From 4021cb38b7b946789c54c89eeb688435c72e8910 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 13:31:21 -0500 Subject: [PATCH 01/31] First draft --- explore-analyze/workflows.md | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 307ef403cf..0f2a814f3e 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -1 +1,34 @@ -# Workflows +--- +applies_to: + stack: preview 9.3 + serverless: preview +description: Learn about Elastic workflows. +--- + +# Workflows [workflows-overview] + +A workflow is a defined sequence of steps designed to achieve a specific outcome through automation. It is a reusable, versionable "recipe" that transforms inputs into actions. + +Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. + +## Why use workflows? [workflows-why] + +Insights on your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insight to automated outcomes. Your critical operational data already lives in Elastic: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end outcomes directly where that data lives, without needing external automation tools. + +Workflows address common operational challenges, such as: + +* **Alert fatigue**: Automate responses to reduce manual triage. +* **Understaffing**: Enable teams to do more with fewer resources. +* **Manual, repetitive work**: Automate routine tasks consistently. +* **Tool fragmentation**: Eliminate the need to bolt on external automation tools. + +Workflows can handle everything from simple, repeatable tasks to complex processes. + +## Key components [workflows-components] + +Every workflow is composed of three core elements: + +* **Triggers**: The events or conditions that initiate a workflow. Triggers define _when_ a workflow runs. +* **Steps**: The individual units of logic or action that make up a workflow. Steps define _how_ data moves, decisions are made, and results are produced. +* **Connectors**: The integrations that allow workflows to interact with external systems and services. Connectors define _where_ actions are executed. + From 0a2725aeda8b1bf5f810d249bcbf515eba0d5649 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 14:26:47 -0500 Subject: [PATCH 02/31] Adding tutorial --- explore-analyze/workflows/get-started.md | 308 ++++++++++++++++++++++- 1 file changed, 307 insertions(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 13db2d750f..4cd06d22a2 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -5,4 +5,310 @@ applies_to: description: Learn how to get started creating Elastic workflows. --- -# Get started with Workflows \ No newline at end of file +# Get started with workflows [workflows-get-started] + +Let's create and run your first workflow! In this tutorial, you'll create a workflow that indexes and searches through National Parks data, demonstrating the core concepts and capabilities of workflows along the way. + +## Prerequisites [workflows-prerequisites] + +- To use workflows, you must turn on the Elastic Workflows advanced setting (`workflows:ui:enabled`). +- You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. + +## Prerequisites [workflows-prerequisites] + +:::::{stepper} + +::::{step} Go to Worfklows + +To access the **Worfklows** page, find **Workflows** in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). + +:::: + +::::{step} Create a new workflow + +Click **Create a new workflow**. The YAML editor opens. + + + +:::: + +::::{step} Define your workflow + +Remove the placeholder content and copy and paste the following YAML into the editor: + +```yaml +name: 🏔️ National Parks Demo +description: Creates an {{es}} index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. +enabled: true +tags: ["demo", "getting-started"] +consts: + indexName: national-parks +triggers: + - type: manual +steps: + - name: get_index + type: elasticsearch.indices.exists + with: + index: "{{ consts.indexName }}" + - name: check_if_index_exists + type: if + condition: 'steps.get_index.output : true' + steps: + - name: index_already_exists + type: console + with: + message: "index: {{ consts.indexName }} already exists. Will proceed to delete it and re-create" + - name: delete_index + type: elasticsearch.indices.delete + with: + index: "{{ consts.indexName }}" + else: + - name: no_index_found + type: console + with: + message: "index: {{ consts.indexName }} Not found. Will proceed to create" + + - name: create_parks_index + type: elasticsearch.indices.create + with: + index: "{{ consts.indexName }}" + mappings: + properties: + name: { type: text } + category: { type: keyword } + description: { type: text } + - name: bulk_index_park_data + type: elasticsearch.bulk + with: + index: "{{ consts.indexName }}" + operations: + - name: "Yellowstone National Park" + category: "geothermal" + description: "America's first national park, established in 1872, famous for Old Faithful geyser and diverse wildlife including grizzly bears, wolves, and herds of bison and elk." + + - name: "Grand Canyon National Park" + category: "canyon" + description: "Home to the immense Grand Canyon, a mile deep gorge carved by the Colorado River, revealing millions of years of geological history in its colorful rock layers." + + - name: "Yosemite National Park" + category: "mountain" + description: "Known for its granite cliffs, waterfalls, clear streams, giant sequoia groves, and biological diversity. El Capitan and Half Dome are iconic rock formations." + + - name: "Zion National Park" + category: "canyon" + description: "Utah's first national park featuring cream, pink, and red sandstone cliffs soaring into a blue sky. Famous for the Narrows wade through the Virgin River." + + - name: "Rocky Mountain National Park" + category: "mountain" + description: "Features mountain environments, from wooded forests to mountain tundra, with over 150 riparian lakes and diverse wildlife at various elevations." + - name: search_park_data + type: elasticsearch.search + with: + index: "{{ consts.indexName }}" + size: 5 + query: + term: + category: "canyon" + - name: log_results + type: console + with: + message: |- + Found {{ steps.search_park_data.output.hits.total.value }} parks in category "canyon". + - name: loop_over_results + type: foreach + foreach: "{{steps.search_park_data.output.hits.hits | json}}" + steps: + - name: process-item + type: console + with: + message: "{{foreach.item._source.name}}" +``` + +:::: + +::::{step} Save your workflow + +Click **Save**. Your workflow is now ready to run. + +:::: + +::::{step} Run