/partitions/data-tiers/searching-data-tiers.md  | 1 -
 docs/search/behavior-insights/logexplain.md                | 1 -
 docs/search/search-cheat-sheets/log-operators.md           | 4 ++--
 docs/search/search-query-language/search-operators/join.md | 1 -
 .../search-query-language/search-operators/outlier.md      | 7 ++++++-
 .../search-query-language/search-operators/queryendtime.md | 2 +-
 .../search-operators/querystarttime.md                     | 2 +-
 .../search-operators/querytimerange.md                     | 2 +-
 .../transaction-analytics/transactionize-operator.md       | 4 +---
 docs/search/subqueries.md                                  | 1 -
 docs/send-data/reference-information/time-reference.md     | 2 +-
 .../alerts/scheduled-searches/create-real-time-alert.md    | 4 ----
 19 files changed, 19 insertions(+), 29 deletions(-)

diff --git a/blog-service/2021/12-31.md b/blog-service/2021/12-31.md
index a56b8a1ea6..df1e8cbf2d 100644
--- a/blog-service/2021/12-31.md
+++ b/blog-service/2021/12-31.md
@@ -618,13 +618,13 @@ Update - [Scheduled View](/docs/manage/scheduled-views "Scheduled Views") quer
 ---
 ## March 16, 2021 (Alerts)
 
-Update - We have resolved a discrepancy in the notification payload of [Real Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
+Update - We have resolved a discrepancy in the notification payload of [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
 
 Previously, the payload for subsequent real time alerts in a given time range would incrementally report the results and omit the records that were already present in the previous alert.
 
 For example, if the Scheduled Search initially returned 10 records, the first alert notification would contain 10 records in the payload. If the next run contained the same 10 records plus 1 additional, the notification payload would only contain the single new record.
 
-Going forward, we will ensure that the records sent in the notification payload will always contain all the records returned in the Scheduled Search. Following the above example, the next run of the Real Time Scheduled Search would return 11 records. This change ensures that the payload will always match the results of the search in Sumo Logic.
+Going forward, we will ensure that the records sent in the notification payload will always contain all the records returned in the Scheduled Search. Following the above example, the next run of the Real-Time Scheduled Search would return 11 records. This change ensures that the payload will always match the results of the search in Sumo Logic.
 
 ---
 ## March 12, 2021-12 (Collection)
diff --git a/docs/contributing/glossary.md b/docs/contributing/glossary.md
index addd5a71ad..d8620d2025 100644
--- a/docs/contributing/glossary.md
+++ b/docs/contributing/glossary.md
@@ -24,7 +24,7 @@ We also maintain a [DevOps and Security Glossary](https://www.sumologic.com/glos
 
 **[Aggregate](/docs/search/search-query-language/group-aggregate-operators)**. A group of data returned by a search, displayed in a simple table in the Aggregates tab of the Search page.
 
-**[Alert](/docs/alerts)**. A notification you can configure for a scheduled search. There are multiple alert types: Email, Script Action, ServiceNow Connection, Webhook, Save to Index, and Real Time Alerts.
+**[Alert](/docs/alerts)**. A notification you can configure for a scheduled search. There are multiple alert types, such as Email, Script Action, ServiceNow Connection, Webhook, and Save to Index.
 
 **[Allowlist](/docs/manage/security/create-allowlist-ip-cidr-addresses)**. Sumo Logic’s Service Allowlist Settings allow you to explicitly grant access to specific IP addresses and/or CIDR notations for logins, APIs, and dashboard access.
 
diff --git a/docs/contributing/word-list.md b/docs/contributing/word-list.md
index 59af3dbf42..b7b60a6635 100644
--- a/docs/contributing/word-list.md
+++ b/docs/contributing/word-list.md
@@ -149,8 +149,6 @@ If we are not clear on its usage, the term shouldn’t be used at all: Don't use
 
 ## R
 
-**Real Time**. As in Real Time alerts. Use two words, no hyphen. Should always be capitalized when referring to Real Time alerts, as that is a feature name. Not capitalized for a general use, as in "real time analysis".
-
 **Repo**. Short for repository. No need to spell out repository as our audience is technical enough for this to be clear.
 
 
diff --git a/docs/get-started/account-settings-preferences.md b/docs/get-started/account-settings-preferences.md
index e078ac7eb8..80f135d22f 100644
--- a/docs/get-started/account-settings-preferences.md
+++ b/docs/get-started/account-settings-preferences.md
@@ -78,7 +78,7 @@ These settings apply only to your personal account and do not affect other users
 
 If you want the Sumo Logic user interface to use your local time zone, or a time zone different from the time zone used in the timestamp of your log messages, change the setting here. This is a personal setting, and does not change the time zone for anyone else in your organization.
 
-This option overrides the timezone set in your web browser, and affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, and in Dashboards. It does not affect the configurations of previously created Scheduled Searches or Real Time Alerts. For more information, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
+This option overrides the timezone set in your web browser, and affects all hours and minutes displayed in the user interface, including time ranges on the Search page, the Time column in the Messages pane, and in Dashboards. It does not affect the configurations of previously created Scheduled Searches. For more information, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference).
 
 #### Always show the timezone offset in displayed timestamps
 
diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
index 1ab708f5fe..98ffd0ac26 100644
--- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
+++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
@@ -47,7 +47,6 @@ The following table provides a summary list of key features by package accounts.
 | Metrics data retention |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Metrics data retention |   | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | [Partitions](/docs/manage/partitions) | | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
-| Real Time Alerts | | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | SAML |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Scheduled Views |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Search Job API |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
@@ -125,7 +124,7 @@ The top panel of the Account Overview page provides an at-a-glance view of your
 * **Frequent Ingest**. Shows your daily capacity for log ingest to the Frequent Data Tier, and your average daily usage. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference.
 * **Metrics Ingest**. Shows your daily capacity for metrics ingest, and your average daily usage, both in DPM. If the daily ingest average over the billing cycle is above your capacity, you will be charged the on-demand rate for the difference. If your daily usage average is higher than your capacity, you will be charged the on-demand rate for the difference.
 * **Storage.** Shows your daily storage capacity and average daily storage usage. You can adjust capacity use by modifying your [retention periods](../partitions/manage-indexes-variable-retention.md).
-* **Auto Refresh Dashboard Panels and Real Time Alerts.** Show the number of auto refresh dashboard panels and real time alerts you have set up. Compares the number allowed to the number already in use. For example, out of 200, 174 have been used.
+* **Auto Refresh Dashboard Panels.** Show the number of auto refresh dashboard panels you have set up. Compares the number allowed to the number already in use. For example, out of 200, 174 have been used.
 
 To view the Account page, do the following:
 
@@ -165,7 +164,7 @@ The following visual indicators apply:
 
 To switch between views and time interval displays, do the following:
 
-1. Log in to Sumo Logic. 
+1. Log in to Sumo Logic.
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**. <br/> [**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. <br/>The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics. <br/>![CloudFlex-AccountPage.png](/img/manage/subscriptions/pqs.png)
 1. To change the type of analytics you are viewing, in the **Usage (Daily Capacity)** panel click the arrow next to the view name and select the analytics type from the dropdown list. The display data changes accordingly. Repeat as needed to monitor all the areas of your account usage.
 1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.<br/>![CloudFlex_Usage_BillingPeriod_menu.png](/img/manage/subscriptions/uage-billing-period.png)
diff --git a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
index f1d9d8ccf3..c37363d3de 100644
--- a/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
+++ b/docs/manage/manage-subscription/sumo-logic-credits-accounts.md
@@ -105,7 +105,6 @@ The following table provides a summary list of key features by Credits package a
 | Monitors | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Partitions | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | PCI Compliance App |  | ![check](/img/reuse/check.png) |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
-| Real Time Alerts | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Real User Monitoring (RUM) | | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
 | Root Cause Explorer | | | | ![check](/img/reuse/check.png) | | ![check](/img/reuse/check.png) |
 | SAML | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |
diff --git a/docs/manage/manage-subscription/sumo-logic-flex-accounts.md b/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
index 01fadd6e01..46e671456f 100644
--- a/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
+++ b/docs/manage/manage-subscription/sumo-logic-flex-accounts.md
@@ -115,7 +115,6 @@ The following table provides a summary list of key features by Flex package acco
 | Playbooks (including complete Sumo Logic playbook catalog) |  |  | | ![check](/img/reuse/check.png) |
 | Predictive Analytics and Outlier Detection | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | | ![check](/img/reuse/check.png) |
 | Progressive Automation |  |  | | ![check](/img/reuse/check.png) |
-| Real Time Alerts | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |  |
 | Real User Monitoring (RUM) |  | ![check](/img/reuse/check.png) | ![check](/img/reuse/check.png) |![check](/img/reuse/check.png) |
 | Reliability Management (SLIs/SLOs) |  | | |![check](/img/reuse/check.png) |
 | Risk Assessment |  | ![check](/img/reuse/check.png) | |![check](/img/reuse/check.png) |
diff --git a/docs/manage/partitions/data-tiers/searching-data-tiers.md b/docs/manage/partitions/data-tiers/searching-data-tiers.md
index db655a10fb..7a0bdb15da 100644
--- a/docs/manage/partitions/data-tiers/searching-data-tiers.md
+++ b/docs/manage/partitions/data-tiers/searching-data-tiers.md
@@ -73,7 +73,6 @@ The `_dataTier` search modifier is not supported in:
 
 * Live mode dashboards
 * Role search filters
-* Real time alerts
 * Partition routing expressions
 * Logs-to-Metrics rules
 * In scheduled searches, setting `_dataTier` to All, Frequent, or Infrequent is not supported.
diff --git a/docs/search/behavior-insights/logexplain.md b/docs/search/behavior-insights/logexplain.md
index 6a8fd49cee..302d657173 100644
--- a/docs/search/behavior-insights/logexplain.md
+++ b/docs/search/behavior-insights/logexplain.md
@@ -53,7 +53,6 @@ With the provided results you can:
 
 * Field values must be categorical.
 * [Built-in metadata fields](/docs/search/get-started-with-search/search-basics/built-in-metadata) are not supported.
-* Not supported with [Real Time alerts](../../alerts/scheduled-searches/create-real-time-alert.md).
 * [Time Compare](/docs/search/time-compare) and the [`compare` operator](/docs/search/search-query-language/search-operators/compare) are not supported against LogExplain results.
 * Response fields `_explanation`, `_relevance`, `_test_coverage`,  and  `_control_coverage` are not supported with [Dashboard filters](/docs/dashboards/filter-template-variables).
 * If you reach the memory limit you can try to shorten the time range or the number of specified fields. When the memory limit is reached you will get partial results on a subset of your data.
diff --git a/docs/search/search-cheat-sheets/log-operators.md b/docs/search/search-cheat-sheets/log-operators.md
index cac8a2db1e..c9882ca685 100644
--- a/docs/search/search-cheat-sheets/log-operators.md
+++ b/docs/search/search-cheat-sheets/log-operators.md
@@ -392,7 +392,7 @@ This section provides detailed syntax, rules, and examples for Sumo Logic Opera
    <td><a href="/docs/search/behavior-insights/logexplain">logexplain</a></td>
    <td>The logexplain operator allows you to compare sets of structured logs based on events you're interested in. Structured logs can be in JSON, CSV, key-value, or any structured format.</td>
    <td>_explanation<br/>_relevance<br/>_test_coverage<br/>_control_coverage</td>
-   <td>Not supported with <a href="/docs/alerts/scheduled-searches/create-real-time-alert">Real Time alerts</a>.<br/><a href="/docs/search/time-compare">Time Compare</a> and the <a href="/docs/search/search-query-language/search-operators/compare">compare operator</a> are not supported against LogExplain results.</td>
+   <td><a href="/docs/search/time-compare">Time Compare</a> and the <a href="/docs/search/search-query-language/search-operators/compare">compare operator</a> are not supported against LogExplain results.</td>
    <td><code>_sourceCategory=stream <br/>| if(_raw matches "error", 1, 0) as hasError<br/>| logexplain hasError == 1 on _sourceHost</code></td>
   </tr>
   <tr>
@@ -413,7 +413,7 @@ This section provides detailed syntax, rules, and examples for Sumo Logic Opera
    <td><a href="/docs/search/behavior-insights/logreduce/logreduce-values">logreduce values</a></td>
    <td>The logreduce values operator allows you to quickly explore structured logs by known keys. Structured logs can be in JSON, CSV, key-value, or any structured format.</td>
    <td>_cluster_id<br/>_signature<br/>_count</td>
-   <td>Not supported with <a href="/docs/alerts/scheduled-searches/create-real-time-alert">Real Time alerts</a>.</td>
+   <td></td>
    <td><code>_sourceCategory= *cloudtrail* errorCode<br/>| json field=_raw "eventSource" as eventSource<br/>| json field=_raw "eventName" as eventName<br/>| json field=_raw "errorCode" as errorCode<br/>| logreduce values on eventSource, eventName, errorCode</code></td>
   </tr>
   <tr>
diff --git a/docs/search/search-query-language/search-operators/join.md b/docs/search/search-query-language/search-operators/join.md
index 4dd441cdaf..5ba2b4d3dc 100644
--- a/docs/search/search-query-language/search-operators/join.md
+++ b/docs/search/search-query-language/search-operators/join.md
@@ -56,7 +56,6 @@ on t1.a = t2.c
     `The number of output messages exceeds 10,000,000. Please refine your search or shorten the time range to reduce the number of output messages.`
 
 * Only conjunctive conditions (AND) are allowed. Using NOT or OR conditions is not supported.
-* [Real Time Alerts](/docs/alerts/scheduled-searches/create-real-time-alert.md) do not support the join operator.
 * The join operator uses sliding windows to store candidates for joins in order to prevent unbounded memory usage when joining between two large relations. Because of this, the result of the join could be incomplete and inconsistent from run-to-run.
 * The following conditions are not currently supported in the ON clause:
 
diff --git a/docs/search/search-query-language/search-operators/outlier.md b/docs/search/search-query-language/search-operators/outlier.md
index d01cd50aa3..e73b02d6ce 100644
--- a/docs/search/search-query-language/search-operators/outlier.md
+++ b/docs/search/search-query-language/search-operators/outlier.md
@@ -128,7 +128,11 @@ This example will only produce an aggregation table, not a chart, but the indica
 
 ### Alert on an outlier
 
-This query counts the number of errors over time and sends an alert when an outlier is detected. When an outlier is detected, the value of `<field_name>_violation` will be set to 1. In the example below, the `<field_name>` is `_count`. By creating a [Real Time Alert](/docs/alerts/scheduled-searches/create-real-time-alert.md) and sending a notification if greater than 0 results are found, you can alert on an outlier.
+This query counts the number of errors over time and sends an alert when an outlier is detected. When an outlier is detected, the value of `<field_name>_violation` will be set to 1.
+
+<!-- Real Time Alerts deprecated. Replace example. See DOCS-782.
+
+In the example below, the `<field_name>` is `_count`. By creating a [Real Time Alert](/docs/alerts/scheduled-searches/create-real-time-alert.md) and sending a notification if greater than 0 results are found, you can alert on an outlier.
 
 ```sql
 "error"
@@ -139,6 +143,7 @@ This query counts the number of errors over time and sends an alert when an ou
 | outlier delta
 | where delta_violation = 1
 ```
+-->
 
 ### Multidimensional Outlier Detection
 
diff --git a/docs/search/search-query-language/search-operators/queryendtime.md b/docs/search/search-query-language/search-operators/queryendtime.md
index a7f64b5366..87fa211399 100644
--- a/docs/search/search-query-language/search-operators/queryendtime.md
+++ b/docs/search/search-query-language/search-operators/queryendtime.md
@@ -7,7 +7,7 @@ sidebar_label: queryEndTime()
 The `queryEndTime()` operator returns the end time of the search [time range](/docs/search/get-started-with-search/build-search/set-time-range) in milliseconds. You can use it in combination with [`queryStartTime()`](querystarttime.md) to establish times and ranges for your non-continuous queries.
 
 :::note
-For dashboards in live mode or real time scheduled searches `queryTimeRange()` is a more suitable option. In most cases the results would still be the same as using `queryStartTime()` and `queryEndTime()`, but the latter can be off from the real range by a few milliseconds.
+For dashboards in live mode, `queryTimeRange()` is a more suitable option. In most cases, the results would still be the same as using `queryStartTime()` and `queryEndTime()`, but the latter can be off from the real range by a few milliseconds.
 :::
 
 ## Syntax
diff --git a/docs/search/search-query-language/search-operators/querystarttime.md b/docs/search/search-query-language/search-operators/querystarttime.md
index 9be501655e..3303a547af 100644
--- a/docs/search/search-query-language/search-operators/querystarttime.md
+++ b/docs/search/search-query-language/search-operators/querystarttime.md
@@ -7,7 +7,7 @@ sidebar_label: queryStartTime()
 The `queryStartTime()` operator returns the start time of the search [time range](/docs/search/get-started-with-search/build-search/set-time-range) in milliseconds. You can use it in combination with [`queryEndTime()`](queryendtime.md) to establish times and ranges for your non-continuous queries.
 
 :::note
-For dashboards in live mode or real time scheduled searches, `queryTimeRange()` is a more suitable option. In most cases the results would still be the same as using `queryStartTime()` and `queryEndTime()`, but the latter can be off from the real range by a few milliseconds.
+For dashboards in live mode, `queryTimeRange()` is a more suitable option. In most cases, the results would still be the same as using `queryStartTime()` and `queryEndTime()`, but the latter can be off from the real range by a few milliseconds.
 :::
 
 ## Syntax
diff --git a/docs/search/search-query-language/search-operators/querytimerange.md b/docs/search/search-query-language/search-operators/querytimerange.md
index d4129160d7..4425073d9e 100644
--- a/docs/search/search-query-language/search-operators/querytimerange.md
+++ b/docs/search/search-query-language/search-operators/querytimerange.md
@@ -4,7 +4,7 @@ title: queryTimeRange Search Operator
 sidebar_label: queryTimeRange()
 ---
 
-The `queryTimeRange()` operator returns the time duration for the query being executed in milliseconds. You can use it to establish time ranges for your continuous queries (CQs). This is a preferred operator for queries that run in auto refresh dashboards or real time scheduled searches since it is more accurate than [`queryStartTime()`](querystarttime.md) and [`queryEndTime()`](queryendtime.md) operators in these cases.
+The `queryTimeRange()` operator returns the time duration for the query being executed in milliseconds. You can use it to establish time ranges for your continuous queries (CQs). This is a preferred operator for queries that run in auto refresh dashboards since it is more accurate than [`queryStartTime()`](querystarttime.md) and [`queryEndTime()`](queryendtime.md) operators in these cases.
 
 ## Syntax
 
diff --git a/docs/search/search-query-language/transaction-analytics/transactionize-operator.md b/docs/search/search-query-language/transaction-analytics/transactionize-operator.md
index 9725ca094a..afc4f4b448 100644
--- a/docs/search/search-query-language/transaction-analytics/transactionize-operator.md
+++ b/docs/search/search-query-language/transaction-analytics/transactionize-operator.md
@@ -59,9 +59,7 @@ Syntax section. For example, 
     To address this situation, try one or more of these options:
     * Reduce the [time range](/docs/search/get-started-with-search/build-search/set-time-range) of your search to reduce the scope.
     * Reduce the scope of your search by using parameters (such as `maxlogs`, `maxspan`, or `endswith`) that are listed above in the [Parameters](#parameters) section.
-    * Run a second `transactionize` operator immediately after your first one. This will take the potentially ungrouped messages of your first `transactionize` search and group them correctly.  
-         
-* Transactionize is not supported in [Real Time scheduled searches](../../../alerts/scheduled-searches/create-real-time-alert.md).
+    * Run a second `transactionize` operator immediately after your first one. This will take the potentially ungrouped messages of your first `transactionize` search and group them correctly.
 
 ## Example
 
diff --git a/docs/search/subqueries.md b/docs/search/subqueries.md
index b9206c0ff2..5a6464df37 100644
--- a/docs/search/subqueries.md
+++ b/docs/search/subqueries.md
@@ -148,7 +148,6 @@ The results only contain the values from the key-value pairs, the keys (field n
     * In Scheduled Views
     * Inside FERs
     * Auto Refresh Dashboards
-    * Real Time Scheduled Searches
 
 ## Example subquery 
 
diff --git a/docs/send-data/reference-information/time-reference.md b/docs/send-data/reference-information/time-reference.md
index 80f7540ccf..2bde3796dd 100644
--- a/docs/send-data/reference-information/time-reference.md
+++ b/docs/send-data/reference-information/time-reference.md
@@ -273,7 +273,7 @@ They will see the same data, just displayed using their custom set time zone. Fo
 
 The **Time Range** field on the **Search** page uses the time zone that is set for the Sumo Logic user interface. This is either the default time zone used in the web browser and set by the operating system, or the **Default Timezone** setting on the **Preferences** page, if you have set this option.
 
-When you create a [Scheduled Search](/docs/alerts/scheduled-searches) or a [real-time alert](/docs/alerts/scheduled-searches/create-real-time-alert), the time range of the search that you save uses the time zone that is set for the Sumo Logic user interface. If you have changed the time zone using the **Default Timezone** setting, this time zone will be used for your Scheduled Searches and Real Time Alerts.
+When you create a [Scheduled Search](/docs/alerts/scheduled-searches), the time range of the search that you save uses the time zone that is set for the Sumo Logic user interface. If you have changed the time zone using the **Default Timezone** setting, this time zone will be used for your Scheduled Searches.
 
 :::note
 The **Default Timezone** setting does not automatically update the configurations of existing Scheduled Searches or real-time alerts. If you'd like your Scheduled Searches and real-time alerts to use the same time zone as your user interface, you'll need to edit them to do so, and save them.
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md b/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
index aea1a954db..dd586c2c73 100644
--- a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
+++ b/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
@@ -9,10 +9,6 @@ Real-time alerts are scheduled searches that run nearly continuously. That means
 
 When an alert condition is satisfied Sumo Logic triggers the selected alert type. Sumo Logic examines ingested data in a rolling window using the Time Range you define. Any time a new result is found, another email is sent.
 
-:::note
-Only use real time schedules when you know your data is ingested within a few minutes of its creation. The [receipt time](../../search/get-started-with-search/build-search/use-receipt-time.md) should be within a few minutes of your log's [message time](/docs/search/get-started-with-search/search-basics/built-in-metadata). See how to [troubleshoot timestamp discrepancies](/docs/send-data/collector-faq#troubleshooting-time-discrepancies).
-:::
-
 Real-time alerts are not duplicated, which means that if a specific raw log message has triggered an alert once already, that same log message will not trigger an alert a second time.
 
 For example, if **Message X** caused an alert to be sent at **Time T**, and Sumo Logic detects **Message X** again at **Time T+1**, Sumo Logic does not send a second alert at **Time T+1**. But if Sumo Logic detects **Message Y** at **Time T+1**, a new alert is sent, because the root cause is different.

From 9761d935701d8eba811629986964861f1def1ffb Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Thu, 27 Mar 2025 19:22:23 -0400
Subject: [PATCH 03/12] Update
 docs/manage/manage-subscription/cloud-flex-legacy-accounts.md

---
 docs/manage/manage-subscription/cloud-flex-legacy-accounts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
index 98ffd0ac26..b512ac6336 100644
--- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
+++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md
@@ -164,7 +164,7 @@ The following visual indicators apply:
 
 To switch between views and time interval displays, do the following:
 
-1. Log in to Sumo Logic.
+1. Log in to Sumo Logic. 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**. <br/> [**New UI**](/docs/get-started/sumo-logic-ui/). In the top menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**. <br/>The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics. <br/>![CloudFlex-AccountPage.png](/img/manage/subscriptions/pqs.png)
 1. To change the type of analytics you are viewing, in the **Usage (Daily Capacity)** panel click the arrow next to the view name and select the analytics type from the dropdown list. The display data changes accordingly. Repeat as needed to monitor all the areas of your account usage.
 1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.<br/>![CloudFlex_Usage_BillingPeriod_menu.png](/img/manage/subscriptions/uage-billing-period.png)

From b444d3788c185fcf1e424406509e685b74405fd9 Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Thu, 27 Mar 2025 19:23:39 -0400
Subject: [PATCH 04/12] Update create-real-time-alert.md

---
 .../alerts/scheduled-searches/create-real-time-alert.md       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md b/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
index dd586c2c73..aea1a954db 100644
--- a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
+++ b/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
@@ -9,6 +9,10 @@ Real-time alerts are scheduled searches that run nearly continuously. That means
 
 When an alert condition is satisfied Sumo Logic triggers the selected alert type. Sumo Logic examines ingested data in a rolling window using the Time Range you define. Any time a new result is found, another email is sent.
 
+:::note
+Only use real time schedules when you know your data is ingested within a few minutes of its creation. The [receipt time](../../search/get-started-with-search/build-search/use-receipt-time.md) should be within a few minutes of your log's [message time](/docs/search/get-started-with-search/search-basics/built-in-metadata). See how to [troubleshoot timestamp discrepancies](/docs/send-data/collector-faq#troubleshooting-time-discrepancies).
+:::
+
 Real-time alerts are not duplicated, which means that if a specific raw log message has triggered an alert once already, that same log message will not trigger an alert a second time.
 
