Add extra text to notes about how values are parsed (#2975)

* Add extra text

* Fix spelling error

docs/send-data/installed-collectors/sources/collect-forwarded-events-windows-event-collector.md

@@ -39,10 +39,13 @@ To configure a Windows Event Log Source:
 
     ![type of windows event log source.png](/img/send-data/windows-event-log-source.png)
 
-1. Set the following: * **Name.** Type the name you'd like to display for this source in Sumo Logic. 
-
+1. Set the following: 
+   * **Name.** Type the name you'd like to display for this source in Sumo Logic. 
    * **Description.** Optional description.
-   * **Windows host(s).** **(Remote Source only)**Enter one or more hostnames for the Windows machines from which you want to collect Windows Events. If you'd like to collect from more than one remote host, separate the hostnames with a comma. (If you enter more than one hostname, each host must allow event log access from the same domain user. See the [prerequisites](preconfigure-machine-collect-remote-windows-events.md) for more information.) The hostname can be a maximum of 128 characters. The hostname values are parsed and applied to your event logs as _sourceHost [metadata](remote-windows-event-log-source.md) automatically. The value is parsed from the field `Computer` in your event logs.
+   * **Windows host(s).** (Remote Source only.) Enter one or more hostnames for the Windows machines from which you want to collect Windows Events. If you'd like to collect from more than one remote host, separate the hostnames with a comma. (If you enter more than one hostname, each host must allow event log access from the same domain user. See the [prerequisites](preconfigure-machine-collect-remote-windows-events.md) for more information.) The hostname can be a maximum of 128 characters. 
+     :::note
+     The hostname values are parsed and applied to your event logs as `_sourceHost `[metadata](remote-windows-event-log-source.md) automatically. The value is parsed from the field `Computer` in your event logs. `Channel` or `LogFile` values are parsed and applied as `_sourceName` metadata automatically. The `_sourceHost` and `_sourceName` metadata fields are supported in log search but not LiveTail. 
+     :::
    * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
    * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
 

docs/send-data/installed-collectors/sources/local-windows-event-log-source.md

@@ -31,12 +31,10 @@ To configure a Local Windows Event Log Source:
     ![type of windows event log source.png](/img/send-data/type-windows-event-log-source.png)
 
 1. Set the following:
-
-    :::note
-    Hostname values are parsed and applied to your event logs as \_sourceHost [metadata](remote-windows-event-log-source.md) automatically. The value is parsed from the field `Computer` in your event logs.
-    :::
-
    * **Name.** Type the name you'd like to display for the new Source. 
+     :::note
+     Hostname values are parsed and applied to your event logs as `\_sourceHost` metadata automatically. The value is parsed from the field `Computer` in your event logs. `Channel` or `LogFile` values are parsed and applied as `_sourceName` metadata automatically. The `_sourceHost` and `_sourceName` metadata fields are supported in log search but not LiveTail. 
+     :::
    * **Description** is optional.
    * **Source Category.** Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing `web_apps` tags all the logs from this Source in the sourceCategory field, so running a search on `_sourceCategory=web_apps` would return logs from this Source. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
    * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.

docs/send-data/installed-collectors/sources/remote-windows-event-log-source.md

@@ -36,7 +36,10 @@ To configure a remote Windows Event Log Source:
 
    * **Name.** Type the name you'd like to display for this source in Sumo Logic. 
    * **Description.** Optional description.
-   * **Windows host(s).** Enter one or more hostnames for the Windows machines from which you want to collect Windows Events. If you'd like to collect from more than one remote host, separate the hostnames with a comma. (If you enter more than one hostname, each host must allow event log access from the same domain user. See the [prerequisites](preconfigure-machine-collect-remote-windows-events.md) for more information.) The hostname can be a maximum of 128 characters. The hostname values are parsed and applied to your event logs as _sourceHost metadata automatically. The value is parsed from the field `Computer` in your event logs.
+   * **Windows host(s).** Enter one or more hostnames for the Windows machines from which you want to collect Windows Events. If you'd like to collect from more than one remote host, separate the hostnames with a comma. (If you enter more than one hostname, each host must allow event log access from the same domain user. See the [prerequisites](preconfigure-machine-collect-remote-windows-events.md) for more information.) The hostname can be a maximum of 128 characters. 
+     :::note
+     The hostname values are parsed and applied to your event logs as `_sourceHost `[metadata](remote-windows-event-log-source.md) automatically. The value is parsed from the field `Computer` in your event logs. `Channel` or `LogFile` values are parsed and applied as `_sourceName` metadata automatically. The `_sourceHost` and `_sourceName` metadata fields are supported in log search but not LiveTail. 
+     :::
    * **Source Category.** Enter a string to tag the logs collected from this Source with searchable metadata. For example, typing **web_apps** tags all the logs from this Source in the sourceCategory field. For more information, see [Metadata Naming Conventions](/docs/send-data/reference-information/metadata-naming-conventions.md) and our [Best Practices: Good and Bad Source Categories](/docs/send-data/best-practices#good-and-bad-source-categories). You can define a Source Category value using system environment variables, see [Configuring sourceCategory using variables](#configuring-sourcecategory-using-variables) below.
    * **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.