API Stability Long-Term

The updateAlert() GraphQL mutation may be used to update an alert in LogScale.

For more information on alerts, see the Triggers documentation page.

Syntax

Below is the syntax for the updateAlert() mutation field:

graphql
updateAlert(
     input: UpdateAlert!
   ): Alert!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  updateAlert( input:
    {
      viewName: "humio",
      id: "abc123",
      name: "my-alert",
      queryString: "#kind=threaddumps | NOT \"(Native Method)\" | top(humioLine)",
      queryStart: "1day",
      throttleTimeMillis: 1000,
      actions: [ "wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s" ],
      labels: [ "admin" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateAlert( input: ^
    { ^
      viewName: \"humio\", ^
      id: \"abc123\", ^
      name: \"my-alert\", ^
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\", ^
      queryStart: \"1day\", ^
      throttleTimeMillis: 1000, ^
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ], ^
      labels: [ \"admin\" ], ^
      enabled: false, ^
      queryOwnershipType: User ^
    } ^
  ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateAlert( input:
    {
      viewName: \"humio\",
      id: \"abc123\",
      name: \"my-alert\",
      queryString: \"#kind=threaddumps | NOT \\"(Native Method)\\" | top(humioLine)\",
      queryStart: \"1day\",
      throttleTimeMillis: 1000,
      actions: [ \"wCU3ut8sXgVK7fW4wKkSwtdfHWlfkt0s\" ],
      labels: [ \"admin\" ],
      enabled: false,
      queryOwnershipType: User
    }
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "updateAlert": {
    "id": "abc123"
    }
  }
}

Given Datatypes

For UpdateAlert, there are several parameters that may be given. Below is a list of them along with a description of each:

Table: UpdateAlert

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
actions[string]yes  List of unique identifiers for actions to fire on query result.
descriptionstring   A description of the alert.
enabledbooleanyes  A flag indicating whether the alert is enabled.
idstringyes  The unique identifier of the alert.
labels[string]yes  Labels attached to the alert.
namestringyes  The name of the alert.
queryOwnershipTypeQueryOwnershipTypeyes  The ownership of the query run by this alert. If value is User, ownership will be based on the runAsUserId field. See QueryOwnershipType.
queryStartstringyes  The start of the relative time interval for the query.
queryStringstringyes  The LogScale query to execute.
runAsUserIdstring   The alert will run with the permissions of the user corresponding to this id if the queryOwnershipType field is set to User. If the queryOwnershipType is set to Organization, whilst runAsUserId is set, this will result in an error. If not specified, the alert will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user ID different from the calling user.
throttleFieldstring   The field on which to throttle.
throttleTimeMillislongyes  Throttle time in milliseconds.
viewNamestringyes  The name of the view of the alert.

Returned Datatypes

The returned datatype Alert has several parameters. Below is a list of them along with a description of each:

Table: Alert

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
actionsstringyes  List of identifiers for actions to fire on query result.
actionsV2[Action]yes  List of unique identifiers for actions to fire on query result. See Action.
allowedActions[AssetAction]yes  List of allowed actions. The is a preview; it may be changed. See AssetAction.
assetTypeAssetTypeyes  

The type of asset from an enumerated list. See AssetType.

This parameter has been deprecated and will be removed in version 1.136 of LogScale.

descriptionstring   Description of alert.
displayNamestringyes  Name of the alert.
enabledbooleanyes  Flag indicating whether the alert is enabled.
idstringyes  The identifier of the alert.
isStarredbooleanyes  

Whether the calling user has starred the alert.

This has been deprecated and is no longer in use and has no effect. It will be removed in version 1.213.

labels[string]yes  Labels attached to the alert.
lastErrorstring   Last error encountered while running the alert.
lastWarnings[string]yes  Last warnings encountered while running the alert.
namestringyes  The name of the alert.
packagePackageInstallation   A package installation. See PackageInstallation.
packageIdVersionedPackageSpecifier   The unique identifier of the package installed, if one was used. VersionedPackageSpecifier is a scalar.
queryOwnershipQueryOwnershipyes  Ownership of the query run by the alert. See QueryOwnership.
queryStartstringyes  Start of the relative time interval for the query.
queryStringstringyes  LogScale query to execute.
runAsUserUser   Identifier of user by which the alert is run. See User.
throttleFieldstring   Field on which to throttle alert.
throttleTimeMillislongyes  Throttle time in milliseconds.
timeOfLastTriggerlong   UNIX timestamp for when the alert was last triggered.
yamlTemplatestringyes  A YAML formatted string that describes the alert.