API Stability Long-Term

The updateDashboardToken GraphQL mutation field may be used to update a dashboard token to run with a different ownership. It requires the OrganizationOwnedQueries permission to change the dashboard to run as an organization or to change a dashboard that already runs as an organization.

It's not possible to run the dashboard as another user than yourself.

For more information on access tokens of various types, see the Ingest Tokens documentation page. For information on dashboards, see the Dashboards documentation page.

Syntax

Below is the syntax for the updateDashboardToken() mutation field:

graphql
updateDashboardToken(
     viewId: string!,
     userId: string,
     queryOwnershipType: string,
     dashboardToken: string!
   ): View!

There are no special given datatypes for this mutation field. Below is an example of how it might be used:

Raw
graphql
mutation {
  updateDashboardToken(
      viewId: "X4aZ7KP4AeTvKkigOV3G1ZWy",
      userId: "Nvu1UOjRtlByBCeKY2K1kgP1",
      dashboardToken: "abc123"
  )
  { name }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateDashboardToken( ^
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\", ^
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\", ^
      dashboardToken: \"abc123\" ^
  ) ^
  { name } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateDashboardToken(
      viewId: \"X4aZ7KP4AeTvKkigOV3G1ZWy\",
      userId: \"Nvu1UOjRtlByBCeKY2K1kgP1\",
      dashboardToken: \"abc123\"
  )
  { name }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "updateDashboardToken": {
      "name": "humio"
    }
  }
}

Returned Datatypes

The returned datatype View has many parameters. Below is a list of them along with a description of each:

Table: View

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 11, 2025
action(id: string): Actionmultipleyes Long-TermA saved action. The id is the unique identifier of the action. See Action.
actions(actionIds: [string]): [Action]multipleyes Long-TermA list of saved actions. See Action.
aggregateAlert(id: string): AggregateAlertmultipleyes Long-TermA saved aggregate alert. See AggregateAlert.
aggregateAlerts[AggregateAlert]yes Long-TermSaved aggregate alerts. See AggregateAlert.
alert(id: string): Alertmultipleyes Long-TermA saved alert. See Alert.
alerts[Alert]yes Long-TermSaved alerts. See Alert.
allowedViewActions[ViewAction]yes Long-TermReturns the all actions the user is allowed to perform on the view. See ViewAction.
automaticSearchbooleanyes Long-TermWhether the search is executed automatically.
availablePackages(filter: string, tags: [PackageTag], categories: [string]): [PackageRegistrySearchResultItem]multiple  Long-TermReturns a list of available packages that can be installed. PackageTag is a scalar. See PackageRegistrySearchResultItem.
checkClusterConnections[ClusterConnectionStatus]  Short-TermCheck all of this search domain's cluster connections. This is a preview and subject to change. See ClusterConnectionStatus.
clusterConnection(id: string): ClusterConnectionmultiple  Short-TermA specific cluster connection. See ClusterConnection.
clusterConnections[ClusterConnection]  Short-TermThe search domain's cluster connections. See ClusterConnection.
connections[ViewConnection]yes Long-TermThe connections for the view. This is a preview and subject to change. See ViewConnection.
crossOrgConnections[CrossOrgViewConnection]yes Short-TermThe connections for the cross organization connections (see CrossOrgViewConnection Table).
dashboard(id: string): Dashboardmultipleyes Long-TermA saved dashboard. See Dashboard.
dashboards[Dashboard]yes Long-TermSaved dashboards. See Dashboard.
defaultQuerySavedQuery  Long-TermThe default saved query. See SavedQuery.
deletedDatelong  Long-TermThe point in time the search domain was marked for deletion.
descriptionstring  Long-TermA description of the view.
fileFieldSearch(fileName: string, fieldName: string, prefixFilter: string, valueFilters: [FileFieldFilterType], fieldsToInclude: [string], maxEntries: integer): [DictionaryEntryType]multipleyes Long-TermThe fields to search in a given file. See FileFieldFilterType and DictionaryEntryType.
files[File]yes Long-TermA list of files used. See File.
filterAlert(id: string): FilterAlertmultipleyes Long-TermA saved filter alert. See FilterAlert.
filterAlerts[FilterAlert]yes Long-TermSaved filter alerts. See FilterAlert.
groups[Group]yes Long-TermGroups with assigned roles. See Group.
hasPackageInstalled(packageId: VersionedPackageSpecifier): booleanmultipleyes Long-TermDetermines whether package has been installed. VersionedPackageSpecifier is a scalar.
idstringyes Long-TermThe unique identifier of the view.
installedPackages[PackageInstallation]yes Long-TermList packages installed on a specific view or repository See PackageInstallation.
interactions[ViewInteraction]yes Long-TermAll interactions defined for the view. See ViewInteraction.
isActionAllowed(action: ViewAction): booleanmultipleyes Long-TermDetermines whether current user is allowed to perform the given action on the view. See ViewAction.
isFederatedbooleanyes PreviewWhether the view is Federated. This is a preview and subject to change.
isStarredbooleanyes Long-TermWhether the view should be marked with a star.
nameRepoOrViewNameyes Long-TermThe name of the repository or view. RepoOrViewName is a scalar.
packageV2(packageId: VersionedPackageSpecifier): Package2multiple  Long-TermReturns a specific version of a package given a package version. VersionedPackageSpecifier is a scalar. See Package2.
packageVersions(packageId: UnversionedPackageSpecifier): [RegistryPackageVersionInfo]multiple  Long-TermThe available versions of a package. UnversionedPackageSpecifier is a scalar. See RegistryPackageVersionInfo.
permanentlyDeletedAtlong  Long-TermThe point in time the search domain will not be restorable anymore.
recentQueriesV2[RecentQuery]yes Long-TermList of recent queries. See RecentQuery.
reposExcludedInSearchLimit[string]yes Long-TermRepositories not part of the search limitation.
resourcestringyes Short-TermThe resource identifier for the search domain.
savedQueries[SavedQuery]yes Long-TermA list of saved queries. See SavedQuery.
savedQuery(id: string): SavedQuerymultipleyes Long-TermA saved query. See SavedQuery.
scheduledReport(id: string): ScheduledReportmultiple  Long-TermSaved scheduled report. See ScheduledReport.
scheduledReports[ScheduledReport]yes Long-TermSaved scheduled reports See ScheduledReport.
scheduledSearch(id: string): ScheduledSearchmultipleyes Long-TermA saved scheduled search. See ScheduledSearch.
scheduledSearches[ScheduledSearch]yes Long-TermSaved scheduled searches. See ScheduledSearch.
searchLimitedMslong  Long-TermSearch limit in milliseconds, by which searches are limited.
starredFields[string]yes Long-TermFields marked with a star.
tags[string]yes Long-TermAll tags from all datasources.
users[User]yes Long-TermUsers who have access. See User.
usersAndGroups(search: string, skip: integer, limit: integer): UsersAndGroupsSearchResultSetmultiple  Long-TermUsers or groups who have access. See UsersAndGroupsSearchResultSet.
usersV2(search: string, permissionFilter: Permission, skip: integer, limit: integer): Usersmultiple  Short-TermSearch users with a given permission. See Users.
viewerQueryPrefixstringyes Long-TermThe query prefix prepended to each search in the domain.