The createActionFromTemplate() GraphQL mutation is used to create an action from yaml template.

For more information on creating an action, see the Actions documentation page.

Syntax

Below is the syntax for the createActionFromTemplate() mutation field:

graphql
createActionFromTemplate(
      input: CreateActionFromTemplateInput!
   ): Action!

For the given datatype, you'll have to provide the yamlTemplate parameter with a YAML template within quotes. That can be complicated. You might try copying one from a package template for a starting point, and then edit it to your needs. See createActionFromPackageTemplate() .

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createActionFromTemplate(input:
        {viewName: "humio", 
         name: "test-action", 
         yamlTemplate: "name: Actor\nmethod: POST ... " } )
  { id, name, isAllowedToRun }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createActionFromTemplate(input: ^
        {viewName: \"humio\",  ^
         name: \"test-action\",  ^
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } ) ^
  { id, name, isAllowedToRun } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createActionFromTemplate(input:
        {viewName: \"humio\", 
         name: \"test-action\", 
         yamlTemplate: \"name: Actor\nmethod: POST ... \" } )
  { id, name, isAllowedToRun }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createActionFromTemplate": {
      "id": "2zLdPUtUOtvi7htJTqNavETrnkODcz86",
      "name": "test-action",
      "isAllowedToRun": true
    }
  }
}

Given Datatypes

For CreateActionFromTemplateInput, there are a few parameters. Below is a list of them:

Table: CreateActionFromTemplateInput

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
namestringyes The name of the action.
viewNamestringyes The name of the view of the action.
yamlTemplateyamlyes A template that can be used to recreate the action.

Returned Datatypes

The returned interface Action has its own parameters. Below is a list of them along with their datatypes and a description of each:

Table: Action

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
allowedActions[AssetAction]yes A list of allowed asset actions. See AssetAction.
displayNamestringyes The display name of the action.
idstringyes The unique identifier of the action.
isAllowedToRunbooleanyes Whether the action is allowed to run. Should be false if this type of action is disabled because of a security policy.
namestringyes The name of the action.
requiresOrganizationOwnedQueriesPermissionToEditbooleanyes This should be set to true if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action.
packagePackageInstallationyes The package, if any, of which the action is part. See PackageInstallation.
packageIdVersionedPackageSpecifier  The unique identifier of the package. See VersionedPackageSpecifier.
xyamlyes A template that can be used to recreate the action.