createWebhookAction()

API Stability	`Long-Term`

The createWebhookAction() GraphQL mutation may be used to create a webhook action in LogScale.

For more information on creating a Webhook action, see the Action Type: Webhooks documentation page. You may also want to look at the Actions page for related information.

Syntax

Below is the syntax for the createWebhookAction() mutation field:

graphql

createWebhookAction(
      input: CreateWebhookAction!
   ): WebhookAction!

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
  createWebhookAction(input:
        { name: "my-webhook-action",
          viewName: "humio",
          url: "https://webhook.company.com",
          method: "POST",
          headers: [ {header: "Content-Type", value: "application/json"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             """{"repository": "{repo_name}","timestamp": "{triggered_timestamp}",
                "alert": { "name": "{name}", "query": {"queryString": "{query_string}"} },
                "warnings": "{warnings}", 
                "events": {events}, 
                "numberOfEvents": {event_count} }""",
        } )
  { id }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createWebhookAction(input: ^
        { name: \"my-webhook-action\", ^
          viewName: \"humio\", ^
          url: \"https://webhook.company.com\", ^
          method: \"POST\", ^
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ], ^
          ignoreSSL: false, ^
          useProxy: false, ^
          bodyTemplate:  ^
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\", ^
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} }, ^
                \"warnings\": \"{warnings}\",  ^
                \"events\": {events},  ^
                \"numberOfEvents\": {event_count} }\"\"\", ^
        } ) ^
  { id } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "createWebhookAction": {
      "id": "ZUFq14KhgRAZiakZgzBTFFaLqbnixCJz"
    }
  }
}

Given Datatypes

createWebhookAction() has a few parameters that may be given. Below is a list of them, along with descriptions of each:

Table: CreateWebhookAction

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
`bodyTemplate`	string	yes	`Long-Term`	Body of the http(s) request. Can be templated with values from the result.
`headers`	[`HttpHeaderEntryInput`]	yes	`Long-Term`	Headers of the http(s) request. See `HttpHeaderEntryInput`.
`ignoreSSL`	boolean	yes	`Long-Term`	Flag indicating whether SSL should be ignored for the request.
`method`	string	yes	`Long-Term`	The method to use for the request.
`name`	string	yes	`Long-Term`	Name of the action.
`url`	string	yes	`Long-Term`	The URL where to send the http(s) request.
`useProxy`	boolean	yes	`Long-Term`	Defines whether the action should use the configured proxy to make web requests.
`viewName`	string	yes	`Long-Term`	Name of the view of the action.

Returned Datatypes

WebhookAction has several parameters. Below is a list of them, but you may only want to use id to confirm success.

Table: WebhookAction

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Apr 2, 2025
`allowedActions`	[`AssetAction`]	yes	`Preview`	A list of allowed asset actions. See `AssetAction`. This is a preview and subject to change.
`bodyTemplate`	string	yes	`Long-Term`	Body of the http and https request. Can be templated with values from the result.
`displayName`	string	yes	`Long-Term`	The display name of the action.
`headers`	[`HttpHeaderEntry`]	yes	`Long-Term`	Headers of the http and https requests. See `HttpHeaderEntry`.
`id`	string	yes	`Long-Term`	The unique identifier of the action.
`ignoreSSL`	boolean	yes	`Long-Term`	Whether SSL should be ignored for the request.
`isAllowedToRun`	boolean	yes	`Long-Term`	Set to false to disable this type of action for security reasons.
`method`	string	yes	`Long-Term`	Method to use for the request.
`name`	string	yes	`Long-Term`	The name of the action.
`package`	`PackageInstallation`	yes	`Long-Term`	The package, if there is one, of which the action is part. See `PackageInstallation`.
`packageId`	`VersionedPackageSpecifier`		`Long-Term`	The unique identifier of the package. See `VersionedPackageSpecifier`.
`requiresOrganizationOwnedQueriesPermissionToEdit`	boolean	yes	`Long-Term`	This should be set to true if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. See `Permission`.
`resource`	string	yes	`Short-Term`	The resource identifier for the action.
`url`	string	yes	`Long-Term`	The URL where to send http and https requests.
`useProxy`	boolean	yes	`Long-Term`	Whether the action should use the configured proxy to make web requests.
`yamlTemplate`	`yaml`	yes	`Long-Term`	A template that can be used to recreate the action.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes