addToBlocklistById()

API Stability	`Long-Term`

The addToBlocklistById() GraphQL mutation is used to blocklist a query based on a pattern based on a regex or exact match.

Syntax

Below is the syntax for the addToBlocklistById() mutation field:

graphql

addToBlocklistById(
      input: AddToBlocklistByIdInput!
   ): [BlockedQuery!]!

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
  addToBlocklistById(input: {pattern: ".*local", type: REGEX, 
    viewId: "aK9GKAsTnMXfRxT8Fpecx3fX" })
  { id, expiresAt, pattern, type, view{id, name} }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX,  ^
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" }) ^
  { id, expiresAt, pattern, type, view{id, name} } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  addToBlocklistById(input: {pattern: \".*local\", type: REGEX, 
    viewId: \"aK9GKAsTnMXfRxT8Fpecx3fX\" })
  { id, expiresAt, pattern, type, view{id, name} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "addToBlocklistById": [
      {
        "pattern": ".*local",
        "expiresAt": null,
        "id": "05KDQ2X0JAsdfB6yTgp7e89e",
        "type": "REGEX",
        "view": {
          "id": "aK9GKAsTnMXfRxT8Fpecx3fX",
          "name": "humio"
        }
      }

Given Datatypes

For AddToBlocklistByIdInput, there are a few parameters:

Table: AddToBlocklistByIdInput

Parameter	Type	Required	Default	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 28, 2025
`pattern`	string	yes		The pattern to match for selecting data to add to the blocklist.
`type`	`BlockedQueryMatcherType`	yes		Whether the pattern should be matched exactly or interpreted as a regex pattern. See `BlockedQueryMatcherType`.
`viewName`	string	yes		Limits the scope of the pattern to a specific view preventing matching queries from execution in that context only.
`clusterWide`	boolean		false	Whether to apply the pattern, globally. Requires the ManageCluster permission.

Returned Datatypes

For BlockedQuery, there are a few parameters:

Table: BlockedQuery

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 24, 2024
`expiresAt`	datetime		`Long-Term`	The date and time in which any matching queries will cease to be blocked.
`expiresInMilliseconds`	integer		`Long-Term`	The amount of milliseconds until any matching queries won't be blocked.
`id`	string	yes	`Long-Term`	The unique identifier of the blocked query.
`limitedToOrganization`	boolean	yes	`Long-Term`	Whether the blocked query should be limited to the organization.
`organization`	`Organization`		`Long-Term`	The organization associated with the view, if any. See `Organization`.
`pattern`	string	yes	`Long-Term`	The exact or regular expression pattern used to match queries to block.
`type`	`BlockedQueryMatcherType`	yes	`Long-Term`	How the pattern should be matched (e.g., as a regular expression). See `BlockedQueryMatcherType`.
`unblockAllowed`	boolean	yes	`Long-Term`	Whether the current user is allowed to unblock the query.
`view`	`View`		`Long-Term`	The related view, if any. See `View`.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes

addToBlocklistById()

Syntax

Given Datatypes

Returned Datatypes

Enter search term