updateDashboardToken()

API Stability	`Long-Term`

The updatedashboardtoken GraphQL mutation field may be used to update a dashboard token to run with a different ownership. It requires the OrganizationOwnedQueries permission to change the dashboard to run as an organization or to change a dashboard that already runs as an organization.

It's not possible to run the dashboard as another user than yourself.

For more information on access tokens of various types, see the Ingest Tokens documentation page. For information on dashboards, see the Dashboards & Widgets documentation page.

Syntax

Below is the syntax for the updateDashboardToken() mutation field:

graphql

updateDashboardToken(
     viewId: string!
     userId: string
     queryOwnershipType: string
     dashboardToken: string!
   ): View!

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
  updateDashboardToken(
      viewId: "X4aZ7KP4AeTvKkigOV3G1ZWy",
      userId: "Nvu1UOjRtlByBCeKY2K1kgP1",
      dashboardToken: "abc123"
  )
  { name }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateDashboardToken( ^
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\", ^
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\", ^
      dashboardToken: \"abc123\" ^
  ) ^
  { name } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "updateDashboardToken": {
      "name": "humio"
    }
  }
}

Returned Datatypes

The returned datatype View has many parameters. Below is a list of them along with a description of each:

Table: View

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Apr 2, 2025
`action`	multiple	yes	`Long-Term`	A saved action. The multiple datatype consists of (id: string): Action. The id is the unique identifier of the action. See `Action`.
`actions`	multiple	yes	`Long-Term`	A list of saved actions. The multiple datatype consists of (actionIds: [string]): [Action]. See `Action`.
`aggregateAlert`	multiple	yes	`Long-Term`	A saved aggregate alert. The multiple datatype consists of (id: string): AggregateAlert. See `AggregateAlert`.
`aggregateAlerts`	[`AggregateAlert`]	yes	`Long-Term`	Saved aggregate alerts. See `AggregateAlert`.
`alert`	multiple	yes	`Long-Term`	A saved alert. The multiple datatype consists of (id: string): Alert. See `Alert`.
`alerts`	[`Alert`]	yes	`Long-Term`	Saved alerts. See `Alert`.
`allowedViewActions`	[`ViewAction`]	yes	`Long-Term`	Returns the all actions the user is allowed to perform on the view. See `ViewAction`.
`automaticSearch`	boolean	yes	`Long-Term`	Whether the search is executed automatically.
`availablePackages`	multiple		`Long-Term`	Returns a list of available packages that can be installed. The multiple datatype consists of (filter: string, tags: [PackageTag!], categories: [string]): [PackageRegistrySearchResultItem]. PackageTag is a scalar. See `PackageRegistrySearchResultItem`.
`checkClusterConnections`	[`ClusterConnectionStatus`]	yes	`Short-Term`	Check all of this search domain's cluster connections. This is a preview and subject to change. See `ClusterConnectionStatus`.
`clusterConnection`	multiple	yes	`Short-Term`	A specific cluster connection. The multiple datatype consists of (id: string): ClusterConnection. See `ClusterConnection`.
`clusterConnections`	[`ClusterConnection`]	yes	`Short-Term`	The search domain's cluster connections. See `ClusterConnection`.
`connections`	[`ViewConnection`]	yes	`Long-Term`	The connections for the view. This is a preview and subject to change. See `ViewConnection`.
`crossOrgConnections`	[`CrossOrgViewConnection`]	yes	`Short-Term`	The connections for the cross organization connections (see `CrossOrgViewConnection` Table).
`dashboard`	multiple	yes	`Long-Term`	A saved dashboard. The multiple datatype consists of (id: string): Dashboard. See `Dashboard`.
`dashboards`	[`Dashboard`]	yes	`Long-Term`	Saved dashboards. See `Dashboard`.
`defaultQuery`	`savedQuery`		`Long-Term`	The default saved query. See `savedQuery`.
`deletedDate`	long		`Long-Term`	The point in time the search domain was marked for deletion.
`description`	string		`Long-Term`	A description of the view.
`fileFieldSearch`	multiple	yes	`Long-Term`	The fields to search in a given file. The multiple datatype consists of (fileName: string, fieldName: string, prefixFilter: string, valueFilters: [FileFieldFilterType], fieldsToInclude: [string], maxEntries: integer): [DictionaryEntryType]. See `FileFieldFilterType` and `DictionaryEntryType`.
`files`	[`File`]	yes	`Long-Term`	A list of files used. See `File`.
`filterAlert`	multiple	yes	`Long-Term`	A saved filter alert. The multiple datatype consists of (id: string): FilterAlert. See `FilterAlert`.
`filterAlerts`	[`FilterAlert`]	yes	`Long-Term`	Saved filter alerts. See `FilterAlert`.
`groups`	[`Group`]	yes	`Long-Term`	Groups with assigned roles. See `Group`.
`hasPackageInstalled`	multiple	yes	`Long-Term`	Determines whether package has been installed. The multiple datatype consists of (packageId: VersionedPackageSpecifier): boolean. VersionedPackageSpecifier is a scalar.
`id`	string	yes	`Long-Term`	The unique identifier of the view.
`installedPackages`	[`PackageInstallation`]	yes	`Long-Term`	List packages installed on a specific view or repository See `PackageInstallation`.
`interactions`	[`ViewInteraction`]	yes	`Long-Term`	All interactions defined for the view. See `ViewInteraction`.
`isActionAllowed`	multiple	yes	`Long-Term`	Determines whether current user is allowed to perform the given action on the view. The multiple datatype consists of (action: ViewAction): boolean. See `ViewAction`.
`isFederated`	boolean	yes	`Preview`	Whether the view is Federated. This is a preview and subject to change.
`isStarred`	boolean	yes	`Long-Term`	Whether the view should be marked with a star.
`name`	`RepoOrViewName`	yes	`Long-Term`	The name of the repository or view. RepoOrViewName is a scalar.
`packageV2`	multiple	yes	`Long-Term`	Returns a specific version of a package given a package version. The multiple datatype consists of `(packageId: VersionedPackageSpecifier): Package2`. `VersionedPackageSpecifier` is a scalar. See `Package2`.
`packageVersions`	multiple	yes	`Long-Term`	The available versions of a package. This is a preview and may be moved to Package2. The multiple datatype consists of `(packageId: UnversionedPackageSpecifier): [RegistryPackageVersionInfo]`. `UnversionedPackageSpecifier` is a scalar. See `RegistryPackageVersionInfo`.
`permanentlyDeletedAt`	long		`Long-Term`	The point in time the search domain will not be restorable anymore.
`recentQueriesV2`	[`RecentQuery`]	yes	`Long-Term`	List of recent queries. See `RecentQuery`.
`reposExcludedInSearchLimit`	[string]	yes	`Long-Term`	Repositories not part of the search limitation.
`resource`	string	yes	`Short-Term`	The resource identifier for the search domain.
`savedQueries`	[`savedQuery`]	yes	`Long-Term`	A list of saved queries. See `savedQuery`.
`savedQuery`	multiple	yes	`Long-Term`	A saved query. The multiple datatype consists of (id: string): SavedQuery. See `savedQuery`.
`scheduledReport`	multiple	yes	`Long-Term`	Saved scheduled report. The multiple datatype consists of (id: string): ScheduledReport. See `scheduledReport`.
`scheduledReports`	[`scheduledReport`]	yes	`Long-Term`	Saved scheduled reports See `scheduledReport`.
`scheduledSearch`	multiple	yes	`Long-Term`	A saved scheduled search. The multiple datatype consists of (id: string): ScheduledSearch. See `scheduledSearch`.
`scheduledSearches`	[`scheduledSearch`]	yes	`Long-Term`	Saved scheduled searches. See `scheduledSearch`.
`searchLimitedMs`	long		`Long-Term`	Search limit in milliseconds, by which searches are limited.
`starredFields`	[string]	yes	`Long-Term`	Fields marked with a star.
`tags`	[string]	yes	`Long-Term`	All tags from all datasources.
`users`	[`User`]	yes	`Long-Term`	Users who have access. See `User`.
`usersAndGroups`	multiple		`Long-Term`	Users or groups who have access. The multiple datatype consists of (search: string, skip: integer, limit: integer): UsersAndGroupsSearchResultSet. See `UsersAndGroupsSearchResultSet`.
`usersV2`	multiple		`Preview`	Search users with a given permission. The multiple datatype consists of (search: string, permissionFilter: Permission, skip: integer, limit: integer): Users!. See `users`.
`viewerQueryPrefix`	string	yes	`Long-Term`	The query prefix prepended to each search in the domain.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes