Humio is powerful and extremely useful for system administrators. It provides a fast, but flexible platform for logs and server metrics. With Humio Cloud, your log entries and other metrics are sent to your own private, secure repository. You’ll then use the Humio web interface to analyze your data, and to create alerts to let you know when events occur or parameters are exceeded.
The alerts can be later ingested by Fylamynt with this integration and relevant information can be retrieved actively in the middle of any investigation from Fylamynt.
The integration between Fylamynt and Humio lets you:
Ingest alert as a trigger to Fylamynt workflows.
In Humio, you can create Alerts to be triggered when specific events happen that you designate, when some parameters are exceeded that you determine. When an Alert is triggered, it can initiate an Action, which could include sending a message to someone, logging it to another system, or performing some other action.
Search logs/metrics stored in Humio.
This is the main endpoint for executing queries in Humio. You are able to query a repository and then see the results back in S3. Please see the details below.
Navigate to Settings > Integrations > Humio
Click Add integration to create and configure a new integration instance
Details needed to set up Humio instance in Fylamynt:
Humio API Token
API Token obtained from Humio
Humio Cloud URL, e.g. https://cloud.us.humio.com
Webhook API Key Name
Fylamynt API Key Name for webhook authentication
Fylamynt Webhook URL to be used by Humio
Follow the steps listed below in your Humio Account to complete the configuration
Add Humio Cloud URL to Humio URL in Authorize Fylamynt panel. e.g. https://cloud.us.humio.com
In your Humio account, go to Manage Your Account --> Account Settings, and copy API Token. Add the copied API Token to Humio API Token field in Authorize Fylamynt panel.
Configure Fylamynt webhook in selected Humio repository.
Go to a Humio repository --> Alerts --> Actions and create a New Action
Select Action Type as Webhook
Copy the Fylamynt Webhook URL from Authorize Fylamynt panel and add in Endpoint URL
Select POST Method
Header Name: Content-Type Header Value: application/json
Header Name: x-api-key Header Value: add Webhook API Key value from Authorize Fylamynt panel.
Instructions to get Fylamynt Webhook API Key value: Under Authorize Fylamynt, choose one of the Webhook API Key Name from the dropdown, and the corresponding Webhook API Key Value should be shown. If no options are available for the Webhook API Key Name, first go to Settings --> API Keys --> Manage Keys to Create a New API Key.
Use the Default Message Body Template
Click on Create Action
Configure a Humio Alert to use Webhook Action Go to a Humio repository --> Alerts -> Create Alert or Edit Alert -> In Alert "Action" select newly created Webhook "Action"
You can add these actions in Fylamynt workflow builder, as part of your workflow.
Integration node to run Humio search query in a Humio repository
The start date and time. This parameter tells Humio not to return results from before this date and time.
The end date and time. This parameter tells Humio not to return results from after this date and time.
Humio repository to search
The actual query. See Query language for details.
Target AWS S3 bucket to store search result
Boolean value which denotes if the result is truncated or not
S3 bucket key path of search result
Name of the bucket
AWS SSM automation has restriction on size of response object (~100 KB). If query has a result greater than this value then truncated result would be returned, and if S3 Bucket Name is provided then whole result would be written to the bucket.
Add start_time and end_time
Select Humio repository from dropdown, Humio search query and AWS S3 bucket name (optional)