 For example, if **Message X** caused an alert to be sent at **Time T**, and Sumo Logic detects **Message X** again at **Time T+1**, Sumo Logic does not send a second alert at **Time T+1**. But if Sumo Logic detects **Message Y** at **Time T+1**, a new alert is sent, because the root cause is different.

From a147a67ee94ad2d62a28e78e618b0b6fbe23542e Mon Sep 17 00:00:00 2001
From: Kim Pohas <kpohas@sumologic.com>
Date: Mon, 21 Apr 2025 12:33:57 -0700
Subject: [PATCH 05/12] added release note and redirect

---
 blog-service/2021/12-31.md                    |  2 +-
 blog-service/2024/12-31.md                    | 38 +++++-----
 blog-service/2025-05-15-alerts.md             | 19 +++++
 cid-redirects.json                            |  1 +
 .../scheduled-searches/create-email-alert.md  | 11 ---
 .../create-real-time-alert.md                 | 74 +++++++------------
 docs/alerts/scheduled-searches/deprecation.md | 47 ------------
 docs/alerts/scheduled-searches/index.md       |  6 --
 sidebars.ts                                   |  3 +-
 9 files changed, 66 insertions(+), 135 deletions(-)
 create mode 100644 blog-service/2025-05-15-alerts.md
 delete mode 100644 docs/alerts/scheduled-searches/deprecation.md

diff --git a/blog-service/2021/12-31.md b/blog-service/2021/12-31.md
index df1e8cbf2d..09568a971b 100644
--- a/blog-service/2021/12-31.md
+++ b/blog-service/2021/12-31.md
@@ -618,7 +618,7 @@ Update - [Scheduled View](/docs/manage/scheduled-views "Scheduled Views") quer
 ---
 ## March 16, 2021 (Alerts)
 
-Update - We have resolved a discrepancy in the notification payload of [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
+Update - We have resolved a discrepancy in the notification payload of Real-Time Scheduled Searches.
 
 Previously, the payload for subsequent real time alerts in a given time range would incrementally report the results and omit the records that were already present in the previous alert.
 
diff --git a/blog-service/2024/12-31.md b/blog-service/2024/12-31.md
index a9385b426b..f7fabb6c94 100644
--- a/blog-service/2024/12-31.md
+++ b/blog-service/2024/12-31.md
@@ -29,7 +29,7 @@ We’re excited to announce the release of new Azure Service Bus, Azure API Mana
     - `sumologic-aws-cloudtrail-benchmark` - SAM SemanticVersion: 1.0.18.
     - `sumologic-app-utils` - SAM SemanticVersion: 2.0.19.
 
-##### Enhancements 
+##### Enhancements
 
 - **Added Monitors**. We have added new pre-configured monitors to the [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/#cassandra-alerts), [Couchbase - OpenTelemetry](/docs/integrations/databases/opentelemetry/couchbase-opentelemetry/#couchbase-alerts), [HAProxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/#haproxy-alerts), [IIS - OpenTelemetry](/docs/integrations/web-servers/iis-10), [Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/#sql-server-linux-alerts), [MariaDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mariadb-opentelemetry/#mariadb-alerts), [Memcached - OpenTelemetry](/docs/integrations/databases/opentelemetry/memcached-opentelemetry/#memcached-alerts), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/#mongodb-alerts), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#oracle-alerts), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/#rabbitmq-alerts), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/#redis-alerts), [Squid Proxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/squid-proxy-opentelemetry/#squidproxy-alerts), [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/#varnish-alerts), [JFrog Artifactory - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry), [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry), and [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry) apps.     
 - **Azure Blob Storage (block blobs) Collection**. Updated the Block Blob collection to support collection for Network Flow logs. The Network Security Group (NSG) flow logs will be removed on 30 September 2027. **From 30 June 2025, you will no longer be able to generate new NSG flow logs as part of this retirement**. For more details, refer to the Azure [documentation](https://learn.microsoft.com/en-us/azure/network-watcher/flow-logs-read?tabs=nsg).
@@ -70,7 +70,7 @@ We’re excited to announce the release of new Azure Service Bus, Azure API Mana
     - Kubernetes
     - EKS Control Plane app
     - Doppel Vision
-    
+
 - Minor fixes in the *monitors* in the following [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
     - AWS WAF
     - AWS WAF - Cloud Security Monitoring and Analytics
@@ -91,7 +91,7 @@ We are excited to announce the release of our new cloud-to-cloud source for VMwa
 
 ### December 16, 2024 (Collection)
 
-#### Dragos C2C Source 
+#### Dragos C2C Source
 
 We're excited to announce the release of our new cloud-to-cloud source for Dragos. This source helps you to collect address, asset, vulnerability, and zone details from the Dragos API and ingest them into Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source).
 
@@ -161,7 +161,7 @@ We're excited to introduce Copilot, an AI-powered assistant that accelerates log
 
 ### December 02, 2024 (Apps)
 
-#### Azure Security - Defender for Cloud 
+#### Azure Security - Defender for Cloud
 
 We're excited to introduce the new Azure Security - Defender for Cloud app for Sumo Logic. This app helps you to collect the alerts, security recommendation, and regulatory compliance logs using the Sumo Logic Cloud-to-Cloud Azure Event Hub Source and by configuring the continuous export using the Event Hub instance details in the Azure portal. Key features of the Azure Security - Defender for Cloud app include:
 
@@ -196,7 +196,7 @@ We’re excited to announce the preview release of **Query Assist**, designed to
 * **Partial query prediction**. Anticipate the next operator or receive partial query suggestions based on your input.  
 * **Enhanced user experience**. Real-time error highlighting and intelligent suggestions provide a smooth and seamless query-building process.  
 
-These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist). 
+These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist).
 
 ### November 28, 2024 (Apps)
 
@@ -214,23 +214,23 @@ We’re excited to announce the release of the new Azure Database for PostgreSQL
 [Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/).
 - **Azure App Service Environment**. An Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. This integration helps in monitoring your environments operational events such as upgrades, scaling, and suspensions. [Learn more](/docs/integrations/microsoft-azure/azure-app-service-environment).
 
-##### Enhancements 
+##### Enhancements
 
 We're excited to announce the release of the enhancements listed below for the Sumo Logic apps:
 
 - **Apache - OpenTelemetry**. Added six new monitors for Apache - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-opentelemetry/#apache-alerts).
 - **Apache Tomcat - OpenTelemetry**. Added four new monitors for Apache Tomcat - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/#apache-tomcat-alerts).
 - **Oracle - OpenTelemetry**.  Updated the collection process to fetch unified audit logs and added new **Unified Audit Syslog** dashboard. This new dashboard offers information on database users, top current users, and trends in logon status. This dashboard can also be used with the unified audit logs exported from both Windows and Linux environments. [Learn more](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#unified-audit-syslog).
-- **Added CloudTrail Audit dashboard**. The CloudTrail Audit dashboard is added to the [AWS Application Load Balancer](/docs/integrations/amazon-aws/application-load-balancer/#cloudtrail-audit), [AWS Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/#cloudtrail-audit), and [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/#cloudtrail-audit) apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns. 
+- **Added CloudTrail Audit dashboard**. The CloudTrail Audit dashboard is added to the [AWS Application Load Balancer](/docs/integrations/amazon-aws/application-load-balancer/#cloudtrail-audit), [AWS Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/#cloudtrail-audit), and [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/#cloudtrail-audit) apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns.
 - **Amazon RDS**. Added **Oracle Logs - Alert Logs Analysis**, **Oracle Logs - Audit Logs Analysis**, and **Oracle Logs - Listener Troubleshooting** dashboards. These CloudTrail and CloudWatch Logs dashboard provide monitoring for error logs and essential infrastructure details. [Learn more](/docs/integrations/amazon-aws/rds/#oracle-logs---alert-logs-analysis).
 - **MongoDB Atlas**. New version of the [MongoDB Atlas collection](/docs/integrations/databases/mongodb-atlas/#collecting-logs-and-metrics-for-the-mongodb-atlas-app) was released with `v.1.0.11` in [Pypi](https://pypi.org/project/sumologic-mongodb-atlas/) and `v1.0.18` in [AWS Serverless Repository](https://serverlessrepo.aws.amazon.com/applications/us-east-1/956882708938/sumologic-mongodb-atlas). [Learn more](https://github.com/SumoLogic/sumologic-mongodb-atlas/releases/tag/v2.0.1)
- 
+
 ##### Bug fixes
 
 - Minor *query* fixes in the below [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
   - Amazon CloudTrail - Cloud Security Monitoring and Analytics
   - Github
-    
+
 - Minor fixes in the *monitors* for the below [Next-Gen Apps](/docs/get-started/apps-integrations/#next-gen-apps):
   - Microsoft Azure AD Inventory
   - Audit
@@ -312,7 +312,7 @@ We’re excited to announce the release of new Azure Database for MySQL, Azure A
 - **Amazon OpenSearch**. Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. An OpenSearch Service domain is synonymous with an OpenSearch cluster. Domains are clusters with the settings, instance types, instance counts, and storage resources that you specify. [Learn more](/docs/integrations/amazon-aws/amazon-opensearch).
 - **Azure Cosmos DB for NoSQL**. Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development offering single-digit millisecond response times, automatic and instant scalability, along with guaranteed speed at any scale. This integration helps in monitoring the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources. [Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db).
 
-##### Enhancements 
+##### Enhancements
 
 We're excited to announce the release of below listed enhancements for the Sumo Logic apps:
 
@@ -397,7 +397,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Digit
 
 We're happy to announce enhancements to Cloud Infrastructure for AWS. These capabilities were [previously only available in a preview form](#may-13-2024-apps). They are now available for general use.
 
-You can now more easily configure sources on a simplified screen, allowing you to use existing sources or create new sources. 
+You can now more easily configure sources on a simplified screen, allowing you to use existing sources or create new sources.
 
 <img src={useBaseUrl('img/integrations/amazon-aws/cis-for-aws-install-0.png')} alt="Configure Sources screen" style={{border: '1px solid gray'}} width="700"/>
 
@@ -421,7 +421,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Kandj
 
 #### Role Based Index Access
 
-We're excited to announce that when you create a role, you can select **Index Access** to restrict access to data in specific indexes. In addition, when you now select **Search Filter**, you can create filtering to restrict access to log analytics, audit, and security data. These enhancements ensure that users only see the data they are supposed to. 
+We're excited to announce that when you create a role, you can select **Index Access** to restrict access to data in specific indexes. In addition, when you now select **Search Filter**, you can create filtering to restrict access to log analytics, audit, and security data. These enhancements ensure that users only see the data they are supposed to.
 
 This feature was [previously only available to participants in our beta program](/release-notes-service/2023/12/31/#october-27-2023-manage-account). It is now available for general use.
 
@@ -445,7 +445,7 @@ We are happy to announce that you can now configure the schema and format of log
 
 <img src={useBaseUrl('img/manage/data-forwarding/forward-raw-data.png')} alt="Options to forward raw data" style={{border: '1px solid gray'}} width="450"/>
 
-To learn more, see the *Forward data to an S3 forwarding destination* section in our article [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket). 
+To learn more, see the *Forward data to an S3 forwarding destination* section in our article [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket).
 
 ### October 02, 2024 (Apps)
 
@@ -459,7 +459,7 @@ We’re excited to announce the release of new Azure Load Balancer, Azure Cache
 - **Azure Cache for Redis**. Azure Cache for Redis provides an in-memory data store based on the Redis software. It offers both the Redis open-source (OSS Redis) and a commercial product from Redis Inc. as a managed service. This integration helps in tracking cache performance (miss rate, latency, read and write rate) and monitor resource health incidents and resource usage (CPU, used memory, server load, and connections) of your instances. It also provides policy compliance and recommendations information from Azure advisor. [Learn more](/docs/integrations/microsoft-azure/azure-cache-for-redis).
 - **Doppel Vision**. Doppel technology identifies and takes down deep fakes, malicious impersonations, phishing, disinformation campaigns targeting clients, and utilizes proprietary AI and machine learning tools to automate threat detection and takedowns. The Doppel dashboard provides a comprehensive overview of digital risk protection metrics and alerts, helping users monitor high-severity threats, analyse alerts by various categories, and gain actionable insights. [Learn more](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/DoppelVision).
 
-##### Enhancements 
+##### Enhancements
 
 We're excited to announce the release of the updated version of IIS 10 - OpenTelemetry and Azure Webapps apps for Sumo Logic, which includes the below enhancements:
 
@@ -471,8 +471,8 @@ We're excited to announce the release of the updated version of IIS 10 - OpenTel
 Minor fixes for the below listed apps. To know more about the version updates, navigate to the **Releases Notes** tab of the respective app.
 
 - Active Directory 2012+ (JSON)
-- Azure Application Gateway 
-- Barracuda CloudGen Firewall 
+- Azure Application Gateway
+- Barracuda CloudGen Firewall
 - Endace
 - LambdaTest
 
@@ -665,7 +665,7 @@ If you have the Salesforce source set up and choose to upgrade it, follow the in
 
 ##### Source configuration
 
-1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.
 1. Search for the required source and click the **Upgrade** button.<img src={useBaseUrl('img/release-notes/service/upgrade-source.png')} alt="upgrade-source" style={{border:'1px solid gray'}} width="800"/>
 1. You will be directed to the configuration page. Ensure you do not change any of the configurations set.
 1. Click **Upgrade** at the bottom of the configuration page.
@@ -829,7 +829,7 @@ For information, see [Metrics Explorer](/docs/metrics/metrics-queries/metrics-ex
 
 #### Deprecation Notice - Real-Time Scheduled Searches
 
-As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals.
+As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate Real-Time Scheduled Searches. In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals.
 
 In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting. Learn more [here](/docs/alerts/scheduled-searches/deprecation).
 
@@ -1123,4 +1123,4 @@ For more information, see our documentation on how to [monitor credits allocatio
 
 #### Index Field
 
-We're excited to include the **Index** field as metadata at the bottom of every message row, along with other metadata. This allows you to modify the search query by clicking the index name or view surrounding messages by clicking on the dropdown. [Learn more](/docs/search/get-started-with-search/search-basics/built-in-metadata). <br/><img src={useBaseUrl('img/search/get-started-search/search-page/index-filter.png')} alt="index-filter" width="800" style={{border: '1px solid gray'}}/>
\ No newline at end of file
+We're excited to include the **Index** field as metadata at the bottom of every message row, along with other metadata. This allows you to modify the search query by clicking the index name or view surrounding messages by clicking on the dropdown. [Learn more](/docs/search/get-started-with-search/search-basics/built-in-metadata). <br/><img src={useBaseUrl('img/search/get-started-search/search-page/index-filter.png')} alt="index-filter" width="800" style={{border: '1px solid gray'}}/>
diff --git a/blog-service/2025-05-15-alerts.md b/blog-service/2025-05-15-alerts.md
new file mode 100644
index 0000000000..6d85bbba1d
--- /dev/null
+++ b/blog-service/2025-05-15-alerts.md
@@ -0,0 +1,19 @@
+---
+title: Real-Time Scheduled Searches Fully Deprecated (Alerts)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - alerts
+  - scheduled searches
+  - monitors
+hide_table_of_contents: true    
+---
+
+As of today, all remaining Real-Time Scheduled Searches have been automatically converted to 15-minute schedules. The ability to create or run Scheduled Searches with real-time frequency is no longer supported.
+
+Key details:
+* Real-Time frequency is no longer available in Scheduled Search creation or editing workflows.
+* Any previously existing Real-Time Scheduled Searches now run on a 15-minute schedule.
+* Each conversion has been recorded as an audit log event in your account.
+* A small number of accounts with approved exceptions remain unaffected.
+
+For real-time alerting, use [Monitors](/docs/alerts/monitors/overview), which provide richer capabilities such as multiple trigger conditions, alert grouping, and AI-driven insights. Learn more: [Deprecation of Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert)
diff --git a/cid-redirects.json b/cid-redirects.json
index 628828507e..d888b76b6e 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -3864,6 +3864,7 @@
   "/Dashboards-and-Alerts/Alerts/04-Create-an-Email-Alert": "/docs/alerts/scheduled-searches/create-email-alert",
   "/Dashboards-and-Alerts/Alerts/08-Save-to-Index": "/docs/alerts/scheduled-searches/save-to-index",
   "/Dashboards-and-Alerts/Alerts/03-Create-a-Real-Time-Alert": "/docs/alerts/scheduled-searches/create-real-time-alert",
+  "/docs/alerts/scheduled-searches/deprecation": "/docs/alerts/scheduled-searches/create-real-time-alert",
   "/Data_Enrichment": "/docs/send-data/data-enrichment",
   "/Manage/Connections_and_Integrations/Webhook_Connections": "/docs/alerts/webhook-connections",
   "/Manage/Connections_and_Integrations/Webhook_Connections/About_Webhook_Connections": "/docs/alerts/webhook-connections/set-up-webhook-connections",
diff --git a/docs/alerts/scheduled-searches/create-email-alert.md b/docs/alerts/scheduled-searches/create-email-alert.md
index a57ef05b36..806dedd5d0 100644
--- a/docs/alerts/scheduled-searches/create-email-alert.md
+++ b/docs/alerts/scheduled-searches/create-email-alert.md
@@ -80,17 +80,6 @@ Do either of the following:
 If you're a new user and someone has forwarded you an alert email, the links to the search will not work until you've completed your setup process.
 :::
 
-
-### Real-time alerts
-
-:::warning Solution Deprecated
-Effective May 15, 2024, Real-Time Scheduled Searches have been deprecated and you will no longer be able to create them. Real-Time Scheduled Searches created before that date will continue to function until May 15, 2025. We encourage you instead to [create a monitor](/docs/alerts/monitors/create-monitor) for use cases that require real-time alerting. [Learn more](/docs/alerts/scheduled-searches/deprecation).
-:::
-
-[Real-time alerts](create-real-time-alert.md) continuously monitor your Sumo Logic deployment, and return alert emails whenever conditions are met.
-
-Scheduled Searches run according to the time zone of an individual's computer and browser, not according to the time zone of logs.
-
 ## Customize your email alert subject and content
 
 You can use variables to customize the subject of your email. You can also select the features you want to include in your email. For details, see [Create a Scheduled Search Email Alert](create-email-alert.md).
diff --git a/docs/alerts/scheduled-searches/create-real-time-alert.md b/docs/alerts/scheduled-searches/create-real-time-alert.md
index 2eb7ffb515..003538c696 100644
--- a/docs/alerts/scheduled-searches/create-real-time-alert.md
+++ b/docs/alerts/scheduled-searches/create-real-time-alert.md
@@ -1,69 +1,45 @@
 ---
 id: create-real-time-alert
-title: Manage Real-Time Scheduled Search Alerts (Deprecated)
-description: Real-time alerts notify you of error conditions right when they occur.
+title: Deprecation of Real-Time Scheduled Searches
 ---
 
-:::warning Solution Deprecated
-Real-Time Scheduled Searches will be deprecated on May 15, 2025. Existing searches will be automatically converted to [15-minute scheduled search frequency windows](/docs/alerts/scheduled-searches/schedule-search/#step-2-set-run-frequency) unless your account was explicitly excluded. If you need real-time alerts, we recommend transitioning to [Monitors](/docs/alerts/monitors/overview).
+:::warning Deprecated Feature
+As of **May 15, 2025**, Real-Time Scheduled Searches are officially deprecated and no longer run in real time. All remaining Real-Time Scheduled Searches have been automatically converted to 15-minute schedules. For real-time alerting, use [Monitors](/docs/alerts/monitors/overview).
 :::
 
-Real-time alerts are scheduled searches that run nearly continuously. This means that you're informed in real time when error conditions exist.
+As part of our ongoing platform improvements, Sumo Logic has officially deprecated [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). These legacy searches have been replaced by [Monitors](/docs/alerts/monitors/overview), which offer more powerful, scalable, and flexible alerting capabilities.
 
-When an alert condition is satisfied, Sumo Logic triggers the selected alert type and examines ingested data in a rolling window using the time range you define. When a new result is found, you'll receive an email.
 
-This document describes how to manage existing real-time alert scheduled searches. Although creating new real-time alerts is no longer supported, you can still view, edit, and delete existing ones.
+## Deprecation timeline
 
-## When to use
+| Date | Change |
+|:-----|:-------|
+| **May 29, 2024** | Creation of new Real-Time Scheduled Searches was disabled across all Sumo Logic accounts |
+| **May 15, 2025** | All remaining Real-Time Scheduled Searches were automatically converted to 15-minute schedules (except for a small number of approved exceptions). An audit log entry was created for each conversion. |
 
-Only use real-time schedules when you know your data is ingested within a few minutes of its creation. The [receipt time](/docs/search/get-started-with-search/build-search/use-receipt-time) should be within a few minutes of your log's [message time](/docs/search/get-started-with-search/search-basics/built-in-metadata). Learn about
-troubleshooting timestamp discrepancies [here](/docs/send-data/collector-faq#troubleshooting-time-discrepancies).
+Real-Time frequency is no longer supported, and any attempt to edit or recreate a real-time schedule will default to 15-minute intervals.
 
-Real-time alerts are not duplicated, which means that if a specific raw log message has triggered an alert once already, that same log message will not trigger an alert a second time.
 
-For example, if **Message X** caused an alert to be sent at **Time T**, and Sumo Logic detects **Message X** again at **Time T+1**, Sumo Logic does not send a second alert at **Time T+1**. But if Sumo Logic detects **Message Y** at **Time T+1**, a new alert is sent, because the root cause is different.
+## Why did this change happen?
 
-:::important
-If the time zone of messages is set incorrectly, those logs won't be picked up by real-time alerts.
-:::
-
-
-## Limitations
-
-* The time range of a real-time alerts must be between 5 and 15 minutes. 
-* Searching by receipt time is not supported.
-* If your search query result is a subset of your previous run's result, a real-time alert will not trigger. It will trigger only when there are new results compared to the previous run.
-* A maximum of 120 emails are sent per day from real-time alerts.
-* Aggregate real-time scheduled searches evaluate the first 1,000 results per search. For example, if the scheduled search is supposed to return more than 1,000 results, reduce the scope of the search.
-* Non-aggregate real-time scheduled searches evaluate the first 100 results per search. For example, if the scheduled search is supposed to return more than 100 results, either convert it to aggregate scheduled search or reduce the scope of the search.
-* The [`_dataTier`](/docs/manage/partitions/data-tiers) search modifier is not supported in real-time alert searches.
-
-### Operator limitations
+[Monitors](/docs/alerts/monitors/overview) support real-time alerting on both logs and metrics, and offer significant advantages over Scheduled Searches, including:
 
-* Some queries cannot be used in real-time alerts searches. Other operators can be used in real-time search, but in the search, they must be included after the first "group-by" phrase:
+* [Multiple trigger conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
+* [Alert grouping](/docs/alerts/monitors/alert-grouping/)
+* [Playbook support](/docs/alerts/monitors/alert-response/#alert-details)
+* [AI-driven alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
+* [Integration with the Alert Response page](/docs/alerts/monitors/alert-response/)
 
- | Not supported for real-time alerts | Must be added after a "group by" phrase |
- | :-- | :-- |
- | <ul><li>Count_frequent</li><li>Details</li><li>First, Last - instead use the withtime option, see [`most_recent` and `least_recent`](/docs/search/search-query-language/group-aggregate-operators/most-recent-least-recent).</li><li>LogReduce</li><li>Now()</li><li>Outlier will omit the first N (window size) data points in results because those data points are used in the training phase.</li><li>Join</li><li>Parse using</li><li>queryStartTime()</li><li>queryEndTime()</li><li>Save</li><li>Sessionize</li><li>Subquery</li><li>Threat Intel</li><li>Trace</li><li>Timeslice greater than 1 day</li><li>Transactionize</li></ul> | <ul><li>Accum</li><li>Backshift</li><li>Diff</li><li>Join</li><li>Limit</li><li>RollingStd</li><li>Smooth</li><li>Sort</li><li>Top</li><li>Total</li><li>Transaction By Flow</li><li>Compare With can be used when your query's aggregate operation is grouped by a [`timeslice`](/docs/search/search-query-language/search-operators/timeslice).</li></ul> |
+Monitors are the strategic focus for our future alerting development and enhancements.
 
-* Real-time queries using [Time Compare](/docs/search/time-compare) need to have at least three timeslices within its time range. For example, if the time range is 10 minutes, your timeslices need to be no longer than 3 minutes so that there are at least three of them.
+## What should I do?
 
-## Viewing existing real-time alerts
+If you're still relying on Scheduled Searches for real-time alerting, we strongly recommend migrating to Monitors for the most accurate, flexible, and reliable experience.
 
-- Navigate to the **Alerts** section in your Sumo Logic dashboard.
-- Use the search functionality to locate existing real-time alerts.
-
-## Editing existing real-time alerts
-
-- Click on the real-time alert you wish to edit.
-- Make necessary changes to the alert parameters (such as conditions or notification settings).
-- Save your changes to update the alert.
-
-## Deleting existing real-time alerts
-
-- Select the real-time alert you want to delete.
-- Click the **Delete** button and confirm the deletion.
+:::note Can I import a Scheduled Search into a Monitor?
+No. Scheduled Searches and Monitors use different JSON structures. You’ll need to recreate the search logic manually in the [Monitor creation UI](/docs/alerts/monitors/create-monitor/).
+:::
 
-## Alternatives to real-time alerts
+If your use case doesn't require real-time execution, your automatically converted Scheduled Search will continue to run every 15 minutes. However, it may be a good time to consider consolidating logic in Monitors for long-term maintenance.
 
-Since the creation of new real-time alerts is deprecated, we recommend using monitors to achieve similar functionality.
+If you have any questions, please contact your account team or open a [Support ticket](https://support.sumologic.com/support/s/).
diff --git a/docs/alerts/scheduled-searches/deprecation.md b/docs/alerts/scheduled-searches/deprecation.md
deleted file mode 100644
index 2541ccf8b9..0000000000
--- a/docs/alerts/scheduled-searches/deprecation.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-id: deprecation
-title: Deprecation of Real-Time Scheduled Searches
----
-
-:::warning Deprecation Notice
-Real-Time Scheduled Searches will be deprecated on **May 15, 2025**. As of **May 29, 2024**, creating new Real-Time Scheduled Searches is no longer supported. Existing Real-Time Searches will continue to function until the deprecation date, at which point they will automatically convert to 15-minute schedules. See below for full details.
-:::
-
-As part of our ongoing platform improvements, we are deprecating [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). While this functionality has supported real-time alerting for many years, our modern alerting framework, [Monitors](/docs/alerts/monitors/overview), offers a more powerful and flexible experience for real-time and scheduled alerts.
-
-## Deprecation timeline
-
-| Date | Change |
-|:-----|:-------|
-| **May 29, 2024** | Creation of new Real-Time Scheduled Searches was disabled across all Sumo Logic accounts |
-| **May 15, 2025** | All remaining Real-Time Searches will automatically convert to 15-minute schedules (except for a small number of customers with exceptions). Each conversion will be recorded via audit log. Real-Time frequency will no longer be editable. |
-
-## Why is this happening?
-
-[Monitors](/docs/alerts/monitors/overview) support real-time alerting on both logs and metrics, and offer significant advantages over Scheduled Searches, including:
-
-* [Multiple trigger conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
-* [Alert grouping](/docs/alerts/monitors/alert-grouping/)
-* [Playbook support](/docs/alerts/monitors/alert-response/#alert-details)
-* [AI-driven alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
-* [Integration with the Alert Response page](/docs/alerts/monitors/alert-response/)
-
-Monitors are the primary focus for our Product and Engineering Teams for alerting features and enhancements.
-
-## What do I need to do?
-
-Before **May 15, 2025**, we recommend:
-
-* If you need real-time alerting, recreate your Real-Time Scheduled Searches as [Monitors](/docs/alerts/monitors/overview).
-   :::note Can I import a Scheduled Search into a Monitor?
-   No. Scheduled Searches and Monitors use different JSON structures. You’ll need to recreate the search logic manually in the [Monitor creation UI](/docs/alerts/monitors/create-monitor/).
-   :::
-* If real-time execution isn’t required, you can manually update your Scheduled Search to run every 15 minutes or longer.
-
-After the deprecation date, all remaining Real-Time Scheduled Searches will be automatically updated to run at 15-minute intervals. An audit log entry will be generated for each conversion.
-
-:::note
-If you edit an existing Real-Time Scheduled Search and change the frequency, you will not be able to revert it back to Real-Time.
-:::
-
-If you have any questions, please reach out to your account team or open a [Support ticket](https://support.sumologic.com/support/s/).
diff --git a/docs/alerts/scheduled-searches/index.md b/docs/alerts/scheduled-searches/index.md
index ba502d00e8..951b06e963 100644
--- a/docs/alerts/scheduled-searches/index.md
+++ b/docs/alerts/scheduled-searches/index.md
@@ -21,12 +21,6 @@ A _Scheduled Search_ is a standard [Log Search](/docs/search) that you save and
   <p>Learn how to create a Scheduled Search email alert.</p>
   </div>
 </div>
-<div className="box smallbox card">
-  <div className="container">
-  <a href="/docs/alerts/scheduled-searches/create-real-time-alert"><img src={useBaseUrl('img/icons/general/calendar.png')} alt="icon" width="40"/><h4>Manage Real-Time Scheduled Search Alerts (Deprecated) </h4></a>
-  <p>Learn how to manage existing alerts to get notified in real-time when error conditions exist.</p>
-  </div>
-</div>
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/alerts/scheduled-searches/edit-cancel"><img src={useBaseUrl('img/icons/general/calendar.png')} alt="icon" width="40"/><h4>Edit or Cancel a Scheduled Search</h4></a>
diff --git a/sidebars.ts b/sidebars.ts
index 766946025f..9ba39fe7da 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -1164,7 +1164,6 @@ module.exports = {
           items: [
             'alerts/scheduled-searches/schedule-search',
             'alerts/scheduled-searches/create-email-alert',
-            'alerts/scheduled-searches/create-real-time-alert',
             'alerts/scheduled-searches/edit-cancel',
             'alerts/scheduled-searches/save-to-index',
             'alerts/scheduled-searches/save-to-lookup',
@@ -3036,7 +3035,7 @@ integrations: [
         'security/threat-intelligence/threat-indicators-in-cloud-siem',
         'security/threat-intelligence/upload-formats',
       ],
-    },  
+    },
   ],
   api: [
     {

From bb305a46257807001ba94f4703c0f1175284f278 Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Mon, 21 Apr 2025 15:35:42 -0400
Subject: [PATCH 06/12] Update sidebars.ts

---
 sidebars.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sidebars.ts b/sidebars.ts
index 9ba39fe7da..bd0178f299 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -3035,7 +3035,7 @@ integrations: [
         'security/threat-intelligence/threat-indicators-in-cloud-siem',
         'security/threat-intelligence/upload-formats',
       ],
-    },
+    },  
   ],
   api: [
     {

From 36bb75faed5f6585ccc0b50ce2e6ea48b67b246a Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Thu, 24 Apr 2025 18:01:26 -0400
Subject: [PATCH 07/12] Update blog-service/2025-05-15-alerts.md

Co-authored-by: John Pipkin (Sumo Logic) <jpipkin@sumologic.com>
---
 blog-service/2025-05-15-alerts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-05-15-alerts.md b/blog-service/2025-05-15-alerts.md
index 6d85bbba1d..3b5ac606db 100644
--- a/blog-service/2025-05-15-alerts.md
+++ b/blog-service/2025-05-15-alerts.md
@@ -16,4 +16,4 @@ Key details:
 * Each conversion has been recorded as an audit log event in your account.
 * A small number of accounts with approved exceptions remain unaffected.
 
-For real-time alerting, use [Monitors](/docs/alerts/monitors/overview), which provide richer capabilities such as multiple trigger conditions, alert grouping, and AI-driven insights. Learn more: [Deprecation of Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert)
+For real-time alerting, use [Monitors](/docs/alerts/monitors/overview), which provide richer capabilities such as multiple trigger conditions, alert grouping, and AI-driven insights. Learn more: [Deprecation of Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).

From 081d395a08f9556df1e3e776e892a12089b5794b Mon Sep 17 00:00:00 2001
From: Kim Pohas <kpohas@sumologic.com>
Date: Thu, 24 Apr 2025 17:57:23 -0700
Subject: [PATCH 08/12] fixes

---
 blog-service/2024/12-31.md                    |  2 +-
 .../difference-from-scheduled-searches.md     |  2 +-
 docs/alerts/scheduled-searches/faq.md         | 21 ------
 .../scheduled-searches/schedule-search.md     |  2 +-
 .../schedule-searches-webhook-connections.md  |  3 +-
 .../dashboards/share-dashboard-outside-org.md |  7 --
 .../create-real-time-alert.md                 | 64 -------------------
 ...al-time-alert-with-greater-than-results.md | 23 -------
 .../alerts/alerts/scheduled-searches/index.md |  8 ---
 .../receive-email-alerts.md                   |  2 -
 .../scheduled-searches/schedule-search.md     |  5 +-
 11 files changed, 6 insertions(+), 133 deletions(-)
 delete mode 100644 i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
 delete mode 100644 i18n/ja/alerts/alerts/scheduled-searches/faqs/real-time-alert-with-greater-than-results.md

diff --git a/blog-service/2024/12-31.md b/blog-service/2024/12-31.md
index bc245c6c29..8ae49b3e3c 100644
--- a/blog-service/2024/12-31.md
+++ b/blog-service/2024/12-31.md
@@ -827,7 +827,7 @@ For information, see [Metrics Explorer](/docs/metrics/metrics-queries/metrics-ex
 
 As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate Real-Time Scheduled Searches. In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals.
 
-In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting. Learn more [here](/docs/alerts/scheduled-searches/deprecation).
+In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting.
 
 ### April 26, 2024 (Apps)
 
diff --git a/docs/alerts/difference-from-scheduled-searches.md b/docs/alerts/difference-from-scheduled-searches.md
index caca96be08..acc5df8233 100644
--- a/docs/alerts/difference-from-scheduled-searches.md
+++ b/docs/alerts/difference-from-scheduled-searches.md
@@ -31,7 +31,7 @@ Beyond the differences in use cases, there are distinct feature differences betw
 | Alert disablement | No | Yes*<br/>(Disable is a manual operation. We do not support scheduled disabling of alerts.) |
 | API support | Partial*<br/>(Supported via content sync API) | Yes |
 | Terraform support | Yes<br/>(see [content API resource](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/content)) | Yes |
-| Log Search operator support | Yes*<br/>(Some operators are not supported for real-time alerts) | Yes |
+| Log Search operator support | Yes | Yes |
 | Outlier-based alerts | Yes | Yes |
 | Access control | Object-Level Access Control | Object-Level Access Control (Per request - limited availability) |
 | Audit logs for CRUD and system events (e.g., notifications sent, failures) | Yes | Yes |
diff --git a/docs/alerts/scheduled-searches/faq.md b/docs/alerts/scheduled-searches/faq.md
index 2fbc8475cb..c34d9a955e 100644
--- a/docs/alerts/scheduled-searches/faq.md
+++ b/docs/alerts/scheduled-searches/faq.md
@@ -128,27 +128,6 @@ Additional consideration for performance tests:
 * If the data you are testing against is not reflective of the actual volume you’ll be scanning on a recurring basis, then the test itself should be considered invalid. Similarly, avoid scheduling searches preemptively. Wait until you get a good sample size and make sure your live streaming is completely set up.
 * If there are plans to add more data to your account in the near future, keep that in mind in your testing and include a buffer to make sure that your increased data volume won’t cause your scheduled search to time out.
 
-
-## How do I set a real-time alert with more than 1,000 results?
-
-Scheduled Search alert condition thresholds are based on the number of rows returned in your search results. It does not consider any values that may be present within a column of those rows.
-
-If your query does not perform any aggregations the Scheduled Search threshold will apply to the number of raw messages returned with a query, as seen under the **Messages** tab of the search. If a query contains an aggregate operation - for example, `count`, `sum`, `min`, `max` - the Scheduled Search threshold will be applied to the number of aggregate rows returned by the query, as seen within the **Aggregate** tab of the results.
-
-When performing an aggregation as part of a query, and wanting to alert when a specific aggregate value meets a threshold, the threshold for that field value will need to be included as part of the query itself. This can typically be done by providing a [`where`](/docs/search/search-query-language/search-operators/where) condition after the aggregation within the query. For example:
-
-```sql
-_sourceCategory=aws/prod
-| json "message","logStream","logGroup"
-| parse field=message "* * * * * * * * * * * * * *" as version,accountID,interfaceID,src_ip,dest_ip,src_port,dest_port,Protocol,Packets,bytes,StartSample,EndSample,Action,status
-| timeslice 1m
-| where action="REJECT"
-| count as drops by _timeslice
-| where drops > 1000
-```
-
-This will ensure results are only returned when the field value meets the threshold provided within the query. The threshold set within the Scheduled Search would then be set to alert based on the resulting number of rows that met the threshold set within the query. For example: `Greater than\> 0`
-
  
 ## Why have I received a "Scheduled Search Email Quota Reached" notification?
 
diff --git a/docs/alerts/scheduled-searches/schedule-search.md b/docs/alerts/scheduled-searches/schedule-search.md
index 5422491d04..d56352b179 100644
--- a/docs/alerts/scheduled-searches/schedule-search.md
+++ b/docs/alerts/scheduled-searches/schedule-search.md
@@ -74,7 +74,7 @@ Under **Send Notification**, select the condition for when you want an alert to
 
