From 7b5c9d5ff53b5cd8910c7e76afca82dd0cafeece Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 17:11:49 -0500 Subject: [PATCH 01/30] First draft --- explore-analyze/toc.yml | 4 +- explore-analyze/workflows/data.md | 147 +++++++- explore-analyze/workflows/data/templating.md | 331 +++++++++++++++++++ 3 files changed, 479 insertions(+), 3 deletions(-) create mode 100644 explore-analyze/workflows/data/templating.md diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml index 4a829ed36f..7d913df63d 100644 --- a/explore-analyze/toc.yml +++ b/explore-analyze/toc.yml @@ -398,7 +398,9 @@ toc: - file: workflows/triggers/alert-triggers.md - file: workflows/steps.md - file: workflows/data.md - - file: workflows/create-workflows.md + children: + - file: workflows/data/templating.md + - file: workflows/create-workflows.md - file: workflows/monitor-troubleshoot.md - file: workflows/manage-workflows.md - file: workflows/use-cases.md diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 37ea5188cb..4bc0f12e25 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -2,7 +2,150 @@ applies_to: stack: preview 9.3 serverless: preview -description: Learn how data is processed and transformed in Elastic workflows. +description: Learn how data flows through workflows and how to handle errors gracefully. --- -# Data \ No newline at end of file +# Data and error handling [workflows-data] + +A key feature of workflows is the ability to pass data between steps and handle failures gracefully. This page explains the mechanisms for controlling data flow and building resilient, fault-tolerant automations. + +## Data flow [workflows-data-flow] + +Every step in a workflow produces an output. By default, this output is added to a global `steps` object in the workflow's context, making it available to all subsequent steps. + +### Access step outputs [workflows-access-outputs] + +Use the following syntax to access the output of a specific step: + +```text +steps..output +``` + +You can also access error information from a step: + +```text +steps..error +``` + +### Example: Chain steps with data [workflows-chain-steps-example] + +This workflow demonstrates a common pattern: searching for data in one step and using the results in a later step. + +```yaml +name: Create Case for a Specific User +steps: + - name: find_user_by_id + type: elasticsearch.search + with: + index: "my-user-index" + query: + term: + user.id: "u-123" + + - name: create_case_for_user + type: kibana.createCaseDefaultSpace + with: + title: "Investigate user u-123" + description: "A case has been opened for user {{ steps.find_user_by_id.output.hits.hits[0]._source.user.fullName }}." + tags: ["user-investigation"] + connector: + id: "none" + name: "none" + type: ".none" +``` + +In this example: + +1. The `find_user_by_id` step searches an index for a document. +2. The `create_case_for_user` step uses the output of the first step to enrich a new case. +3. The `description` field accesses `steps.find_user_by_id.output.hits.hits[0]._source.user.fullName` to dynamically include the user's full name. + +## Error handling [workflows-error-handling] + +By default, if any step in a workflow fails, the entire workflow execution stops immediately. You can override this behavior and define custom error handling logic using the `on-failure` block. + +### The `on-failure` block [workflows-on-failure] + +The `on-failure` block is a special property you can add to any step. It contains a `fallback` array of steps that execute only if the primary step fails. + +```yaml +steps: + - name: risky_operation + type: elasticsearch.search + with: + index: "non-existent-index" + query: + match_all: {} + on-failure: + fallback: + - name: log_error + type: console + with: + message: "Operation failed, using fallback" + - name: default_response + type: http + with: + method: GET + url: "https://api.example.com/default" +``` + +Within the `on-failure.fallback` steps, you can access error information from the failed step using: + +```text +steps..error +``` + +### Example: Handle {{es}} failures [workflows-handle-es-failures] + +This workflow attempts to delete a document. If the `elasticsearch.delete` action fails, the `on-failure` block executes alternative steps: + +```yaml +- name: delete_critical_document + type: elasticsearch.delete + with: + index: "my-critical-index" + id: "doc-abc-123" + on-failure: + fallback: + - name: notify_on_failure + type: slack + connector-id: "devops-alerts" + with: + message: "Failed to delete document in workflow '{{ workflow.name }}'" + - name: log_failure + type: console + with: + message: "Document deletion failed, error: {{ steps.delete_critical_document.error }}" +``` + +### Example: Continue after failure [workflows-continue-after-failure] + +Sometimes a failure is not critical and you want the workflow to continue. Set `continue: true` in the `on-failure` block to allow the workflow to proceed after handling the error: + +```yaml +- name: create_ticket + type: jira + connector-id: "my-jira-project" + with: + projectKey: "PROJ" + summary: "New issue from workflow" + on-failure: + continue: true + fallback: + - name: notify_jira_failure + type: slack + connector-id: "devops-alerts" + with: + message: "Warning: Failed to create {{jira}} ticket. Continuing workflow." +``` + +## Summary [workflows-data-summary] + +By combining data flow and robust error handling, you can build complex, reliable automations that react to dynamic conditions and recover from unexpected failures. + +| Action | Syntax | Description | +|---------|--------|-------------| +| Step output | `steps..output` | Access the result of a previous step | +| Step error | `steps..error` | Access error details from a failed step | +| Fallback steps | `on-failure.fallback` | Define recovery actions when a step fails | +| Continue on failure | `on-failure.continue: true` | Allow the workflow to proceed after a failure | \ No newline at end of file diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md new file mode 100644 index 0000000000..2b8c37e0a0 --- /dev/null +++ b/explore-analyze/workflows/data/templating.md @@ -0,0 +1,331 @@ +--- +applies_to: + stack: preview 9.3 + serverless: preview +description: Learn how to use the Liquid templating engine to create dynamic workflows. +--- + +# Templating engine [workflows-templating] + +The workflow templating engine enables dynamic, type-safe template rendering using the [Liquid templating language](https://liquidjs.com/). It allows you to inject variables, apply transformations, and control data flow throughout your workflows. + +## Basic usage [workflows-templating-basic] + +Templates are used directly in your workflow YAML. Wrap any expression in double curly braces `{{ }}` to make it dynamic. + +### Inject dynamic values + +Use `{{ }}` anywhere in your workflow to insert values: + +```yaml +steps: + - name: greet_user + type: console + with: + message: "Hello {{ user.name }}!" # Outputs: "Hello Alice!" +``` + +### Reference previous step outputs + +Access data from earlier steps using `steps..output`: + +```yaml +steps: + - name: search_data + type: elasticsearch.search + with: + index: "users" + query: + match_all: {} + + - name: log_count + type: console + with: + message: "Found {{ steps.search_data.output.hits.total.value }} users" +``` + +### Use workflow constants + +Define reusable values with `consts` and reference them throughout your workflow: + +```yaml +consts: + indexName: "my-index" + alertThreshold: 100 + +steps: + - name: search + type: elasticsearch.search + with: + index: "{{ consts.indexName }}" +``` + +### Transform values with filters + +Apply filters using the pipe `|` character to transform data: + +```yaml +message: "{{ user.name | upcase }}" # ALICE +email: "{{ user.email | downcase }}" # alice@example.com +date: "{{ timestamp | date: '%Y-%m-%d' }}" # 2026-01-20 +``` + +## Syntax overview [workflows-template-syntax] + +### String interpolation (`{{ }}`) [workflows-string-interpolation] + +Use double curly braces for basic string interpolation. Variables and expressions inside the braces are evaluated and rendered as strings. + +```yaml +message: "Hello {{ user.name }}!" # Result: "Hello Alice" +url: "https://api.example.com/users/{{ user.id }}" # Result: "https://api.example.com/users/12" +``` + +### Type-preserving expressions (`${{ }}`) [workflows-type-preserving] + +Use `${{ }}` when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. + +```yaml +# Using {{ }} - converts to string +tags: "{{ inputs.tags }}" # Result: "[\"admin\", \"user\"]" (string) + +# Using ${{ }} - preserves type +tags: "${{ inputs.tags }}" # Result: ["admin", "user"] (actual array) +``` + +:::{important} +`${{ }}` must occupy the entire string value. You cannot mix it with other text. + +✅ **Valid:** + +```yaml +tags: "${{ inputs.tags }}" +items: "${{ inputs.items | slice: 0, 2 }}" +``` + +❌ **Invalid:** + +```yaml +message: "Tags are: ${{ inputs.tags }}" +``` +::: + +### Escaping template syntax [workflows-escaping] + +Use `{% raw %}` and `{% endraw %}` to output literal `{{ }}` characters without rendering them. + +```yaml +value: "{% raw %}{{ _ingest.timestamp }}{% endraw %}" # Result: "{{ _ingest.timestamp }}" +``` + +### Control flow with Liquid tags (`{% %}`) [workflows-control-flow] + +Use `{% %}` for control flow and logic, such as conditionals and loops. + +```yaml +message: | + {% if user.role == 'admin' %} + Welcome, administrator! + {% endif %} +``` + +Common tags include: `{% if %}`, `{% for %}`, `{% assign %}`, `{% case %}`. + +### Liquid code blocks [workflows-liquid-blocks] + +Combine multiple Liquid statements inside one tag block using `{%- liquid ... -%}`: + +```yaml +message: | + {%- liquid + assign greeting = "Hello" + echo greeting + echo " " + echo user.name + -%} +``` + +## How to use the templating engine [workflows-templating-howto] + +The templating engine is used directly within your workflow YAML to make your workflows dynamic. + +### Reference data from previous steps [workflows-ref-previous-steps] + +Use `{{ }}` to inject outputs from earlier steps into later ones: + +```yaml +steps: + - name: search_users + type: elasticsearch.search + with: + index: "users" + query: + term: + status: "active" + + - name: send_notification + type: slack + connector-id: "my-slack" + with: + message: "Found {{ steps.search_users.output.hits.total.value }} active users" +``` + +### Use constants and inputs [workflows-use-constants] + +Reference workflow-level constants or inputs: + +```yaml +consts: + indexName: "my-index" + environment: "production" + +steps: + - name: search_data + type: elasticsearch.search + with: + index: "{{ consts.indexName }}" + query: + match: + env: "{{ consts.environment }}" +``` + +### Preserve data types [workflows-preserve-types] + +When you need arrays or objects (not strings), use `${{ }}`: + +```yaml +steps: + - name: get_tags + type: elasticsearch.search + with: + index: "config" + query: + term: + type: "tags" + + - name: create_document + type: elasticsearch.index + with: + index: "reports" + document: + # Preserves the array type, doesn't stringify it + tags: "${{ steps.get_tags.output.hits.hits[0]._source.tags }}" +``` + +### Apply filters to transform data [workflows-apply-filters] + +Chain filters to manipulate values: + +```yaml +steps: + - name: create_alert + type: console + with: + message: | + User: {{ user.name | upcase }} + Email: {{ user.email | downcase }} + Created: {{ user.created_at | date: "%Y-%m-%d" }} +``` + +### Use conditionals for dynamic content [workflows-conditionals] + +Add logic with `{% if %}` tags: + +```yaml +steps: + - name: send_message + type: slack + connector-id: "alerts" + with: + message: | + {% if steps.search.output.hits.total.value > 100 %} + ⚠️ HIGH ALERT: {{ steps.search.output.hits.total.value }} events detected! + {% else %} + ✅ Normal: {{ steps.search.output.hits.total.value }} events detected. + {% endif %} +``` + +### Loop through results [workflows-loops] + +Iterate over arrays with `{% for %}`: + +```yaml +steps: + - name: summarize_results + type: console + with: + message: | + Found users: + {% for hit in steps.search_users.output.hits.hits %} + - {{ hit._source.name }} ({{ hit._source.email }}) + {% endfor %} +``` + +## Template rendering behavior [workflows-template-rendering] + +The engine renders templates recursively through all data structures, ensuring full support for nested workflows and dynamic data substitution. + +**Input:** + +```yaml +message: "Hello {{ user.name }}" +config: + url: "{{ api.url }}" +tags: ["{{ tag1 }}", "{{ tag2 }}"] +``` + +**After rendering:** + +```yaml +message: "Hello Alice" +config: + url: "https://api.example.com" +tags: ["admin", "user"] +``` + +### Type handling [workflows-type-handling] + +| Type | Behavior | +|------|----------| +| Strings | Processed as templates; variables interpolated, filters applied | +| Numbers, Booleans, Null | Returned as-is | +| Arrays | Each element processed recursively | +| Objects | Each property value processed recursively (keys are not processed) | + +### `${{ }}` vs `{{ }}` comparison [workflows-syntax-comparison] + +| Feature | `{{ }}` | `${{ }}` | +|---------|---------|----------| +| Output type | Always string | Preserves original type | +| Arrays | Stringified | Actual array | +| Objects | Stringified | Actual object | +| Booleans | `"true"` / `"false"` | `true` / `false` | +| Numbers | `"123"` | `123` | +| Filters | Applied (stringified result) | Applied (type preserved) | + +### Null and undefined handling [workflows-null-handling] + +| Case | Behavior | +|------|----------| +| Null values | Returned as-is | +| Undefined variables | Empty string in `{{ }}`; `undefined` in `${{ }}` | +| Missing context properties | Treated as undefined | + +## Quick reference [workflows-templating-reference] + +| What you want to do | Syntax | +|---------------------|--------| +| Insert a string value | `{{ variable }}` | +| Preserve arrays/objects/numbers | `${{ variable }}` | +| Access step output | `{{ steps.step_name.output }}` | +| Access constants | `{{ consts.my_constant }}` | +| Apply a filter | `{{ value \| filter_name }}` | +| Conditional logic | `{% if condition %}...{% endif %}` | +| Loop through items | `{% for item in array %}...{% endfor %}` | +| Output literal `{{ }}` | `{% raw %}{{ }}{% endraw %}` | + +## Learn more + +- [Liquid Templating Language](https://shopify.github.io/liquid/) +- [LiquidJS Documentation](https://liquidjs.com/) + From 19164da083802761938515f67a1f53a5ba755f92 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 17:34:43 -0500 Subject: [PATCH 02/30] Fix issues breaking docs build --- explore-analyze/workflows/data/templating.md | 52 ++++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 2b8c37e0a0..112d3f11f9 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -11,11 +11,11 @@ The workflow templating engine enables dynamic, type-safe template rendering usi ## Basic usage [workflows-templating-basic] -Templates are used directly in your workflow YAML. Wrap any expression in double curly braces `{{ }}` to make it dynamic. +Templates are used directly in your workflow YAML. Wrap any expression in double curly braces (`{{ }}`) to make it dynamic. ### Inject dynamic values -Use `{{ }}` anywhere in your workflow to insert values: +Use double curly braces (`{{ }}`) anywhere in your workflow to insert values: ```yaml steps: @@ -72,7 +72,7 @@ date: "{{ timestamp | date: '%Y-%m-%d' }}" # 2026-01-20 ## Syntax overview [workflows-template-syntax] -### String interpolation (`{{ }}`) [workflows-string-interpolation] +### String interpolation [workflows-string-interpolation] Use double curly braces for basic string interpolation. Variables and expressions inside the braces are evaluated and rendered as strings. @@ -81,9 +81,9 @@ message: "Hello {{ user.name }}!" # Result: "Hello Alice" url: "https://api.example.com/users/{{ user.id }}" # Result: "https://api.example.com/users/12" ``` -### Type-preserving expressions (`${{ }}`) [workflows-type-preserving] +### Type-preserving expressions [workflows-type-preserving] -Use `${{ }}` when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. +Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. ```yaml # Using {{ }} - converts to string @@ -94,7 +94,7 @@ tags: "${{ inputs.tags }}" # Result: ["admin", "user"] (actual array) ``` :::{important} -`${{ }}` must occupy the entire string value. You cannot mix it with other text. +The type-preserving syntax (`${{ }}`) must occupy the entire string value. You cannot mix it with other text. ✅ **Valid:** @@ -112,15 +112,15 @@ message: "Tags are: ${{ inputs.tags }}" ### Escaping template syntax [workflows-escaping] -Use `{% raw %}` and `{% endraw %}` to output literal `{{ }}` characters without rendering them. +Use raw tags (`{% raw %}`) to output literal curly brace characters (`{{ }}`) without rendering them. ```yaml value: "{% raw %}{{ _ingest.timestamp }}{% endraw %}" # Result: "{{ _ingest.timestamp }}" ``` -### Control flow with Liquid tags (`{% %}`) [workflows-control-flow] +### Control flow with Liquid tags [workflows-control-flow] -Use `{% %}` for control flow and logic, such as conditionals and loops. +Use Liquid tags (`{% %}`) for control flow and logic, such as conditionals and loops. ```yaml message: | @@ -129,11 +129,11 @@ message: | {% endif %} ``` -Common tags include: `{% if %}`, `{% for %}`, `{% assign %}`, `{% case %}`. +Common tags include: `if` (`{%if%}`), `for` (`{%for%}`), `assign` (`{%assign%}`), and `case` (`{%case%}`). ### Liquid code blocks [workflows-liquid-blocks] -Combine multiple Liquid statements inside one tag block using `{%- liquid ... -%}`: +Combine multiple Liquid statements inside one tag block using (`{%-liquid...-%}`): ```yaml message: | @@ -151,7 +151,7 @@ The templating engine is used directly within your workflow YAML to make your wo ### Reference data from previous steps [workflows-ref-previous-steps] -Use `{{ }}` to inject outputs from earlier steps into later ones: +Use double curly braces (`{{ }}`) to inject outputs from earlier steps into later ones: ```yaml steps: @@ -191,7 +191,7 @@ steps: ### Preserve data types [workflows-preserve-types] -When you need arrays or objects (not strings), use `${{ }}`: +When you need arrays or objects (not strings), use the dollar-sign prefix (`${{ }}`): ```yaml steps: @@ -229,7 +229,7 @@ steps: ### Use conditionals for dynamic content [workflows-conditionals] -Add logic with `{% if %}` tags: +Add logic with `if` (`{%for%}`) tags: ```yaml steps: @@ -247,7 +247,7 @@ steps: ### Loop through results [workflows-loops] -Iterate over arrays with `{% for %}`: +Iterate over arrays with `for` (`{%for%}`) loops: ```yaml steps: @@ -292,9 +292,9 @@ tags: ["admin", "user"] | Arrays | Each element processed recursively | | Objects | Each property value processed recursively (keys are not processed) | -### `${{ }}` vs `{{ }}` comparison [workflows-syntax-comparison] +### Syntax comparison [workflows-syntax-comparison] -| Feature | `{{ }}` | `${{ }}` | +| Feature | String syntax | Type-preserving syntax | |---------|---------|----------| | Output type | Always string | Preserves original type | | Arrays | Stringified | Actual array | @@ -308,21 +308,21 @@ tags: ["admin", "user"] | Case | Behavior | |------|----------| | Null values | Returned as-is | -| Undefined variables | Empty string in `{{ }}`; `undefined` in `${{ }}` | +| Undefined variables | Empty string in string syntax; `undefined` in type-preserving syntax | | Missing context properties | Treated as undefined | ## Quick reference [workflows-templating-reference] | What you want to do | Syntax | |---------------------|--------| -| Insert a string value | `{{ variable }}` | -| Preserve arrays/objects/numbers | `${{ variable }}` | -| Access step output | `{{ steps.step_name.output }}` | -| Access constants | `{{ consts.my_constant }}` | -| Apply a filter | `{{ value \| filter_name }}` | -| Conditional logic | `{% if condition %}...{% endif %}` | -| Loop through items | `{% for item in array %}...{% endfor %}` | -| Output literal `{{ }}` | `{% raw %}{{ }}{% endraw %}` | +| Insert a string value | Double curly braces around the variable (`{{variable}}`)| +| Preserve arrays/objects/numbers | Dollar sign prefix before double curly braces (`${{variable}}`)| +| Access step output | `steps.step_name.output` inside braces (`{{steps.step_name.output}}`)| +| Access constants | `consts.my_constant` inside braces (`{{consts.my_constant}}`) | +| Apply a filter | Pipe character after the variable (`{{value \| filter_name}}`) | +| Conditional logic | `if`/`endif` tags `{%if condition%}...{%endif%}` | +| Loop through items | `for`/`endfor` tags `{%for item in array%}...{%endfor%}` | +| Output literal braces | Use `raw`/`endraw` tags `{%raw%}{{ }}{%endraw%}` | ## Learn more From 50d51dcb583f2b1a8a0a364bdd8f1df4d0a1cbd0 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 17:52:08 -0500 Subject: [PATCH 03/30] Re-orgs content about templating --- explore-analyze/workflows/data.md | 18 +++++- explore-analyze/workflows/data/templating.md | 61 -------------------- 2 files changed, 15 insertions(+), 64 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 4bc0f12e25..15760430e2 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -2,7 +2,7 @@ applies_to: stack: preview 9.3 serverless: preview -description: Learn how data flows through workflows and how to handle errors gracefully. +description: Learn how data flows through workflows, use dynamic templating, and handle errors gracefully. --- # Data and error handling [workflows-data] @@ -139,9 +139,21 @@ Sometimes a failure is not critical and you want the workflow to continue. Set ` message: "Warning: Failed to create {{jira}} ticket. Continuing workflow." ``` -## Summary [workflows-data-summary] +## Dynamic values with templating [workflows-dynamic-values] -By combining data flow and robust error handling, you can build complex, reliable automations that react to dynamic conditions and recover from unexpected failures. +To inject dynamic values into your workflow steps, use the templating engine. The templating engine uses the [Liquid templating language](https://liquidjs.com/) and allows you to: + +- **Reference step outputs**: Access data from previous steps using `steps..output` +- **Use constants**: Reference workflow-level constants with `consts.` +- **Apply filters**: Transform values with filters like `upcase`, `downcase`, and `date` +- **Add conditional logic**: Use `if`/`else` statements for dynamic content +- **Loop through data**: Iterate over arrays with `for` loops + +For complete syntax details and examples, refer to [Templating engine](./data/templating.md). + +## Quick reference [workflows-data-quick-reference] + +By combining data flow, templating, and robust error handling, you can build complex, reliable automations that react to dynamic conditions and recover from unexpected failures. | Action | Syntax | Description | |---------|--------|-------------| diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 112d3f11f9..ad3afc9fa8 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -9,67 +9,6 @@ description: Learn how to use the Liquid templating engine to create dynamic wor The workflow templating engine enables dynamic, type-safe template rendering using the [Liquid templating language](https://liquidjs.com/). It allows you to inject variables, apply transformations, and control data flow throughout your workflows. -## Basic usage [workflows-templating-basic] - -Templates are used directly in your workflow YAML. Wrap any expression in double curly braces (`{{ }}`) to make it dynamic. - -### Inject dynamic values - -Use double curly braces (`{{ }}`) anywhere in your workflow to insert values: - -```yaml -steps: - - name: greet_user - type: console - with: - message: "Hello {{ user.name }}!" # Outputs: "Hello Alice!" -``` - -### Reference previous step outputs - -Access data from earlier steps using `steps..output`: - -```yaml -steps: - - name: search_data - type: elasticsearch.search - with: - index: "users" - query: - match_all: {} - - - name: log_count - type: console - with: - message: "Found {{ steps.search_data.output.hits.total.value }} users" -``` - -### Use workflow constants - -Define reusable values with `consts` and reference them throughout your workflow: - -```yaml -consts: - indexName: "my-index" - alertThreshold: 100 - -steps: - - name: search - type: elasticsearch.search - with: - index: "{{ consts.indexName }}" -``` - -### Transform values with filters - -Apply filters using the pipe `|` character to transform data: - -```yaml -message: "{{ user.name | upcase }}" # ALICE -email: "{{ user.email | downcase }}" # alice@example.com -date: "{{ timestamp | date: '%Y-%m-%d' }}" # 2026-01-20 -``` - ## Syntax overview [workflows-template-syntax] ### String interpolation [workflows-string-interpolation] From 22fa4c776c436726caee933f3e4c45bf40a10eda Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 17:58:03 -0500 Subject: [PATCH 04/30] Removes spaces --- explore-analyze/workflows/data/templating.md | 51 ++++++++++++-------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index ad3afc9fa8..4521cef03d 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -11,13 +11,22 @@ The workflow templating engine enables dynamic, type-safe template rendering usi ## Syntax overview [workflows-template-syntax] +The templating engine supports several syntax patterns for different use cases: + +| Syntax | Purpose | Example | +|--------|---------|---------| +| Double curly braces | Insert values as strings | `"Hello, {{name}}"` | +| Dollar-sign prefix | Preserve data types (arrays, objects, numbers) | `${{myArray}}` | +| Percent tags | Control flow (conditionals, loops) | `{%if active%}...{%end if%}` | +| Raw tags | Output literal curly braces | `{%raw%}{{ }}{%end raw%}` | + ### String interpolation [workflows-string-interpolation] Use double curly braces for basic string interpolation. Variables and expressions inside the braces are evaluated and rendered as strings. ```yaml -message: "Hello {{ user.name }}!" # Result: "Hello Alice" -url: "https://api.example.com/users/{{ user.id }}" # Result: "https://api.example.com/users/12" +message: "Hello {{user.name}}!" # Result: "Hello Alice" +url: "https://api.example.com/users/{{user.id}}" # Result: "https://api.example.com/users/12" ``` ### Type-preserving expressions [workflows-type-preserving] @@ -26,10 +35,10 @@ Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original dat ```yaml # Using {{ }} - converts to string -tags: "{{ inputs.tags }}" # Result: "[\"admin\", \"user\"]" (string) +tags: "{{inputs.tags}}" # Result: "[\"admin\", \"user\"]" (string) # Using ${{ }} - preserves type -tags: "${{ inputs.tags }}" # Result: ["admin", "user"] (actual array) +tags: "${{inputs.tags}}" # Result: ["admin", "user"] (actual array) ``` :::{important} @@ -38,14 +47,14 @@ The type-preserving syntax (`${{ }}`) must occupy the entire string value. You c ✅ **Valid:** ```yaml -tags: "${{ inputs.tags }}" -items: "${{ inputs.items | slice: 0, 2 }}" +tags: "${{inputs.tags}}" +items: "${{inputs.items | slice: 0, 2}}" ``` ❌ **Invalid:** ```yaml -message: "Tags are: ${{ inputs.tags }}" +message: "Tags are: ${{inputs.tags}}" ``` ::: @@ -54,7 +63,7 @@ message: "Tags are: ${{ inputs.tags }}" Use raw tags (`{% raw %}`) to output literal curly brace characters (`{{ }}`) without rendering them. ```yaml -value: "{% raw %}{{ _ingest.timestamp }}{% endraw %}" # Result: "{{ _ingest.timestamp }}" +value: "{% raw %}{{_ingest.timestamp }{%endraw%}" # Result: "{{_ingest.timestamp }" ``` ### Control flow with Liquid tags [workflows-control-flow] @@ -106,7 +115,7 @@ steps: type: slack connector-id: "my-slack" with: - message: "Found {{ steps.search_users.output.hits.total.value }} active users" + message: "Found {{steps.search_users.output.hits.total.value}} active users" ``` ### Use constants and inputs [workflows-use-constants] @@ -122,10 +131,10 @@ steps: - name: search_data type: elasticsearch.search with: - index: "{{ consts.indexName }}" + index: "{{consts.indexName}}" query: match: - env: "{{ consts.environment }}" + env: "{{consts.environment}}" ``` ### Preserve data types [workflows-preserve-types] @@ -148,7 +157,7 @@ steps: index: "reports" document: # Preserves the array type, doesn't stringify it - tags: "${{ steps.get_tags.output.hits.hits[0]._source.tags }}" + tags: "${{steps.get_tags.output.hits.hits[0]._source.tags}}" ``` ### Apply filters to transform data [workflows-apply-filters] @@ -161,9 +170,9 @@ steps: type: console with: message: | - User: {{ user.name | upcase }} - Email: {{ user.email | downcase }} - Created: {{ user.created_at | date: "%Y-%m-%d" }} + User: {{user.name | upcase}} + Email: {{user.email | downcase}} + Created: {{user.created_at | date: "%Y-%m-%d"}} ``` ### Use conditionals for dynamic content [workflows-conditionals] @@ -178,9 +187,9 @@ steps: with: message: | {% if steps.search.output.hits.total.value > 100 %} - ⚠️ HIGH ALERT: {{ steps.search.output.hits.total.value }} events detected! + ⚠️ HIGH ALERT: {{steps.search.output.hits.total.value}} events detected! {% else %} - ✅ Normal: {{ steps.search.output.hits.total.value }} events detected. + ✅ Normal: {{steps.search.output.hits.total.value}} events detected. {% endif %} ``` @@ -196,7 +205,7 @@ steps: message: | Found users: {% for hit in steps.search_users.output.hits.hits %} - - {{ hit._source.name }} ({{ hit._source.email }}) + - {{hit._source.name}} ({{hit._source.email}}) {% endfor %} ``` @@ -207,10 +216,10 @@ The engine renders templates recursively through all data structures, ensuring f **Input:** ```yaml -message: "Hello {{ user.name }}" +message: "Hello {{user.name}}" config: - url: "{{ api.url }}" -tags: ["{{ tag1 }}", "{{ tag2 }}"] + url: "{{api.url }}" +tags: ["{{tag1}}", "{{tag2}}"] ``` **After rendering:** From 4659c42b119992d3453aa2b055cd44243e1a4888 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 18:20:42 -0500 Subject: [PATCH 05/30] Consolidated duplicate information --- explore-analyze/workflows/data.md | 6 +- explore-analyze/workflows/data/templating.md | 133 ++++++++----------- 2 files changed, 57 insertions(+), 82 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 15760430e2..84cd3a19f6 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -46,7 +46,7 @@ steps: type: kibana.createCaseDefaultSpace with: title: "Investigate user u-123" - description: "A case has been opened for user {{ steps.find_user_by_id.output.hits.hits[0]._source.user.fullName }}." + description: "A case has been opened for user {{steps.find_user_by_id.output.hits.hits[0]._source.user.fullName}}." tags: ["user-investigation"] connector: id: "none" @@ -111,11 +111,11 @@ This workflow attempts to delete a document. If the `elasticsearch.delete` actio type: slack connector-id: "devops-alerts" with: - message: "Failed to delete document in workflow '{{ workflow.name }}'" + message: "Failed to delete document in workflow '{{workflow.name}}'" - name: log_failure type: console with: - message: "Document deletion failed, error: {{ steps.delete_critical_document.error }}" + message: "Document deletion failed, error: {{steps.delete_critical_document.error}}" ``` ### Example: Continue after failure [workflows-continue-after-failure] diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 4521cef03d..8e51cb4c9f 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -17,8 +17,8 @@ The templating engine supports several syntax patterns for different use cases: |--------|---------|---------| | Double curly braces | Insert values as strings | `"Hello, {{name}}"` | | Dollar-sign prefix | Preserve data types (arrays, objects, numbers) | `${{myArray}}` | -| Percent tags | Control flow (conditionals, loops) | `{%if active%}...{%end if%}` | -| Raw tags | Output literal curly braces | `{%raw%}{{ }}{%end raw%}` | +| Percent tags | Control flow (conditionals, loops) | `{%if active%}...{%endif%}` | +| Raw tags | Output literal curly braces | `{%raw%}{{}}{%endraw%}` | ### String interpolation [workflows-string-interpolation] @@ -31,24 +31,23 @@ url: "https://api.example.com/users/{{user.id}}" # Result: "https://api.exa ### Type-preserving expressions [workflows-type-preserving] -Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. +Use the dollar-sign prefix (`${{}}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. ```yaml -# Using {{ }} - converts to string +# String syntax - converts to string tags: "{{inputs.tags}}" # Result: "[\"admin\", \"user\"]" (string) -# Using ${{ }} - preserves type +# Type-preserving syntax - keeps original type tags: "${{inputs.tags}}" # Result: ["admin", "user"] (actual array) ``` :::{important} -The type-preserving syntax (`${{ }}`) must occupy the entire string value. You cannot mix it with other text. +The type-preserving syntax must occupy the entire string value. You cannot mix it with other text. ✅ **Valid:** ```yaml tags: "${{inputs.tags}}" -items: "${{inputs.items | slice: 0, 2}}" ``` ❌ **Invalid:** @@ -58,48 +57,53 @@ message: "Tags are: ${{inputs.tags}}" ``` ::: -### Escaping template syntax [workflows-escaping] - -Use raw tags (`{% raw %}`) to output literal curly brace characters (`{{ }}`) without rendering them. +| Feature | String syntax | Type-preserving syntax | +|---------|---------------|------------------------| +| Output type | Always string | Preserves original type | +| Arrays | Stringified | Actual array | +| Objects | Stringified | Actual object | +| Booleans | `"true"` / `"false"` | `true` / `false` | +| Numbers | `"123"` | `123` | -```yaml -value: "{% raw %}{{_ingest.timestamp }{%endraw%}" # Result: "{{_ingest.timestamp }" -``` +### Control flow [workflows-control-flow] -### Control flow with Liquid tags [workflows-control-flow] +Liquid tags are control flow constructs that use the `{% %}` syntax. Unlike output expressions, tags execute logic without directly rendering a value. -Use Liquid tags (`{% %}`) for control flow and logic, such as conditionals and loops. +**Conditionals:** ```yaml message: | {% if user.role == 'admin' %} Welcome, administrator! + {% else %} + Welcome, user! {% endif %} ``` -Common tags include: `if` (`{%if%}`), `for` (`{%for%}`), `assign` (`{%assign%}`), and `case` (`{%case%}`). +**Loops:** -### Liquid code blocks [workflows-liquid-blocks] +```yaml +message: | + {% for item in items %} + - {{item.name}} + {% endfor %} +``` -Combine multiple Liquid statements inside one tag block using (`{%-liquid...-%}`): +### Escaping template syntax [workflows-escaping] + +Use raw tags to output literal curly brace characters without rendering them: ```yaml -message: | - {%- liquid - assign greeting = "Hello" - echo greeting - echo " " - echo user.name - -%} +value: "{%raw%}{{_ingest.timestamp}}{%endraw%}" # Result: "{{_ingest.timestamp}}" ``` -## How to use the templating engine [workflows-templating-howto] +## Working with data [workflows-working-with-data] -The templating engine is used directly within your workflow YAML to make your workflows dynamic. +This section covers common patterns for accessing and transforming data in your workflows. -### Reference data from previous steps [workflows-ref-previous-steps] +### Reference step outputs [workflows-ref-step-outputs] -Use double curly braces (`{{ }}`) to inject outputs from earlier steps into later ones: +Access data from previous steps using `{{steps..output}}`: ```yaml steps: @@ -118,9 +122,9 @@ steps: message: "Found {{steps.search_users.output.hits.total.value}} active users" ``` -### Use constants and inputs [workflows-use-constants] +### Reference constants [workflows-ref-constants] -Reference workflow-level constants or inputs: +Reference workflow-level constants using `{{consts.}}`: ```yaml consts: @@ -137,9 +141,20 @@ steps: env: "{{consts.environment}}" ``` -### Preserve data types [workflows-preserve-types] +### Apply filters [workflows-apply-filters] + +Transform values using filters with the pipe `|` character: + +```yaml +message: | + User: {{user.name | upcase}} + Email: {{user.email | downcase}} + Created: {{user.created_at | date: "%Y-%m-%d"}} +``` + +### Preserve array and object types [workflows-preserve-types] -When you need arrays or objects (not strings), use the dollar-sign prefix (`${{ }}`): +When passing arrays or objects between steps, use the type-preserving syntax (`${{ }}`) to avoid stringification: ```yaml steps: @@ -160,24 +175,9 @@ steps: tags: "${{steps.get_tags.output.hits.hits[0]._source.tags}}" ``` -### Apply filters to transform data [workflows-apply-filters] +### Use conditionals for dynamic content [workflows-conditionals-example] -Chain filters to manipulate values: - -```yaml -steps: - - name: create_alert - type: console - with: - message: | - User: {{user.name | upcase}} - Email: {{user.email | downcase}} - Created: {{user.created_at | date: "%Y-%m-%d"}} -``` - -### Use conditionals for dynamic content [workflows-conditionals] - -Add logic with `if` (`{%for%}`) tags: +Add logic to customize output based on data: ```yaml steps: @@ -193,9 +193,9 @@ steps: {% endif %} ``` -### Loop through results [workflows-loops] +### Loop through results [workflows-loops-example] -Iterate over arrays with `for` (`{%for%}`) loops: +Iterate over arrays to process multiple items: ```yaml steps: @@ -211,14 +211,14 @@ steps: ## Template rendering behavior [workflows-template-rendering] -The engine renders templates recursively through all data structures, ensuring full support for nested workflows and dynamic data substitution. +The engine renders templates recursively through all data structures, processing nested objects and arrays. **Input:** ```yaml message: "Hello {{user.name}}" config: - url: "{{api.url }}" + url: "{{api.url}}" tags: ["{{tag1}}", "{{tag2}}"] ``` @@ -240,17 +240,6 @@ tags: ["admin", "user"] | Arrays | Each element processed recursively | | Objects | Each property value processed recursively (keys are not processed) | -### Syntax comparison [workflows-syntax-comparison] - -| Feature | String syntax | Type-preserving syntax | -|---------|---------|----------| -| Output type | Always string | Preserves original type | -| Arrays | Stringified | Actual array | -| Objects | Stringified | Actual object | -| Booleans | `"true"` / `"false"` | `true` / `false` | -| Numbers | `"123"` | `123` | -| Filters | Applied (stringified result) | Applied (type preserved) | - ### Null and undefined handling [workflows-null-handling] | Case | Behavior | @@ -259,21 +248,7 @@ tags: ["admin", "user"] | Undefined variables | Empty string in string syntax; `undefined` in type-preserving syntax | | Missing context properties | Treated as undefined | -## Quick reference [workflows-templating-reference] - -| What you want to do | Syntax | -|---------------------|--------| -| Insert a string value | Double curly braces around the variable (`{{variable}}`)| -| Preserve arrays/objects/numbers | Dollar sign prefix before double curly braces (`${{variable}}`)| -| Access step output | `steps.step_name.output` inside braces (`{{steps.step_name.output}}`)| -| Access constants | `consts.my_constant` inside braces (`{{consts.my_constant}}`) | -| Apply a filter | Pipe character after the variable (`{{value \| filter_name}}`) | -| Conditional logic | `if`/`endif` tags `{%if condition%}...{%endif%}` | -| Loop through items | `for`/`endfor` tags `{%for item in array%}...{%endfor%}` | -| Output literal braces | Use `raw`/`endraw` tags `{%raw%}{{ }}{%endraw%}` | - ## Learn more - [Liquid Templating Language](https://shopify.github.io/liquid/) - [LiquidJS Documentation](https://liquidjs.com/) - From d877506b62ce9a3a2de876e5721680860e142878 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 20 Jan 2026 18:55:07 -0500 Subject: [PATCH 06/30] Added inputs --- explore-analyze/workflows/data/templating.md | 35 +++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 8e51cb4c9f..13601907ad 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -31,7 +31,7 @@ url: "https://api.example.com/users/{{user.id}}" # Result: "https://api.exa ### Type-preserving expressions [workflows-type-preserving] -Use the dollar-sign prefix (`${{}}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. +Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. ```yaml # String syntax - converts to string @@ -101,7 +101,34 @@ value: "{%raw%}{{_ingest.timestamp}}{%endraw%}" # Result: "{{_ingest.timestamp} This section covers common patterns for accessing and transforming data in your workflows. -### Reference step outputs [workflows-ref-step-outputs] +### Reference inputs [workflows-ref-inputs] + +Access input parameters passed to the workflow using `{{inputs.}}`. Inputs are defined at the workflow level and can be provided when the workflow is triggered manually. + +```yaml +inputs: + - name: environment + type: string + required: true + default: "staging" + - name: batchSize + type: number + default: 100 + +triggers: + - type: manual + +steps: + - name: log_config + type: console + with: + message: | + Running with: + - Environment: {{inputs.environment}} + - Batch Size: {{inputs.batchSize}} +``` + +### Reference outputs [workflows-ref-step-outputs] Access data from previous steps using `{{steps..output}}`: @@ -124,7 +151,7 @@ steps: ### Reference constants [workflows-ref-constants] -Reference workflow-level constants using `{{consts.}}`: +Reference workflow-level constants using `{{consts.