Trigger a workflow

Workflow Automation is not supported for your selected Datadog site ().

You can trigger a workflow manually or automatically and a workflow can have multiple triggers. This allows you to trigger a workflow from a variety of different sources, like a Datadog monitor and a Datadog dashboard.

A workflow can either run with the identity of the user who owns it, or with the identity of a service account associated with the workflow. For more information on service accounts, see Service accounts for Workflow Automation.

A workflow with multiple triggers

Manual triggers

To trigger a workflow manually:

  1. From the workflow page, click Run.
  2. Enter the values for existing trigger variables.
  3. When you’re ready to run the workflow, click Save & Run.

Dashboard triggers

To trigger a workflow from a dashboard, add the Run Workflow widget:

  1. From your dashboard, click Add Widget.
  2. Search for workflows and add the Run Workflow widget.
  3. Under Select the workflow, find your workflow in the dropdown menu. Only published workflows with dashboard triggers appear in the list.
  4. Map dashboard template variables to workflow input parameters. This allows the values of your dashboard template variables to be mapped directly to the input parameters when you run the workflow.
  5. Enter a title for the widget and click Save.

To run the workflow:

  1. Click Run Workflow on your dashboard widget.
  2. Under Execution parameters, any template variables you mapped to workflow inputs are automatically populated. Enter the values for any unmapped execution parameters, or edit the existing values if needed.
  3. Click Run to run the workflow.

Monitor triggers

Add a monitor trigger to your workflow

  1. Add a monitor trigger to your workflow:
    • If your workflow doesn’t have any triggers, click Add Trigger > Monitor.
    • If your workflow already has one or more triggers and you’re adding the monitor as an additional trigger, click the Add Trigger (lightning bolt) icon and select Monitor.
  2. Make sure the trigger is connected to a step in the workflow. You can connect the trigger to a step by clicking and dragging the plus icon (+) under the trigger.
  3. Click the trigger and take note of the Mention handle.
  4. Monitor triggers are set to trigger automatically by default. If you don’t want the workflow to trigger automatically, toggle the Automatic triggering option.
  5. Save your Workflow.
  6. Click Publish to publish your workflow. Workflows don’t run automatically until you’ve published them. Published workflows accrue costs based on workflow executions. For more information, see the Datadog Pricing page.

Add the workflow to your monitor

  1. Navigate to the Monitors page in Datadog.
  2. Find the monitor you’d like to use to trigger the workflow and edit it, or create a new monitor.
  3. In the Configure notifications & automations section, click + Add Workflow.
  4. Use the workflow mention name to search for your workflow and select it from the dropdown. Only workflows with monitor triggers appear in the list.
    A mention for the monitor appears in the notification message field, in the format @workflow-name if it takes no input parameters or @workflow-name(param="") if it takes input parameters.
  5. If the workflow takes input parameters:
    1. Click Configure Inputs next to the monitor name and ID.
      An attached workflow with a Configure Inputs link available
    2. Enter values for the input parameters.
      Note: Values can include monitor message template variables. To see a list of available variables, click Use Message Template Variables in the upper-right of the Configure notifications & automations section.
      The parameters populate in the mention within the notification message field.
      For example, if you configure a workflow named @workflow-test-inputs to have the following parameters:
      Configure Inputs panel with values set as follows: im_a_string to 'abc', im_a_number to 123, im_a_boolean toggled to true, and i_have_a_default_value to 'override this'
      the mention changes to @workflow-test-inputs(im_a_string="abc", im_a_number=123, im_a_boolean=true, i_have_a_default_value="override this").
  6. Save the monitor.

Each time the monitor threshold is reached, the monitor triggers a workflow run.

Test a monitor trigger

See the test and debug page for information on how to test a monitor trigger.

Incident triggers

To trigger a workflow from an incident notification rule, you must first add an incident trigger to your workflow:

  1. Add an incident trigger to your workflow:
    • If your workflow doesn’t have any triggers, click Add Trigger > Incident.
    • If your workflow already has one or more triggers and you’re adding the security trigger as an additional trigger, click the Add Trigger (lightning bolt) icon and select Incident.
  2. Make sure the trigger is connected to a step in the workflow. You can connect the trigger to a step by clicking and dragging the plus icon (+) under the trigger.
  3. Click the trigger and take note of the Mention handle.
  4. Incident triggers are set to trigger automatically by default. If you don’t want the workflow to trigger automatically, toggle the Automatic triggering option.
  5. Save your Workflow.
  6. Click Publish to publish your workflow. Workflows don’t run automatically until you’ve published them. Published workflows accrue costs based on workflow executions. For more information, see the Datadog Pricing page.

Add the workflow to your incident notification rule:

  1. Incidents Settings page, select Rules.
  2. Click New Rule.
  3. Configure a Severity, Service, and Other attributes for your notification rule.
  4. Under Notify, paste the workflow handle that you copied earlier.
  5. In the Recipient section, use the workflow mention name to find your workflow. For example, @workflow-my-workflow. The workflow must have an incident trigger before you can trigger it from an incident.
  6. Enter a Template and configure the Renotify settings for the notification rule.
  7. Click Save.

Security triggers

You can trigger a workflow automatically for any Security Signal, or manually trigger a Workflow from a Cloud SIEM Security Signal panel. Before you can add a workflow to a Security Signal, the workflow must have a security trigger.

Security Signal Notification Rule triggers

You can set up a workflow to trigger every time a Security Signal Notification Rule fires.

To trigger a workflow from a notification rule, you must first add a security trigger to your workflow:

  1. Add a security trigger to your workflow:
    • If your workflow doesn’t have any triggers, click Add Trigger > Security.
    • If your workflow already has one or more triggers and you’re adding the security trigger as an additional trigger, click the Add Trigger (lightning bolt) icon and select Security.
  2. Make sure the trigger is connected to a step in the workflow. You can connect the trigger to a step by clicking and dragging the plus icon (+) under the trigger.
  3. Click the trigger and take note of the Mention handle.
  4. Security triggers are set to trigger automatically by default. If you don’t want the workflow to trigger automatically, toggle the Automatic triggering option.
  5. Save your workflow.
  6. Click Publish to publish your workflow. Workflows don’t run automatically until you’ve published them. Published workflows accrue costs based on workflow executions. For more information, see the Datadog Pricing page.

Add the workflow to your notification rule:

  1. From the Configuration page, find the notification rule you’d like to use to trigger your workflow, or create a new rule.
  2. In the Recipient section, use the workflow mention name to find your workflow. For example, @workflow-my-workflow.
  3. Select the workflow from the drop-down. Only workflows with security triggers appear in the list.
  4. Click Save.
Add the workflow name to the recipient section of a Notification rule

Each time the notification rule fires, it triggers a workflow run.

Cloud SIEM Security Signal triggers

You can manually start a workflow from a Cloud SIEM Security Signal panel.

  1. Click Run Workflow at the top of the Security Signal panel.
  2. In the search modal, enter the name of the workflow you want to run and select it. Only workflows with security triggers appear in the list.
  3. If your workflow requires input parameters, enter the values as required. You can copy the values from the Signal object JSON displayed next to the input parameters, and paste them into the parameter fields.
  4. Click Run.
  5. You can see the workflow run status in the Workflow section of the Security Signal.

For additional examples of security workflows you can automate, see Automate Security Workflows with Workflow Automation.

API triggers

Triggering a workflow using an API call requires an API key and an application key with the workflows_run scope. For information on adding a scope to an application key, see Scopes.

Unscoped keys do not include the workflows_run scope by default. Ensure that you're following security best practice and use an application key with the minimum scopes needed to perform the desired task.

You can trigger a workflow by sending a POST request with the workflow ID to the endpoint https://api.datadoghq.com/api/v2/workflows/WORKFLOW-ID/instances. When you add an API trigger to a workflow, the trigger interface gives you an example cURL request that you can use to trigger the workflow.

To add an API trigger to a workflow:

  1. Click Add Trigger > API.

  2. On the workflow canvas, click API and note the example workflow cURL request, which includes the required headers and data to trigger your workflow.

    A cURL request to trigger a workflow looks something like this:

    curl -X POST \
      -H "Content-Type: application/json" \
      -H "DD-API-KEY: ${DD_API_KEY}" \
      -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
      -d {} \
      https://api.datadoghq.com/api/v2/workflows/32866005-d275-4553-be86-9f1b13066d84/instances

    If the workflow includes input parameters, include them in the request payload. The following example uses two input parameters, example_input1 and example_input2:

    curl -X POST \
      -H "Content-Type: application/json" \
      -H "DD-API-KEY: ${DD_API_KEY}" \
      -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
      -d { "meta": { "payload": { \
        "example_input1": "...", \
        "example_input2": "..." \
      } } } \
      https://api.datadoghq.com/api/v2/workflows/32866005-d275-4553-be86-9f1b13066d84/instances
       
  3. Click Save.

  4. Click Publish to publish the workflow. A workflow must be published before you can trigger it with a POST request. Published workflows accrue costs based on workflow executions. For more information, see the Datadog Pricing page.

Scheduled triggers

To schedule a workflow run:

  1. On the workflow canvas, click Add an Automated Trigger and select Schedule.
  2. Click Create to create a service account. For more information, see Use a service account.
  3. Enter a time and frequency for the run.
  4. (Optional) Enter a description for the workflow in the Memo field.
  5. Click Save.
  6. Click Publish. Scheduled workflows don’t run until you’ve published them. Published workflows accrue costs based on workflow executions. For more information, see the Datadog Pricing page.

Trigger a workflow from a workflow

You can trigger a child workflow from another workflow using the Trigger Workflow action. For example, if you have a complex series of steps that you need to reuse in several workflows, there’s no need to recreate those steps for all of your workflows. Instead, add the steps to a new workflow and trigger it in your other workflows using the Trigger Workflow action.

For billing purposes, triggering a child workflow registers as a new workflow execution.

If the child workflow has input parameters, these parameters appear as required fields in the Trigger Workflow action. In the example below, the service_name input parameter is required because service_name is set as an input parameter in the child workflow.

The service_name input parameter is required in the child workflow

Access the result of a child workflow

You can pass the result of a child workflow back to the parent workflow by defining Output parameters in the child workflow. Use the WorkflowOutputs context variable in the parent workflow to retrieve the output parameters of the child workflow. For example, given a child workflow named Example_workflow with an output parameter named exampleList, use Steps.Example_workflow.workflowOutputs.exampleList to access the result of the child workflow.

Run history

After you trigger a workflow, the workflow page switches to the workflow’s Run History. Click Configuration or Run History in the top-left to switch between the configuration and run history views. Use run history to watch the progress of a triggered workflow or debug a failed step.

Further reading


Do you have questions or feedback? Join the #workflows channel on the Datadog Community Slack.

PREVIEWING: rtrieu/product-analytics-ui-changes