Tines

Humio supports sending events to Tines through webhooks.

To receive events from Humio in Tines, you will need to set up a webhook agent in Tines.

  1. Open an existing story or create a new story in your Tines tenant.

  2. Drag a new Webhook action from the Actions section onto the storyboard.

  3. Click on the Summary tab in the Action panel on the right side of the storyboard.

  4. Copy the Webhook URL.

In Humio:

  1. Choose your repository.

  2. Navigate to Alerts --> Action --> New Action.

  3. Select Webhook for the Action Type.

  4. Name it Tines Action and paste your URL in the Endpoint URL box.

  5. Leave the rest of the fields default, and click Create Action.

  6. Go to Alerts --> New Alerts.

  7. Type in the query you require, name it, and set your throttle period.

  8. Click Create Alert.

  9. The Alert you just created will now appear in the Alerts window.

Tines Automation

Figure 158. Tines Automation


Wait for the Alert to trigger. Then, back in Tines,

  1. Click on the Webhook action you created earlier.

  2. Click on the Events tab in the Action panel to view your recent event. You can click Update if it isn't automatically there.

  3. Click Show to view the event details. You should see something like:

javascript
{
   "webhook_agent" : {
     "alert" : {
         "description" : "",
         "id" : "cx7xIdcYMNqZduOcDryndfphKSayyBgm",
         "name" : "Tines Alert",
         "notifierID" : "N9DAw1Q6bPaxgRoexv94Qfc3HmaTPzbg",
         "query" : {
            "end" : "now",
            "queryString" : "* ",
            "start" : "1m"
         }
      },
      "events" : [
         {
            "#repo" : "Testing",
            "#type" : "kv",
            "@id" : "zZvht1UVROc92nnXtQDDBshD_0_1_1582059199",
            "@rawstring" : "hello=tines",
            "@timestamp" : 1582059199976,
            "@timezone" : "Z",
            "hello" : "tines"
         }
      ],
      "numberOfEvents" : 1,
      "repository" : "Testing",
      "timestamp" : "2020-02-18T20:53:20.546Z",
      "warnings" : ""
   }
}

To create a notification:

  1. Drag a new Event Transform action onto the storyboard.

  2. Connect the Webhook action you created earlier to this Event Transform action

  3. Click on the Build tab for the Event Transform action

  4. Set the Mode to explode

  5. Set the path to webhook_action.events

javascript
{
 "mode": "explode",
 "path": "{{.webhook_agent.events}}",
 "to": "event"
}

Now you can connect your event transformation agent to any of your other workflows in Tines.

Tines Workflow

Figure 159. Tines Workflow