Log to a Humio Repository

The Humio Repository notifier sends the alerts to a Humio repository. This can be used to summarize all alert events, or to aggregate information from multiple alerts.

Parameter Description
Ingest token An ingest token for the repository receiving the alerts.

The alert events are parsed and ingested using the ingest token. If the ingest token has an associated parser, it is used, otherwise, the built-in parser json-for-notifier is used.

The alert events sent to the parser contain the following fields:

Field Value
@alert.alertId The id of the alert that fired.
@alert.alertName The user-made name of the alert that fired.
@alert.alertDescription The user-made description of the alert that fired.
@alert.triggered The time at which the alert was fired.
@alert.queryStart The query start time (e.g. 10m).
@alert.queryEnd The query end time (e.g. now).
@alert.repoName The name of the repository from which the alert fired.
@alert.UUID A unique id for the alert. Can be used to identify events from the same triggering of the alert.
@rawstring The original alert event, encoded as JSON.

The default parser json-for-notifier will extract the original event from the @rawstring field, so that the parsed event contains all the original fields together with all the @alert.XXX fields. It will not parse any timestamps, so if the original event does not contain a @timestamp field, the event will get “now” as timestamp.

The events you send through this notifier counts towards the daily ingest limit.