createWebhookAction()

The createWebhookAction() GraphQL mutation may be used to create a webhook action in LogScale.

For more information on creating a Webhook action, see the Action Type: Webhooks documentation page. You may also want to look at the Actions page for related information.

Syntax

Below is the syntax for the createWebhookAction() mutation field:

graphql

createWebhookAction(
      input: CreateWebhookAction!
   ): WebhookAction!

Below is an example of how this mutation field might be used:

Raw

graphql

mutation {
  createWebhookAction(input:
        { name: "my-webhook-action",
          viewName: "humio",
          url: "https://webhook.company.com",
          method: "POST",
          headers: [ {header: "Content-Type", value: "application/json"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             """{"repository": "{repo_name}","timestamp": "{triggered_timestamp}",
                "alert": { "name": "{name}", "query": {"queryString": "{query_string}"} },
                "warnings": "{warnings}", 
                "events": {events}, 
                "numberOfEvents": {event_count} }""",
        } )
  { id }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createWebhookAction(input: ^
        { name: \"my-webhook-action\", ^
          viewName: \"humio\", ^
          url: \"https://webhook.company.com\", ^
          method: \"POST\", ^
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ], ^
          ignoreSSL: false, ^
          useProxy: false, ^
          bodyTemplate:  ^
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\", ^
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} }, ^
                \"warnings\": \"{warnings}\",  ^
                \"events\": {events},  ^
                \"numberOfEvents\": {event_count} }\"\"\", ^
        } ) ^
  { id } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "createWebhookAction": {
      "id": "ZUFq14KhgRAZiakZgzBTFFaLqbnixCJz"
    }
  }
}

Given Datatypes

createWebhookAction has a few parameters that may be given. Below is a list of them, along with descriptions of each:

Table: CreateWebhookAction

Parameter	Type	Required	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 17, 2024
`bodyTemplate`	string	yes	Body of the http(s) request. Can be templated with values from the result.
`headers`	[`HttpHeaderEntryInput`]	yes	Headers of the http(s) request. See `HttpHeaderEntryInput`.
`ignoreSSL`	boolean	yes	Flag indicating whether SSL should be ignored for the request.
`method`	string	yes	The method to use for the request.
`name`	string	yes	Name of the action.
`url`	string	yes	The URL where to send the http(s) request.
`useProxy`	boolean	yes	Defines whether the action should use the configured proxy to make web requests.
`viewName`	string	yes	Name of the view of the action.

Returned Datatypes

WebhookAction has several parameters. Below is a list of them, but you may only want to use id to confirm success.

Table: WebhookAction

Parameter	Type	Required	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
`allowedActions`	[`AssetAction`]	yes	A list of allowed asset actions. See `AssetAction`. This is a preview and subject to change.
`bodyTemplate`	string	yes	Body of the http and https request. Can be templated with values from the result.
`displayName`	string	yes	The display name of the action.
`headers`	[`HttpHeaderEntry`]	yes	Headers of the http and https requests. See `HttpHeaderEntry`.
`id`	string	yes	The unique identifier of the action.
`ignoreSSL`	boolean	yes	Whether SSL should be ignored for the request.
`method`	string	yes	Method to use for the request.
`name`	string	yes	The name of the action.
`package`	`PackageInstallation`	yes	The package, if there is one, of which the action is part. See `PackageInstallation`.
`packageId`	`VersionedPackageSpecifier`		The unique identifier of the package. See `VersionedPackageSpecifier`.
`requiresOrganizationOwnedQueriesPermissionToEdit`	boolean	yes	This should be set to true if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. See `Permission`.
`url`	string	yes	The URL where to send http and https requests.
`useProxy`	boolean	yes	Whether the action should use the configured proxy to make web requests.
`webhookaction`	boolean	yes	Whether the action is allowed to run. Should be false if this type of action is disabled because of a security policy.
`yamlTemplate`	`yaml`	yes	A template that can be used to recreate the action.

GraphQL Mutation Fields

GraphQL Queries

GraphQL Datatypes