}}`. Constants are defined at a workflow level and can be provided when the workflow is triggered. ```yaml consts: @@ -251,4 +278,4 @@ tags: ["admin", "user"] ## Learn more - [Liquid Templating Language](https://shopify.github.io/liquid/) -- [LiquidJS Documentation](https://liquidjs.com/) +- [LiquidJS Documentation](https://liquidjs.com/) \ No newline at end of file From 4fdeb046bca25d5e04cf9c00eb04ce8ea75d9de5 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Thu, 22 Jan 2026 10:15:36 -0500 Subject: [PATCH 07/30] Adds more info for error handling --- explore-analyze/workflows/data.md | 123 +++++++++++++++++++----------- 1 file changed, 79 insertions(+), 44 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 84cd3a19f6..1a257a37a4 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -62,65 +62,86 @@ In this example: ## Error handling [workflows-error-handling] -By default, if any step in a workflow fails, the entire workflow execution stops immediately. You can override this behavior and define custom error handling logic using the `on-failure` block. +By default, if any step in a workflow fails, the entire workflow execution stops immediately. You can override this behavior using the `on-failure` block, which supports retry logic, fallback steps, and continuation options. -### The `on-failure` block [workflows-on-failure] +### Configuration levels [workflows-on-failure-levels] -The `on-failure` block is a special property you can add to any step. It contains a `fallback` array of steps that execute only if the primary step fails. +You can configure `on-failure` at two levels: + +**Step-level** — applies to a specific step: ```yaml steps: - - name: risky_operation - type: elasticsearch.search - with: - index: "non-existent-index" - query: - match_all: {} + - name: api-call + type: http on-failure: - fallback: - - name: log_error - type: console - with: - message: "Operation failed, using fallback" - - name: default_response - type: http - with: - method: GET - url: "https://api.example.com/default" + retry: + max-attempts: 3 + delay: "5s" ``` -Within the `on-failure.fallback` steps, you can access error information from the failed step using: +**Workflow-level** — applies to all steps as a default (under `settings`): -```text -steps..error +```yaml +settings: + on-failure: + retry: + max-attempts: 2 + delay: "1s" +steps: + - name: api-call + type: http ``` -### Example: Handle {{es}} failures [workflows-handle-es-failures] +:::{note} +Step-level `on-failure` configuration always overrides workflow-level settings. +::: + +### Retry [workflows-on-failure-retry] -This workflow attempts to delete a document. If the `elasticsearch.delete` action fails, the `on-failure` block executes alternative steps: +Retries the failed step a configurable number of times, with an optional delay between attempts. ```yaml -- name: delete_critical_document - type: elasticsearch.delete - with: - index: "my-critical-index" - id: "doc-abc-123" - on-failure: - fallback: - - name: notify_on_failure - type: slack - connector-id: "devops-alerts" - with: - message: "Failed to delete document in workflow '{{workflow.name}}'" - - name: log_failure - type: console - with: - message: "Document deletion failed, error: {{steps.delete_critical_document.error}}" +on-failure: + retry: + max-attempts: 3 # Required, minimum 1 (for example, "1", "2", "5") + delay: "5s" # Optional, duration format (for example, "5s", "1m", "2h") +``` + +The workflow fails if all retries are exhausted. + +### Fallback [workflows-on-failure-fallback] + +Executes alternative steps after the primary step fails and all retries (if configured) are exhausted. + +```yaml +on-failure: + fallback: + - name: notify_on_failure + type: slack + connector-id: "devops-alerts" + with: + message: "Failed to delete document in workflow '{{workflow.name}}'" + - name: log_failure + type: console + with: + message: "Document deletion failed, error: {{steps.delete_critical_document.error}}" ``` -### Example: Continue after failure [workflows-continue-after-failure] +Within fallback steps, access error information from the failed step using `steps..error`. -Sometimes a failure is not critical and you want the workflow to continue. Set `continue: true` in the `on-failure` block to allow the workflow to proceed after handling the error: +### Continue [workflows-on-failure-continue] + +Continues workflow execution even if a step fails. The failure is recorded, but does not interrupt the workflow. + +```yaml +on-failure: + continue: true +``` + +### Combining options [workflows-on-failure-combining] + +You can combine multiple failure-handling options. They are processed in this order: retry → fallback → continue. ```yaml - name: create_ticket @@ -130,15 +151,28 @@ Sometimes a failure is not critical and you want the workflow to continue. Set ` projectKey: "PROJ" summary: "New issue from workflow" on-failure: - continue: true + retry: + max-attempts: 2 + delay: "1s" fallback: - name: notify_jira_failure type: slack connector-id: "devops-alerts" with: - message: "Warning: Failed to create {{jira}} ticket. Continuing workflow." + message: "Warning: Failed to create ticket. Continuing workflow." + continue: true ``` +In this example: +1. The step retries up to 2 times with a 1-second delay. +2. If all retries fail, the fallback steps execute. +3. The workflow continues regardless of the outcome. + +### Restrictions [workflows-on-failure-restrictions] + +- Flow-control steps (`if`, `foreach`) cannot have workflow-level `on-failure` configurations. +- Fallback steps execute only after all retries have been exhausted. + ## Dynamic values with templating [workflows-dynamic-values] To inject dynamic values into your workflow steps, use the templating engine. The templating engine uses the [Liquid templating language](https://liquidjs.com/) and allows you to: @@ -159,5 +193,6 @@ By combining data flow, templating, and robust error handling, you can build com |---------|--------|-------------| | Step output | `steps..output` | Access the result of a previous step | | Step error | `steps..error` | Access error details from a failed step | +| Retry on failure | `on-failure.retry` | Retry a failed step with optional delay | | Fallback steps | `on-failure.fallback` | Define recovery actions when a step fails | | Continue on failure | `on-failure.continue: true` | Allow the workflow to proceed after a failure | \ No newline at end of file From 4001afb2686b1bb4750cfe6db5c91dc42f72cd5b Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:33:54 -0500 Subject: [PATCH 08/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 1a257a37a4..5735917f73 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -32,7 +32,7 @@ steps..error This workflow demonstrates a common pattern: searching for data in one step and using the results in a later step. ```yaml -name: Create Case for a Specific User +name: Create case for a specific user steps: - name: find_user_by_id type: elasticsearch.search From e446f4e40f23dae5a3a9d2d02d64a6f18798d8da Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:38:44 -0500 Subject: [PATCH 09/30] Update explore-analyze/workflows/data.md --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 5735917f73..f0e1f6e69b 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -29,7 +29,7 @@ steps..error ### Example: Chain steps with data [workflows-chain-steps-example] -This workflow demonstrates a common pattern: searching for data in one step and using the results in a later step. +This example demonstrates a common pattern: searching for data in one step and using the results in a later step. In this case, the workflow searches for a specific user's full name, then uses it to create a new security case. ```yaml name: Create case for a specific user From 4310cb0a5b372f5e6bbc3e50891f2ebb0821d15e Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:40:17 -0500 Subject: [PATCH 10/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index f0e1f6e69b..20054a16af 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -177,11 +177,11 @@ In this example: To inject dynamic values into your workflow steps, use the templating engine. The templating engine uses the [Liquid templating language](https://liquidjs.com/) and allows you to: -- **Reference step outputs**: Access data from previous steps using `steps..output` -- **Use constants**: Reference workflow-level constants with `consts.` -- **Apply filters**: Transform values with filters like `upcase`, `downcase`, and `date` -- **Add conditional logic**: Use `if`/`else` statements for dynamic content -- **Loop through data**: Iterate over arrays with `for` loops +- **Reference step outputs**: Access data from previous steps using `steps..output`. +- **Use constants**: Reference workflow-level constants with `consts.