addToBlocklistById()

Summary

The addToBlocklistById() GraphQL mutation is used to blocklist a query based on a pattern based on a regex or exact match.

API Stability Long-Term

Syntax

graphql

addToBlocklistById(
      input: AddToBlocklistByIdInput!
   ): [BlockedQuery]!

For the input, you'll have to give the view's identifier, a pattern to use for matching events to block, and the matching type. See the Input Parameters section for details. You can use the blockedQueries() query to get the view identifier.

For the results, you can get data on the view, when blocking expires, etc. See the Returned Values section for more.

Example

Raw

graphql

mutation {
  addToBlocklistById(input: {pattern: ".*local", type: REGEX, 
    viewId: "abc123" })
  { id, expiresAt, pattern, type, view{id, name} }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX,  ^
    viewId: \"abc123\" }) ^
  { id, expiresAt, pattern, type, view{id, name} } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"abc123\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "addToBlocklistById": [
      {
        "pattern": ".*local",
        "expiresAt": null,
        "id": "def456",
        "type": "REGEX",
        "view": {
          "id": "aK9GKAsTnMXfRxT8Fpecx3fX",
          "name": "humio"
        }
      }

Input Parameters

For the given datatype, you would provide the unique identifier of the view, a pattern to use for matching events to block — and whether that pattern is an exact text or a regex match. The table below provides more details:

Table: AddToBlocklistByIdInput Input Datatype

Parameter	Type	Required	Default	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Mar 28, 2025
pattern	string	yes		`Long-Term`	The pattern to match for selecting data to add to the blocklist.
type	BlockedQueryMatcherType	yes		`Long-Term`	Whether the pattern should be matched exactly or interpreted as a regex pattern. See BlockedQueryMatcherType .
viewName	string	yes		`Long-Term`	Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only.
clusterWide	boolean		false	`Long-Term`	Whether to apply the pattern, globally. Requires the `ManageCluster` permission.

Returned Values

The main result you'll probably want returned is the regex pattern used to filter queries before they are executed. You can also get data on the associated view, when blocking expires, whether the current user is allowed the remove blocking. Below is a list of what can be requested, along with a description of each:

Table: BlockedQuery Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 24, 2024
expiresAt	datetime		`Long-Term`	The date and time in which any matching queries will cease to be blocked.
expiresInMilliseconds	integer		`Long-Term`	The amount of milliseconds until any matching queries won't be blocked.
id	string	yes	`Long-Term`	The unique identifier of the blocked query.
limitedToOrganization	boolean	yes	`Long-Term`	Whether the blocked query should be limited to the organization.
organization	Organization		`Long-Term`	The organization associated with the view, if any. See Organization.
pattern	string	yes	`Long-Term`	The exact or regular expression pattern used to match queries to block.
type	BlockedQueryMatcherType	yes	`Long-Term`	How the pattern should be matched (e.g., as a regular expression). See BlockedQueryMatcherType .
unblockAllowed	boolean	yes	`Long-Term`	Whether the current user is allowed to unblock the query.
view	View		`Long-Term`	The related view, if any. See View.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes