Humio

The integration between Humio and Fylamynt provides users with the ability to automate and streamline cloud log management.

Overview
Humio is powerful and extremely useful for system administrators. It provides a fast, flexible platform for logs and server metrics. With Humio Cloud, your log entries and other metrics are sent to your own private, secure repository. You’ll then use the Humio web interface to analyze your data and to create alerts to let you know when events occur or parameters are exceeded.
The alerts can be later ingested by Fylamynt with this integration and relevant information can be retrieved actively in the middle of any investigation from Fylamynt.
Use Cases
The integration between Fylamynt and Humio lets you:
Trigger a workflow in Fylamynt, when a specific Humio Alert goes into the state of ALERT.
Search logs/metrics stored in Humio.
Configure Humio in Fylamynt
Navigate to Settings > Integrations > Humio
Configure a new integration instance
Details needed to set up Humio instance in Fylamynt:
Parameters
Description
Required
Humio API Token
API Token obtained from Humio
True
Humio URL
Humio Cloud URL, e.g. https://cloud.us.humio.com
True
Webhook API Key Name
Fylamynt API Key Name for webhook authentication
True
Webhook URL
Fylamynt Webhook URL to be used by Humio
True
Follow the steps listed below in your Humio Account to complete the configuration 
1.Add Humio Cloud URL to Humio URL in Authorize Fylamynt panel. e.g. https://cloud.us.humio.com
2.In your Humio account, go to Manage Your Account --> Account Settings, and copy API Token. Add the copied API Token to Humio API Token field in Authorize Fylamynt panel.
3.Configure Fylamynt webhook in selected Humio repository. 
Go to a Humio repository --> Alerts --> Actions and create a New Action
Select Action Type as Webhook
Add Name
Copy the Fylamynt Webhook URL from Authorize Fylamynt panel and add in Endpoint URL
Select POST Method
Http Headers
    Header Name: Content-Type
    Header Value: application/json
    Header Name: x-api-key
    Header Value: add Webhook API Key value from Authorize Fylamynt panel.
Instructions to get Fylamynt Webhook API Key value:
    Under Authorize Fylamynt, choose one of the Webhook API Key Name from the dropdown, and the corresponding Webhook API Key Value should be shown. If no options are available for the Webhook API Key Name, first go to Settings --> API Keys --> Manage Keys to Create a New API Key.
Use the Default Message Body Template
Click on Create Action 
4.Configure a Humio Alert to use Webhook Action
Go to a Humio repository --> Alerts -> Create Alert or Edit Alert -> In Alert "Action" select newly created Webhook "Action"
Integration Actions
You can add these actions in the Fylamynt workflow builder, as part of your workflow.
1.​Humio Alert Trigger​
2.​Humio Search​
Humio Alert Trigger
The integration node triggers the automatic execution of a workflow from a combined selection of a Humio Repository and an Alert.
When creating a workflow, you are presented with a wizard to select the trigger type to use.
On the workflow page, select New Workflow
Enter the name of the Workflow.
Select the Humio trigger type.
Click Create Workflow
​
​
Configure the automatic execution of a workflow
To automatically run workflows with the Humio Alert trigger, the incident type and assignment need to be configured. Follow the step-by-step instructions provided on the Incident Management - Automatic workflow execution page.
Humio Search
Integration node to run Humio search query in a Humio repository
Input
Parameter Name
Description
Required
Repository Name
Humio repository to search
True
Query
The actual query. See Query language for details.
True
Start Time
The start date and time. This parameter tells Humio not to return results from before this date and time.
True
End time
The end date and time. This parameter tells Humio not to return results from after this date and time.
True
S3 Bucket
Target AWS Account S3 bucket to store search result
False
Output
Parameter Name
Type
Description
result
String
Query result
is_result_truncated
Boolean
Boolean value which denotes if the result is truncated or not
result_bucket_key
String
S3 bucket key path of search result
s3_bucket
String
Name of the bucket
Note:
AWS SSM automation has restrictions on the size of the response object (~100 KB). If the query has a result greater than this value then a truncated result would be returned, and if S3 Bucket Name is provided then the whole result would be written to the bucket.
Action Example
Drag and drop the Humio Search Action node onto the canvas
Select the Humio Search Action node
Select the Humio Repository name from the dropdown
Enter the Query
Add the Start Time 
Add the End Time
Optionally, select the AWS Target Account Alias and S3 bucket name

Integrations - Previous

Google Kubernetes Engine (GKE)

Next - Integrations

Instana

Last modified 1yr ago

Parameters	Description	Required
Humio API Token	API Token obtained from Humio	True
Humio URL	Humio Cloud URL, e.g. https://cloud.us.humio.com	True
Webhook API Key Name	Fylamynt API Key Name for webhook authentication	True
Webhook URL	Fylamynt Webhook URL to be used by Humio	True

Parameter Name	Description	Required
Repository Name	Humio repository to search	True
Query	The actual query. See Query language for details.	True
Start Time	The start date and time. This parameter tells Humio not to return results from before this date and time.	True
End time	The end date and time. This parameter tells Humio not to return results from after this date and time.	True
S3 Bucket	Target AWS Account S3 bucket to store search result	False

Parameter Name	Type	Description
result	String	Query result
is_result_truncated	Boolean	Boolean value which denotes if the result is truncated or not
result_bucket_key	String	S3 bucket key path of search result
s3_bucket	String	Name of the bucket