arazzo: 1.0.1 info: title: Logz.io Notification Endpoint Then Alert summary: Create a Slack notification endpoint, then wire a new alert to notify it. description: >- A common observability onboarding pattern. The workflow first provisions a Slack notification endpoint, captures the returned endpoint id, then creates a log alert whose output recipients reference that endpoint id so triggered alerts are routed to Slack, and finally reads the created alert back to confirm it persisted. Every step spells out its request inline so the flow can be read and executed without opening the underlying OpenAPI description. version: 1.0.0 sourceDescriptions: - name: logzioApi url: ../openapi/logz-io-api-openapi.yml type: openapi workflows: - workflowId: endpoint-then-alert summary: Provision a Slack endpoint and create an alert that notifies it. description: >- Creates a Slack notification endpoint, then creates a log alert whose recipients include the new endpoint id, then retrieves the created alert. inputs: type: object required: - apiToken - endpointTitle - slackWebhookUrl - alertTitle - query properties: apiToken: type: string description: Logz.io API token sent in the X-API-TOKEN header. endpointTitle: type: string description: Display name for the Slack notification endpoint. slackWebhookUrl: type: string description: The Slack incoming webhook URL to deliver notifications to. alertTitle: type: string description: Title for the new alert. query: type: string description: Lucene search query the alert evaluates against the logs. steps: - stepId: createEndpoint description: >- Create a Slack notification endpoint that triggered alerts can target. The test query parameter is false so the endpoint is actually persisted. operationId: createSlack parameters: - name: X-API-TOKEN in: header value: $inputs.apiToken - name: test in: query value: false requestBody: contentType: application/json payload: title: $inputs.endpointTitle description: Slack endpoint created by the Arazzo endpoint-then-alert workflow. url: $inputs.slackWebhookUrl successCriteria: - condition: $statusCode == 200 outputs: endpointId: $response.body#/id - stepId: createAlert description: >- Create a log alert whose notification recipients include the Slack endpoint id created in the previous step, so triggers are routed to Slack. operationId: createAlert parameters: - name: X-API-TOKEN in: header value: $inputs.apiToken requestBody: contentType: application/json payload: title: $inputs.alertTitle description: Alert created by the Arazzo endpoint-then-alert workflow. searchTimeFrameMinutes: 20 output: type: TABLE recipients: notificationEndpointIds: - $steps.createEndpoint.outputs.endpointId subComponents: - queryDefinition: query: $inputs.query shouldQueryOnAllAccounts: true trigger: operator: GREATER_THAN_OR_EQUALS severityThresholdTiers: HIGH: 100 enabled: true successCriteria: - condition: $statusCode == 200 outputs: alertId: $response.body#/id - stepId: getAlert description: >- Read the created alert back by its id to confirm it persisted and capture its enabled state and title. operationId: getAlert parameters: - name: X-API-TOKEN in: header value: $inputs.apiToken - name: alertId in: path value: $steps.createAlert.outputs.alertId successCriteria: - condition: $statusCode == 200 outputs: alertTitle: $response.body#/title enabled: $response.body#/enabled outputs: endpointId: $steps.createEndpoint.outputs.endpointId alertId: $steps.createAlert.outputs.alertId enabled: $steps.getAlert.outputs.enabled