Workflows
A workflow is a defined sequence of steps designed to achieve a specific outcome through automation. It is a reusable, versionable "recipe" that transforms inputs into actions.
Insights on your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insight to automated outcomes. Your critical operational data already lives in Elastic: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end outcomes directly where that data lives, without needing external automation tools.
Workflows address common operational challenges, such as:
- Alert fatigue: Automate responses to reduce manual triage.
- Understaffing: Enable teams to do more with fewer resources.
- Manual, repetitive work: Automate routine tasks consistently.
- Tool fragmentation: Eliminate the need to add on external automation tools.
Workflows can handle everything from simple, repeatable tasks to complex processes.
Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time.
Some key concepts to understand while working with workflows:
- Triggers: The events or conditions that initiate a workflow. Refer to Triggers to learn more.
- Steps: The individual units of logic or action that make up a workflow. Refer to Steps to learn more.
- Data: How data flows through your workflow, including inputs, constants, context variables, step outputs, and Liquid templating for dynamic values. Refer to Data to learn more.
Workflows are defined as code using YAML. In the YAML editor, describe what the workflow should do, and the platform handles execution.
# ═══════════════════════════════════════════════════════════════
# METADATA - Identifies and describes the workflow
# ═══════════════════════════════════════════════════════════════
name: My Workflow
description: What this workflow does
enabled: true
tags: ["demo", "production"]
# ═══════════════════════════════════════════════════════════════
# CONSTANTS - Reusable values defined once, used throughout
# ═══════════════════════════════════════════════════════════════
consts:
indexName: "my-index"
environment: "production"
alertThreshold: 100
endpoints: # Can be objects/arrays
api: "https://api.example.com"
backup: "https://backup.example.com"
# ═══════════════════════════════════════════════════════════════
# INPUTS - Parameters passed when workflow is triggered
# ═══════════════════════════════════════════════════════════════
inputs:
- name: environment
type: string
required: true
default: "staging"
description: "Target environment"
- name: dryRun
type: boolean
default: true
# ═══════════════════════════════════════════════════════════════
# TRIGGERS - How/when the workflow starts
# ═══════════════════════════════════════════════════════════════
triggers:
- type: manual
# - type: schedule
# cron: "0 9 * * *"
# - type: alert
# ═══════════════════════════════════════════════════════════════
# STEPS - The actual workflow logic (executed in order)
# ═══════════════════════════════════════════════════════════════
steps:
- name: step_one
type: elasticsearch.search
with:
index: "{{consts.indexName}}"
query:
match_all: {}
- name: step_two
type: console
with:
message: |
Environment: {{inputs.environment}}
Found: {{steps.step_one.output.hits.total.value}}
- Required: Unique identifier
- Optional: Shown in UI
- Optional: Enable or disable execution
- Optional: For organizing workflows
- User clicks Run button
- Runs on a schedule
- Triggered by an alert
- Reference constants
- Reference inputs
- Reference step output
- Follow this tutorial to create and run your first workflow.