API Stability Long-Term

The redactEvents() GraphQL mutation is used to redact events matching a certain query within a certain time interval. It returns the identifier of the submitted redaction task.

For more information on creating views to redact data, see the Creating a Repository or View documentation page. You may also want to look at General Settings for related information.

Syntax

Below is the syntax for the redactEvents() mutation field:

graphql
redactEvents(
     input: RedactEventsInputType!
   ): string

There are no special returned datatypes for this mutation field. Below is an example of how it might be used:

Raw
graphql
mutation {
  redactEvents(
    input: {
      repositoryName: "humio",
      start: "2025-11-12T03:00:00.000Z",
      end: "2025-11-12T03:15:00.000Z",
      query: "password=*",
      userMessage: "Hiding Passwords"
    }
  )
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  redactEvents( ^
    input: { ^
      repositoryName: \"humio\", ^
      start: \"2025-11-12T03:00:00.000Z\", ^
      end: \"2025-11-12T03:15:00.000Z\", ^
      query: \"password=*\", ^
      userMessage: \"Hiding Passwords\" ^
    } ^
  ) ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\",
      start: \"2025-11-12T03:00:00.000Z\",
      end: \"2025-11-12T03:15:00.000Z\",
      query: \"password=*\",
      userMessage: \"Hiding Passwords\"
    }
  )
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "redactEvents": "N8M03lslv8UxWSlCzNmyASN1"
  }
}

Given Datatypes

For RedactEventsInputType, there are several parameters. Below is a list of them along with a description of each:

Table: RedactEventsInputType

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 19, 2024
enddatetimeyes Long-TermThe end of the interval in which to perform redactions.
querystringyes Long-TermThe query to use for redaction. Any event returned by this query will be removed.
repositoryNamestringyes Long-TermThe name of the repository in which to redact events.
startdatetimeyes Long-TermThe start of the interval from which to perform redactions.
userMessagestring  Long-TermOptional message to log in the audit log for this action.