CreateAggregateAlert | LogScale GraphQL Reference - Datatypes | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

CreateAggregateAlert

CreateAggregateAlert is an input datatype for creating an aggregate alert. It's used by the createAggregateAlert() mutation field.

Table: CreateAggregateAlert

Parameter	Type	Required	Default	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Feb 10, 2026
actionIdsOrNames	[string]	yes		`Long-Term`	List of unique identifiers or names for actions to fire on query result. Actions in packages can be referred to as `packagescope/packagename:actionname`. The default value is an empty list of actions.
description	string			`Long-Term`	Description of the aggregate alert.
enabled	boolean	yes	true	`Long-Term`	Flag indicating whether the aggregate alert is enabled.
labels	[string]	yes	[ ]	`Long-Term`	Labels attached to the aggregate alert. The default value is an empty list of labels.
name	string	yes		`Long-Term`	Name of the aggregate alert.
queryOwnershipType	QueryOwnershipType	yes		`Long-Term`	Ownership of the query run by this aggregate alert. If value is User, ownership will be based on the runAsUserId field. See QueryOwnershipType.
queryString	string	yes		`Long-Term`	The LogScale query to execute.
queryTimestampType	QueryTimestampType	yes		`Long-Term`	Timestamp type to use for a query. See QueryTimestampType.
runAsUserId	string			`Long-Term`	The aggregate alert will run with the permissions of the user corresponding to this id if the queryOwnershipType field is set to User. If the queryOwnershipType is set to Organization, whilst runAsUserId is set, this will result in an error. If not specified, the aggregate alert will run with the permissions of the calling user. It requires the `ChangeTriggersToRunAsOtherUsers` permission to set this field to a user id different from the calling user.
searchIntervalSeconds	long	yes		`Long-Term`	Search interval in seconds. Valid values: 1-80 minutes in seconds divisible by 60 (60, 120, ..., 4800 seconds); 82-180 minutes in seconds divisible by 120 (4920, 5040, ..., 10800 seconds); and 4-24 hours in seconds divisible by 3600 (14400, 18000, ..., 86400 seconds).
throttleField	string			`Deprecated`	The field on which to throttle. This can be set only if throttleTimeSeconds is set. Aggregate alerts now support multiple throttle fields. This field will be removed at the earliest in version 1.279. Use instead the throttleFields field.
throttleFields	[string]			`Long-Term`	The fields on which to throttle. This can be set only if throttleTimeSeconds is set. Ten throttle fields can be added at most.
throttleTimeSeconds	long	yes		`Long-Term`	Throttle time in seconds.
triggerMode	TriggerMode			`Long-Term`	Trigger mode used for triggering the alert. See TriggerMode.
viewName	RepoOrViewName	yes		`Long-Term`	Name of the view of the aggregate alert. RepoOrViewName is a scalar.

Enter search term