Upd file name for restore

Author: cwatson-cat

articles/sentinel/TOC.yml

@@ -275,7 +275,7 @@
     - name: Search large datasets
       href: search-jobs.md
     - name: Restore historical data
-      href: restore-archived-log.md
+      href: restore.md
     - name: Create custom entity activities
       href: customize-entity-activities.md
     - name: Collaborate in Microsoft Teams

articles/sentinel/media/restore-archived-log/data-available-select-table.png renamed to articles/sentinel/media/restore/data-available-select-table.png

@@ -21,15 +21,15 @@ You can restore archived data directly from the **Search (preview)** page or fro
 1. Under **General**, select **Search (preview)**.
 1. Restore log data in one of two ways:
    - At the top of **Search** page, select **Restore**.
-      :::image type="content" source="media/restore-archived-log/search-page-restore.png" alt-text="Screenshot of restore button at the top of the search page.":::
+      :::image type="content" source="media/restore/search-page-restore.png" alt-text="Screenshot of restore button at the top of the search page.":::
    - Select the **Saved Searches** tab and **Restore** on the appropriate search.
-     :::image type="content" source="media/restore-archived-log/search-results-restore.png" alt-text="Screenshot of the restore link on a saved search.":::
+     :::image type="content" source="media/restore/search-results-restore.png" alt-text="Screenshot of the restore link on a saved search.":::
 
 1. Select the table you want to restore.
 1. Select the time range of the data that you want restore.
 1. Select **Restore**.
 
-   :::image type="content" source="media/restore-archived-log/restoration-page.png" alt-text="Screenshot of the restoration page with table and time range selected.":::
+   :::image type="content" source="media/restore/restoration-page.png" alt-text="Screenshot of the restoration page with table and time range selected.":::
 
 1. Wait for the log data to be restored. View the status of your restoration job by selecting on the **Restoration** tab.
 
@@ -39,15 +39,15 @@ View the status and results of the log data restore by going to the **Restoratio
 
 1. In your Microsoft Sentinel workspace select **Search** > **Restoration**.
 
-   :::image type="content" source="media/restore-archived-log/restoration-tab.png" alt-text="Screenshot of the restoration tab on the search page.":::
+   :::image type="content" source="media/restore/restoration-tab.png" alt-text="Screenshot of the restoration tab on the search page.":::
 
 1. When your restore job is complete, select the table name.
 
-   :::image type="content" source="media/restore-archived-log/data-available-select-table.png" alt-text="Screenshot that shows rows with completed restore jobs and a table selected.":::
+   :::image type="content" source="media/restore/data-available-select-table.png" alt-text="Screenshot that shows rows with completed restore jobs and a table selected.":::
 
 1. Review the results.
 
-   :::image type="content" source="media/restore-archived-log/restored-data-logs-view.png" alt-text="Screenshot that shows the logs query pane with the restored table results.":::
+   :::image type="content" source="media/restore/restored-data-logs-view.png" alt-text="Screenshot that shows the logs query pane with the restored table results.":::
 
    The Logs query pane shows the name of table containing the restored data. The **Time range** is set to a custom time range that uses the start and end times of the restored data.
 
@@ -59,7 +59,7 @@ Restored data tables are deleted automatically after 8 days. But you can delete
 1. Identify the table you want to delete.
 1. Select **Delete** for that table row.
 
-   :::image type="content" source="media/restore-archived-log/delete-restored-table.png" alt-text="Screenshot of restoration tab that shows the delete button on each row.":::
+   :::image type="content" source="media/restore/delete-restored-table.png" alt-text="Screenshot of restoration tab that shows the delete button on each row.":::
 
 ## Next steps
 

articles/sentinel/media/restore-archived-log/delete-restored-table.png renamed to articles/sentinel/media/restore/delete-restored-table.png

@@ -1,13 +1,13 @@
 ---
-title: Search across long time spans in large datasets - Microsoft Sentinel
+title: Search historical data in large datasets - Microsoft Sentinel
 description: Learn how to use search jobs to search extremely large datasets.
 author: cwatson-cat
 ms.topic: how-to
 ms.date: 01/14/2022
 ms.author: cwatson
 ---
 
-# Search across long time spans in extremely large datasets
+# Search historical data in large datasets
 
 Use search jobs when you start an investigation to find specific events in logs within a given time frame. You can search all your logs, filter through them, and look for events that match your criteria.
 
@@ -58,6 +58,6 @@ View the status and results of your search job by going to the **Saved Searches*
 To learn more, see the following topics.
 
 - [Hunt with bookmarks](bookmarks.md)
-- [Restore archived logs](restore-archived-log.md)
+- [Restore archived logs](restore.md)
 - Basic logs
 - Archived logs