createActionFromTemplate()

Security Requirements and Controls

CreateActions API permission

Summary

The createActionFromTemplate() GraphQL mutation is used to create an action from a yaml template.

API Stability Long-Term

Syntax

graphql

createActionFromTemplate(
      input: CreateActionFromTemplateInput!
   ): Action!

For the given datatype, you'll have to give the name of the view or repository, and the YAML template. See the Input Parameters section for details.

For the results, you can get plenty on the action. See the Returned Values section for what's available.

Example

Raw

graphql

mutation {
  createActionFromTemplate(input:
        {viewName: "humio", 
         name: "test-action", 
         yamlTemplate: "name: Actor\nmethod: POST ... " } )
  { id, name, isAllowedToRun }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createActionFromTemplate(input: ^
        {viewName: \"humio\",  ^
         name: \"test-action\",  ^
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } ) ^
  { id, name, isAllowedToRun } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "createActionFromTemplate": {
      "id": "abc123",
      "name": "test-action",
      "isAllowedToRun": true
    }
  }
}

Input Parameters

For the input, you would provide the name of the view associated with the action to create, and the YAML specification of the action. That can be complicated. You might try copying one from a package template for a starting point, and then edit it to your needs. See createActionFromPackageTemplate().

Table: CreateActionFromTemplateInput Input Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2024
name	string	yes	`Long-Term`	The name of the action.
viewName	string	yes	`Long-Term`	The name of the view of the action.
yamlTemplate	YAML	yes	`Long-Term`	A template that can be used to recreate the action. YAML is a scalar.

Returned Values

For the results, you can get a list allowed actions, when the action was created and modified last and by whom, and other items.

Table: Action Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 30, 2025
allowedActions	[AssetAction]	yes	`Short-Term`	A list of allowed asset actions. See AssetAction.
createdInfo	AssetCommitMetadata		`Long-Term`	Metadata related to the creation of the action. See AssetCommitMetadata.
displayName	string	yes	`Long-Term`	The display name of the action.
id	string	yes	`Long-Term`	The unique identifier of the action.
isAllowedToRun	boolean	yes	`Long-Term`	Whether the action is allowed to run. Should be false if this type of action is disabled because of a security policy.
labels	[string]	yes	`Preview`	Labels attached to the action.
modifiedInfo	AssetCommitMetadata		`Long-Term`	Metadata related to the latest modification of the action. See AssetCommitMetadata.
name	string	yes	`Long-Term`	The name of the action.
package	PackageInstallation		`Long-Term`	The package, if any, of which the action is part. See PackageInstallation.
packageId	VersionedPackageSpecifier		`Long-Term`	The unique identifier of the package. See VersionedPackageSpecifier.
requiresOrganizationOwnedQueriesPermissionToEdit	boolean	yes	`Long-Term`	This should be set to true if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action.
resource	string	yes	`Short-Term`	The resource identifier for the action.
yamlTemplate	YAML	yes	`Long-Term`	A template that can be used to recreate the action. YAML is a scalar.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes