addScheduledSearchLabels()

Stability Level

Long-Term

As an extra feature for assisting you with administering scheduled searches, you can attach labels to them. You can add them when creating a scheduled search, or later with the addScheduledSearchLabels() GraphQL mutation. There can be at most ten labels per saved query, with a maximum length of sixty characters per label.

When you execute this mutation, it will return information on the updated scheduled search, if successful — null with errors, if not. The return values can include all of the labels for the scheduled search — the ones added and saved previously. From that list you may choose to delete some labels. Use the removeScheduledSearchLabels() mutation to do that.

Hide Query Example

Show Scheduled Search Labels Query

To get a list of scheduled search labels, you could execute the repositories() query like this:

graphql

query {
     repositories
      { id, name, 
        scheduledSearches { labels } }
   }

For more information on scheduled searches, see the Scheduled searches documentation page. To manage labels through the UI, see the Triggers and Manage Triggers pages of the main documentation.

Syntax

graphql

addScheduledSearchLabels(
      input: AddScheduledSearchLabels!
   ): ScheduledSearch

For the input, you have to give the name of the view or repository, and the unique identifier of the scheduled search to which you want to add labels (click on Show Query below). And, you'll have to provide within brackets, a comma-separated list of labels.

For the return datatype for this mutation, you can get details on the scheduled search, including a list of labels for it. See the Returned Datatype section farther down this page.

Hide Query Example

Show Scheduled Search Identifiers Query

To get a list of all scheduled searches for a repository, use the repository() query like this:

graphql

query {
     repository(name: "humio")
        { scheduledSearches { name, id } }
   }

With these results you can use a scheduled search's unique identifier to add labels to it.

Example

Raw

graphql

mutation {
  addScheduledSearchLabels(input: 
       { viewName: "humio", 
         id: "abc123", 
         labels: [ "find-them-1",
                   "admin-focus" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addScheduledSearchLabels(input:  ^
       { viewName: \"humio\",  ^
         id: \"abc123\",  ^
         labels: [ \"find-them-1\", ^
                   \"admin-focus\" ]  ^
        }  ^
    ) ^
  { name, description, enabled, runAsUser { id, username } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addScheduledSearchLabels(input: 
       { viewName: \"humio\", 
         id: \"abc123\", 
         labels: [ \"find-them-1\",
                   \"admin-focus\" ] 
        } 
    )
  { name, description, enabled, runAsUser { id, username } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "addScheduledSearchLabels": {
      "name": "Seeker",
      "description": "Searching for locals.",
      "enabled": true,
      "runAsUser": {
        "id": "def456",
        "username": "bob@company.com"
      }
    }
  }
}

Given Datatype

You'll have to give the view or repository name, and the unique identifier of the schedule search to which you want to add labels — and a comma-separated list of labels to add, within square-brackets. This is described here in the table for this datatype. Click on the Show Query link under the Syntax section above for an example of how to get the scheduled search identifiers.

Table: AddScheduledSearchLabels

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Nov 14, 2025
id	string	yes	`Long-Term`	The unique identifier of a scheduled search.
labels	[string]	yes	`Long-Term`	Labels to add to a scheduled search, at most one-hundred at a time.
viewName	RepoOrViewName	yes	`Long-Term`	The name of the view of a scheduled search. RepoOrViewName is a scalar.

Returned Datatype

You can get the query string used by the scheduled search, what actions are triggered, and any errors or warnings when it was last executed. Related more specifically to this mutation, you can use the labels parameter to get a list of labels associated with the search in case you want to remove some or add more. These and other parameters are listed in the table below, along with links to related datatype tables.

Table: ScheduledSearch

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 27, 2026
actions	[string]	yes	`Long-Term`	List of unique identifiers for actions to fire on query result.
actionsV2	[Action]	yes	`Long-Term`	List of actions to fire on query result. See Action.
allowedActions	[AssetAction]	yes	`Short-Term`	The allowed asset actions. See AssetAction .
backfillLimitV2	integer		`Long-Term`	User-defined limit, which caps the number of missed searches to backfill when queryTimestampType is `EventTimestamp`.
createdInfo	AssetCommitMetadata		`Long-Term`	Metadata related to the creation of the scheduled search. See AssetCommitMetadata.
description	string		`Long-Term`	A description of the scheduled search.
enabled	boolean	yes	`Long-Term`	Whether the scheduled search is enabled.
executionTimesToRerun	[long]	yes	`Long-Term`	Execution times of the scheduled search runs to rerun as Unix timestamp in milliseconds.
id	string	yes	`Long-Term`	The unique identifier of the scheduled search.
labels	[string]	yes	`Long-Term`	The labels added to the scheduled search.
lastError	string		`Long-Term`	The last error encountered while running the search.
lastExecuted	long		`Deprecated`	Unix timestamp for end of search interval for last query execution. However, this parameter has been deprecated because the name is confusing. It will be removed at the earliest in version 1.27. Use instead the timeOfLastExecution parameter.
lastTriggered	long		`Deprecated`	Unix timestamp for end of search interval for last query execution that triggered. However, this parameter has been deprecated because the name is confusing. It will be removed at the earliest in version 1.27. Use instead the timeOfLastTrigger parameter.
lastWarnings	[string]	yes	`Long-Term`	The Last warnings encountered while running the scheduled search.
maxWaitTimeSeconds	long		`Long-Term`	The maximum wait time in seconds when queryTimestampType is `IngestTimestamp`.
modifiedInfo	ModifiedInfo	yes	`Preview`	User or token used to modify the asset. See ModifiedInfo.
name	string	yes	`Long-Term`	The name of the scheduled search.
package	PackageInstallation		`Long-Term`	The related package. See PackageInstallation.
packageId	VersionedPackageSpecifier		`Long-Term`	The unique identifier for the related package. VersionedPackageSpecifier is a scalar.
queryOwnership	QueryOwnership	yes	`Long-Term`	Ownership of the query run by this scheduled search. See QueryOwnership.
queryString	string	yes	`Long-Term`	The LogScale query to execute.
queryTimestampType	QueryTimestampType	yes	`Long-Term`	The timestamp type to use for the query. Running on `@ingesttimestamp` is only available with feature flag `ScheduledSearchIngestTimestamp`. See QueryTimestampType .
resource	string	yes	`Short-Term`	The resource identifier for the scheduled search.
runAsUser	User		`Long-Term`	The unique identifier of the user as which the scheduled search is running. See User.
schedule	string	yes	`Long-Term`	The cron pattern describing the schedule to execute the query on.
searchIntervalOffsetSeconds	long		`Long-Term`	The search interval offset in seconds when queryTimestampType is `EventTimestamp`.
searchIntervalSeconds	long	yes	`Long-Term`	The search interval in seconds.
timeOfLastExecution	long		`Long-Term`	Unix timestamp for when the scheduled search was last executed.
timeOfLastTrigger	long		`Long-Term`	Unix timestamp for when the scheduled search was last triggered.
timeOfNextPlannedExecution	long		`Long-Term`	The UNIX timestamp for next planned search.
timeZone	string	yes	`Long-Term`	Time zone of the schedule. Currently, this field only supports UTC offsets like 'UTC', 'UTC-01' or 'UTC+12:45'.
triggerOnEmptyResult	boolean	yes	`Long-Term`	Flag indicating whether the scheduled search should trigger when it finds an empty result (i.e., no events).
yamlTemplate	YAML	yes	`Long-Term`	A template that can be used to recreate the scheduled search. YAML is a scalar.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes