The createAlertFromPackageTemplate() GraphQL mutation field may be used to create an alert from a package alert template.

This mutation is no longer used internally and will be removed in a future release. Contact support if you are using this and cannot use createAlert() as a replacement.

For more information on creating alerts, see the Creating Alerts documentation page. You may also want to look at the Alerts and the Packages pages for related information.

Syntax

Below is the syntax for the createAlertFromPackageTemplate() mutation field:

graphql
createAlertFromPackageTemplate(
      searchDomainName: string!
      packageId: VersionedPackageSpecifier!
      alertTemplateName: string!
      alertName: string!
   ): CreateAlertFromPackageTemplateMutation!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createAlertFromPackageTemplate(
         searchDomainName: "humio", 
         packageId: "talon/talon-cyber-security@0.1.0", 
         alertTemplateName: "Malware Protection",
         alertName: "mal-alert"
         )
  {alert {name, enabled} }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createAlertFromPackageTemplate( ^
         searchDomainName: \"humio\",  ^
         packageId: \"talon/talon-cyber-security@0.1.0\",  ^
         alertTemplateName: \"Malware Protection\", ^
         alertName: \"mal-alert\" ^
         ) ^
  {alert {name, enabled} } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createAlertFromPackageTemplate(
         searchDomainName: \"humio\", 
         packageId: \"talon/talon-cyber-security@0.1.0\", 
         alertTemplateName: \"Malware Protection\",
         alertName: \"mal-alert\"
         )
  {alert {name, enabled} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createAlertFromPackageTemplate": {
      "alert": {
        "name": "mal-alert",
        "enabled": true
      }
    }
  }
}

Given and Returned Datatypes

The given datatype VersionedPackageSpecifier is just a scalar. The returned datatype CreateAlertFromPackageTemplateMutation has its own parameter:

Table: CreateAlertFromPackageTemplateMutation

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 24, 2024
AlertAlertyes The alert to create from a package template. See Alert.