redactEvents()

The redactEvents() GraphQL mutation is used to redact events matching a certain query within a certain time interval. It returns the identifier of the submitted redaction task.

For more information on creating views to redact data, see the Creating a Repository or View documentation page. You may also want to look at General Settings for related information.

Syntax

Below is the syntax for the redactEvents() mutation field:

redactEvents(input: RedactEventsInputType!): string!

For example:

Raw

graphql

mutation {
  redactEvents(
    input: {
      repositoryName: "humio"
      start: "2021-09-17T03:00:00.000Z"
      end: "2021-09-17T03:15:00.000Z"
      query: "password=*"
    }
  )
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  redactEvents( ^
    input: { ^
      repositoryName: \"humio\" ^
      start: \"2021-09-17T03:00:00.000Z\" ^
      end: \"2021-09-17T03:15:00.000Z\" ^
      query: \"password=*\" ^
    } ^
  ) ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}'
"$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;
my $TOKEN = "TOKEN";
my $uri = '$YOUR_LOGSCALE_URL/graphql';
my $json = '{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  redactEvents(
    input: {
      repositoryName: \"humio\"
      start: \"2021-09-17T03:00:00.000Z\"
      end: \"2021-09-17T03:15:00.000Z\"
      query: \"password=*\"
    }
  )
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

The mutation will return the ID of the submitted redaction task:

json

{
   "data" : {
      "redactEvents" : "e4G6TWjXVxbNyF5hDLrvBJAV"
   }
}

Given Datatypes

For the given datatype, RedactEventsInputType, there are several parameters that may be given. Below is a list of them along with their datatypes and a description of each:

Table: RedactEventsInputType

Parameter	Type	Required^[a]	Description
`repositoryName`	string	yes	The name of the repository in which to redact events.
`start`	datetime	yes	The start of the interval from which to perform redactions.
`end`	datetime	yes	The end of the interval in which to perform redactions.
`query`	string	yes	The query to use for redaction. Any event returned by this query will be removed.
`userMessage`	string		Optional message to log in the audit log for this action.
^[a]Some arguments may be required, as indicated in this column. For some fields, this column indicates that a result will always be returned for it.

LogScale GraphQL Reference

GraphQL Queries

GraphQL Mutation Fields

GraphQL Datatypes

redactEvents()

Syntax

Given Datatypes

Enter search term