Skip to content

Humio

Output events and detections to the Humio.com service.

  • humio_repo: the name of the humio repo to upload to.
  • humio_api_token: the humio ingestion token.
  • endpoint_url: optionally specify a custom endpoint URL, if you have Humio deployed on-prem use this to point to it, otherwise it defaults to the Humio cloud.

Example:

humio_repo: sandbox
humio_api_token: fdkoefj0erigjre8iANUDBFyfjfoerjfi9erge

Note: You may need to create a new parser in Humio to correctly parse timestamps. You can use the following JSON parser:

parseJson() | parseTimestamp(field=@timestamp,format="unixTimeMillis",timezone="Etc/UTC")

For the Community Edition of Humio, the endpoint_url is: https://cloud.community.humio.com.