# Actions ## Overview The **Actions** tab shows all available actions to be assigned and used in your Pipeline. Use the search bar at the top to find a specific action. Hover over an action in the list to see a tooltip, as well as the option to **View details.**
To add an action to a Pipeline, drag it onto the canvas. {% hint style="success" %} Onum supports action versioning, so be aware that the configuration may be showing either the **Latest** version if you are adding a new action, or **current** version if you are editing an existing action. {% endhint %} ## Action Versioning We are constantly updating and improving Actions, therefore, you may come across old or even discontinued actions. {% hint style="info" %} See the complete version history of each Action [here](https://docs.onum.com/actions/). {% endhint %} If there is an updated version of the Action available, it will show *update available* in its Definition, above the node when added to a Pipeline, and Details pane.
If you have added an Action to a Pipeline that is now discontinued, it will show as deactivated in the Canvas. You'll soon be able to see all the Actions with updates available in the [Actions view.](/the-workspace/actions.md) ## Actions List See this table to understand what each Action does, when to use it, and how to get the most value from your Pipelines. Click an Action name to see its article.
ActionDescriptionExample use case
Amazon GenAIUse models hosted on Amazon Bedrock to enrich log content.Enrich logs by extracting insights like key entities.
AnonymizerMask, hash, or redact sensitive fields.Obfuscate usernames or IPs in real-time.
CogExecute ML models via hosted APIs.Classify log severity with ML.
ConditionalDrop or allow events based on logic.Filter out successful health check logs.
Date OperationsPerform arithmetic operations on timestamp fields.Calculate the difference between two timestamps.
Field GeneratorAdd generated fields (timestamp, random, static...)Tag events with trace ID and pipeline time.
Field TransformationApply math, encoding, parsing, or string operations to fields.Hash IPs, defang URLs, convert timestamps.
For EachIterate array fields and emit per-item events.Split DNS records into individual log lines.
Google DLPRedact sensitive data via Google API.Remove SSNs, emails from customer logs.
Google GenAIUse Google’s LLM to enrich log content.Summarize error logs for dashboards.
Group ByAggregate by key(s) over a time window.Count logins per user every minute.
HTTP RequestTrigger external HTTP(S) calls inline.Notify PagerDuty, call enrichment APIs.
JSON TransformationRemap or rename JSON fields and structure.Standardize custom app logs to a shared schema.
JSON UnrollConvert arrays into individual events.Split one event with 5 IPs into 5 separate events.
LookupAdd fields from a reference table.Add business unit or geolocation to IPs.
Math ExpressionCompute values using event fields.Calculate duration = end_time - start_time.
Message BuilderCompose structured output for downstream tools.Create Slack-friendly JSON alerts.
OCSFConvert events to Open Cybersecurity Schema.Standardize endpoint data for SIEM ingestion.
ParserParse text using regex or pattern to extract fields.Convert syslog strings into structured events.
RedisUse Redis for state lookups or caching.Limit login attempts per user per hour.
SamplingRandomly pass only a portion of events.Keep 10% of debug logs for cost control.
UniqueEmit only first-seen values.Alert on first-time-seen device IDs or IPs.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/pipelines/actions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.