The addStarToAlertV2() GraphQL mutation used to add a star to an alert. However, this has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.

For more information on alerts, see the Alerts documentation page.

Syntax

Below is the syntax for the addStarToAlertV2() mutation field:

graphql
addStarToAlertV2(
      input: AddStarToAlert!
    ): Alert!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  addStarToAlertV2(input: 
       { viewName: "humio", id: "eweKcj7zbRDJqnS87HE1oZseiocfOGdN" } )
  { name, description, enabled, runAsUser { id, username } }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addStarToAlertV2(input:  ^
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } ) ^
  { name, description, enabled, runAsUser { id, username } } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addStarToAlertV2(input: 
       { viewName: \"humio\", id: \"eweKcj7zbRDJqnS87HE1oZseiocfOGdN\" } )
  { name, description, enabled, runAsUser { id, username } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "addStarToAlertV2": {
      "name": "Late Night",
      "description": "Any activities late at night.",
      "enabled": true,
      "runAsUser": {
        "id": "jSl8Iz25KhDiPQzXYE6YDetG",
        "username": "russell.dyer@crowdstrike.com"
      }
    }
  }
}

Given Datatypes

For the input (i.e., AddStarToAlert), there is only the input parameter. With it, for the input data, you would provide the data using the AddStarToAlert input method. Below is a list of requirements for it:

Table: AddStarToAlert

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
idstringyes The unique identifier of the alert.
viewNamestringyes The name of the view of the alert.

Returned Datatypes

As indicated by the syntax above, this mutation will return data using the Alert datatype. Below is a list of the parameters of that datatype:

Table: Alert

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
actionsstringyes List of identifiers for actions to fire on query result.
actionsV2[Action]yes List of unique identifiers for actions to fire on query result. See Action.
allowedActions[AssetAction]yes List of allowed actions. The is a preview; it may be changed. See AssetAction.
assetTypeAssetTypeyes 

The type of asset from an enumerated list. See AssetType.

This parameter has been deprecated and will be removed in version 1.136 of LogScale.

descriptionstring  Description of alert.
displayNamestringyes Name of the alert.
enabledbooleanyes Flag indicating whether the alert is enabled.
idstringyes The identifier of the alert.
isStarredbooleanyes 

Whether the calling user has starred the alert.

This has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.

labels[string]yes Labels attached to the alert.
lastErrorstring  Last error encountered while running the alert.
lastWarnings[string]yes Last warnings encountered while running the alert.
namestringyes The name of the alert.
packagePackageInstallation  A package installation. See PackageInstallation.
packageIdVersionedPackageSpecifier  The unique identifier of the package installed, if one was used. VersionedPackageSpecifier is a scalar.
queryOwnershipQueryOwnershipyes Ownership of the query run by the alert. See QueryOwnership.
queryStartstringyes Start of the relative time interval for the query.
queryStringstringyes LogScale query to execute.
runAsUserUser  Identifier of user by which the alert is run. See User.
throttleFieldstring  Field on which to throttle alert.
throttleTimeMillislongyes Throttle time in milliseconds.
timeOfLastTriggerlong  UNIX timestamp for when the alert was last triggered.
yamlTemplatestringyes A YAML formatted string that describes the alert.

For the Alert parameters, there are a couple of special datatypes. One is the AssetType, but that merely requires a choice from an enumerate list, which is given in the Alert table above.