Optimizing monitor scan costs on Flex Licensing (#4617)

* Optimizing monitor scan costs on Flex Licensing * Update docs/alerts/monitors/monitor-faq.md * Update docs/alerts/monitors/monitor-faq.md
SumoLogic · Oct 3, 2024 · bed4817 · bed4817
1 parent 485d2e3
commit bed4817
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/docs/alerts/monitors/create-monitor.md b/docs/alerts/monitors/create-monitor.md
@@ -108,7 +108,11 @@ Lets you detect an unusual change or a spike in a time series of a key indicator
 
 ### Query
 
-In the next step, you'll need to provide a logs or metrics query.
+:::tip
+For guidance on optimizing scan costs when using Flex Pricing, refer to the [FAQ on optimizing scan costs for monitors](/docs/alerts/monitors/monitor-faq/#how-can-i-optimize-scan-costs-for-monitors-when-using-flex-pricing).
+:::
+
+In this step, you'll need to provide a logs or metrics query.
 
 :::note logs and metrics monitors only
 No need to enter a query for **SLO** monitors.

diff --git a/docs/alerts/monitors/monitor-faq.md b/docs/alerts/monitors/monitor-faq.md
@@ -6,6 +6,15 @@ description: Frequently asked questions about Sumo Logic monitors.
 
 import AlertsTimeslice from '../../reuse/alerts-timeslice.md';
 
+## How can I optimize scan costs for monitors when using Flex Pricing?
+
+To optimize scan costs for monitors under [Flex Pricing](/docs/manage/partitions/flex), consider the following factors:
+
+- **Data scanned by the query**. This is the primary driver of cost and is incurred every time the monitor is evaluated. To reduce costs, optimize your query using [default scope](/docs/manage/partitions/flex/faq/#how-can-i-optimize-my-query-using-default-scope) to include only necessary partitions and minimize the amount of data scanned.
+- **Time range of the monitor query**. For static monitors, adjust the detection window under [Trigger Type](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (for example, `"Alert when result is _____ within <detection window> minutes"`) to use a shorter time range, which reduces the amount of data scanned. For outlier monitors, reduce the **datapoints** parameter under **Trigger Type** to lower the scanned bytes.
+
+By carefully configuring these elements, you can balance scan costs with monitoring requirements.
+
 ## Can I convert my existing Scheduled Search to a monitor?
 
 Yes, however, it's a manual process. You have to create a new monitor with the appropriate query and alerting condition based on your existing Scheduled Search. See the [differences between monitors and Scheduled Searches](/docs/alerts/difference-from-scheduled-searches) before you consider converting.