Overview
You can use this document to learn about the configuration parameters available in a configuration file, specifically for Workflows.
A workflow maps inputs, processors, and outputs that are logically grouped, based on the underlying use-cases and analytics being performed.
Note
To create a new workflow, you must have existing inputs, processors, destinations, thresholds, and filters to add to the new workflow. You cannot create a workflow without these existing components.
Review Parameters for a Workflow
Visual Editor | YAML | Description | Required or Optional |
Name | name |
Enter a descriptive name for the workflow. A workflow name is used for labeling and organizing workflows within a configuration. A workflow name is not reported to any destination. |
Required |
Input Labels | input_labels |
This parameter displays existing inputs that you can add to the workflow. To learn more, see Inputs. |
Required |
Processors | processors |
This parameter displays existing processors that you can add to the workflow. To learn more, see Processors Overview. |
Optional |
Destinations | destinations |
This parameter displays existing outputs that you can add to the workflow. To learn more, see Create and Manage Outputs and Integrations. |
Optional |
Not applicable | enabled_hosts |
You can use this parameter to limit the workflow to specific hosts. With this parameter, the workflow will only run if the agent host is specified. |
Optional |
Thresholds | thresholds |
This parameter displays existing thresholds that you can add to the workflow. To learn more, see Thresholds. |
Optional |
Filters | filters |
This parameter displays existing filters that you can add to the workflow. The filter step takes place before incoming logs are passed to the processors. To learn more, see Filters. |
Optional |
Description | description | Enter a brief description to describe the purpose of the workflow. | Optional |
Review YAML Example of a Workflow
Review the following example of a YAML file populated with parameters:
workflows:
application_workflow:
input_labels:
- system_stats
- agent_stats
- application_logs
processors:
- error-check
- fail-check
- success-check
destinations:
- sumo-logic-devops-integration
- slack-devops-integration
security_workflow:
input_labels:
- syslog_traffic
- windows_events
- auth_logs
filters:
- not_debug
processors:
- traffic-patterns
- authentication-monitoring
- system-patterns
destinations:
- sumo-logic-security-integration
- slack-security-integration
enabled_hosts_workflow:
description: "runs only specified hosts"
input_labels:
- system
- docker
- agent
- infa-processes
filters:
- info
destinations:
- '{{ Env "TEST_SUMO" }}'
# workflow only runs if the agent host is one of these hosts.
enabled_hosts:
- my.host.us1
- my.host.us2
Configure an Expiring Workflow
To define an expiring workflow, set an expiration time in the workflow definition with the expires_in parameter.
With an expiring workflow, you can also enable log forwarding for a specified time with the log_forward_workflow parameter.
Note
The "expires_in" time format must be in RFC3339 format.
Review the following example:
workflows:
log_forward_workflow:
input_labels:
- system_stats
- agent_stats
- application_logs
filters:
- not_debug
destinations:
- sumo-logic-devops-integration
expires_in: 2021-06-01T12:00:00.000Z
Create and Manage a Workflow
At a high level, there are 2 ways to create and manage Workflows:
- If you need to create a new configuration, then you can use the visual editor to populate a YAML file, as well as make changes directly in the YAML file.
- If you already have an existing configuration, then you can update the configuration in the YAML file.
Option 1: Access the visual editor for a new configuration
Note
To create a new workflow, you must have existing inputs, processors, destinations, thresholds, and filters to add to the new workflow. You cannot create a workflow without these existing components.
- In the Edge Delta App, on the left-side navigation, click Data Pipeline, and then click Agent Settings.
- Click Create Configuration.
- Click Visual.
- On the right-side, select Workflows.
- Enter a Name and Description.
- Select the desired inputs, processors, destinations, thresholds, and filters to add to the workflow.
- To make additional configurations to the configuration file, click the back button, and then select a new configuration parameter to manage.
- To save the configuration and exit the visual editor, click Save.
- Refresh the page to view the newly created configuration in the table.
Option 2: Access the YAML file for an existing configuration
- In the Edge Delta App, on the left-side navigation, click Data Pipeline, and then click Agent Settings.
- Locate the desired configuration, then under Actions, click the vertical ellipses, and then click Edit.
- Review the YAML file, make your changes, and then click Save.