The redactEvents() GraphQL mutation is used to redact events matching a certain query within a certain time interval. It returns the identifier of the submitted redaction task.

For more information on creating views to redact data, see the Creating a Repository or View documentation page. You may also want to look at General Settings for related information.

Syntax

Below is the syntax for the redactEvents() mutation field:

redactEvents(input: RedactEventsInputType!): string!

For example:

Raw
graphql
mutation {
  redactEvents(
    input: {
      repositoryName: "humio"
      start: "2021-09-17T03:00:00.000Z"
      end: "2021-09-17T03:15:00.000Z"
      query: "password=*"
    }
  )
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json"
Windows Cmd and curl
cmd
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  redactEvents( ^
    input: { ^
      repositoryName: \"humio\" ^
      start: \"2021-09-17T03:00:00.000Z\" ^
      end: \"2021-09-17T03:15:00.000Z\" ^
      query: \"password=*\" ^
    } ^
  ) ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;
my $TOKEN = "TOKEN";
my $uri = '$YOUR_LOGSCALE_URL/graphql';
my $json = '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

The mutation will return the ID of the submitted redaction task:

json
{
   "data" : {
      "redactEvents" : "e4G6TWjXVxbNyF5hDLrvBJAV"
   }
}

Given Datatypes

For the given datatype, RedactEventsInputType, there are several parameters that may be given. Below is a list of them along with their datatypes and a description of each:

Table: RedactEventsInputType

ParameterTypeRequired[a]DefaultDescription
repositoryNamestringyes The name of the repository in which to redact events.
startdatetimeyes The start of the interval from which to perform redactions.
enddatetimeyes The end of the interval in which to perform redactions.
querystringyes The query to use for redaction. Any event returned by this query will be removed.
userMessagestring  Optional message to log in the audit log for this action.

[a] Some arguments may be required, as indicated in this column. For some fields, this column indicates that a result will always be returned for it.