API Stability Long-Term

The createView() GraphQL mutation may be used to create a view in LogScale.

For more information on creating a view, see the Creating a Repository or View documentation page. You may also want to look at the Manage Repositories & Views and Views pages for related information.

Syntax

Below is the syntax for the createView() mutation field:

graphql
createView(
      name: string!
      description: string
      connections: [ViewConnectionInput],
      federatedViews: [string], 
      isFederated: boolean
   ): View!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createView(
        name: "vh-view",
        description: "V-Host View",
        connections: [ { repositoryName: "humio", filter: "#vhost" } ]
       )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createView( ^
        name: \"vh-view\", ^
        description: \"V-Host View\", ^
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ] ^
       ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createView(
        name: \"vh-view\",
        description: \"V-Host View\",
        connections: [ { repositoryName: \"humio\", filter: \"#vhost\" } ]
       )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createView": {
      "id": "Cs76jTr06N3oO5BdhGyUFbhe"
    }
  }
}

Given Datatypes

For the given datatype, ViewConnectionInput, there only a few parameters that may be given. Below is a list of them:

Table: ViewConnectionInput

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 28, 2025
filterstringyes Long-TermThe filter applied to all results from the repository.
languageVersionLanguageVersionEnum legacyLong-TermThe version of human language to use. See LanguageVersionEnum.
repositoryNamestringyes Long-TermThe name of the connected repository.

Returned Datatypes

The returned datatype View has many parameters. Below is a list of them along with their datatypes and a description of each:

Table: View

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Aug 21, 2025
action(id: string): Actionmultipleyes Long-TermA saved action. The id is the unique identifier of the action. See Action.
actions(actionIds: [string]): [Action]multipleyes Long-TermA list of saved actions. See Action.
aggregateAlert(id: string): AggregateAlertmultipleyes Long-TermA saved aggregate alert. See AggregateAlert.
aggregateAlerts[AggregateAlert]yes Long-TermSaved aggregate alerts. See AggregateAlert.
alert(id: string): Alertmultipleyes Long-TermA saved alert. See Alert.
alerts[Alert]yes Long-TermSaved alerts. See Alert.
allowedViewActions[ViewAction]yes Long-TermReturns the all actions the user is allowed to perform on the view. See ViewAction.
automaticSearchbooleanyes Long-TermWhether the search is executed automatically.
availablePackages(filter: string, tags: [PackageTag], categories: [string]): [PackageRegistrySearchResultItem]multiple  Long-TermReturns a list of available packages that can be installed. PackageTag is a scalar. See PackageRegistrySearchResultItem.
checkClusterConnections[ClusterConnectionStatus]yes Short-TermCheck all of this search domain's cluster connections. This is a preview and subject to change. See ClusterConnectionStatus.
clusterConnection(id: string): ClusterConnectionmultipleyes Short-TermA specific cluster connection. See ClusterConnection.
clusterConnections[ClusterConnection]yes Short-TermThe search domain's cluster connections. See ClusterConnection.
connections[ViewConnection]yes Long-TermThe connections for the view. This is a preview and subject to change. See ViewConnection.
crossOrgConnections[CrossOrgViewConnection]yes Short-TermThe connections for the cross organization connections (see CrossOrgViewConnection Table).
dashboard(id: string): Dashboardmultipleyes Long-TermA saved dashboard. See Dashboard.
dashboards[Dashboard]yes Long-TermSaved dashboards. See Dashboard.
defaultQuerySavedQuery  Long-TermThe default saved query. See SavedQuery.
deletedDatelong  Long-TermThe point in time the search domain was marked for deletion.
descriptionstring  Long-TermA description of the view.
fileFieldSearch(fileName: string, fieldName: string, prefixFilter: string, valueFilters: [FileFieldFilterType], fieldsToInclude: [string], maxEntries: integer): [DictionaryEntryType]multipleyes Long-TermThe fields to search in a given file. See FileFieldFilterType and DictionaryEntryType.
files[File]yes Long-TermA list of files used. See File.
filterAlert(id: string): FilterAlertmultipleyes Long-TermA saved filter alert. See FilterAlert.
filterAlerts[FilterAlert]yes Long-TermSaved filter alerts. See FilterAlert.
groups[Group]yes Long-TermGroups with assigned roles. See Group.
hasPackageInstalled(packageId: VersionedPackageSpecifier): booleanmultipleyes Long-TermDetermines whether package has been installed. VersionedPackageSpecifier is a scalar.
idstringyes Long-TermThe unique identifier of the view.
installedPackages[PackageInstallation]yes Long-TermList packages installed on a specific view or repository See PackageInstallation.
interactions[ViewInteraction]yes Long-TermAll interactions defined for the view. See ViewInteraction.
isActionAllowed(action: ViewAction): booleanmultipleyes Long-TermDetermines whether current user is allowed to perform the given action on the view. See ViewAction.
isFederatedbooleanyes PreviewWhether the view is Federated. This is a preview and subject to change.
isStarredbooleanyes Long-TermWhether the view should be marked with a star.
nameRepoOrViewNameyes Long-TermThe name of the repository or view. RepoOrViewName is a scalar.
packageV2(packageId: VersionedPackageSpecifier): Package2multipleyes Long-TermReturns a specific version of a package given a package version. VersionedPackageSpecifier is a scalar. See Package2.
packageVersions(packageId: UnversionedPackageSpecifier): [RegistryPackageVersionInfo]multipleyes Long-TermThe available versions of a package. UnversionedPackageSpecifier is a scalar. See RegistryPackageVersionInfo.
permanentlyDeletedAtlong  Long-TermThe point in time the search domain will not be restorable anymore.
recentQueriesV2[RecentQuery]yes Long-TermList of recent queries. See RecentQuery.
reposExcludedInSearchLimit[string]yes Long-TermRepositories not part of the search limitation.
resourcestringyes Short-TermThe resource identifier for the search domain.
savedQueries[SavedQuery]yes Long-TermA list of saved queries. See SavedQuery.
savedQuery(id: string): SavedQuerymultipleyes Long-TermA saved query. See SavedQuery.
scheduledReport(id: string): ScheduledReportmultipleyes Long-TermSaved scheduled report. See ScheduledReport.
scheduledReports[ScheduledReport]yes Long-TermSaved scheduled reports See ScheduledReport.
scheduledSearch(id: string): ScheduledSearchmultipleyes Long-TermA saved scheduled search. See ScheduledSearch.
scheduledSearches[ScheduledSearch]yes Long-TermSaved scheduled searches. See ScheduledSearch.
searchLimitedMslong  Long-TermSearch limit in milliseconds, by which searches are limited.
starredFields[string]yes Long-TermFields marked with a star.
tags[string]yes Long-TermAll tags from all datasources.
users[User]yes Long-TermUsers who have access. See User.
usersAndGroups(search: string, skip: integer, limit: integer): UsersAndGroupsSearchResultSetmultiple  Long-TermUsers or groups who have access. See UsersAndGroupsSearchResultSet.
usersV2(search: string, permissionFilter: Permission, skip: integer, limit: integer): Usersmultiple  PreviewSearch users with a given permission. See Users.
viewerQueryPrefixstringyes Long-TermThe query prefix prepended to each search in the domain.