 * **Every time a search is complete**. Select this option if you want an email with search results every time the search is run (depending on the frequency, you could get an email every 15 minutes, every hour, or once a day).
 * **If the following condition is met**. Select this option if you'd like to set up a Scheduled Search that alerts you to specific events.
-   * **Number of results.** Depending on the search, set a condition to receive an email by the number of results. If your saved search returns log messages, then the alert will use the number of messages you specify. If your query produces aggregate results, the alert will use the number of rows or aggregates (or groups) and will not trigger on the number of raw results. For more control of your query, you can build in a threshold (for example `| where _count\> 30`) into the Search itself and set the alerts condition here to Greater than 0. That way the query will generate results if the expected condition is met. See this [FAQ](/docs/alerts/scheduled-searches/faq/#how-do-i-set-a-real-time-alert-with-more-than-1000-results) for an example.
+   * **Number of results.** Depending on the search, set a condition to receive an email by the number of results. If your saved search returns log messages, then the alert will use the number of messages you specify. If your query produces aggregate results, the alert will use the number of rows or aggregates (or groups) and will not trigger on the number of raw results. For more control of your query, you can build in a threshold (for example `| where _count\> 30`) into the Search itself and set the alerts condition here to Greater than 0. That way the query will generate results if the expected condition is met.
       * **Equal to.** Choose if there is an exact number of records in a search result at which you want to be notified.
       * **Greater than.** Choose if you want to be notified only if the search results include greater than the number of messages or groups you set in the text box.
       * **Greater than or equal to.** Choose if you want to be notified only if the search results include greater than or equal to that number of messages or groups you set in the text box. For example, to ensure you're notified only when the specific query conditions are met, set the **Number of results** condition to greater than 0.
diff --git a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
index 9b903a4905..4bc05369ad 100644
--- a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
+++ b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md
@@ -31,8 +31,7 @@ To set up a scheduled search for a Webhook Connection:
 1. Select a **Webhook** from the **Connection** list.
    * (Optional) Select the checkbox if you want a **separate alert sent for each search result**. You can set up to a maximum of 100 alerts. Any results that exceed the configured maximum do not generate an alert. For example, if your scheduled search is configured to send a maximum of 50 alerts and generates 60 results only the first 50 results will generate an alert, all subsequent results will not generate an alert.
       :::note
-      - This may generate duplicate alerts for non-real-time schedules. If your search time range is longer than the search frequency (like a window of 60 minutes, but the frequency of 15 minutes) duplicate alerts are sent since there is an overlap of 45 minutes between each search and all results are sent, not just the difference.
-      - If the alert condition is: Number of results equal to 0 and "Send a separate alert for each search result" checkbox is selected, it would not trigger any alerts when the alert threshold matches since there are no results to itemize.
+      If the alert condition is: Number of results equal to 0 and "Send a separate alert for each search result" checkbox is selected, it would not trigger any alerts when the alert threshold matches since there are no results to itemize.
       :::
    * [Webhook payload variables](set-up-webhook-connections.md) will have values generated for each result. For example, a payload defined as:
         ```
diff --git a/docs/dashboards/share-dashboard-outside-org.md b/docs/dashboards/share-dashboard-outside-org.md
index 4b71b0b8a7..826988101f 100644
--- a/docs/dashboards/share-dashboard-outside-org.md
+++ b/docs/dashboards/share-dashboard-outside-org.md
@@ -89,13 +89,6 @@ When someone views a dashboard without signing in, Sumo Logic logs the following
 
 You can use [Scheduled Searches](/docs/alerts/scheduled-searches) to create alerts and reports on sharing dashboards outside your organization.
 
-```sql title="Real-time alert when a user shares a dashboard"
-_index=sumologic_audit and _sourceName=REPORT "Published REPORT"
-| parse "Published REPORT Name=*, UserName=* UserEmail=*} PublisherName=* PublisherEmail=*} Visibility=* URL=*" as dashboardName,userName,userEmail,publisherName,publisherEmail,visibility, URL
-| count by dashboardName, userName, userEmail, visibility, URL
-| fields -_count
-```
-
 ```sql title="Scheduled search report of dashboard views"
 _index=sumologic_audit and _sourceName=REPORT "Viewed Report"
 | parse "Name=*, Id=Some(*)," as dashboardName,dashboardId
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md b/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
deleted file mode 100644
index aea1a954db..0000000000
--- a/i18n/ja/alerts/alerts/scheduled-searches/create-real-time-alert.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-id: create-real-time-alert
-title: Create a Real-Time Alert
-sidebar_label: Create a Real-Time Alert
-description: Set up real-time alerts to learn of error conditions right when they occur.
----
-
-Real-time alerts are scheduled searches that run nearly continuously. That means that you're informed in real time when error conditions exist.
-
-When an alert condition is satisfied Sumo Logic triggers the selected alert type. Sumo Logic examines ingested data in a rolling window using the Time Range you define. Any time a new result is found, another email is sent.
-
-:::note
-Only use real time schedules when you know your data is ingested within a few minutes of its creation. The [receipt time](../../search/get-started-with-search/build-search/use-receipt-time.md) should be within a few minutes of your log's [message time](/docs/search/get-started-with-search/search-basics/built-in-metadata). See how to [troubleshoot timestamp discrepancies](/docs/send-data/collector-faq#troubleshooting-time-discrepancies).
-:::
-
-Real-time alerts are not duplicated, which means that if a specific raw log message has triggered an alert once already, that same log message will not trigger an alert a second time.
-
-For example, if **Message X** caused an alert to be sent at **Time T**, and Sumo Logic detects **Message X** again at **Time T+1**, Sumo Logic does not send a second alert at **Time T+1**. But if Sumo Logic detects **Message Y** at **Time T+1**, a new alert is sent, because the root cause is different.
-
-:::important
-If the time zone of messages is set incorrectly, those logs won't be picked up by real-time alerts.
-:::
-
-## General limitations
-
-* The time range of a real-time alert must be between 5 and 15 minutes. 
-* Searching by receipt time is not supported.
-* A maximum of 120 emails are sent per day per real-time alert.
-* Aggregate real-time scheduled searches evaluate the first 1,000 results per search. For Example, if the scheduled search is supposed to return more than 1,000 results, reduce the scope of the search.
-* Non-Aggregate real-time scheduled searches evaluate the first 100 results per search. For Example, if the scheduled search is supposed to return more than 100 results, either convert it to aggregate scheduled search or reduce the scope of the search.
-* The [_dataTier](/docs/manage/partitions/data-tiers) search modifier is not supported in real-time alert searches.
-
-### Notification results
-
-The results from your search will vary based on the type of alert selected. The following table shows the differences, the above limitations still apply to this logic:
-
-| Alert type | Results in notification |
-| -- | -- |
-| [Webhook](/docs/alerts/webhook-connections/schedule-searches-webhook-connections) | If the **Send a separate alert for each search result checkbox** is selected (in step 6) only new results from subsequent searches are sent in the alert payload. Otherwise, all results are sent. |
-| [Save to Index](save-to-index.md) | All results are saved from an **aggregate** query.<br/>Only new results from subsequent searches are saved from a **non-aggregate** query. |
-| [Save to Lookup](save-to-lookup.md) | All results are saved. |
-
-## Operator limitations
-
-1. Some queries can not be used in real-time alert searches. Other operators can be used in real-time search, but in the search, they must be included after the first "group-by" phrase:
-
-| Not supported for real-time alerts | Must be added after a "group by" phrase |
-| -- | -- |
-| <ul><li>Count_frequent</li><li>Details</li><li>First, Last - instead use the withtime option, see [most_recent and least_recent](/docs/search/search-query-language/group-aggregate-operators/most-recent-least-recent) .</li><li>LogReduce</li><li>Now()</li><li>Outlier will omit the first N (window size) data points in results because those data points are used in the training phase.</li><li>Join</li><li>Parse using</li><li>queryStartTime()</li><li>queryEndTime()</li><li>Save</li><li>Sessionize</li><li>Subquery</li><li>Threat Intel</li><li>Trace</li><li>Timeslice greater than 1 day</li><li>Transactionize</li></ul> | <ul><li>Accum</li><li></li><li>Backshift</li><li>Diff</li><li>Join</li><li>Limit</li><li>RollingStd</li><li>Smooth</li><li>Sort</li><li>Top</li><li>Total</li><li>Transaction By Flow</li><li>Compare With can be used when your query's aggregate operation is grouped by a [timeslice](../../search/search-query-language/search-operators/timeslice.md). See number 2, below, for details.</li></ul> |
-
-1. Real time queries using [**time compare**](../../search/time-compare.md) need to have at least three timeslices within its time range. For example, if the time range is 10 minutes, your timeslices need to be no longer than 3 minutes so that there are at least three of them.
-
-## Configure a real-time alert
-
-To set up a real-time alert:
-
-1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search). 
-1. Click **Schedule this search**.
-
-    ![RealTimeAlert.png](/img/alerts/RealTimeAlert.png)
-
-1. **Run Frequency**. Select **Real Time**.
-1. For all other configuration options, see [Schedule a Search](schedule-search.md). 
-1. Click **Save**. 
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/faqs/real-time-alert-with-greater-than-results.md b/i18n/ja/alerts/alerts/scheduled-searches/faqs/real-time-alert-with-greater-than-results.md
deleted file mode 100644
index 96798cb7bf..0000000000
--- a/i18n/ja/alerts/alerts/scheduled-searches/faqs/real-time-alert-with-greater-than-results.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-id: real-time-alert-with-greater-than-results
----
-
-# Real Time Alert with greater than 1,000 results
-
-Scheduled Search alert condition thresholds are based on the number of rows returned in your search results. It does not consider any values that may be present within a column of those rows. If your query does not perform any aggregations the Scheduled Search threshold will apply to the number of raw messages returned with a query, as seen under the Messages tab of the search. If a query contains an aggregate operation, for example, count, sum, min, max, etc... the Scheduled Search threshold will be applied to the number of aggregate rows returned by the query, as seen within the Aggregate tab of the results.   
-
-When performing an aggregation as part of a query, and wanting to alert when a specific aggregate value meets a threshold, the threshold for that field value will need to be included as part of the query itself. This can typically be done by providing a [where](/docs/search/search-query-language/search-operators/where) condition after the aggregation within the query.  For example:
-
-```sql
-_sourceCategory=aws/prod
-| json "message","logStream","logGroup"
-| parse field=message "* * * * * * * * * * * * * *" as version,accountID,interfaceID,src_ip,dest_ip,src_port,dest_port,Protocol,Packets,bytes,StartSample,EndSample,Action,status
-| timeslice 1m
-| where action="REJECT"
-| count as drops by _timeslice
-| where drops > 1000
-```
-
-This will ensure results are only returned when the field value meets the threshold provided within the query. The threshold set within the Scheduled Search would then be set to alert based on the resulting number of rows that met the threshold set within the query. For example: `Greater than\> 0`
-
- 
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/index.md b/i18n/ja/alerts/alerts/scheduled-searches/index.md
index 1fb999def1..c726310bd0 100644
--- a/i18n/ja/alerts/alerts/scheduled-searches/index.md
+++ b/i18n/ja/alerts/alerts/scheduled-searches/index.md
@@ -80,14 +80,6 @@ When you create a Scheduled Search, you can save the results to a [Lookup Table]
 
 For instructions, see [Save to Lookup](save-to-lookup.md).
 
-### Real Time Alerts
-
-Real Time Alerts are scheduled searches that run nearly continuously. That means that you're informed in real time when error conditions exist.
-
-When an alert condition is satisfied, Sumo Logic sends an email (or triggers a script action). Sumo Logic examines ingested data in a rolling window using the Time Range you define. Any time a new result is found, another email is sent. 
-
-For instructions, see [Create a Alert](create-real-time-alert.md).
-
 ### Cloud SIEM Signal
 
 You can trigger the creation of a Cloud SIEM Signal with a scheduled search. Signals are otherwise generated when the conditions of a Cloud SIEM rule are satisfied by a Record. Signals are correlated with other Signals to create a [Cloud SIEM Insight](/docs/cse/get-started-with-cloud-siem/insight-generation-process/).
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/receive-email-alerts.md b/i18n/ja/alerts/alerts/scheduled-searches/receive-email-alerts.md
index e0896fdd87..6b83dee14e 100644
--- a/i18n/ja/alerts/alerts/scheduled-searches/receive-email-alerts.md
+++ b/i18n/ja/alerts/alerts/scheduled-searches/receive-email-alerts.md
@@ -19,8 +19,6 @@ There are three ways to receive the results of scheduled searches in email:
 
     You can be very specific with the alert condition—you can even set an exact number of results that triggers the email. Results can either be the number of log messages *OR* the number of aggregates returned by the saved search. If your saved search returns log messages, then the alert will use the number of messages you specify. If your query produces aggregate results, the alert will use the number of aggregates (or groups).
 
-* **Real Time Alerts.** (Not available to Sumo Logic Free accounts.) Real Time Alerts continuously monitor your Sumo Logic deployment, and return alert emails whenever conditions are met. You can learn more in [Create a Real Time Alert](create-real-time-alert.md).
-
 :::important
 Scheduled searches are run according to the time zone of an individual's computer and browser, not according to the time zone of logs.
 :::
diff --git a/i18n/ja/alerts/alerts/scheduled-searches/schedule-search.md b/i18n/ja/alerts/alerts/scheduled-searches/schedule-search.md
index 0fc60448b6..e2b7e872ee 100644
--- a/i18n/ja/alerts/alerts/scheduled-searches/schedule-search.md
+++ b/i18n/ja/alerts/alerts/scheduled-searches/schedule-search.md
@@ -26,7 +26,7 @@ You can create a scheduled search at the time you create a search, or edit a s
     ![save-item.png](/img/alerts/save-item.png)
 
     :::note
-    Scheduling a **run frequency** that matches your **time range** will reduce overlapping of searches and duplicate alerts. When you have a search scheduled to run over the same results as a previously scheduled search you would trigger an alert on the same data. This does not apply to [Real Time Alerts](create-real-time-alert.md), they do not duplicate alerts automatically.
+    Scheduling a **run frequency** that matches your **time range** will reduce overlapping of searches and duplicate alerts. When you have a search scheduled to run over the same results as a previously scheduled search you would trigger an alert on the same data.
     :::
 
     **Run Frequency**. Determine how frequently your search should run and the time it should start.
@@ -42,7 +42,6 @@ You can create a scheduled search at the time you create a search, or edit a s
     * **Daily.** You may also select that your search runs every **Day**, every **Weekday (Mon-Fri)** or **Weekend (Sat-Sun)** and the time. A Daily search will cover exactly 24 hours of activity. You can change the schedule whenever you'd like. Be aware that a scheduled search will run according to the time zone set on your computer at the time you configure the search. For example, if you are in San Francisco and set a search to run at 7:00 AM, it will run at 7:00 AM PST. If you then fly to New York, and your computer resets to EST, when you schedule a new search at 7:00 AM, it will run at 7:00 AM EST. These two searches will run at different times.
     * **Every 2, 4, 6, 8, or 12 Hours.** The search will run for the first time at the top of the hour you choose. * **Hourly.** The search will run every hour. We guarantee that hourly searches run every hour but not exactly at :00.
     * **Every 15 minutes**. The search will run every 15 minutes, but not exactly at :00, :15, :30, and :45.
-    * **Real Time.** Use this option to set up a [Real Time Alert](create-real-time-alert.md). Receipt time is not supported with a Real Time frequency.
     * **Never.** Choose this option to temporarily **turn off a scheduled search**.
 
 1. **Time range for scheduled search**. Indicates the time range your query will use to execute, which impacts the results generated by the query. Select the **Last 24 Hours**, to get a daily alert. Otherwise, select the time range you want the scheduled search to be run on. [Absolute time range](../../search/get-started-with-search/search-basics/time-range-expressions.md); for example, 06/10/2020 1:00:00 PM to 06/10/2020 2:00:00 PM is not allowed in Scheduled Searches and presents the message like this:   `Invalid query. Static time range is not allowed for scheduled searches. `
@@ -74,7 +73,7 @@ Consider adding an offset to your time range to ensure that all recent events ar
    * **Every time a search is complete.** Select this option if you want an email with search results every time the search is run (depending on the frequency, you could get an email every 15 minutes, every hour, or once a day).
    * **If the following condition is met**. Select this option if you'd like to set up a scheduled search that alerts you to specific events.
 
-     * **Number of results.** Depending on the search, set a condition to receive an email by the number of results. If your saved search returns log messages, then the alert will use the number of messages you specify. If your query produces aggregate results, the alert will use the number of rows or aggregates (or groups) and will not trigger on the number of raw results. For more control of your query, you can build in a threshold (for example `| where _count\> 30`) into the Search itself and set the alerts condition here to Greater than 0. That way the query will generate results if the expected condition is met. See this [FAQ](/docs/alerts/scheduled-searches/faq#real-time-alert-with-greater-than-1000-results) for an example.
+     * **Number of results.** Depending on the search, set a condition to receive an email by the number of results. If your saved search returns log messages, then the alert will use the number of messages you specify. If your query produces aggregate results, the alert will use the number of rows or aggregates (or groups) and will not trigger on the number of raw results. For more control of your query, you can build in a threshold (for example `| where _count\> 30`) into the Search itself and set the alerts condition here to Greater than 0. That way the query will generate results if the expected condition is met.
 
        * **Equal to.** Choose if there is an exact number of records in a search result at which you want to be notified.
        * **Greater than.** Choose if you want to be notified only if the search results include greater than the number of messages or groups you set in the text box.

From 91cf6408fef9ded3f55a0611c299c9589f4de934 Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Thu, 24 Apr 2025 20:58:54 -0400
Subject: [PATCH 09/12] Update
 docs/alerts/scheduled-searches/create-real-time-alert.md

---
 docs/alerts/scheduled-searches/create-real-time-alert.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/alerts/scheduled-searches/create-real-time-alert.md b/docs/alerts/scheduled-searches/create-real-time-alert.md
index 003538c696..9ebb08555b 100644
--- a/docs/alerts/scheduled-searches/create-real-time-alert.md
+++ b/docs/alerts/scheduled-searches/create-real-time-alert.md
@@ -2,7 +2,9 @@
 id: create-real-time-alert
 title: Deprecation of Real-Time Scheduled Searches
 ---
-
+<head>
+ <meta name="robots" content="noindex" />
+</head>
 :::warning Deprecated Feature
 As of **May 15, 2025**, Real-Time Scheduled Searches are officially deprecated and no longer run in real time. All remaining Real-Time Scheduled Searches have been automatically converted to 15-minute schedules. For real-time alerting, use [Monitors](/docs/alerts/monitors/overview).
 :::

From 9f6933b3edc63aa130efe78c21753cff4dc135c2 Mon Sep 17 00:00:00 2001
From: Kim Pohas <kpohas@sumologic.com>
Date: Mon, 28 Apr 2025 14:49:48 -0700
Subject: [PATCH 10/12] Remove 15-min conversion

---
 blog-service/2025-05-15-alerts.md             | 14 ++++-----
 .../create-real-time-alert.md                 | 30 +++++++++----------
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/blog-service/2025-05-15-alerts.md b/blog-service/2025-05-15-alerts.md
index 3b5ac606db..a68e80b176 100644
--- a/blog-service/2025-05-15-alerts.md
+++ b/blog-service/2025-05-15-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Real-Time Scheduled Searches Fully Deprecated (Alerts)
+title: Real-Time Scheduled Searches Deprecation (Alerts)
 image: https://help.sumologic.com/img/sumo-square.png
 keywords:
   - alerts
@@ -8,12 +8,10 @@ keywords:
 hide_table_of_contents: true    
 ---
 
-As of today, all remaining Real-Time Scheduled Searches have been automatically converted to 15-minute schedules. The ability to create or run Scheduled Searches with real-time frequency is no longer supported.
+The [previously announced](/release-notes-service/2024/12/31/#deprecation-notice---real-time-scheduled-searches) automatic conversion of Real-Time Scheduled Searches to 15-minute scheduled searches will not take place.
 
-Key details:
-* Real-Time frequency is no longer available in Scheduled Search creation or editing workflows.
-* Any previously existing Real-Time Scheduled Searches now run on a 15-minute schedule.
-* Each conversion has been recorded as an audit log event in your account.
-* A small number of accounts with approved exceptions remain unaffected.
+- Existing Real-Time Scheduled Searches will continue to operate as-is.
+- Creating new Real-Time Scheduled Searches remains disabled (since May 29, 2024).
+- For new real-time alerting use cases, we recommend using [Monitors](https://help.sumologic.com/docs/alerts/monitors/overview).
 
-For real-time alerting, use [Monitors](/docs/alerts/monitors/overview), which provide richer capabilities such as multiple trigger conditions, alert grouping, and AI-driven insights. Learn more: [Deprecation of Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert).
+[Learn more](/docs/alerts/scheduled-searches/create-real-time-alert).
diff --git a/docs/alerts/scheduled-searches/create-real-time-alert.md b/docs/alerts/scheduled-searches/create-real-time-alert.md
index 9ebb08555b..5e1cda7f1c 100644
--- a/docs/alerts/scheduled-searches/create-real-time-alert.md
+++ b/docs/alerts/scheduled-searches/create-real-time-alert.md
@@ -2,29 +2,29 @@
 id: create-real-time-alert
 title: Deprecation of Real-Time Scheduled Searches
 ---
+
 <head>
  <meta name="robots" content="noindex" />
 </head>
+
 :::warning Deprecated Feature
-As of **May 15, 2025**, Real-Time Scheduled Searches are officially deprecated and no longer run in real time. All remaining Real-Time Scheduled Searches have been automatically converted to 15-minute schedules. For real-time alerting, use [Monitors](/docs/alerts/monitors/overview).
+As of May 29, 2024, creating new Real-Time Scheduled Searches has been disabled. Existing Real-Time Scheduled Searches will continue to function as-is. For new alerting needs, we recommend using [Monitors](/docs/alerts/monitors/overview).
 :::
 
-As part of our ongoing platform improvements, Sumo Logic has officially deprecated [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). These legacy searches have been replaced by [Monitors](/docs/alerts/monitors/overview), which offer more powerful, scalable, and flexible alerting capabilities.
-
+Sumo Logic has deprecated Real-Time Scheduled Searches as part of our ongoing platform improvements. While existing searches continue to operate, [Monitors](/docs/alerts/monitors/overview) are the recommended solution for real-time and scheduled alerting going forward.
 
 ## Deprecation timeline
 
 | Date | Change |
 |:-----|:-------|
-| **May 29, 2024** | Creation of new Real-Time Scheduled Searches was disabled across all Sumo Logic accounts |
-| **May 15, 2025** | All remaining Real-Time Scheduled Searches were automatically converted to 15-minute schedules (except for a small number of approved exceptions). An audit log entry was created for each conversion. |
+| **May 29, 2024** | Creation of new Real-Time Scheduled Searches was disabled across all accounts. |
+| **May 15, 2025** | Scheduled removal of real-time frequency was canceled. Existing Real-Time Scheduled Searches continue operating without change. |
 
-Real-Time frequency is no longer supported, and any attempt to edit or recreate a real-time schedule will default to 15-minute intervals.
+Real-Time Scheduled Searches are considered a legacy feature. Any edits or new creations must use Monitors instead.
 
+## Why is this happening?
 
-## Why did this change happen?
-
-[Monitors](/docs/alerts/monitors/overview) support real-time alerting on both logs and metrics, and offer significant advantages over Scheduled Searches, including:
+Monitors offer significant improvements over Real-Time Scheduled Searches, including:
 
 * [Multiple trigger conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
 * [Alert grouping](/docs/alerts/monitors/alert-grouping/)
@@ -36,12 +36,12 @@ Monitors are the strategic focus for our future alerting development and enhance
 
 ## What should I do?
 
-If you're still relying on Scheduled Searches for real-time alerting, we strongly recommend migrating to Monitors for the most accurate, flexible, and reliable experience.
+* For new real-time alerting needs, use Monitors.
+* If you have existing Real-Time Scheduled Searches, they will continue functioning without changes for now.
+* Edits to existing Real-Time Scheduled Searches are possible, but you cannot create new ones.
 
-:::note Can I import a Scheduled Search into a Monitor?
-No. Scheduled Searches and Monitors use different JSON structures. You’ll need to recreate the search logic manually in the [Monitor creation UI](/docs/alerts/monitors/create-monitor/).
+:::note Can I import a scheduled search into a monitor?
+No. Because the JSON formatting of Scheduled Searches differs from monitors, you’ll need to manually recreate it as a Monitor from the Search UI for your real-time use cases.
 :::
 
-If your use case doesn't require real-time execution, your automatically converted Scheduled Search will continue to run every 15 minutes. However, it may be a good time to consider consolidating logic in Monitors for long-term maintenance.
-
-If you have any questions, please contact your account team or open a [Support ticket](https://support.sumologic.com/support/s/).
+If you have any questions, reach out to your account team or open a [Support ticket](https://support.sumologic.com/support/s/).

From 6dd1c2cba24f849529455a39bda63e09c65d561c Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Mon, 28 Apr 2025 17:54:17 -0400
Subject: [PATCH 11/12] Update 12-31.md

---
 blog-service/2024/12-31.md | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/blog-service/2024/12-31.md b/blog-service/2024/12-31.md
index 8ae49b3e3c..0c4c5aa4e8 100644
--- a/blog-service/2024/12-31.md
+++ b/blog-service/2024/12-31.md
@@ -29,7 +29,7 @@ We’re excited to announce the release of new Azure Service Bus, Azure API Mana
     - `sumologic-aws-cloudtrail-benchmark` - SAM SemanticVersion: 1.0.18.
     - `sumologic-app-utils` - SAM SemanticVersion: 2.0.19.
 
-##### Enhancements
+##### Enhancements 
 
 - **Added Monitors**. We have added new pre-configured monitors to the [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/#cassandra-alerts), [Couchbase - OpenTelemetry](/docs/integrations/databases/opentelemetry/couchbase-opentelemetry/#couchbase-alerts), [HAProxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/#haproxy-alerts), [IIS - OpenTelemetry](/docs/integrations/web-servers/iis-10), [Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/#sql-server-linux-alerts), [MariaDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mariadb-opentelemetry/#mariadb-alerts), [Memcached - OpenTelemetry](/docs/integrations/databases/opentelemetry/memcached-opentelemetry/#memcached-alerts), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/#mongodb-alerts), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#oracle-alerts), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/#rabbitmq-alerts), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/#redis-alerts), [Squid Proxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/squid-proxy-opentelemetry/#squidproxy-alerts), [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/#varnish-alerts), [JFrog Artifactory - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry), [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry), and [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry) apps.     
 - **Azure Blob Storage (block blobs) Collection**. Updated the Block Blob collection to support collection for Network Flow logs. The Network Security Group (NSG) flow logs will be removed on 30 September 2027. **From 30 June 2025, you will no longer be able to generate new NSG flow logs as part of this retirement**. For more details, refer to the Azure [documentation](https://learn.microsoft.com/en-us/azure/network-watcher/flow-logs-read?tabs=nsg).
@@ -70,7 +70,7 @@ We’re excited to announce the release of new Azure Service Bus, Azure API Mana
     - Kubernetes
     - EKS Control Plane app
     - Doppel Vision
-
+    
 - Minor fixes in the *monitors* in the following [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
     - AWS WAF
     - AWS WAF - Cloud Security Monitoring and Analytics
@@ -91,7 +91,7 @@ We are excited to announce the release of our new cloud-to-cloud source for VMwa
 
 ### December 16, 2024 (Collection)
 
-#### Dragos C2C Source
+#### Dragos C2C Source 
 
 We're excited to announce the release of our new cloud-to-cloud source for Dragos. This source helps you to collect address, asset, vulnerability, and zone details from the Dragos API and ingest them into Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source).
 
@@ -161,7 +161,7 @@ We're excited to introduce Copilot, an AI-powered assistant that accelerates log
 
 ### December 02, 2024 (Apps)
 
-#### Azure Security - Defender for Cloud
+#### Azure Security - Defender for Cloud 
 
 We're excited to introduce the new Azure Security - Defender for Cloud app for Sumo Logic. This app helps you to collect the alerts, security recommendation, and regulatory compliance logs using the Sumo Logic Cloud-to-Cloud Azure Event Hub Source and by configuring the continuous export using the Event Hub instance details in the Azure portal. Key features of the Azure Security - Defender for Cloud app include:
 
@@ -196,7 +196,7 @@ We’re excited to announce the preview release of **Query Assist**, designed to
 * **Partial query prediction**. Anticipate the next operator or receive partial query suggestions based on your input.  
 * **Enhanced user experience**. Real-time error highlighting and intelligent suggestions provide a smooth and seamless query-building process.  
 
-These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist).
+These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist). 
 
 ### November 28, 2024 (Apps)
 
@@ -214,23 +214,23 @@ We’re excited to announce the release of the new Azure Database for PostgreSQL
 [Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/).
 - **Azure App Service Environment**. An Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. This integration helps in monitoring your environments operational events such as upgrades, scaling, and suspensions. [Learn more](/docs/integrations/microsoft-azure/azure-app-service-environment).
 
-##### Enhancements
+##### Enhancements 
 
 We're excited to announce the release of the enhancements listed below for the Sumo Logic apps:
 
 - **Apache - OpenTelemetry**. Added six new monitors for Apache - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-opentelemetry/#apache-alerts).
 - **Apache Tomcat - OpenTelemetry**. Added four new monitors for Apache Tomcat - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/#apache-tomcat-alerts).
 - **Oracle - OpenTelemetry**.  Updated the collection process to fetch unified audit logs and added new **Unified Audit Syslog** dashboard. This new dashboard offers information on database users, top current users, and trends in logon status. This dashboard can also be used with the unified audit logs exported from both Windows and Linux environments. [Learn more](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#unified-audit-syslog).
-- **Added CloudTrail Audit dashboard**. The CloudTrail Audit dashboard is added to the [AWS Application Load Balancer](/docs/integrations/amazon-aws/application-load-balancer/#cloudtrail-audit), [AWS Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/#cloudtrail-audit), and [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/#cloudtrail-audit) apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns.
+- **Added CloudTrail Audit dashboard**. The CloudTrail Audit dashboard is added to the [AWS Application Load Balancer](/docs/integrations/amazon-aws/application-load-balancer/#cloudtrail-audit), [AWS Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/#cloudtrail-audit), and [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/#cloudtrail-audit) apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns. 
 - **Amazon RDS**. Added **Oracle Logs - Alert Logs Analysis**, **Oracle Logs - Audit Logs Analysis**, and **Oracle Logs - Listener Troubleshooting** dashboards. These CloudTrail and CloudWatch Logs dashboard provide monitoring for error logs and essential infrastructure details. [Learn more](/docs/integrations/amazon-aws/rds/#oracle-logs---alert-logs-analysis).
 - **MongoDB Atlas**. New version of the [MongoDB Atlas collection](/docs/integrations/databases/mongodb-atlas/#collecting-logs-and-metrics-for-the-mongodb-atlas-app) was released with `v.1.0.11` in [Pypi](https://pypi.org/project/sumologic-mongodb-atlas/) and `v1.0.18` in [AWS Serverless Repository](https://serverlessrepo.aws.amazon.com/applications/us-east-1/956882708938/sumologic-mongodb-atlas). [Learn more](https://github.com/SumoLogic/sumologic-mongodb-atlas/releases/tag/v2.0.1)
-
+ 
 ##### Bug fixes
 
 - Minor *query* fixes in the below [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
   - Amazon CloudTrail - Cloud Security Monitoring and Analytics
   - Github
-
+    
 - Minor fixes in the *monitors* for the below [Next-Gen Apps](/docs/get-started/apps-integrations/#next-gen-apps):
   - Microsoft Azure AD Inventory
   - Audit
@@ -312,7 +312,7 @@ We’re excited to announce the release of new Azure Database for MySQL, Azure A
 - **Amazon OpenSearch**. Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. An OpenSearch Service domain is synonymous with an OpenSearch cluster. Domains are clusters with the settings, instance types, instance counts, and storage resources that you specify. [Learn more](/docs/integrations/amazon-aws/amazon-opensearch).
 - **Azure Cosmos DB for NoSQL**. Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development offering single-digit millisecond response times, automatic and instant scalability, along with guaranteed speed at any scale. This integration helps in monitoring the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources. [Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db).
 
-##### Enhancements
+##### Enhancements 
 
 We're excited to announce the release of below listed enhancements for the Sumo Logic apps:
 
@@ -397,7 +397,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Digit
 
 We're happy to announce enhancements to Cloud Infrastructure for AWS. These capabilities were [previously only available in a preview form](#may-13-2024-apps). They are now available for general use.
 
-You can now more easily configure sources on a simplified screen, allowing you to use existing sources or create new sources.
+You can now more easily configure sources on a simplified screen, allowing you to use existing sources or create new sources. 
 
 <img src={useBaseUrl('img/integrations/amazon-aws/cis-for-aws-install-0.png')} alt="Configure Sources screen" style={{border: '1px solid gray'}} width="700"/>
 
@@ -421,7 +421,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Kandj
 
 #### Role Based Index Access
 
-We're excited to announce that when you create a role, you can select **Index Access** to restrict access to data in specific indexes. In addition, when you now select **Search Filter**, you can create filtering to restrict access to log analytics, audit, and security data. These enhancements ensure that users only see the data they are supposed to.
+We're excited to announce that when you create a role, you can select **Index Access** to restrict access to data in specific indexes. In addition, when you now select **Search Filter**, you can create filtering to restrict access to log analytics, audit, and security data. These enhancements ensure that users only see the data they are supposed to. 
 
 This feature was [previously only available to participants in our beta program](/release-notes-service/2023/12/31/#october-27-2023-manage-account). It is now available for general use.
 
@@ -441,7 +441,7 @@ We are happy to announce that you can now configure the schema and format of log
 
 <img src={useBaseUrl('img/manage/data-forwarding/forward-raw-data.png')} alt="Options to forward raw data" style={{border: '1px solid gray'}} width="450"/>
 
-To learn more, see the *Forward data to an S3 forwarding destination* section in our article [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket).
+To learn more, see the *Forward data to an S3 forwarding destination* section in our article [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket). 
 
 ### October 02, 2024 (Apps)
 
@@ -455,7 +455,7 @@ We’re excited to announce the release of new Azure Load Balancer, Azure Cache
 - **Azure Cache for Redis**. Azure Cache for Redis provides an in-memory data store based on the Redis software. It offers both the Redis open-source (OSS Redis) and a commercial product from Redis Inc. as a managed service. This integration helps in tracking cache performance (miss rate, latency, read and write rate) and monitor resource health incidents and resource usage (CPU, used memory, server load, and connections) of your instances. It also provides policy compliance and recommendations information from Azure advisor. [Learn more](/docs/integrations/microsoft-azure/azure-cache-for-redis).
 - **Doppel Vision**. Doppel technology identifies and takes down deep fakes, malicious impersonations, phishing, disinformation campaigns targeting clients, and utilizes proprietary AI and machine learning tools to automate threat detection and takedowns. The Doppel dashboard provides a comprehensive overview of digital risk protection metrics and alerts, helping users monitor high-severity threats, analyse alerts by various categories, and gain actionable insights. [Learn more](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/DoppelVision).
 
-##### Enhancements
+##### Enhancements 
 
 We're excited to announce the release of the updated version of IIS 10 - OpenTelemetry and Azure Webapps apps for Sumo Logic, which includes the below enhancements:
 
@@ -467,8 +467,8 @@ We're excited to announce the release of the updated version of IIS 10 - OpenTel
 Minor fixes for the below listed apps. To know more about the version updates, navigate to the **Releases Notes** tab of the respective app.
 
 - Active Directory 2012+ (JSON)
-- Azure Application Gateway
-- Barracuda CloudGen Firewall
+- Azure Application Gateway 
+- Barracuda CloudGen Firewall 
 - Endace
 - LambdaTest
 
@@ -661,7 +661,7 @@ If you have the Salesforce source set up and choose to upgrade it, follow the in
 
 ##### Source configuration
 
-1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic top menu select **Configuration**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. 
 1. Search for the required source and click the **Upgrade** button.<img src={useBaseUrl('img/release-notes/service/upgrade-source.png')} alt="upgrade-source" style={{border:'1px solid gray'}} width="800"/>
 1. You will be directed to the configuration page. Ensure you do not change any of the configurations set.
 1. Click **Upgrade** at the bottom of the configuration page.
@@ -825,7 +825,7 @@ For information, see [Metrics Explorer](/docs/metrics/metrics-queries/metrics-ex
 
 #### Deprecation Notice - Real-Time Scheduled Searches
 
-As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate Real-Time Scheduled Searches. In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals.
+As part of our ongoing evaluation of the Sumo Logic service, we have decided to deprecate [Real-Time Scheduled Searches](/docs/alerts/scheduled-searches/create-real-time-alert). In particular, we will remove the option to create new Real-Time Scheduled Searches on May 15, 2024. Existing Real-Time Scheduled Searches will continue to function until May 15, 2025. We believe many use cases for Real-Time Scheduled Searches can be met by [Monitors](/docs/alerts/monitors/overview). Any remaining use cases can be met by executing these searches at 15m intervals.
 
 In 2020, Sumo Logic released Monitors, which provided a new framework to trigger alerts on both metrics and log data in real time and send notifications. Real-Time Scheduled Searches provided a much more limited version of this functionality. Monitors will continue to be the focus area for our Product and Engineering Teams for features and enhancements regarding alerting.
 

From 64f05d1818bd14646ec980d733f98e5dfacf60a5 Mon Sep 17 00:00:00 2001
From: "Kim (Sumo Logic)" <56411016+kimsauce@users.noreply.github.com>
Date: Mon, 5 May 2025 10:53:04 -0700
Subject: [PATCH 12/12] Rename 2025-05-15-alerts.md to 2025-05-05-alerts.md

---
 blog-service/{2025-05-15-alerts.md => 2025-05-05-alerts.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename blog-service/{2025-05-15-alerts.md => 2025-05-05-alerts.md} (100%)

diff --git a/blog-service/2025-05-15-alerts.md b/blog-service/2025-05-05-alerts.md
similarity index 100%
rename from blog-service/2025-05-15-alerts.md
rename to blog-service/2025-05-05-alerts.md