Managing Actions

Security Requirements and Controls

Within the Actions page, actions can be created, deleted, exported, and duplicated.

To manage Actions, click the Automation tab within a repository and select Actions from the left menu. Actions are managed and organized according to the repository that the query is executed within. The main page displays a list of the configured actions for the repository, as shown in Actions Management Page

Actions Management Page

Figure 207. Actions Management Page


  • Existing actions can be searched by using the Find action... search box at the top of the page. The box will filter the list of available actions according to their name or type.

  • A new action can be created via the + New action button. See Creating Actions.

  • Clicking on one of the filter names, for example VictorOps above the list of available actions will filter the display to show only that type of action.

  • Clicking on the menu icon ⋮ to the right of an action performs the following actions on that action only:

    Action Management Popup Menu

    Figure 208. Action Management Popup Menu


Duplicating an Action

Duplicating an action copies the entire configuration of an existing action to a new name. Either action can then be updated with different parameters, for example, updating the forwarding repository or changing the email template used for the action.

To duplicate an existing action:

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Click the Automation tab on the top bar of the User Interface

  4. Select Actions from the menu on the left

  5. Locate the action that will be duplicated, then click the menu icon next to the action name and choose Duplicate

  6. The Duplicate action prompt will be displayed. Name the new duplicated item in the Name field. The name should not already exist.

    Duplicating an Action Dialog

    Figure 209. Duplicating an Action Dialog


  7. Click the Duplicate action button. The new action should appear in the list.

When duplicating an item, the item is an exact copy of the original, including the configurations and settings, templates, and other parameters. The new action should be modified and associated with an alert or scheduled search before it can be used.

Exporting an Action

Exporting an action saves the entire definition of an action to a YAML file on the client machine. The export action can then be used as the basis for new actions, or copied between clusters.

To export an action:

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Click the Automation tab on the top bar of the User Interface

  4. Select Actions from the menu on the left

  5. Locate the action that will be exported, then click the menu icon next to the action name and choose Export as template

  6. The operating system native dialogue for saving a file will be shown. Choose a location for the file, and a filename: the file will be saved with a .yaml extension.

  7. Click the Save button: the action will be saved to the file on disk on the client machine.

The saved file contains a complete copy of the configuration information; enough to completely recreate the action.

Deleting an Action

Deleting an action removes the action and configuration. An action that has been assigned to a working alert cannot be removed; the alerts must be edited to remove the actions and then the action can be deleted.

Hint

Before deleting, if you think you might need the action again, you can export the action to a YAML file. See Exporting an Action

To delete an action:

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Click the Automation tab on the top bar of the User Interface

  4. Select Actions from the menu on the left

  5. Locate the action that will be deleted, then click the menu icon next to the action name and choose Delete

  6. The Delete action dialog will be presented to confirm the action deletion.

    Deleting an Action Dialog

    Figure 210. Deleting an Action Dialog


  7. If the action is configured or assigned to a scheduled search or alert, an alert will be presented to show that the action could not be deleted. The action should be removed for any configured searches and alerts before you delete the action.