addToBlocklist()

API Stability Long-Term

The addToBlocklist() GraphQL mutation may be used to blocklist a query based an exactly matched given value, or based on a pattern given in a regular expression.

For more information on blocking queries, see the Blocking Queries documentation page.

Syntax

Below is the syntax for the addToBlocklist() mutation field:

graphql

addToBlocklist(
      input: AddToBlocklistInput!
   ): [BlockedQuery]!

Below is an example of how this mutation field might be used:

Raw

graphql

mutation {
  addToBlocklist(input: {pattern: ".*local", type: REGEX, viewName: "humio" })
  { id, expiresAt, pattern, type, view{id, name} }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" }) ^
  { id, expiresAt, pattern, type, view{id, name} } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addToBlocklist(input: {pattern: \".*local\", type: REGEX, viewName: \"humio\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "addToBlocklist": [
      {
        "pattern": ".*hacker",
        "expiresAt": null,
        "id": "44Nze6Tj8bAnM7rwwHk1zGCw",
        "type": "REGEX",
        "view": null
      },
      {
        "pattern": ".*local",
        "expiresAt": null,
        "id": "Twf4Mp0fuuMlIXPeywwfM4g2",
        "type": "REGEX",
        "view": {
          "id": "aK9GKAsTnMXfRxT8Fpecx3fX",
          "name": "humio"
        }
      }
    ]
  }
}

Given Datatypes

For AddToBlocklistInput, there are a few parameters that may be given. Below is a list of them along with a description of each:

Table: AddToBlocklistInput

Parameter	Type	Required	Default	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 28, 2025
pattern	string	yes		`Long-Term`	The pattern to match for selecting data to add to the blocklist.
type	BlockedQueryMatcherType	yes		`Long-Term`	Whether the pattern should be matched exactly or interpreted as a regex pattern. See BlockedQueryMatcherType .
viewName	string	yes		`Long-Term`	Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only.
clusterWide	boolean		false	`Long-Term`	Whether to apply the pattern, globally. Requires the `ManageCluster` permission.

Returned Datatypes

BlockedQuery has several parameters. Below is a list of them along with a description of each:

Table: BlockedQuery

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 24, 2024
expiresAt	datetime		`Long-Term`	The date and time in which any matching queries will cease to be blocked.
expiresInMilliseconds	integer		`Long-Term`	The amount of milliseconds until any matching queries won't be blocked.
id	string	yes	`Long-Term`	The unique identifier of the blocked query.
limitedToOrganization	boolean	yes	`Long-Term`	Whether the blocked query should be limited to the organization.
organization	Organization		`Long-Term`	The organization associated with the view, if any. See Organization.
pattern	string	yes	`Long-Term`	The exact or regular expression pattern used to match queries to block.
type	BlockedQueryMatcherType	yes	`Long-Term`	How the pattern should be matched (e.g., as a regular expression). See BlockedQueryMatcherType .
unblockAllowed	boolean	yes	`Long-Term`	Whether the current user is allowed to unblock the query.
view	View		`Long-Term`	The related view, if any. See View.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Groups

GraphQL Queries

GraphQL Datatypes

addToBlocklist()

Syntax

Given Datatypes

Returned Datatypes

Enter search term