`. +- **Apply filters**: Transform values with filters like `upcase`, `downcase`, and `date`. +- **Add conditional logic**: Use `if`/`else` statements for dynamic content. +- **Loop through data**: Iterate over arrays with `for` loops. For complete syntax details and examples, refer to [Templating engine](./data/templating.md). From ae182879b9ad176f84029bfe5f0486b244d814ae Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:40:47 -0500 Subject: [PATCH 11/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 20054a16af..0ce3f57f58 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -191,8 +191,8 @@ By combining data flow, templating, and robust error handling, you can build com | Action | Syntax | Description | |---------|--------|-------------| -| Step output | `steps..output` | Access the result of a previous step | -| Step error | `steps..error` | Access error details from a failed step | -| Retry on failure | `on-failure.retry` | Retry a failed step with optional delay | -| Fallback steps | `on-failure.fallback` | Define recovery actions when a step fails | -| Continue on failure | `on-failure.continue: true` | Allow the workflow to proceed after a failure | \ No newline at end of file +| Step output | `steps..output` | Access the result of a previous step. | +| Step error | `steps..error` | Access error details from a failed step. | +| Retry on failure | `on-failure.retry` | Retry a failed step with optional delay. | +| Fallback steps | `on-failure.fallback` | Define recovery actions when a step fails. | +| Continue on failure | `on-failure.continue: true` | Allow the workflow to proceed after a failure. | \ No newline at end of file From 67583374f2b2e621ba2e641d057987929cb841b4 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:50:41 -0500 Subject: [PATCH 12/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 0ce3f57f58..676e61efac 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -108,7 +108,7 @@ on-failure: delay: "5s" # Optional, duration format (for example, "5s", "1m", "2h") ``` -The workflow fails if all retries are exhausted. +The workflow fails when all retries are exhausted. ### Fallback [workflows-on-failure-fallback] From 61fa1e8f5f708f0f264cfd5868b4f63d6a18de1c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:55:43 -0500 Subject: [PATCH 13/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 676e61efac..6f7ef2b7d2 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -58,7 +58,7 @@ In this example: 1. The `find_user_by_id` step searches an index for a document. 2. The `create_case_for_user` step uses the output of the first step to enrich a new case. -3. The `description` field accesses `steps.find_user_by_id.output.hits.hits[0]._source.user.fullName` to dynamically include the user's full name. +3. The `description` field accesses `steps.find_user_by_id.output.hits.hits[0]._source.user.fullName` to dynamically include the user's full name in the case description. ## Error handling [workflows-error-handling] From 974dc1f407124ae4753abe4f65a63cf48f67deea Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:33:33 -0500 Subject: [PATCH 14/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 13601907ad..9473df40d1 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -262,10 +262,10 @@ tags: ["admin", "user"] | Type | Behavior | |------|----------| -| Strings | Processed as templates; variables interpolated, filters applied | +| Strings | Processed as templates: variables are interpolated, and filters are applied | | Numbers, Booleans, Null | Returned as-is | -| Arrays | Each element processed recursively | -| Objects | Each property value processed recursively (keys are not processed) | +| Arrays | Each element is processed recursively | +| Objects | Each property value is processed recursively (keys are not processed) | ### Null and undefined handling [workflows-null-handling] From aad378991a726c8d511d02943958434fa8e99a09 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:33:45 -0500 Subject: [PATCH 15/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 9473df40d1..e215d7122c 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -277,5 +277,5 @@ tags: ["admin", "user"] ## Learn more -- [Liquid Templating Language](https://shopify.github.io/liquid/) -- [LiquidJS Documentation](https://liquidjs.com/) \ No newline at end of file +- [Liquid templating language](https://shopify.github.io/liquid/) +- [LiquidJS documentation](https://liquidjs.com/) \ No newline at end of file From d4eb5d6b324154a04abdc6c3b4ae80f84030d59f Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:33:55 -0500 Subject: [PATCH 16/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index e215d7122c..473c8395ad 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -272,7 +272,7 @@ tags: ["admin", "user"] | Case | Behavior | |------|----------| | Null values | Returned as-is | -| Undefined variables | Empty string in string syntax; `undefined` in type-preserving syntax | +| Undefined variables | Returned as empty string in string syntax and as `undefined` in type-preserving syntax | | Missing context properties | Treated as undefined | ## Learn more From 05c80b22af06b0304d72af45274c9fba8be64dec Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:53:43 -0500 Subject: [PATCH 17/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 473c8395ad..f67523bd2c 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -249,7 +249,7 @@ config: tags: ["{{tag1}}", "{{tag2}}"] ``` -**After rendering:** +**Rendered output:** ```yaml message: "Hello Alice" From a3fb1f7a869040e9af01764bbd6a90d13e999dbd Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:54:07 -0500 Subject: [PATCH 18/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index f67523bd2c..3f5cbaaffc 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -31,7 +31,7 @@ url: "https://api.example.com/users/{{user.id}}" # Result: "https://api.exa ### Type-preserving expressions [workflows-type-preserving] -Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original data type (array, object, number, boolean) instead of converting the result to a string. +Use the dollar-sign prefix (`${{ }}`) when you need to preserve the original data type (array, object, number, boolean). ```yaml # String syntax - converts to string From 030f76a66f49b1dc88f2316c55b9548119f44949 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 12:45:47 -0500 Subject: [PATCH 19/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 3f5cbaaffc..6c0b0991b9 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -103,7 +103,7 @@ This section covers common patterns for accessing and transforming data in your ### Reference inputs [workflows-ref-inputs] -Access input parameters passed to the workflow using `{{inputs.}}`. Inputs are defined at the workflow level and can be provided when the workflow is triggered manually. +Reference input parameters defined in the workflow using `{{inputs.}}`. Inputs are defined at the workflow level and can be provided when the workflow is triggered manually. ```yaml inputs: From 24dcc5e990247f4e112ef2981f51235d93cb3f9b Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:06:06 -0500 Subject: [PATCH 20/30] Update explore-analyze/workflows/data.md --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 6f7ef2b7d2..cd2dde1459 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -27,7 +27,7 @@ You can also access error information from a step: steps..error ``` -### Example: Chain steps with data [workflows-chain-steps-example] +### Example: Chain steps to move output data [workflows-chain-steps-example] This example demonstrates a common pattern: searching for data in one step and using the results in a later step. In this case, the workflow searches for a specific user's full name, then uses it to create a new security case. From 1a55feaca130a05fce92e7a0cae2e293d8416ba0 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:08:41 -0500 Subject: [PATCH 21/30] Update explore-analyze/workflows/data.md --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index cd2dde1459..e1e7565c16 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -57,7 +57,7 @@ steps: In this example: 1. The `find_user_by_id` step searches an index for a document. -2. The `create_case_for_user` step uses the output of the first step to enrich a new case. +2. The `create_case_for_user` step uses the output of the first step to enrich a new [{{elastic-sec}} case](../../solutions/security/investigate/cases.md). 3. The `description` field accesses `steps.find_user_by_id.output.hits.hits[0]._source.user.fullName` to dynamically include the user's full name in the case description. ## Error handling [workflows-error-handling] From 2257f3ec1d23abefa389a5a415633e0f0fae5203 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:09:04 -0500 Subject: [PATCH 22/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index e1e7565c16..030224ec33 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -80,7 +80,7 @@ steps: delay: "5s" ``` -**Workflow-level** — applies to all steps as a default (under `settings`): +**Workflow-level** (configured under `settings`) - applies to all steps as the default error handling behavior: ```yaml settings: From 175896b8535d0876a554ff0e5739eceaa230b1ff Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:10:36 -0500 Subject: [PATCH 23/30] Update explore-analyze/workflows/data/templating.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 6c0b0991b9..6e77c08eb9 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -130,7 +130,7 @@ steps: ### Reference outputs [workflows-ref-step-outputs] -Access data from previous steps using `{{steps..output}}`: +Access output data from previous steps using `{{steps..output}}`: ```yaml steps: From 9d904c4e2e51010457c1bf5be9e5090fb3d77681 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 26 Jan 2026 20:21:54 -0500 Subject: [PATCH 24/30] Adding note --- explore-analyze/workflows/data/templating.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 6e77c08eb9..9bc104c4eb 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -183,6 +183,23 @@ message: | When passing arrays or objects between steps, use the type-preserving syntax (`${{ }}`) to avoid stringification: +:::{important} +The type-preserving syntax must occupy the entire string value. You cannot mix it with other text. + +✅ **Valid:** + +```yaml +tags: "${{inputs.tags}}" +``` + +❌ **Invalid:** + +```yaml +message: "Tags are: ${{inputs.tags}}" +``` +::: + + ```yaml steps: - name: get_tags From ab5ff495cd74140b694c2da2911f4785c6deb95d Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:34:39 -0500 Subject: [PATCH 25/30] Update explore-analyze/workflows/data.md --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 030224ec33..5c65b645c8 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -112,7 +112,7 @@ The workflow fails when all retries are exhausted. ### Fallback [workflows-on-failure-fallback] -Executes alternative steps after the primary step fails and all retries (if configured) are exhausted. +Executes alternative steps after the primary step fails and all retries are exhausted. In the following example, when the `delete_critical_document` step fails, the workflow executes two additional steps: one sends a Slack notification to devops-alerts using `{{workflow.name}}`, while the other logs the error details from the failed step using `{{steps.delete_critical_document.error}}`. ```yaml on-failure: From 55f3d7ad10767cd00aa3007da68f4b9dac962a17 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:35:07 -0500 Subject: [PATCH 26/30] Update explore-analyze/workflows/data.md Co-authored-by: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> --- explore-analyze/workflows/data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 5c65b645c8..75e6fcae6d 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -128,7 +128,7 @@ on-failure: message: "Document deletion failed, error: {{steps.delete_critical_document.error}}" ``` -Within fallback steps, access error information from the failed step using `steps..error`. +Within fallback steps, access error information from the failed primary step using `steps..error`. ### Continue [workflows-on-failure-continue] From e67418f11a8953f02f94cec35ff53da284fa2fd5 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 26 Jan 2026 20:38:21 -0500 Subject: [PATCH 27/30] Moved info up --- explore-analyze/workflows/data.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 75e6fcae6d..7bbf7eb78a 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -143,6 +143,11 @@ on-failure: You can combine multiple failure-handling options. They are processed in this order: retry → fallback → continue. +In the following example: +1. The step retries up to 2 times with a 1-second delay. +2. If all retries fail, the fallback steps execute. +3. The workflow continues regardless of the outcome. + ```yaml - name: create_ticket type: jira @@ -163,11 +168,6 @@ You can combine multiple failure-handling options. They are processed in this or continue: true ``` -In this example: -1. The step retries up to 2 times with a 1-second delay. -2. If all retries fail, the fallback steps execute. -3. The workflow continues regardless of the outcome. - ### Restrictions [workflows-on-failure-restrictions] - Flow-control steps (`if`, `foreach`) cannot have workflow-level `on-failure` configurations. From d37afba5c0694e9e03b36f1815327ace42c6ebb6 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:43:04 -0500 Subject: [PATCH 28/30] Update explore-analyze/workflows/data/templating.md --- explore-analyze/workflows/data/templating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 9bc104c4eb..57e4b1d7f3 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -151,7 +151,7 @@ steps: ### Reference constants [workflows-ref-constants] -Reference workflow-level constants using `{{consts.}}`. Constants are defined at a workflow level and can be provided when the workflow is triggered. +Reference workflow-level constants using `{{consts.}}`. Constants are defined at the workflow level and can be referenced when the workflow is triggered. ```yaml consts: From 0398bbb29557372035a49e101013c282104647a7 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 26 Jan 2026 20:53:22 -0500 Subject: [PATCH 29/30] Update explore-analyze/workflows/data.md --- explore-analyze/workflows/data.md | 1 + 1 file changed, 1 insertion(+) diff --git a/explore-analyze/workflows/data.md b/explore-analyze/workflows/data.md index 7bbf7eb78a..83e7b6cb90 100644 --- a/explore-analyze/workflows/data.md +++ b/explore-analyze/workflows/data.md @@ -172,6 +172,7 @@ In the following example: - Flow-control steps (`if`, `foreach`) cannot have workflow-level `on-failure` configurations. - Fallback steps execute only after all retries have been exhausted. +- When combined, failure-handling options are processed in this order: retry → fallback → continue. ## Dynamic values with templating [workflows-dynamic-values] From ec53fe0e583a1626263b5fa6d87e0c2c376d5292 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 27 Jan 2026 09:23:28 -0500 Subject: [PATCH 30/30] moves notes --- explore-analyze/workflows/Untitled | 1 + explore-analyze/workflows/data/templating.md | 33 ++++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) create mode 100644 explore-analyze/workflows/Untitled diff --git a/explore-analyze/workflows/Untitled b/explore-analyze/workflows/Untitled new file mode 100644 index 0000000000..6b9e06225d --- /dev/null +++ b/explore-analyze/workflows/Untitled @@ -0,0 +1 @@ + to enrich a new \ No newline at end of file diff --git a/explore-analyze/workflows/data/templating.md b/explore-analyze/workflows/data/templating.md index 57e4b1d7f3..ba5e3778ac 100644 --- a/explore-analyze/workflows/data/templating.md +++ b/explore-analyze/workflows/data/templating.md @@ -183,23 +183,6 @@ message: | When passing arrays or objects between steps, use the type-preserving syntax (`${{ }}`) to avoid stringification: -:::{important} -The type-preserving syntax must occupy the entire string value. You cannot mix it with other text. - -✅ **Valid:** - -```yaml -tags: "${{inputs.tags}}" -``` - -❌ **Invalid:** - -```yaml -message: "Tags are: ${{inputs.tags}}" -``` -::: - - ```yaml steps: - name: get_tags @@ -219,6 +202,22 @@ steps: tags: "${{steps.get_tags.output.hits.hits[0]._source.tags}}" ``` +:::{important} +The type-preserving syntax must occupy the entire string value. You cannot mix it with other text. + +✅ **Valid:** + +```yaml +tags: "${{inputs.tags}}" +``` + +❌ **Invalid:** + +```yaml +message: "Tags are: ${{inputs.tags}}" +``` +::: + ### Use conditionals for dynamic content [workflows-conditionals-example] Add logic to customize output based on data: