Tines

Humio supports sending events to Tines through webhooks.

To receive events from Humio in Tines, you will need to set up a webhook agent in Tines.

  1. Go to Stories in the top nav.
  2. Select a story of your choice from the left column.
  3. Add a webhook agent to your story by dragging Webhook into the center column along with your story.
  4. Click on Summary in the right nav, and copy the Webhook Agent URL.

In Humio,

  1. Choose your repository.
  2. Navigate to Alerts > Notifiers > New Notifiers.
  3. Select Webhook for the Notifier Type.
  4. Name it Tines notifier and paste your URL in the Endpoint URL box.
  5. Leave the rest of the fields default, and click Create Notifier.
  6. Go to Alerts > New Alerts.
  7. Type in the query you require, name it, and set your notification frequency.
  8. Click Create Alert.
  9. The alert you just created will now appear in the Alerts window.

Wait for the alert to trigger. Then, back in Tines,

  1. Click Webhook Agent.
  2. The Events pane should show you your recent event. You can click Update if it isn’t automatically there.
  3. Click Show, and you should see something like

    {
    "webhook_agent": {
    "repository": "Testing",
    "timestamp": "2020-02-18T20:53:20.546Z",
    "alert": {
      "name": "Tines Alert",
      "description": "",
      "query": {
        "queryString": "* ",
        "end": "now",
        "start": "1m"
      },
      "notifierID": "N9DAw1Q6bPaxgRoexv94Qfc3HmaTPzbg",
      "id": "cx7xIdcYMNqZduOcDryndfphKSayyBgm"
    },
    "warnings": "",
    "events": [
      {
        "@timestamp": 1582059199976,
        "#type": "kv",
        "#repo": "Testing",
        "@timezone": "Z",
        "hello": "tines",
        "@rawstring": "hello=tines",
        "@id": "zZvht1UVROc92nnXtQDDBshD_0_1_1582059199"
      }
    ],
    "numberOfEvents": 1
    }
    }
    

To create a notification

  1. Move an Event Transformation Agent into your main window.
  2. Connect the Webhook Agent to the Event Transformation Agent.
  3. In the Event Transformation box, type

    {
    "mode": "explode",
    "path": "{{.webhook_agent.events}}",
    "to": "event"
    }
    

Now you can connect your event transformation agent to any of your other workflows in Tines.