API Stability Long-Term

The createEmailAction() GraphQL mutation may be used to create an email action in LogScale.

For more information on creating email actions, see the Action Type: Email documentation page. You may also want to look at the Actions page for related information.

Syntax

Below is the syntax for the createEmailAction() mutation field:

graphql
createEmailAction(
      input: CreateEmailAction!
   ): EmailAction!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createEmailAction(input:
      { viewName: "humio",
        name: "my-mail-act",
        recipients: ["bob@company.com"],
        useProxy: false
      } )
  { id, recipients }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createEmailAction(input: ^
      { viewName: \"humio\", ^
        name: \"my-mail-act\", ^
        recipients: [\"bob@company.com\"], ^
        useProxy: false ^
      } ) ^
  { id, recipients } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createEmailAction(input:
      { viewName: \"humio\",
        name: \"my-mail-act\",
        recipients: [\"bob@company.com\"],
        useProxy: false
      } )
  { id, recipients }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createEmailAction": {
      "id": "DfSFDY55siDEjcA7X8dZKV3nYwTmI8yO",
      "recipients": [
        "bob@company.com"
      ]
    }
  }
}

Given Datatypes

For CreateEmailAction, there are several parameters. Below is a list of them along with a description of each:

Table: CreateEmailAction

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 28, 2025
attachCsvstringyesfalseLong-TermWhether the result set should be be attached as a CSV file.
bodyTemplatestringyes Long-TermBody of the email. Can be templated with values from the result.
namestringyes Long-TermName of the action.
recipients[string]yes Long-TermList of email addresses where to send an email.
subjectTemplatestring  Long-TermSubject of the email. Can be templated with values from the result.
useProxystringyes Long-TermDefines whether the action should use the configured proxy to make web requests.
viewNamestringyes Long-TermName of the view of the action.

Returned Datatypes

The returned datatype EmailAction has many parameters. Below is a list of them along with a description of each:

Table: EmailAction

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 30, 2025
allowedActions[AssetAction]yes Short-TermThe allowed asset actions. See AssetAction . This is a preview feature. Changes may occur.
attachCsvbooleanyes Long-TermWhether the result set should be attached as a CSV file.
bodyTemplatestring  Long-TermBody of the email. Can be templated with values from the result.
createdInfoAssetCommitMetadata  Long-TermMetadata related to the creation of the action. See AssetCommitMetadata.
displayNamestringyes Long-TermThe display name of the action.
idstringyes Long-TermThe unique identifier of the action.
isAllowedToRunbooleanyes Long-TermFalse if this type of action is disabled because of a security policy.
labels[string]  PreviewThe labels associated with the action, if any.
modifiedInfoAssetCommitMetadata  Long-TermMetadata related to the latest modification of the action. See AssetCommitMetadata.
namestringyes Long-TermThe name of the action.
packagePackageInstallation  Long-TermThe package which the action is part. See PackageInstallation.
packageIdVersionedPackageSpecifier  Long-TermThe package version. VersionedPackageSpecifier is a scalar.
recipients[string]yes Long-TermList of email addresses to send an email.
requiresOrganizationOwnedQueriesPermissionToEditbooleanyes Long-TermTrue if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action.
resourcestringyes Short-TermThe resource identifier for the action.
subjectTemplatestring  Long-TermSubject of the email. Can be templated with values from the result.
useProxybooleanyes Long-TermDefines whether the action should use the configured proxy to make web requests.
yamlTemplateYAMLyes Long-TermA template that can be used to recreate the action. YAML is a scalar.