The createView() GraphQL mutation may be used to create a view in LogScale.

For more information on creating a view, see the Creating a Repository or View documentation page. You may also want to look at the Repositories & Views and Views pages for related information.

Syntax

Below is the syntax for the createView() mutation field:

graphql
createView(
      name: string!
      description: string
      connections: [ViewConnectionInput!]!,
      federatedViews: [string!], 
      isFederated: boolean
   ): View!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createView(
        name: "vh-view",
        description: "V-Host View",
        connections: [ { repositoryName: "humio", filter: "#vhost" } ]
       )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createView( ^
        name: \"vh-view\", ^
        description: \"V-Host View\", ^
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ] ^
       ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createView": {
      "id": "Cs76jTr06N3oO5BdhGyUFbhe"
    }
  }
}

Given Datatypes

For the given datatype, ViewConnectionInput, there only a few parameters that may be given. Below is a list of them:

Table: ViewConnectionInput

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
filterstringyes The filter applied to all results from the repository.
languageVersionLanguageVersionEnumyes The version of human language to use. See LanguageVersionEnum.
repositoryNamestringyes The name of the connected repository.

Returned Datatypes

The returned datatype View has many parameters. Below is a list of them along with their datatypes and a description of each:

Table: View

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Actionmultipleyes A saved action. The multiple datatype consists of (id: string): Action. The id is the unique identifier of the action. See Action.
actions[Action]yes A list of saved actions. See Action.
AggregateAlertmultipleyes A saved aggregate alert. The multiple datatype consists of (id: string): AggregateAlert. See AggregateAlert.
aggregateAlerts[AggregateAlert]yes Saved aggregate alerts. See AggregateAlert.
Alertmultipleyes A saved alert. The multiple datatype consists of (id: string): Alert. See Alert.
alerts[Alert]yes Saved alerts. See Alert.
allowedViewActions[ViewAction]yes Returns the all actions the user is allowed to perform on the view. See ViewAction.
automaticSearchbooleanyes Whether the search is executed automatically.
availablePackagesmultiple  Returns a list of available packages that can be installed. The multiple datatype consists of (filter: string, tags: [PackageTag!], categories: [string]): [PackageRegistrySearchResultItem]. PackageTag is a scalar. See PackageRegistrySearchResultItem.
checkClusterConnections[ClusterConnectionStatus]yes Check all of this search domain's cluster connections. This is a preview and subject to change. See ClusterConnectionStatus.
clusterConnectionmultipleyes A specific cluster connection. The multiple datatype consists of (id: string): ClusterConnection. See ClusterConnection.
connections[ViewConnection]yes The connections for the view. This is a preview and subject to change. See ViewConnection.
crossOrgConnections[CrossOrgViewConnection]yes The connections for the cross organization connections (see CrossOrgViewConnection Table).
Dashboardmultipleyes A saved dashboard. The multiple datatype consists of (id: string): Dashboard. See Dashboard.
dashboards[Dashboard]yes Saved dashboards. See Dashboard.
defaultQuerySavedQuery  The default saved query. See SavedQuery.
deletedDatelong  The point in time the search domain was marked for deletion.
descriptionstring  A description of the view.
fileFieldSearchmultipleyes The fields to search in a given file. The multiple datatype consists of (fileName: string, fieldName: string, prefixFilter: string, valueFilters: [FileFieldFilterType], fieldsToInclude: [string], maxEntries: integer): [DictionaryEntryType]. See FileFieldFilterType and DictionaryEntryType.
files[File]yes A list of files used. See File.
FilterAlertmultipleyes A saved filter alert. The multiple datatype consists of (id: string): FilterAlert. See FilterAlert.
filterAlerts[FilterAlert]yes Saved filter alerts. See FilterAlert.
groups[Group]yes Groups with assigned roles. See Group.
hasPackageInstalledmultipleyes Determines whether package has been installed. The multiple datatype consists of (packageId: VersionedPackageSpecifier): boolean. VersionedPackageSpecifier is a scalar.
idstringyes The unique identifier of the view.
installedPackages[PackageInstallation]yes List packages installed on a specific view or repository See PackageInstallation.
interactions[ViewInteraction]yes All interactions defined for the view. See PackageInstallation.
isActionAllowedmultipleyes Determines whether current user is allowed to perform the given action on the view. The multiple datatype consists of (action: ViewAction): boolean. See ViewAction.
isFederatedbooleanyes Whether the view is Federated. This is a preview and subject to change.
isStarredbooleanyes Whether the view should be marked with a star.
nameRepoOrViewNameyes The name of the repository or view. RepoOrViewName is a scalar.
packageV2multipleyes Returns a specific version of a package given a package version. The multiple datatype consists of (packageId: VersionedPackageSpecifier): Package2. VersionedPackageSpecifier is a scalar. See Package2.
packageVersionsmultipleyes The available versions of a package. This is a preview and may be moved to Package2. The multiple datatype consists of (packageId: UnversionedPackageSpecifier): [RegistryPackageVersionInfo]. UnversionedPackageSpecifier is a scalar. See RegistryPackageVersionInfo.
permanentlyDeletedAtlong  The point in time the search domain will not be restorable anymore.
recentQueriesV2[RecentQuery]yes List of recent queries. See RecentQuery.
reposExcludedInSearchLimit[string]yes Repositories not part of the search limitation.
savedQueries[SavedQuery]yes A list of saved queries. See SavedQuery.
savedQuerymultipleyes A saved query. The multiple datatype consists of (id: string): SavedQuery. See SavedQuery.
scheduledReportmultipleyes Saved scheduled report. The multiple datatype consists of (id: string): ScheduledReport. See ScheduledReport.
scheduledReports[ScheduledReport]yes Saved scheduled reports See ScheduledReport.
ScheduledSearchmultipleyes A saved scheduled search. The multiple datatype consists of (id: string): ScheduledSearch. See ScheduledSearch.
scheduledSearches[ScheduledSearch]yes Saved scheduled searches. See ScheduledSearch.
searchLimitedMslong  Search limit in milliseconds, by which searches are limited.
starredFields[string]yes Fields marked with a star.
tags[string]yes All tags from all datasources.
users[User]yes Users who have access. See User.
usersAndGroupsmultiple  Users or groups who have access. The multiple datatype consists of (search: string, skip: integer, limit: integer): UsersAndGroupsSearchResultSet. See UsersAndGroupsSearchResultSet.
viewerQueryPrefixstringyes The query prefix prepended to each search in the domain.