The createVictorOpsAction() GraphQL mutation may be used to create a VictorOps action in LogScale.

For more information on creating a VictorOps action, see the Action Type: VictorOps (Splunk On-Call) documentation page. You may also want to look at the Actions page for related information.

Syntax

Below is the syntax for the createVictorOpsAction() mutation field:

graphql
createVictorOpsAction(
      input: CreateVictorOpsAction!
   ): VictorOpsAction!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createVictorOpsAction(input:
         { viewName: "humio",
           name: "my-victory-act",
           messageType: "CRITICAL",
           notifyUrl: "https://victorops.company.com",
           useProxy: false
        } )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createVictorOpsAction(input: ^
         { viewName: \"humio\", ^
           name: \"my-victory-act\", ^
           messageType: \"CRITICAL\", ^
           notifyUrl: \"https://victorops.company.com\", ^
           useProxy: false ^
        } ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createVictorOpsAction(input:
         { viewName: \"humio\",
           name: \"my-victory-act\",
           messageType: \"CRITICAL\",
           notifyUrl: \"https://victorops.company.com\",
           useProxy: false
        } )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createVictorOpsAction": {
      "id": "aFSFk3HURI5PsQy3IDgEl80Y3fKrRvj1"
    }
  }
}

Given Datatypes

For the given datatype, createVictorOpsAction(), there a few parameters that may be given. Below is a list of them along with their datatypes and a description of each:

Table: CreateVictorOpsAction

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
messageTypestringyes Type of the VictorOps message to make.
namestringyes Name of the action.
notifyUrlstringyes VictorOps webhook URL where request should be sent.
useProxybooleanyes Defines whether the action should use the configured proxy to make web requests
viewNamestringyes Name of the view of the action.

Returned Datatypes

VictorOpsAction has several parameters. Below is a list of them:

Table: VictorOpsAction

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
allowedActions[AssetAction]yes A list of allowed asset actions. See AssetAction. This is a preview and subject to change.
displayNamestringyes The display name of the action.
idstringyes The unique identifier of the action.
isAllowedToRunbooleanyes Whether action is disabled — usually because of a security policy.
messageTypestringyes The type of VictorOps message.
namestringyes The name of the action.
notifyUrlstringyes VictorOps webhook URL where to send the request.
packagePackageInstallation  The package, if there is one, of which the action is part. See PackageInstallation.
packageIdVersionedPackageSpecifieryes The unique identifier of the package of the aggregate alert template. VersionedPackageSpecifier is a scalar.
requiresOrganizationOwnedQueriesPermissionToEditbooleanyes True if this action is used by triggers, where the query is run by the organization. If true, the OrganizationOwnedQueries permission is required to edit the action.
useProxybooleanyes Whether the action should use the configured proxy to make web requests.
yamlTemplateyamlyes A template that can be used to recreate the action.