Logz.io · Arazzo Workflow

Logz.io Notification Endpoint Then Alert

Version 1.0.0

Create a Slack notification endpoint, then wire a new alert to notify it.

1 workflow 1 source API 1 provider
View Spec View on GitHub ObservabilityLoggingMetricsTracingSIEMELKElasticsearchOpenSearchPrometheusGrafanaOpenTelemetryAIOpsCloud ObservabilityManaged ELKCost ManagementArazzoWorkflows

Provider

logz-io

Workflows

endpoint-then-alert
Provision a Slack endpoint and create an alert that notifies it.
Creates a Slack notification endpoint, then creates a log alert whose recipients include the new endpoint id, then retrieves the created alert.
3 steps inputs: alertTitle, apiToken, endpointTitle, query, slackWebhookUrl outputs: alertId, enabled, endpointId
1
createEndpoint
createSlack
Create a Slack notification endpoint that triggered alerts can target. The test query parameter is false so the endpoint is actually persisted.
2
createAlert
createAlert
Create a log alert whose notification recipients include the Slack endpoint id created in the previous step, so triggers are routed to Slack.
3
getAlert
getAlert
Read the created alert back by its id to confirm it persisted and capture its enabled state and title.

Source API Descriptions

openapi
logzioApi https://raw.githubusercontent.com/api-evangelist/logz-io/refs/heads/main/openapi/logz-io-api-openapi.yml

Arazzo Workflow Specification

logz-io-endpoint-then-alert-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Logz.io Notification Endpoint Then Alert
  summary: Create a Slack notification endpoint, then wire a new alert to notify it.
  description: >-
    A common observability onboarding pattern. The workflow first provisions a
    Slack notification endpoint, captures the returned endpoint id, then creates
    a log alert whose output recipients reference that endpoint id so triggered
    alerts are routed to Slack, and finally reads the created alert back to
    confirm it persisted. Every step spells out its request inline so the flow
    can be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: logzioApi
  url: ../openapi/logz-io-api-openapi.yml
  type: openapi
workflows:
- workflowId: endpoint-then-alert
  summary: Provision a Slack endpoint and create an alert that notifies it.
  description: >-
    Creates a Slack notification endpoint, then creates a log alert whose
    recipients include the new endpoint id, then retrieves the created alert.
  inputs:
    type: object
    required:
    - apiToken
    - endpointTitle
    - slackWebhookUrl
    - alertTitle
    - query
    properties:
      apiToken:
        type: string
        description: Logz.io API token sent in the X-API-TOKEN header.
      endpointTitle:
        type: string
        description: Display name for the Slack notification endpoint.
      slackWebhookUrl:
        type: string
        description: The Slack incoming webhook URL to deliver notifications to.
      alertTitle:
        type: string
        description: Title for the new alert.
      query:
        type: string
        description: Lucene search query the alert evaluates against the logs.
  steps:
  - stepId: createEndpoint
    description: >-
      Create a Slack notification endpoint that triggered alerts can target.
      The test query parameter is false so the endpoint is actually persisted.
    operationId: createSlack
    parameters:
    - name: X-API-TOKEN
      in: header
      value: $inputs.apiToken
    - name: test
      in: query
      value: false
    requestBody:
      contentType: application/json
      payload:
        title: $inputs.endpointTitle
        description: Slack endpoint created by the Arazzo endpoint-then-alert workflow.
        url: $inputs.slackWebhookUrl
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      endpointId: $response.body#/id
  - stepId: createAlert
    description: >-
      Create a log alert whose notification recipients include the Slack
      endpoint id created in the previous step, so triggers are routed to Slack.
    operationId: createAlert
    parameters:
    - name: X-API-TOKEN
      in: header
      value: $inputs.apiToken
    requestBody:
      contentType: application/json
      payload:
        title: $inputs.alertTitle
        description: Alert created by the Arazzo endpoint-then-alert workflow.
        searchTimeFrameMinutes: 20
        output:
          type: TABLE
          recipients:
            notificationEndpointIds:
            - $steps.createEndpoint.outputs.endpointId
        subComponents:
        - queryDefinition:
            query: $inputs.query
            shouldQueryOnAllAccounts: true
          trigger:
            operator: GREATER_THAN_OR_EQUALS
            severityThresholdTiers:
              HIGH: 100
        enabled: true
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      alertId: $response.body#/id
  - stepId: getAlert
    description: >-
      Read the created alert back by its id to confirm it persisted and capture
      its enabled state and title.
    operationId: getAlert
    parameters:
    - name: X-API-TOKEN
      in: header
      value: $inputs.apiToken
    - name: alertId
      in: path
      value: $steps.createAlert.outputs.alertId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      alertTitle: $response.body#/title
      enabled: $response.body#/enabled
  outputs:
    endpointId: $steps.createEndpoint.outputs.endpointId
    alertId: $steps.createAlert.outputs.alertId
    enabled: $steps.getAlert.outputs.enabled