Humio Library → Reference → API → Action API

Action API

The Notifier API was renamed to the Action API. However, in the actual API, no renaming has been done so far.

The endpoints displayed on this page, except for Test Action, are deprecated starting with version 1.23 of Humio. These endpoints will remain operational for some time, but users are encouraged to use instead the corresponding queries and mutations found in our GraphQL API.

List Actions

GET /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/sandbox/alertnotifiers \
     -H "Authorization: Bearer $TOKEN"

Get Action by ID

GET /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers/$ID

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/sandbox/alertnotifiers/GXso4uF2EawsVyvtr2Q6DbtlWNPKwtOj \
    -H "Authorization: Bearer $TOKEN"

Create Action

POST /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers

Params:

name — string
entity — string — EmailNotifier, HumioRepoNotifier, OpsGenieNotifier, PagerDutyNotifier, SlackNotifier, SlackPostMessageNotifier, VictorOpsNotifier, WebHookNotifier
properties:
- EmailNotifier:
  - recipients — array — array of email address strings
  - subjectTemplate — string
  - bodyTemplate — string
  - useProxy — boolean
- HumioRepoNotifier:
  - ingestToken — string
- OpsGenieNotifier:
  - apiUrl — string
  - genieKey — string
  - useProxy — boolean
- PagerDutyNotifier:
  - severity — string — critical, error, warning, info
  - routingKey — string
  - useProxy — boolean
- SlackNotifier:
  - url — string
  - fields — map(string, string)
  - useProxy — boolean
- SlackPostMessageNotifier:
  - apiToken — string
  - channels — array — array of Slack channel strings
  - fields — map(string, string)
  - useProxy — boolean
- VictorOpsNotifier:
  - messageType — string
  - notifyUrl — string
  - useProxy — boolean
- WebHookNotifier:
  - url — string
  - method — string — GET, HEAD, OPTIONS, PATCH, POST, PUT
  - headers — map(string, string)
  - bodyTemplate — string
  - ignoreSSL — boolean
  - useProxy — boolean

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/sandbox/alertnotifiers \
    -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -d '{"name":"test", "entity": "WebHookNotifier", "properties": {"url":"http://example.com", "method":"POST", "headers": {"Content-Type":"application/json"}, "bodyTemplate":"{\n  \"repository\": \"{repo_name}\",\n  \"timestamp\": \"{alert_triggered_timestamp}\",\n  \"alert\": {\n    \"name\": \"{alert_name}\",\n    \"description\": \"{alert_description}\",\n    \"query\": {\n      \"queryString\": \"{query_string} \",\n      \"end\": \"{query_time_end}\",\n      \"start\": \"{query_time_start}\"\n    },\n    \"notifierID\": \"{alert_notifier_id}\",\n    \"id\": \"{alert_id}\"\n },\n  \"warnings\": \"{warnings}\",\n  \"events\": {events},\n  \"numberOfEvents\": {event_count}\n}",
    "ignoreSSL":true, "useProxy":true}}'

Update Action

PUT /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers/$ID

Params:

name — string
entity — string — EmailNotifier, HumioRepoNotifier, OpsGenieNotifier, PagerDutyNotifier, SlackNotifier, SlackPostMessageNotifier, VictorOpsNotifier, WebHookNotifier
properties:
- EmailNotifier:
  - recipients — array — array of email address strings
  - subjectTemplate — string
  - bodyTemplate — string
  - useProxy — boolean
- HumioRepoNotifier:
  - ingestToken — string
- OpsGenieNotifier:
  - apiUrl — string
  - genieKey — string
  - useProxy — boolean
- PagerDutyNotifier:
  - severity — string — critical, error, warning, info
  - routingKey — string
  - useProxy — boolean
- SlackNotifier:
  - url — string
  - fields — map(string, string)
  - useProxy — boolean
- SlackPostMessageNotifier:
  - apiToken — string
  - channels — array — array of Slack channel strings
  - fields — map(string, string)
  - useProxy — boolean
- VictorOpsNotifier:
  - messageType — string
  - notifyUrl — string
  - useProxy — boolean
- WebHookNotifier:
  - url — string
  - method — string — GET, HEAD, OPTIONS, PATCH, POST, PUT
  - headers — map(string, string)
  - bodyTemplate — string
  - ignoreSSL — boolean
  - useProxy — boolean

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/sandbox/alertnotifiers/GXso4uF2EawsVyvtr2Q6DbtlWNPKwtOj \
    -X PUT \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -d '{"name":"test", "entity": "WebHookNotifier", "properties": {"url":"http://example.com", "method":"POST", "headers": {"Content-Type":"application/json"}, "bodyTemplate":"{\n  \"repository\": \"{repo_name}\",\n  \"timestamp\": \"{alert_triggered_timestamp}\",\n  \"alert\": {\n    \"name\": \"{alert_name}\",\n    \"description\": \"{alert_description}\",\n    \"query\": {\n      \"queryString\": \"{query_string} \",\n      \"end\": \"{query_time_end}\",\n      \"start\": \"{query_time_start}\"\n    },\n    \"notifierID\": \"{alert_notifier_id}\",\n    \"id\": \"{alert_id}\"\n },\n  \"warnings\": \"{warnings}\",\n  \"events\": {events},\n  \"numberOfEvents\": {event_count}\n}",
    "ignoreSSL":true, "useProxy":true}}'

Delete Action

DELETE /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers/$ID

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/$REPOSITORY_NAME/alertnotifiers/GXso4uF2EawsVyvtr2Q6DbtlWNPKwtOj \
    -X DELETE \
    -H "Authorization: Bearer $TOKEN"

Test Action

POST /api/v1/repositories/$REPOSITORY_NAME/alertnotifiers/$ID/test

Params:

alertName — string
events — array — array of Humio log events

Example:

curl http://$YOUR_HUMIO_URL/api/v1/repositories/sandbox/alertnotifiers/GXso4uF2EawsVyvtr2Q6DbtlWNPKwtOj/test \
    -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -d '{"alertName":"testAlertName", events: [{"@timestamp": 0, "@timezone": "Z", "#host": "TestHost"}]}'

Table of Contents

Action API

List Actions

Get Action by ID

Create Action

Update Action

Delete Action

Test Action