addStarToAlertV2()

API Stability	`Deprecated`

The addStarToAlertV2() GraphQL mutation used to add a star to an alert. However, this has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.

For more information on alerts, see the Triggers documentation page.

Syntax

Below is the syntax for the addStarToAlertV2() mutation field:

graphql

addStarToAlertV2(
      input: AddStarToAlert!
    ): Alert!

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
  addStarToAlertV2(input: 
       { viewName: "humio", id: "eweKcj7zbRDJqnS87HE1oZseiocfOGdN" } )
  { name, description, enabled, runAsUser { id, username } }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addStarToAlertV2(input:  ^
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } ) ^
  { name, description, enabled, runAsUser { id, username } } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "addStarToAlertV2": {
      "name": "Late Night",
      "description": "Any activities late at night.",
      "enabled": true,
      "runAsUser": {
        "id": "jSl8Iz25KhDiPQzXYE6YDetG",
        "username": "russell.dyer@crowdstrike.com"
      }
    }
  }
}

Given Datatypes

For AddStarToAlert, there is only the input parameter. With it, for the input data, you would provide the data using the AddStarToAlert input method. Below is a list of requirements for it:

Table: AddStarToAlert

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
`id`	string	yes	`Deprecated`	The unique identifier of the alert.
`viewName`	string	yes	`Deprecated`	The name of the view of the alert.

Returned Datatypes

alert has several parameters. They're listed and described here:

Table: Alert

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 28, 2025
`actions`	string	yes	`Long-Term`	List of identifiers for actions to fire on query result.
`actionsV2`	[`Action`]	yes	`Long-Term`	List of unique identifiers for actions to fire on query result. See `Action`.
`allowedActions`	[`AssetAction`]	yes	`Preview`	List of allowed actions. The is a preview; it may be changed. See `AssetAction`.
`description`	string		`Long-Term`	Description of alert.
`displayName`	string	yes	`Long-Term`	Name of the alert.
`enabled`	boolean	yes	`Long-Term`	Flag indicating whether the alert is enabled.
`id`	string	yes	`Long-Term`	The identifier of the alert.
`isStarred`	boolean	yes	`Long-Term`	Whether the calling user has starred the alert. This has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.
`labels`	[string]	yes	`Long-Term`	Labels attached to the alert.
`lastError`	string		`Long-Term`	Last error encountered while running the alert.
`lastWarnings`	[string]	yes	`Long-Term`	Last warnings encountered while running the alert.
`name`	string	yes	`Long-Term`	The name of the alert.
`package`	`PackageInstallation`		`Long-Term`	A package installation. See `PackageInstallation`.
`packageId`	`VersionedPackageSpecifier`		`Long-Term`	The unique identifier of the package installed, if one was used. `VersionedPackageSpecifier` is a scalar.
`queryOwnership`	`QueryOwnership`	yes	`Long-Term`	Ownership of the query run by the alert. See `QueryOwnership`.
`queryStart`	string	yes	`Long-Term`	Start of the relative time interval for the query.
`queryString`	string	yes	`Long-Term`	LogScale query to execute.
`resource`	string	yes	`Short-Term`	The resource identifier for the alert.
`runAsUser`	`User`		`Long-Term`	Identifier of user by which the alert is run. See `User`.
`throttleField`	string		`Long-Term`	Field on which to throttle alert.
`throttleTimeMillis`	long	yes	`Long-Term`	Throttle time in milliseconds.
`timeOfLastTrigger`	long		`Long-Term`	UNIX timestamp for when the alert was last triggered.
`yamlTemplate`	string	yes	`Long-Term`	A YAML formatted string that describes the alert.

For the alert parameters, there are a couple of special datatypes. One is the AssetType, but that merely requires a choice from an enumerate list, which is given in the alert table above.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes