createWebhookAction()

Summary

The createWebhookAction() GraphQL mutation may be used to create a webhook action in LogScale.

To test a Webhook action, there is the testWebhookAction() mutation. You can use the updateWebhookAction() to update one and the deleteActionV2() to delete an action. You can add labels to actions with the addActionLabels() mutation.

Hide Query Example

Show Webhook Actions Query

To get a list of Webhook actions, you could use the repository() query like so:

graphql

query {
     repository(name: "humio")
        { id, name,
          actions { id, name, 
                    ... on WebhookAction { id, name } }
          }
   }

For more information on creating a Webhook action, see the Action Type: Webhooks documentation page. You may also want to look at the Actions page for related information.

API Stability	`Long-Term`
Security Requirement & Control	`CreateActions` API permission

Syntax

graphql

createWebhookAction(
      input: CreateWebhookAction!
   ): WebhookAction!

For the input, you'll have to give the name of the view, the URL where to send requests, the headers, etc. See the Input Parameters section for details.

For the results, you can get plenty on the action. See the Returned Values section for what's available.

Example

Raw

graphql

mutation {
  createWebhookAction(input:
        { name: "my-webhook-action",
          viewName: "humio",
          url: "https://webhook.company.com",
          method: "POST",
          headers: [ {header: "Content-Type", value: "application/json"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             """{"repository": "{repo_name}","timestamp": "{triggered_timestamp}",
                "alert": { "name": "{name}", "query": {"queryString": "{query_string}"} },
                "warnings": "{warnings}", 
                "events": {events}, 
                "numberOfEvents": {event_count} }""",
        } )
  { id }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createWebhookAction(input: ^
        { name: \"my-webhook-action\", ^
          viewName: \"humio\", ^
          url: \"https://webhook.company.com\", ^
          method: \"POST\", ^
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ], ^
          ignoreSSL: false, ^
          useProxy: false, ^
          bodyTemplate:  ^
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\", ^
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} }, ^
                \"warnings\": \"{warnings}\",  ^
                \"events\": {events},  ^
                \"numberOfEvents\": {event_count} }\"\"\", ^
        } ) ^
  { id } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createWebhookAction(input:
        { name: \"my-webhook-action\",
          viewName: \"humio\",
          url: \"https://webhook.company.com\",
          method: \"POST\",
          headers: [ {header: \"Content-Type\", value: \"application/json\"} ],
          ignoreSSL: false,
          useProxy: false,
          bodyTemplate: 
             \"\"\"{\"repository\": \"{repo_name}\",\"timestamp\": \"{triggered_timestamp}\",
                \"alert\": { \"name\": \"{name}\", \"query\": {\"queryString\": \"{query_string}\"} },
                \"warnings\": \"{warnings}\", 
                \"events\": {events}, 
                \"numberOfEvents\": {event_count} }\"\"\",
        } )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "createWebhookAction": {
      "id": "abc123"
    }
  }
}

Input Parameters

For the input, you would provide the name of the view associated with the action to create, the URL where to send requests, the headers, and some other parameters. These are listed and explained in the table below:

Table: CreateWebhookAction Input Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2024
bodyTemplate	string	yes	`Long-Term`	Body of the http(s) request. Can be templated with values from the result.
headers	[HttpHeaderEntryInput]	yes	`Long-Term`	Headers of the http(s) request. See HttpHeaderEntryInput.
ignoreSSL	boolean	yes	`Long-Term`	Flag indicating whether SSL should be ignored for the request.
method	string	yes	`Long-Term`	The method to use for the request.
name	string	yes	`Long-Term`	Name of the action.
url	string	yes	`Long-Term`	The URL where to send the http(s) request.
useProxy	boolean	yes	`Long-Term`	Defines whether the action should use the configured proxy to make web requests.
viewName	string	yes	`Long-Term`	Name of the view of the action.

Returned Values

For the results, you can get the URL where to send the http(s) request, a YAML template for recreating the action, when the action was created and modified last and by whom, and other items. Of course, having just created the action using this mutation, you'll probably know all of this. For anything you don't know, check the table below:

Table: WebhookAction Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2025
allowedActions	[AssetAction]	yes	`Short-Term`	A list of allowed asset actions. See AssetAction. This is a preview and subject to change.
bodyTemplate	string	yes	`Long-Term`	Body of the http and https request. Can be templated with values from the result.
createdInfo	AssetCommitMetadata		`Long-Term`	Metadata related to the creation of the action. See AssetCommitMetadata.
displayName	string	yes	`Long-Term`	The display name of the action.
headers	[HttpHeaderEntry]	yes	`Long-Term`	Headers of the http and https requests. See HttpHeaderEntry.
id	string	yes	`Long-Term`	The unique identifier of the action.
ignoreSSL	boolean	yes	`Long-Term`	Whether SSL should be ignored for the request.
isAllowedToRun	boolean	yes	`Long-Term`	Set to false to disable this type of action for security reasons.
labels	[string]	yes	`Preview`	Labels associated with the action.
method	string	yes	`Long-Term`	Method to use for the request.
modifiedInfo	AssetCommitMetadata		`Long-Term`	Metadata related to the latest modification of the action. See AssetCommitMetadata.
name	string	yes	`Long-Term`	The name of the action.
package	PackageInstallation	yes	`Long-Term`	The package, if there is one, of which the action is part. See PackageInstallation.
packageId	VersionedPackageSpecifier		`Long-Term`	The unique identifier of the package. VersionedPackageSpecifier is a scalar.
requiresOrganizationOwnedQueriesPermissionToEdit	boolean	yes	`Long-Term`	This should be set to true if this action is used by triggers, where the query is run by the organization. If true, then the OrganizationOwnedQueries permission is required to edit the action. See Permission.
resource	string	yes	`Short-Term`	The resource identifier for the action.
url	string	yes	`Long-Term`	The URL where to send http and https requests.
useProxy	boolean	yes	`Long-Term`	Whether the action should use the configured proxy to make web requests.
yamlTemplate	YAML	yes	`Long-Term`	A template that can be used to recreate the action. YAML is a scalar.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes