# Humio

## Overview <a href="#overview" id="overview"></a>

Humio is powerful and extremely useful for system administrators. It provides a fast, flexible platform for logs and server metrics. With Humio Cloud, your log entries and other metrics are sent to your own private, secure repository. You’ll then use the Humio web interface to analyze your data and to create alerts to let you know when events occur or parameters are exceeded.

The alerts can be later ingested by Fylamynt with this integration and relevant information can be retrieved actively in the middle of any investigation from Fylamynt.

## Use Cases <a href="#use-cases" id="use-cases"></a>

The integration between Fylamynt and Humio lets you:

* Trigger a workflow in Fylamynt, when a specific Humio Alert goes into the state of ALERT.
* Search logs/metrics stored in Humio.

## Configure Humio in Fylamynt

* Navigate to **Settings** > **Integrations** > **Humio**
* Configure a new integration instance

Details needed to set up **Humio instance** in **Fylamynt**:

<table data-header-hidden><thead><tr><th>Parameters</th><th width="336.3333333333333">Description</th><th>Required</th></tr></thead><tbody><tr><td><strong>Parameters</strong></td><td><strong>Description</strong></td><td><strong>Required</strong></td></tr><tr><td>Humio API Token</td><td>API Token obtained from Humio</td><td>True</td></tr><tr><td>Humio URL</td><td>Humio Cloud URL, e.g. https://cloud.us.humio.com</td><td>True</td></tr><tr><td>Webhook API Key Name</td><td>Fylamynt API Key Name for webhook authentication</td><td>True</td></tr><tr><td>Webhook URL</td><td>Fylamynt Webhook URL to be used by Humio</td><td>True</td></tr></tbody></table>

Follow the steps listed below in your **Humio Account** to complete the configuration&#x20;

1. Add Humio Cloud URL to **Humio URL** in Authorize Fylamynt panel. e.g. <https://cloud.us.humio.com>
2. In your Humio account, go to **Manage Your Account --> Account Settings**, and copy **API Token**. Add the copied **API Token** to **Humio API Token** field in Authorize Fylamynt panel.
3. Configure Fylamynt webhook in selected Humio repository.&#x20;

   Go to a Humio repository --> **Alerts** --> **Actions** and create a New Action

   * Select **Action Type** as **Webhook**
   * Add **Name**
   * Copy the Fylamynt **Webhook URL** from Authorize Fylamynt panel and add in **Endpoint URL**
   * Select **POST** Method
   * **Http Headers**

     &#x20;   **Header Name:** Content-Type\
     &#x20;   **Header Value:** application/json

     &#x20;   **Header Name:** x-api-key\
     &#x20;   **Header Value:** add **Webhook API Key value** from Authorize Fylamynt panel.

     Instructions to get Fylamynt **Webhook API Key value**:\
     &#x20;   Under Authorize Fylamynt, choose one of the **Webhook API Key Name** from the dropdown, and the corresponding **Webhook API Key Value** should be shown. If no options are available for the Webhook API Key Name, first go to **Settings** --> **API Keys** --> **Manage Keys** to Create a New API Key.
   * Use the Default **Message Body Template**
   * Click on **Create Action**&#x20;
4. Configure a Humio **Alert** to use Webhook **Action**\
   Go to a Humio repository --> **Alerts** -> Create Alert or Edit Alert -> In Alert "Action" select newly created Webhook "Action"

## Integration Actions <a href="#integration-actions" id="integration-actions"></a>

You can add these actions in the Fylamynt workflow builder, as part of your workflow.

1. [Humio Alert Trigger](#humio-alert-trigger)
2. [Humio Search](#humio-search)

### Humio Alert Trigger

The integration node triggers the automatic execution of a workflow from a combined selection of a **Humio Repository** and an **Alert**.

When creating a workflow, you are presented with a wizard to select the trigger type to use.

* On the workflow page, select **New Workflow**
* Enter the name of the Workflow.
* Select the **Humio** trigger type.
* Click **Create Workflow**
* ![](https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MXYvxfYq9m2JdKqaCdk%2Fuploads%2FiTnBgtZ2UNXQsy7K7VGh%2Fimage.png?alt=media\&token=6283dd2a-e15e-458e-9b8e-b160933ac83b)

#### Configure the automatic execution of a workflow <a href="#fylamynt-task-management" id="fylamynt-task-management"></a>

To automatically run workflows with the Humio Alert trigger, the incident type and assignment need to be configured. Follow the step-by-step instructions provided on the[ Incident Management - Automatic workflow execution](https://docs.fylamynt.com/getting-started-1/7.-incident-management-automatic-workflow-execution) page.

### Humio Search <a href="#humio-search" id="humio-search"></a>

Integration node to run Humio search query in a Humio repository

#### **Input**

| **Parameter Name** | **Description**                                                                                                  | **Required** |
| ------------------ | ---------------------------------------------------------------------------------------------------------------- | ------------ |
| Repository Name    | Humio repository to search                                                                                       | True         |
| Query              | The actual query. See [Query language](https://library.humio.com/stable/reference/language-syntax/) for details. | True         |
| Start Time         | The start date and time. This parameter tells Humio not to return results from before this date and time.        | True         |
| End time           | The end date and time. This parameter tells Humio not to return results from after this date and time.           | True         |
| S3 Bucket          | Target AWS Account S3 bucket to store search result                                                              | False        |

#### **Output**

| **Parameter Name**    | **Type** | **Description**                                               |
| --------------------- | -------- | ------------------------------------------------------------- |
| result                | String   | Query result                                                  |
| is\_result\_truncated | Boolean  | Boolean value which denotes if the result is truncated or not |
| result\_bucket\_key   | String   | S3 bucket key path of search result                           |
| s3\_bucket            | String   | Name of the bucket                                            |

#### **Note:**

* AWS SSM automation has restrictions on the size of the response object (\~100 KB). If the query has a result greater than this value then a truncated result would be returned, and if **S3 Bucket Name** is provided then the whole result would be written to the bucket.

#### Action Example

* Drag and drop the Humio Search Action node onto the canvas
* Select the Humio Search Action node
* Select the Humio **Repository name** from the dropdown
* Enter the **Query**
* Add the **Start Time**&#x20;
* Add the **End Time**
* Optionally, select the AWS Target Account Alias and S3 bucket name

<div align="left"><img src="https://2168485084-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MXYvxfYq9m2JdKqaCdk%2Fuploads%2FVz03OF9BVoy2ZkYTMSgO%2Fimage.png?alt=media&#x26;token=d4b28066-2536-40b2-97f1-ad3b01c3b7b6" alt=""></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fylamynt.com/integrations/humio.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.