your workflow + +Click the **Run** icon {icon}`play` (next to **Save**) to execute your workflow. + +:::: + +::::{step} Monitor execution + +As your workflow runs, execution logs display in a panel next to your workflow. In the panel, you can find: + +* **Real-time execution logs**: Each step appears as it executes. +* **Step status indicators**: Green checkmarks for success, timestamps for duration. +* **Expandable step details**: Click any step to see input, output, and timeline. + +:::: + +::::{step} View execution history + +To examine past executions: + +1. Click the **Executions** tab. +2. View a list of all workflow runs (including pending and in progress runs), along with their status and completion time. +3. Click any execution to see its detailed logs. + + + +:::: + +::::: + +## Understanding what happened + +Let's examine each part of our first workflow to understand how it works. + +### Workflow metadata + +```yaml +name: 🏔️ National Parks Demo +description: Creates an {{es}} index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. +enabled: true +tags: ["demo", "getting-started"] +``` + +* **`name`**: A unique identifier for your workflow. +* **`description`**: Explains the workflow's purpose (shown in the UI). +* **`enabled`**: Controls whether the workflow can be executed (set to `false` to disable). +* **`tags`**: Labels for organizing and finding workflows. + +### Constants + +```yaml +consts: + indexName: national-parks-data +``` + +* **`consts`**: Defines reusable values that can be referenced throughout the workflow. +* Accessed using template syntax: `{{ consts.indexName }}`. +* Promotes consistency and makes workflows easier to maintain. + +### Trigger + +```yaml +triggers: + - type: manual +``` + +* **`triggers`**: Defines how the workflow starts. +* **`manual`**: Requires user action (clicking the **Run** button). +* Other trigger types (scheduled, alert-based) are covered in the [Triggers](./triggers.md) section. + +### Step 1: Create index + +```yaml +- name: create_parks_index + type: elasticsearch.indices.create + with: + index: "{{ consts.indexName }}" + settings: + number_of_shards: 1 + number_of_replicas: 0 + mappings: + properties: + name: { type: text } + category: { type: keyword } + description: { type: text } +``` + +* **Step type**: This is an internal action step that directly interacts with {{es}}. +* **Purpose in workflow**: Establishes the data structure for our park information, ensuring fields are properly typed for searching and aggregation. +* **Key elements**: + * Uses `elasticsearch.indices.create`—a built-in action that maps to the {{es}} Create Index API. + * Defines mappings to control how data is indexed (`text` for full-text search, `keyword` for exact matching). + * References the constant `indexName` for consistency. + * Sets index settings for optimal performance in this demo. + +Learn more about internal action steps in the [Internal Actions](./steps.md) section. + +### Step 2: Bulk index documents + +```yaml +- name: bulk_index_park_data + type: elasticsearch.bulk + with: + index: "{{ consts.indexName }}" + operations: + - name: "Yellowstone National Park" + category: "geothermal" + description: "America's first national park, established in 1872..." + - name: "Grand Canyon National Park" + category: "canyon" + description: "Home to the immense Grand Canyon..." + # ... additional parks +``` + +* **Step type**: Another internal action step using {{es}}'s bulk API. +* **Purpose in workflow**: Efficiently loads multiple documents in a single operation, populating our index with sample data. +* **Key elements**: + * The `operations` array contains the documents to index. + * Each document becomes a searchable record in {{es}}. + * Uses the field names defined in our mappings (`name`, `category`, `description`). + * Each document becomes a searchable record with consistent field structure. + * This step demonstrates how to handle batch operations in workflows. + +### Step 3: Search parks + +```yaml +- name: search_park_data + type: elasticsearch.search + with: + index: "{{ consts.indexName }}" + size: 5 + query: + term: + category: "canyon" +``` + +* **Step type**: Internal action step for querying {{es}}. +* **Purpose in workflow**: Retrieves specific data based on criteria, demonstrating how workflows can make decisions based on data. +* **Key elements**: + * Searches for parks with category `"canyon"` (will find Grand Canyon and Zion). + * Results are automatically available to subsequent steps via `steps.search_park_data.output`. + * Limits results to 5 documents for manageable output. + * Shows how workflows can filter and process data dynamically. + +### Step 4: Log results + +```yaml +- name: log_results + type: console + with: + message: |- + Found {{ steps.search_park_data.output.hits.total.value }} parks in category "canyon". + Top results: {{ steps.search_park_data.output.hits.hits | json(2) }} +``` + +* **Step type**: A console step for output and debugging. +* **Purpose in workflow**: Presents the results in a human-readable format, demonstrating how to access and format data from previous steps. +* **Key elements**: + * Template variables access the search results: `{{ steps.search_park_data.output }}`. + * The `| json(2)` filter formats JSON output with indentation. + * Uses the exact step name `search_park_data` to reference previous step output. + * Shows how data flows through the workflow and can be transformed. + +## Key concepts demonstrated + +This workflow introduces several fundamental concepts: + +* **Internal action steps**: Built-in steps that interact with {{es}} and {{kib}} APIs. +* **Data flow**: How information moves from step to step using outputs and template variables. +* **Constants**: Reusable values that make workflows maintainable. +* **Template syntax**: The `{{ }}` notation for dynamic values. +* **Step chaining**: How each step builds on previous ones to create a complete process. + +% ## What's next? + +% Now that you have a working workflow, you're ready to explore more advanced features. In the following sections, you'll build upon this National Parks example to demonstrate: + +% * [**Triggers**](./triggers.md): Automate when this workflow runs (daily reports, alert responses). +% * [**Stes**](./steps.md): Add conditional logic based on search results and send notifications about park data. +% * [**Data and error handling**](./data.md): Make the workflow resilient to failures. From 2e7dbf09703c6e94ee4d63d85a319a91cce6179e Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 14:32:02 -0500 Subject: [PATCH 03/31] Adds ref to advanced settings --- explore-analyze/workflows/get-started.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 4cd06d22a2..578d50bb1e 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -7,11 +7,11 @@ description: Learn how to get started creating Elastic workflows. # Get started with workflows [workflows-get-started] -Let's create and run your first workflow! In this tutorial, you'll create a workflow that indexes and searches through National Parks data, demonstrating the core concepts and capabilities of workflows along the way. +In this tutorial, you'll create a workflow that indexes and searches through National Parks data, demonstrating the core concepts and capabilities of workflows along the way. ## Prerequisites [workflows-prerequisites] -- To use workflows, you must turn on the Elastic Workflows advanced setting (`workflows:ui:enabled`). +- To use workflows, you must turn on the Elastic Workflows [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings) (`workflows:ui:enabled`). - You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. ## Prerequisites [workflows-prerequisites] @@ -162,7 +162,7 @@ To examine past executions: ::::: -## Understanding what happened +## Understand what happened Let's examine each part of our first workflow to understand how it works. From 14daa5b4e7f47dab9d73acd8b40b93df76df5baa Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 15:03:08 -0500 Subject: [PATCH 04/31] style and wording edits --- explore-analyze/workflows.md | 13 +++++++++---- explore-analyze/workflows/get-started.md | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 0f2a814f3e..3adf6caad9 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -9,8 +9,6 @@ description: Learn about Elastic workflows. A workflow is a defined sequence of steps designed to achieve a specific outcome through automation. It is a reusable, versionable "recipe" that transforms inputs into actions. -Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. - ## Why use workflows? [workflows-why] Insights on your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insight to automated outcomes. Your critical operational data already lives in Elastic: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end outcomes directly where that data lives, without needing external automation tools. @@ -20,11 +18,14 @@ Workflows address common operational challenges, such as: * **Alert fatigue**: Automate responses to reduce manual triage. * **Understaffing**: Enable teams to do more with fewer resources. * **Manual, repetitive work**: Automate routine tasks consistently. -* **Tool fragmentation**: Eliminate the need to bolt on external automation tools. +* **Tool fragmentation**: Eliminate the need to add on external automation tools. Workflows can handle everything from simple, repeatable tasks to complex processes. -## Key components [workflows-components] +## Who should use workflows? [workflosw-who] +Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. + +## Key elements [workflows-key-elements] Every workflow is composed of three core elements: @@ -32,3 +33,7 @@ Every workflow is composed of three core elements: * **Steps**: The individual units of logic or action that make up a workflow. Steps define _how_ data moves, decisions are made, and results are produced. * **Connectors**: The integrations that allow workflows to interact with external systems and services. Connectors define _where_ actions are executed. +## Learn more + +- Follow [this tutorial](/explore-analyze/workflows/get-started.md) to create and run your first workflow. +- Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/create-workflows.md) to learn more. diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 578d50bb1e..546ac762a4 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -7,11 +7,11 @@ description: Learn how to get started creating Elastic workflows. # Get started with workflows [workflows-get-started] -In this tutorial, you'll create a workflow that indexes and searches through National Parks data, demonstrating the core concepts and capabilities of workflows along the way. +In this tutorial, you'll create a workflow that indexes and searches through national parks data, demonstrating the core concepts and capabilities of workflows along the way. ## Prerequisites [workflows-prerequisites] -- To use workflows, you must turn on the Elastic Workflows [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings) (`workflows:ui:enabled`). +- To use workflows, turn on the Elastic Workflows [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings) (`workflows:ui:enabled`). - You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. ## Prerequisites [workflows-prerequisites] From 04a0e1f8be7f60cc9cc984bc4dabc5d150f140ff Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 15:26:42 -0500 Subject: [PATCH 05/31] Final edits --- explore-analyze/workflows.md | 12 +++++------ explore-analyze/workflows/get-started.md | 26 ++++++++++-------------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 3adf6caad9..f5c02523ef 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -25,15 +25,15 @@ Workflows can handle everything from simple, repeatable tasks to complex process ## Who should use workflows? [workflosw-who] Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. -## Key elements [workflows-key-elements] +## Key concepts [workflows-concepts] -Every workflow is composed of three core elements: +Some key concepts to understand while working with workflows: -* **Triggers**: The events or conditions that initiate a workflow. Triggers define _when_ a workflow runs. -* **Steps**: The individual units of logic or action that make up a workflow. Steps define _how_ data moves, decisions are made, and results are produced. -* **Connectors**: The integrations that allow workflows to interact with external systems and services. Connectors define _where_ actions are executed. +* **Triggers**: The events or conditions that initiate a workflow. Refer to [](/explore-analyze/workflows/triggers.md) to learn more. +* **Steps**: The individual units of logic or action that make up a workflow. Refer to [](/explore-analyze/workflows/steps.md) to learn more. +* **Data**: How data flows through your workflow, including inputs, constants, context variables, step outputs, and Liquid templating for dynamic values. Refer to [](/explore-analyze/workflows/data.md) to learn more. ## Learn more - Follow [this tutorial](/explore-analyze/workflows/get-started.md) to create and run your first workflow. -- Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/create-workflows.md) to learn more. +% - Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/create-workflows.md) to learn more. diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 546ac762a4..2fb014dade 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -176,8 +176,8 @@ tags: ["demo", "getting-started"] ``` * **`name`**: A unique identifier for your workflow. -* **`description`**: Explains the workflow's purpose (shown in the UI). -* **`enabled`**: Controls whether the workflow can be executed (set to `false` to disable). +* **`description`**: Explains the workflow's purpose. +* **`enabled`**: Controls whether the workflow can be run. * **`tags`**: Labels for organizing and finding workflows. ### Constants @@ -188,8 +188,7 @@ consts: ``` * **`consts`**: Defines reusable values that can be referenced throughout the workflow. -* Accessed using template syntax: `{{ consts.indexName }}`. -* Promotes consistency and makes workflows easier to maintain. +* Accessed using template syntax: `{{ consts.indexName }}`. This promotes consistency and makes the workflow easier to maintain. ### Trigger @@ -199,8 +198,7 @@ triggers: ``` * **`triggers`**: Defines how the workflow starts. -* **`manual`**: Requires user action (clicking the **Run** button). -* Other trigger types (scheduled, alert-based) are covered in the [Triggers](./triggers.md) section. +* **`manual`**: Specifies the trigger type. Manual triggers require explicit user action (clicking the **Run** icon {icon}`play`) to start a workflow. ### Step 1: Create index @@ -219,16 +217,14 @@ triggers: description: { type: text } ``` -* **Step type**: This is an internal action step that directly interacts with {{es}}. -* **Purpose in workflow**: Establishes the data structure for our park information, ensuring fields are properly typed for searching and aggregation. +* **Step type**: This is an action step that directly interacts with {{es}}. +* **Step purpose**: Establishes the data structure for our park information, ensuring fields are properly typed for searching and aggregation. * **Key elements**: - * Uses `elasticsearch.indices.create`—a built-in action that maps to the {{es}} Create Index API. + * Uses `elasticsearch.indices.create`, which is a built-in action that maps to the {{es}} Create Index API. * Defines mappings to control how data is indexed (`text` for full-text search, `keyword` for exact matching). * References the constant `indexName` for consistency. * Sets index settings for optimal performance in this demo. -Learn more about internal action steps in the [Internal Actions](./steps.md) section. - ### Step 2: Bulk index documents ```yaml @@ -247,7 +243,7 @@ Learn more about internal action steps in the [Internal Actions](./steps.md) sec ``` * **Step type**: Another internal action step using {{es}}'s bulk API. -* **Purpose in workflow**: Efficiently loads multiple documents in a single operation, populating our index with sample data. +* **Step purpose**: Efficiently loads multiple documents in a single operation, populating our index with sample data. * **Key elements**: * The `operations` array contains the documents to index. * Each document becomes a searchable record in {{es}}. @@ -269,7 +265,7 @@ Learn more about internal action steps in the [Internal Actions](./steps.md) sec ``` * **Step type**: Internal action step for querying {{es}}. -* **Purpose in workflow**: Retrieves specific data based on criteria, demonstrating how workflows can make decisions based on data. +* **Step purpose**: Retrieves specific data based on criteria, demonstrating how workflows can make decisions based on data. * **Key elements**: * Searches for parks with category `"canyon"` (will find Grand Canyon and Zion). * Results are automatically available to subsequent steps via `steps.search_park_data.output`. @@ -288,7 +284,7 @@ Learn more about internal action steps in the [Internal Actions](./steps.md) sec ``` * **Step type**: A console step for output and debugging. -* **Purpose in workflow**: Presents the results in a human-readable format, demonstrating how to access and format data from previous steps. +* **Step purpose**: Presents the results in a human-readable format, demonstrating how to access and format data from previous steps. * **Key elements**: * Template variables access the search results: `{{ steps.search_park_data.output }}`. * The `| json(2)` filter formats JSON output with indentation. @@ -299,7 +295,7 @@ Learn more about internal action steps in the [Internal Actions](./steps.md) sec This workflow introduces several fundamental concepts: -* **Internal action steps**: Built-in steps that interact with {{es}} and {{kib}} APIs. +* **Action steps**: Built-in steps that interact with {{es}} and {{kib}} APIs. * **Data flow**: How information moves from step to step using outputs and template variables. * **Constants**: Reusable values that make workflows maintainable. * **Template syntax**: The `{{ }}` notation for dynamic values. From 6bd640baf852f8c0c1425aaf0688a6cac6e618b0 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 15:33:52 -0500 Subject: [PATCH 06/31] title fix --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 2fb014dade..405ec83d7b 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -14,7 +14,7 @@ In this tutorial, you'll create a workflow that indexes and searches through nat - To use workflows, turn on the Elastic Workflows [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings) (`workflows:ui:enabled`). - You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. -## Prerequisites [workflows-prerequisites] +## Tutorial [workflows-tutorial] :::::{stepper} From 85ca5590151857d1ce723b7b4ef3ed46afc3f5c9 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 19:10:01 -0500 Subject: [PATCH 07/31] Add section about workflow structure and order --- explore-analyze/workflows.md | 68 +++++++++++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index f5c02523ef..d43037bcd9 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -22,7 +22,7 @@ Workflows address common operational challenges, such as: Workflows can handle everything from simple, repeatable tasks to complex processes. -## Who should use workflows? [workflosw-who] +## Who should use workflows? [workflows-who] Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. ## Key concepts [workflows-concepts] @@ -33,6 +33,72 @@ Some key concepts to understand while working with workflows: * **Steps**: The individual units of logic or action that make up a workflow. Refer to [](/explore-analyze/workflows/steps.md) to learn more. * **Data**: How data flows through your workflow, including inputs, constants, context variables, step outputs, and Liquid templating for dynamic values. Refer to [](/explore-analyze/workflows/data.md) to learn more. +## Workflow structure [workflow-structure] + +Workflows are defined as code using YAML. In the YAML editor, describe _what_ the workflow should do, and the platform handles execution. + +```yaml +# ═══════════════════════════════════════════════════════════════ +# METADATA - Identifies and describes the workflow +# ═══════════════════════════════════════════════════════════════ +name: My Workflow # Required: Unique identifier +description: What this workflow does # Optional: Shown in UI +enabled: true # Optional: Enable or disable execution +tags: ["demo", "production"] # Optional: For organizing workflows + +# ═══════════════════════════════════════════════════════════════ +# CONSTANTS - Reusable values defined once, used throughout +# ═══════════════════════════════════════════════════════════════ +consts: + indexName: "my-index" + environment: "production" + alertThreshold: 100 + endpoints: # Can be objects/arrays + api: "https://api.example.com" + backup: "https://backup.example.com" + +# ═══════════════════════════════════════════════════════════════ +# INPUTS - Parameters passed when workflow is triggered +# ═══════════════════════════════════════════════════════════════ +inputs: + - name: environment + type: string + required: true + default: "staging" + description: "Target environment" + - name: dryRun + type: boolean + default: true + +# ═══════════════════════════════════════════════════════════════ +# TRIGGERS - How/when the workflow starts +# ═══════════════════════════════════════════════════════════════ +triggers: + - type: manual # User clicks Run button + # - type: schedule # Runs on a schedule + # cron: "0 9 * * *" + # - type: alert # Triggered by an alert + +# ═══════════════════════════════════════════════════════════════ +# STEPS - The actual workflow logic (executed in order) +# ═══════════════════════════════════════════════════════════════ +steps: + - name: step_one + type: elasticsearch.search + with: + index: "{{consts.indexName}}" # Reference constants + query: + match_all: {} + + - name: step_two + type: console + with: + message: | + Environment: {{inputs.environment}} # Reference inputs + Found: {{steps.step_one.output.hits.total.value}} # Reference step output + +``` + ## Learn more - Follow [this tutorial](/explore-analyze/workflows/get-started.md) to create and run your first workflow. From fc7e34b37b4636d9497c55106e0bea53fb02df3f Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 21 Jan 2026 10:35:36 -0500 Subject: [PATCH 08/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 405ec83d7b..545e9c29b9 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -38,7 +38,7 @@ Remove the placeholder content and copy and paste the following YAML into the ed ```yaml name: 🏔️ National Parks Demo -description: Creates an {{es}} index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. +description: Creates an Elasticsearch index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. enabled: true tags: ["demo", "getting-started"] consts: From 87b64f7e75de8fd050261356fd40f9a13da2190c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 21 Jan 2026 10:35:44 -0500 Subject: [PATCH 09/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 545e9c29b9..c4f8271a20 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -170,7 +170,7 @@ Let's examine each part of our first workflow to understand how it works. ```yaml name: 🏔️ National Parks Demo -description: Creates an {{es}} index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. +description: Creates an Elasticsearch index, loads sample national park data using bulk operations, searches for parks by category, and displays the results. enabled: true tags: ["demo", "getting-started"] ``` From dc6511bedd87dff76daa3d66e2542a3718487001 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 21 Jan 2026 10:36:54 -0500 Subject: [PATCH 10/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index c4f8271a20..0caaea5605 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -306,5 +306,5 @@ This workflow introduces several fundamental concepts: % Now that you have a working workflow, you're ready to explore more advanced features. In the following sections, you'll build upon this National Parks example to demonstrate: % * [**Triggers**](./triggers.md): Automate when this workflow runs (daily reports, alert responses). -% * [**Stes**](./steps.md): Add conditional logic based on search results and send notifications about park data. +% * [**Steps**](./steps.md): Add conditional logic based on search results and send notifications about park data. % * [**Data and error handling**](./data.md): Make the workflow resilient to failures. From a4044675dceccc8964c007400dbed6e55e231880 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Wed, 21 Jan 2026 11:57:51 -0500 Subject: [PATCH 11/31] workflows typo --- explore-analyze/workflows/get-started.