Actions with Tines

Tines

Humio supports sending events to Tines through webhooks. To receive events from Humio in Tines, you will need to set up a webhook agent in Tines.

  1. Go to Stories in the top nav.

  2. Select a story of your choice from the left column.

  3. Add a webhook agent to your story by dragging Webhook into the center column along with your story.

  4. Click on Summary in the right nav, and copy the Webhook Agent URL.

In Humio,

  1. Choose your repository.

  2. Navigate to Alerts ‣ Action ‣ New Action.

  3. Select Webhook for the Action Type.

  4. Name it Tines Action and paste your URL in the Endpoint URL box.

  5. Leave the rest of the fields default, and click Create Action.

  6. Go to Alerts ‣ New Alerts.

  7. Type in the query you require, name it, and set your throttle period.

  8. Click Create Alert.

  9. The Alert you just created will now appear in the Alerts window.

Figure 1

Wait for the Alert to trigger. Then, back in Tines,

  1. Click Webhook Agent.

  2. The Events pane should show you your recent event. You can click Update if it isn’t automatically there.

  3. Click Show, and you should see something like

javascript
{
 "webhook_agent": {
 "repository": "Testing",
 "timestamp": "2020-02-18T20:53:20.546Z",
 "alert": {
   "name": "Tines Alert",
   "description": "",
   "query": {
     "queryString": "* ",
     "end": "now",
     "start": "1m"
   },
   "notifierID": "N9DAw1Q6bPaxgRoexv94Qfc3HmaTPzbg",
   "id": "cx7xIdcYMNqZduOcDryndfphKSayyBgm"
 },
 "warnings": "",
 "events": [
   {
     "@timestamp": 1582059199976,
     "#type": "kv",
     "#repo": "Testing",
     "@timezone": "Z",
     "hello": "tines",
     "@rawstring": "hello=tines",
     "@id": "zZvht1UVROc92nnXtQDDBshD_0_1_1582059199"
   }
 ],
 "numberOfEvents": 1
 }
 }

To create a notification:

  1. Move an Event Transformation Agent into your main window.

  2. Connect the Webhook Agent to the Event Transformation Agent.

  3. In the Event Transformation box, type:

javascript
{
 "mode": "explode",
 "path": "{{.webhook_agent.events}}",
 "to": "event"
}

Now you can connect your event transformation agent to any of your other workflows in Tines.

Figure 2