Summary

The redactEvents() GraphQL mutation is used to redact events matching a certain query within a certain time interval. It returns the identifier of the submitted redaction task.

API Stability Long-Term

Syntax

graphql
redactEvents(
     input: RedactEventsInputType!
   ): string

For the input, you'd give the name of the repository to redact events, the query to use, and when to start and end redactions. See the Input Parameters section for details.

For the results, it returns the identifier of the submitted redaction task.

Example

Raw
graphql
mutation {
  redactEvents(
    input: {
      repositoryName: "humio",
      start: "2025-11-12T03:00:00.000Z",
      end: "2025-11-12T03:15:00.000Z",
      query: "password=*",
      userMessage: "Hiding Passwords"
    }
  )
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  redactEvents( ^
    input: { ^
      repositoryName: \"humio\", ^
      start: \"2025-11-12T03:00:00.000Z\", ^
      end: \"2025-11-12T03:15:00.000Z\", ^
      query: \"password=*\", ^
      userMessage: \"Hiding Passwords\" ^
    } ^
  ) ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "redactEvents": "abc123"
  }
}

Input Parameters

For the input, you'll have to give the name of the repository in which to redact events, the query to use, and when to start and end redactions. The table here provides more information:

Table: RedactEventsInputType Input Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 19, 2024
enddatetimeyes Long-TermThe end of the interval in which to perform redactions.
querystringyes Long-TermThe query to use for redaction. Any event returned by this query will be removed.
repositoryNamestringyes Long-TermThe name of the repository in which to redact events.
startdatetimeyes Long-TermThe start of the interval from which to perform redactions.
userMessagestring  Long-TermOptional message to log in the audit log for this action.