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 0caaea5605..b55db80e26 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -18,9 +18,9 @@ In this tutorial, you'll create a workflow that indexes and searches through nat :::::{stepper} -::::{step} Go to Worfklows +::::{step} Go to Workflows -To access the **Worfklows** page, find **Workflows** in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). +To access the **Workflows** page, find **Workflows** in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). :::: From 0807e69e42d90f403f38fa860119fc203e30f589 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:21:54 -0500 Subject: [PATCH 12/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index d43037bcd9..4ef96d3879 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -11,7 +11,7 @@ A workflow is a defined sequence of steps designed to achieve a specific outcome ## Why use workflows? [workflows-why] -Insights on your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insight to automated outcomes. Your critical operational data already lives in Elastic: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end outcomes directly where that data lives, without needing external automation tools. +Insight into your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insights to automated outcomes. Your critical operational data already lives in the Elastic cluster: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end processes to achieve outcomes directly where that data lives, without needing external automation tools. Workflows address common operational challenges, such as: From f441b05193988481227adeb31a64484cdf36f968 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:22:10 -0500 Subject: [PATCH 13/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 4ef96d3879..826c353bca 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -20,7 +20,7 @@ Workflows address common operational challenges, such as: * **Manual, repetitive work**: Automate routine tasks consistently. * **Tool fragmentation**: Eliminate the need to add on external automation tools. -Workflows can handle everything from simple, repeatable tasks to complex processes. +Workflows can handle a wide range of tasks, from simple, repeatable steps to complex processes. ## Who should use workflows? [workflows-who] Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. From 1e658ac91c18d2ce1c69d21e80f26e4c06902afa Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:22:26 -0500 Subject: [PATCH 14/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 826c353bca..3eec54c7fa 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -23,7 +23,7 @@ Workflows address common operational challenges, such as: Workflows can handle a wide range of tasks, from simple, repeatable steps to complex processes. ## Who should use workflows? [workflows-who] -Workflows are for anyone who wants to cut down on manual effort, speed up response times, and make sure recurring situations are handled the same way every time. +Workflows are for you if you want to cut down on manual effort, speed up response times, and make sure recurring situations are handled consistently. ## Key concepts [workflows-concepts] From 22239943a3e620ef250acfa36f262316243782c0 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:23:04 -0500 Subject: [PATCH 15/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 3eec54c7fa..5d277b2544 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -35,7 +35,7 @@ Some key concepts to understand while working with workflows: ## Workflow structure [workflow-structure] -Workflows are defined as code using YAML. In the YAML editor, describe _what_ the workflow should do, and the platform handles execution. +Workflows are defined in YAML. In the YAML editor, describe _what_ the workflow should do, and the platform handles execution. ```yaml # ═══════════════════════════════════════════════════════════════ From 976f7d2755865ee915b4c7fcae20a0e191ea020f Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:23:15 -0500 Subject: [PATCH 16/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 5d277b2544..b46318cf9f 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -58,7 +58,7 @@ consts: backup: "https://backup.example.com" # ═══════════════════════════════════════════════════════════════ -# INPUTS - Parameters passed when workflow is triggered +# INPUTS - Parameters passed when the workflow is triggered # ═══════════════════════════════════════════════════════════════ inputs: - name: environment From 04457135d3133a629447bcb0c9e653dfff8b6514 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:23:51 -0500 Subject: [PATCH 17/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index b55db80e26..7b21f8a725 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -198,7 +198,7 @@ triggers: ``` * **`triggers`**: Defines how the workflow starts. -* **`manual`**: Specifies the trigger type. Manual triggers require explicit user action (clicking the **Run** icon {icon}`play`) to start a workflow. +* **`type`**: Specifies the trigger type. Manual triggers require explicit user action (clicking the **Run** icon {icon}`play`) to start a workflow. ### Step 1: Create index From c1762c7e9edd08d0bf45f6ca20d05adb99e6964d Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:25:55 -0500 Subject: [PATCH 18/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 7b21f8a725..d0b26ef26c 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -218,7 +218,7 @@ triggers: ``` * **Step type**: This is an action step that directly interacts with {{es}}. -* **Step purpose**: Establishes the data structure for our park information, ensuring fields are properly typed for searching and aggregation. +* **Step purpose**: Establishes the data structure for the park information, ensuring fields are properly typed for searching and aggregation. * **Key elements**: * Uses `elasticsearch.indices.create`, which is a built-in action that maps to the {{es}} Create Index API. * Defines mappings to control how data is indexed (`text` for full-text search, `keyword` for exact matching). From f451a49d1a58b68fd0f08e5f60b39ba0bf84224c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:26:05 -0500 Subject: [PATCH 19/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index d0b26ef26c..0767412a35 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -243,7 +243,7 @@ triggers: ``` * **Step type**: Another internal action step using {{es}}'s bulk API. -* **Step purpose**: Efficiently loads multiple documents in a single operation, populating our index with sample data. +* **Step purpose**: Efficiently loads multiple documents in a single operation, populating the index with sample data. * **Key elements**: * The `operations` array contains the documents to index. * Each document becomes a searchable record in {{es}}. From 17b535f85380bc870db2bd058229d290db9cafad Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:26:17 -0500 Subject: [PATCH 20/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 0767412a35..6bff03c72c 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -247,7 +247,7 @@ triggers: * **Key elements**: * The `operations` array contains the documents to index. * Each document becomes a searchable record in {{es}}. - * Uses the field names defined in our mappings (`name`, `category`, `description`). + * Uses the field names defined in the mappings (`name`, `category`, `description`). * Each document becomes a searchable record with consistent field structure. * This step demonstrates how to handle batch operations in workflows. From 205bace32ba4074f606f159594badaf06d6abe5d Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:46:08 -0500 Subject: [PATCH 21/31] Update explore-analyze/workflows.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index b46318cf9f..3475803535 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -101,5 +101,5 @@ steps: ## Learn more -- Follow [this tutorial](/explore-analyze/workflows/get-started.md) to create and run your first workflow. +- To create and run your first workflow, refer to [](/explore-analyze/workflows/get-started.md). % - Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/create-workflows.md) to learn more. From 19501e7c73aa437cfc88a77cc2eaf7edad1a7548 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:46:27 -0500 Subject: [PATCH 22/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 6bff03c72c..4ca56cb56f 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -7,7 +7,7 @@ description: Learn how to get started creating Elastic workflows. # Get started with workflows [workflows-get-started] -In this tutorial, you'll create a workflow that indexes and searches through national parks data, demonstrating the core concepts and capabilities of workflows along the way. +In this tutorial, you'll create a workflow that indexes and searches through national parks data. Along the way, you’ll learn the core concepts and capabilities of workflows. ## Prerequisites [workflows-prerequisites] From 7b21f8b3b48bbd5b3e897350ff84f7cdf75fb90c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:47:33 -0500 Subject: [PATCH 23/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 1 - 1 file changed, 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 4ca56cb56f..fa45de008f 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -28,7 +28,6 @@ To access the **Workflows** page, find **Workflows** in the navigation menu or u Click **Create a new workflow**. The YAML editor opens. - :::: From 91332e6e7334cc17d78b1e8a02a041e708cce55c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:57:55 -0500 Subject: [PATCH 24/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index fa45de008f..5ec50a5c60 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -142,7 +142,7 @@ Click the **Run** icon {icon}`play` (next to **Save**) to execute your workflow. As your workflow runs, execution logs display in a panel next to your workflow. In the panel, you can find: * **Real-time execution logs**: Each step appears as it executes. -* **Step status indicators**: Green checkmarks for success, timestamps for duration. +* **Worfklow status indicators**: Green for success, red for failures, and timestamps for duration. * **Expandable step details**: Click any step to see input, output, and timeline. :::: From 13b34c27e52841c7dddfefd0c4ac92767a9759fd Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:58:46 -0500 Subject: [PATCH 25/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 5ec50a5c60..0ca0332029 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -11,7 +11,7 @@ In this tutorial, you'll create a workflow that indexes and searches through nat ## Prerequisites [workflows-prerequisites] -- To use workflows, turn on the Elastic Workflows [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings) (`workflows:ui:enabled`). +- To use workflows, turn on the Elastic Workflows (`workflows:ui:enabled`) [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings). - You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. ## Tutorial [workflows-tutorial] From 9a26192e8a874283a79e641d38ec751c64356a61 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:59:01 -0500 Subject: [PATCH 26/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 0ca0332029..787ff896ba 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -163,7 +163,7 @@ To examine past executions: ## Understand what happened -Let's examine each part of our first workflow to understand how it works. +Let's examine each part of the workflow to understand how it works. ### Workflow metadata From a08798c3fa9008dc2079e8dd4e84266416b28429 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:59:18 -0500 Subject: [PATCH 27/31] Update explore-analyze/workflows/get-started.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 787ff896ba..80bb6cfe18 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -189,7 +189,7 @@ consts: * **`consts`**: Defines reusable values that can be referenced throughout the workflow. * Accessed using template syntax: `{{ consts.indexName }}`. This promotes consistency and makes the workflow easier to maintain. -### Trigger +### Triggers ```yaml triggers: From ee3d064575c5d18a77c8651fff8b039a36ccdf42 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 12:08:04 -0500 Subject: [PATCH 28/31] Update explore-analyze/workflows/get-started.md --- explore-analyze/workflows/get-started.md | 1 + 1 file changed, 1 insertion(+) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 80bb6cfe18..158a61f3f1 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -13,6 +13,7 @@ In this tutorial, you'll create a workflow that indexes and searches through nat - To use workflows, turn on the Elastic Workflows (`workflows:ui:enabled`) [advanced setting](kibana://reference/advanced-settings.md#kibana-general-settings). - You must have the appropriate subscription. Refer to the subscription page for [Elastic Cloud](https://www.elastic.co/subscriptions/cloud) and [Elastic Stack/self-managed](https://www.elastic.co/subscriptions) for the breakdown of available features and their associated subscription tiers. +- Access to workflows is controlled by [{{kib}} privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). Ensure your role has `All` privileges for **Analytics > Workflows**, which allows you to create, edit, run, and manage workflows. ## Tutorial [workflows-tutorial] From fb542f9e048f441ec42efcaf2155a37b8bde1749 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 12:08:18 -0500 Subject: [PATCH 29/31] Update explore-analyze/workflows.md --- explore-analyze/workflows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 3475803535..56b697e30b 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -102,4 +102,4 @@ steps: ## Learn more - To create and run your first workflow, refer to [](/explore-analyze/workflows/get-started.md). -% - Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/create-workflows.md) to learn more. +- Understand how to use the YAML editor in {{kib}} to define and run your workflows. Refer to [](/explore-analyze/workflows/author-workflows.md) to learn more. From ba12f278077f1f81eb31dd0982a44ceec509d2fc Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 26 Jan 2026 16:30:20 -0500 Subject: [PATCH 30/31] Revised cross-refs --- explore-analyze/workflows/get-started.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 158a61f3f1..46bcf7ff53 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -301,10 +301,9 @@ This workflow introduces several fundamental concepts: * **Template syntax**: The `{{ }}` notation for dynamic values. * **Step chaining**: How each step builds on previous ones to create a complete process. -% ## What's next? +## What's next? -% Now that you have a working workflow, you're ready to explore more advanced features. In the following sections, you'll build upon this National Parks example to demonstrate: - -% * [**Triggers**](./triggers.md): Automate when this workflow runs (daily reports, alert responses). -% * [**Steps**](./steps.md): Add conditional logic based on search results and send notifications about park data. -% * [**Data and error handling**](./data.md): Make the workflow resilient to failures. +Learn more about the workflow framework: +* [**Triggers**](./triggers.md): Control when workflows run. +* [**Steps**](./steps.md): Define how a workflow operates and the outcomes it can produce. +* [**Data and error handling**](./data.md): Make the workflow resilient to failures and understand mechanisms for controlling data flow. From 32ed82c6231a8fab4965efac6bdcccd8460046f6 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 26 Jan 2026 19:44:21 -0500 Subject: [PATCH 31/31] stepper and style edits --- explore-analyze/workflows.md | 5 ++-- explore-analyze/workflows/get-started.md | 36 ++++++++++++++++++------ 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/explore-analyze/workflows.md b/explore-analyze/workflows.md index 56b697e30b..022254d69b 100644 --- a/explore-analyze/workflows.md +++ b/explore-analyze/workflows.md @@ -9,7 +9,7 @@ description: Learn about Elastic workflows. A workflow is a defined sequence of steps designed to achieve a specific outcome through automation. It is a reusable, versionable "recipe" that transforms inputs into actions. -## Why use workflows? [workflows-why] +## Why use workflows [workflows-why] Insight into your data isn't enough. The ultimate value lies in action and outcomes. Workflows complete the journey from data to insights to automated outcomes. Your critical operational data already lives in the Elastic cluster: security events, infrastructure metrics, application logs, and business context. Workflows let you automate end-to-end processes to achieve outcomes directly where that data lives, without needing external automation tools. @@ -22,7 +22,8 @@ Workflows address common operational challenges, such as: Workflows can handle a wide range of tasks, from simple, repeatable steps to complex processes. -## Who should use workflows? [workflows-who] +## Who should use workflows [workflows-who] + Workflows are for you if you want to cut down on manual effort, speed up response times, and make sure recurring situations are handled consistently. ## Key concepts [workflows-concepts] diff --git a/explore-analyze/workflows/get-started.md b/explore-analyze/workflows/get-started.md index 46bcf7ff53..1e976e7f62 100644 --- a/explore-analyze/workflows/get-started.md +++ b/explore-analyze/workflows/get-started.md @@ -166,7 +166,9 @@ To examine past executions: Let's examine each part of the workflow to understand how it works. -### Workflow metadata +:::::{stepper} + +::::{step} Workflow metadata ```yaml name: 🏔️ National Parks Demo @@ -180,7 +182,9 @@ tags: ["demo", "getting-started"] * **`enabled`**: Controls whether the workflow can be run. * **`tags`**: Labels for organizing and finding workflows. -### Constants +:::: + +::::{step} Constants ```yaml consts: @@ -190,7 +194,9 @@ consts: * **`consts`**: Defines reusable values that can be referenced throughout the workflow. * Accessed using template syntax: `{{ consts.indexName }}`. This promotes consistency and makes the workflow easier to maintain. -### Triggers +:::: + +::::{step} Triggers ```yaml triggers: @@ -200,7 +206,9 @@ triggers: * **`triggers`**: Defines how the workflow starts. * **`type`**: Specifies the trigger type. Manual triggers require explicit user action (clicking the **Run** icon {icon}`play`) to start a workflow. -### Step 1: Create index +:::: + +::::{step} Create index ```yaml - name: create_parks_index @@ -225,7 +233,9 @@ triggers: * References the constant `indexName` for consistency. * Sets index settings for optimal performance in this demo. -### Step 2: Bulk index documents +:::: + +::::{step} Bulk index documents ```yaml - name: bulk_index_park_data @@ -251,7 +261,9 @@ triggers: * Each document becomes a searchable record with consistent field structure. * This step demonstrates how to handle batch operations in workflows. -### Step 3: Search parks +:::: + +::::{step} Search parks ```yaml - name: search_park_data @@ -268,11 +280,13 @@ triggers: * **Step purpose**: Retrieves specific data based on criteria, demonstrating how workflows can make decisions based on data. * **Key elements**: * Searches for parks with category `"canyon"` (will find Grand Canyon and Zion). - * Results are automatically available to subsequent steps via `steps.search_park_data.output`. + * Results from `steps.search_park_data.output` are automatically available to subsequent steps. * Limits results to 5 documents for manageable output. * Shows how workflows can filter and process data dynamically. -### Step 4: Log results +:::: + +::::{step} Log results ```yaml - name: log_results @@ -291,6 +305,10 @@ triggers: * Uses the exact step name `search_park_data` to reference previous step output. * Shows how data flows through the workflow and can be transformed. +:::: + +::::: + ## Key concepts demonstrated This workflow introduces several fundamental concepts: @@ -301,7 +319,7 @@ This workflow introduces several fundamental concepts: * **Template syntax**: The `{{ }}` notation for dynamic values. * **Step chaining**: How each step builds on previous ones to create a complete process. -## What's next? +## What's next Learn more about the workflow framework: * [**Triggers**](./triggers.md): Control when workflows run.