SumoLogic · kimsauce · May 30, 2025 · May 30, 2025 · May 30, 2025 · May 30, 2025
@@ -0,0 +1,15 @@
+---
+title: New in Copilot - Unstructured Logs (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - copilot
+  - log-search
+  - search
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+Sumo Logic Copilot now supports unstructured logs—raw, text-based logs that don't follow a structured format—without requiring Field Extraction Rules (FERs). This enhancement enables Copilot to analyze and derive insights from a broader range of log data using natural language, even if the logs aren't pre-parsed. If your logs are already visualized in dashboards, Copilot automatically parses them and delivers insights using natural language.
+
+This update builds on Copilot’s AI-assisted search capabilities and is available to all customers using the new Sumo Logic UI. [Learn more](/docs/search/copilot/).
@@ -4377,6 +4377,7 @@
   "/docs/search/logreduce/influence-the-logreduce-outcome": "/docs/search/behavior-insights/logreduce/influence-the-logreduce-outcome",
   "/docs/search/logreduce/understand-the-logreduce-relevance-column": "/docs/search/behavior-insights/logreduce/understand-the-logreduce-relevance-column",
   "/docs/search/behavior-insights/logreduce-values": "/docs/search/behavior-insights/logreduce/logreduce-values",
+  "/docs/search/copilot-unstructured-logs-beta": "/docs/search/copilot",
   "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-cloud-to-cloud-source-migration":"/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration",
   "/docs/manage/manage-subscription/upgrade-sumo-logic-credits-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-sumo-logic-flex-account",
   "/docs/manage/manage-subscription/upgrade-cloud-flex-legacy-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account",

@@ -49,6 +49,20 @@ Copilot accelerates incident response by combining prebuilt contextual insights
 * **Auto-visualize**. Copilot automatically generates charts from search results, which you can add directly to dashboards, reducing time and effort in data interpretation.
 * **Log compatibility**. Copilot supports structured logs, semi-structured logs (partial JSON), and unstructured logs (e.g., Palo Alto Firewall) when Field Extraction Rules (FERs) are applied. This ensures valuable insights across a variety of log formats.
 * **Enhanced query experience**. Auto-complete to streamline natural language queries.
+* **Multi-turn conversations**. Ask follow-up questions without repeating yourself.
+
+## Support for unstructured logs
+
+Copilot now supports unstructured logs, including raw text logs with no predefined fields or Field Extraction Rules (FERs). If these logs are already visualized in dashboards, Copilot automatically parses them and surfaces insights using natural language queries.
+
+This capability is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), which infers structure from patterns already used in your dashboards. Behind the scenes, Copilot injects the `intelliparse` operator into queries to extract fields on the fly—no FER setup required.
+
+Here are some use cases:
+* Explore raw logs without defined fields
+* Triage errors and detect patterns
+* Investigate anomalies in security dashboards
+
+Copilot does not currently interpret all unstructured logs. It prioritizes those already visualized in dashboards to ensure the most relevant and accurate insights. Unlike structured logs, which contain clearly defined fields, unstructured logs require Copilot to infer structure at query time using AI and pattern recognition.
 
 ## Security and compliance
 
@@ -211,7 +225,8 @@ To save space, you can use the **Hide Log Query** icon to collapse the log query
 
 #### Compatible Log Formats
 
-Copilot querying is compatible with JSON logs, partial JSON logs, and unstructured logs with Field Extraction Rules. It cannot be used to query metrics or trace telemetry.
+* **Supported**. JSON, partial JSON, unstructured logs (with or without FERs).
+* **Not supported**. Metrics or trace telemetry.
 
 To retrieve a list of `_sourceCategories` with JSON data, use the following query:
 
@@ -258,8 +273,6 @@ There are two ways to do this:
 
 ### Logs for security
 
-<!-- add micro lesson when published-->
-
 In the video, Copilot is used to investigate a security issue involving the potential leak of AWS CloudTrail access keys outside the organization.
 
 The video demonstrates how to use Copilot to analyze AWS CloudTrail data, review AI-curated suggestions, refine searches using natural language prompts, and generate an AI-driven dashboard for root cause analysis and sharing.
@@ -344,7 +357,7 @@ Sumo Logic Copilot (also referred to as Sumo Logic Mo Copilot) is an AI assistan
 <details>
 <summary>Can I use Copilot to analyze unstructured logs?</summary>
 
-Yes, Copilot can extract relevant insights from unstructured logs, provided Field Extraction Rules (FERs) are applied. It also supports semi-structured logs (JSON + unstructured payloads).
+Yes. Copilot can parse raw logs without FERs. It also supports semi-structured logs (JSON + unstructured payloads).
 </details>
 
 <details>
@@ -421,7 +434,6 @@ Each major capability added to Copilot undergoes legal, compliance, and applicat
 If you prefer not to use Sumo Logic Copilot, please contact our [support team](https://support.sumologic.com/support/s/). Your account will be updated accordingly.
 </details>
 
-
 ## Feedback
 
 We want your feedback! Let us know what you think by clicking the thumbs up or thumbs down icon and entering the context of your query.

@@ -75,5 +75,5 @@ Copilot uses Intelliparse mode in the background to:
 This integration allows Copilot to work with raw, unstructured log data; no setup required on your part.
 
 :::tip
-Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot-unstructured-logs-beta).
+Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot/#support-for-unstructured-logs).
 :::