| API Stability |
Long-Term
|
The addToBlocklist() GraphQL mutation may be used to blocklist a query based an exactly matched given value, or based on a pattern given in a regular expression.
For more information on blocking queries, see the Blocking Queries documentation page.
Syntax
Below is the syntax for the addToBlocklist() mutation field:
graphql
addToBlocklist(
input: AddToBlocklistInput!
): [BlockedQuery!]!Below is an example of how this mutation field might be used:
graphql
mutation {
addToBlocklist(input: {pattern: ".*local", type: REGEX, viewName: "humio" })
{ id, expiresAt, pattern, type, view{id, name} }
}json
{
"data": {
"addToBlocklist": [
{
"pattern": ".*hacker",
"expiresAt": null,
"id": "44Nze6Tj8bAnM7rwwHk1zGCw",
"type": "REGEX",
"view": null
},
{
"pattern": ".*local",
"expiresAt": null,
"id": "Twf4Mp0fuuMlIXPeywwfM4g2",
"type": "REGEX",
"view": {
"id": "aK9GKAsTnMXfRxT8Fpecx3fX",
"name": "humio"
}
}
]
}
}Given Datatypes
For AddToBlocklistInput,
there are a few parameters that may be given. Below is a list of
them along with a description of each:
Table: AddToBlocklistInput
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 28, 2025 | |||||
pattern | string | yes | Long-Term | The pattern to match for selecting data to add to the blocklist. | |
type | BlockedQueryMatcherType | yes | Long-Term | Whether the pattern should be matched exactly or interpreted as a regex pattern. See BlockedQueryMatcherType. | |
viewName | string | yes | Long-Term | Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only. | |
clusterWide | boolean | false | Long-Term | Whether to apply the pattern, globally. Requires the ManageCluster permission. | |
Returned Datatypes
BlockedQuery has
several parameters. Below is a list of them along with a
description of each:
Table: BlockedQuery
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 24, 2024 | |||||
expiresAt | datetime | Long-Term | The date and time in which any matching queries will cease to be blocked. | ||
expiresInMilliseconds | integer | Long-Term | The amount of milliseconds until any matching queries won't be blocked. | ||
id | string | yes | Long-Term | The unique identifier of the blocked query. | |
limitedToOrganization | boolean | yes | Long-Term | Whether the blocked query should be limited to the organization. | |
organization | Organization | Long-Term | The organization associated with the view, if any. See Organization. | ||
pattern | string | yes | Long-Term | The exact or regular expression pattern used to match queries to block. | |
type | BlockedQueryMatcherType | yes | Long-Term | How the pattern should be matched (e.g., as a regular expression). See BlockedQueryMatcherType. | |
unblockAllowed | boolean | yes | Long-Term | Whether the current user is allowed to unblock the query. | |
view | View | Long-Term | The related view, if any. See View. | ||