| API Stability |
Long-Term
|
The updateAlert() GraphQL mutation may be used to update an alert in LogScale.
For more information on alerts, see the Triggers documentation page.
Syntax
Below is the syntax for the updateAlert() mutation field:
graphql
updateAlert(
input: UpdateAlert!
): Alert!Below is an example of how this mutation field might be used:
graphql
mutation {
updateAlert( input:
{
viewName: "humio",
id: "abc123",
name: "my-alert",
queryString: "#kind=threaddumps | NOT \"(Native Method)\" | top(humioLine)",
queryStart: "1day",
throttleTimeMillis: 1000,
actions: [ "wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s" ],
labels: [ "admin" ],
enabled: false,
queryOwnershipType: User
}
)
{ id }
}json
{
"updateAlert": {
"id": "abc123"
}
}
}Given Datatypes
For UpdateAlert, there are several parameters that may be given. Below is a list of them along with a description of each:
Table: UpdateAlert
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 28, 2025 | |||||
actions | [string] | yes | Long-Term | List of unique identifiers for actions to fire on query result. | |
description | string | Long-Term | A description of the alert. | ||
enabled | boolean | yes | Long-Term | A flag indicating whether the alert is enabled. | |
id | string | yes | Long-Term | The unique identifier of the alert. | |
labels | [string] | yes | Long-Term | Labels attached to the alert. | |
name | string | yes | Long-Term | The name of the alert. | |
queryOwnershipType | QueryOwnershipType | yes | User | Long-Term | The ownership of the query run by this alert. If value is User, ownership will be based on the runAsUserId field. See QueryOwnershipType. |
queryStart | string | yes | Long-Term | The start of the relative time interval for the query. | |
queryString | string | yes | Long-Term | The LogScale query to execute. | |
runAsUserId | string | Long-Term | The alert will run with the permissions of the user corresponding to this id if the queryOwnershipType field is set to User. If the queryOwnershipType is set to Organization, whilst runAsUserId is set, this will result in an error. If not specified, the alert will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user ID different from the calling user. | ||
throttleField | string | Long-Term | The field on which to throttle. | ||
throttleTimeMillis | long | yes | Long-Term | Throttle time in milliseconds. | |
viewName | string | yes | Long-Term | The name of the view of the alert. | |
Returned Datatypes
The returned datatype Alert has several parameters. Below is a list of them along with a description of each:
Table: Alert
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 28, 2025 | |||||
actions | string | yes | Long-Term | List of identifiers for actions to fire on query result. | |
actionsV2 | [Action] | yes | Long-Term | List of unique identifiers for actions to fire on query result. See Action. | |
allowedActions | [AssetAction] | yes | Preview | List of allowed actions. The is a preview; it may be changed. See AssetAction. | |
description | string | Long-Term | Description of alert. | ||
displayName | string | yes | Long-Term | Name of the alert. | |
enabled | boolean | yes | Long-Term | Flag indicating whether the alert is enabled. | |
id | string | yes | Long-Term | The identifier of the alert. | |
isStarred | boolean | yes | Long-Term | Whether the calling user has starred the alert. This has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213. | |
labels | [string] | yes | Long-Term | Labels attached to the alert. | |
lastError | string | Long-Term | Last error encountered while running the alert. | ||
lastWarnings | [string] | yes | Long-Term | Last warnings encountered while running the alert. | |
name | string | yes | Long-Term | The name of the alert. | |
package | PackageInstallation | Long-Term | A package installation. See PackageInstallation. | ||
packageId | VersionedPackageSpecifier | Long-Term | The unique identifier of the package installed, if one was used. VersionedPackageSpecifier is a scalar. | ||
queryOwnership | QueryOwnership | yes | Long-Term | Ownership of the query run by the alert. See QueryOwnership. | |
queryStart | string | yes | Long-Term | Start of the relative time interval for the query. | |
queryString | string | yes | Long-Term | LogScale query to execute. | |
resource | string | yes | Short-Term | The resource identifier for the alert. | |
runAsUser | User | Long-Term | Identifier of user by which the alert is run. See User. | ||
throttleField | string | Long-Term | Field on which to throttle alert. | ||
throttleTimeMillis | long | yes | Long-Term | Throttle time in milliseconds. | |
timeOfLastTrigger | long | Long-Term | UNIX timestamp for when the alert was last triggered. | ||
yamlTemplate | string | yes | Long-Term | A YAML formatted string that describes the alert. | |