The addScheduledSearchLabel() GraphQL mutation may be used to add a label to a scheduled search.

For more information on scheduled searches, see the Scheduled Searches documentation page.

Syntax

Below is the syntax for the addScheduledSearchLabel() mutation field:

graphql
addScheduledSearchLabel(
      input: AddLabelScheduledSearch!
    ): ScheduledSearch!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  addScheduledSearchLabel(input: 
       { viewName: "humio", id: "uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn", label: "find-them-1" } )
  { name, description, enabled, runAsUser { id, username } }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addScheduledSearchLabel(input:  ^
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } ) ^
  { name, description, enabled, runAsUser { id, username } } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addScheduledSearchLabel(input: 
       { viewName: \"humio\", id: \"uwsVwYlFWGqzD9bIgKeciwmiS1hCVMyn\", label: \"find-them-1\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "addScheduledSearchLabel": {
      "name": "Seeker",
      "description": "Searching for locals.",
      "enabled": true,
      "runAsUser": {
        "id": "jSl8Iz25KhDiPQzXYE6YDetG",
        "username": "bob@company.com"
      }
    }
  }
}

Given Datatypes

For the input (i.e., AddLabelScheduledSearch), there are a few parameters that may be given. Below is a list of them along with their datatype and a description of each:

Table: AddLabelScheduledSearch

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
id[InputDictionaryEntry]yes The unique identifier of the scheduled search. See InputDictionaryEntry.
labelstringyes The label for the scheduled search.
viewNamestringyes The name of the view of the scheduled search.

Returned Datatypes

As indicated by the syntax above, this mutation will return data using the datatype, ScheduledSearch. Below is a list of the parameters of that data type:

Table: ScheduledSearch

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
actions[string]yes List of unique identifiers for actions to fire on query result.
actionsV2[Action]yes List of actions to fire on query result. See Action.
allowedActions[AssetAction]yes The allowed asset actions. See AssetAction.
backfillLimitintegeryes User-defined limit, which caps the number of missed searches to backfill, e.g. in the event of a shutdown.
descriptionstring  A description of the scheduled search.
enabledbooleanyes Whether the scheduled search is enabled.
endstringyes The end of the relative time interval for the query.
idstringyes The unique identifier of the scheduled search.
isStarredbooleanyes Whether the calling user has 'starred' the scheduled search. This has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.
labels[string]yes The labels added to the scheduled search.
lastErrorstring  The last error encountered while running the search.
lastExecutedlong  Unix timestamp for end of search interval for last query execution.
lastScheduledSearchlong  The UNIX timestamp at which the last query result was processed. This is deprecated and replaced with lastExecuted and lastTriggered.
lastTriggeredlong  Unix timestamp for end of search interval for last query execution that triggered.
lastWarnings[string]yes The Last warnings encountered while running the scheduled search.
modifiedInfoModifiedInfoyes User or token used to modify the asset. See ModifiedInfo.
namestringyes The name of the scheduled search.
packagePackageInstallationyes The related package. See PackageInstallation.
packageIdVersionedPackageSpecifieryes The unique identifier for the related package. VersionedPackageSpecifier is a scalar.
queryOwnershipQueryOwnershipyes Ownership of the query run by this scheduled search. See QueryOwnership.
queryStringstringyes The LogScale query to execute.
runAsUserUseryes The unique identifier of the user as which the scheduled search is running. See User.
schedulestringyes The cron pattern describing the schedule to execute the query on.
startstringyes The start of the relative time interval for the query.
timeOfNextPlannedExecutionlong  The UNIX timestamp for next planned search.
timeZonestringyes Time zone of the schedule. Currently, this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'.
yamlTemplateyamlyes A template that can be used to recreate the scheduled search.