The addToBlocklistById() GraphQL mutation is used to blocklist a query based on a pattern based on a regex or exact match.

Syntax

Below is the syntax for the addToBlocklistById() mutation field:

graphql
addToBlocklistById(
      input: AddToBlocklistByIdInput!
   ): [BlockedQuery!]!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  addToBlocklistById(input: {pattern: ".*local", type: REGEX, 
    viewId: "aK9GKAsTnMXfRxT8Fpecx3fX" })
  { id, expiresAt, pattern, type, view{id, name} }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX,  ^
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" }) ^
  { id, expiresAt, pattern, type, view{id, name} } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "addToBlocklistById": [
      {
        "pattern": ".*local",
        "expiresAt": null,
        "id": "05KDQ2X0JAsdfB6yTgp7e89e",
        "type": "REGEX",
        "view": {
          "id": "aK9GKAsTnMXfRxT8Fpecx3fX",
          "name": "humio"
        }
      }

Given Datatypes

For AddToBlocklistByIdInput, there are a few parameters:

Table: AddToBlocklistByIdInput

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
patternstringyes The pattern to match for selecting data to add to the blocklist.
typeBlockedQueryMatcherTypeyes Whether the pattern should be matched exactly or interpreted as a regex pattern. See BlockedQueryMatcherType.
viewNamestringyes Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only.
clusterWideboolean  Whether to apply the pattern, globally. Requires the ManageCluster permission.

Returned Datatypes

For BlockedQuery, there are a few parameters:

Table: BlockedQuery

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
expiresAtdatetime  The date and time in which any matching queries will cease to be blocked.
expiresInMillisecondsinteger  The amount of milliseconds until any matching queries won't be blocked.
idstringyes The unique identifier of the blocked query.
limitedToOrganizationbooleanyes Whether the blocked query should be limited to the organization.
organizationOrganization  The organization associated with the view, if any. See Organization.
patternstringyes The exact or regular expression pattern used to match queries to block.
typeBlockedQueryMatcherTypeyes How the pattern should be matched (e.g., as a regular expression). See BlockedQueryMatcherType.
unblockAllowedbooleanyes Whether the current user is allowed to unblock the query.
viewView  The related view, if any. See View.