API Stability Long-Term

The updateFdrFeed() GraphQL mutation may be used to update an FDR feed with the supplied changes. Note that the input fields to this method, apart from id and repositoryName, only need to be supplied if the field should be changed.

Syntax

Below is the syntax for the updateFdrFeed() mutation field:

graphql
updateFdrFeed(
      input: UpdateFdrFeed!
   ): FdrFeed!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  updateFdrFeed( input:
     { repositoryName: "humio",
       id: "abc123",
       enabled: true
     } 
  )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateFdrFeed( input: ^
     { repositoryName: \"humio\", ^
       id: \"abc123\", ^
       enabled: true ^
     }  ^
  ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "updateFdrFeed": {
      "id": "abc123"
    }
  }
}

Given Datatypes

For UpdateFdrFeed, there are several parameters that may be given. Below is a list of them along with a description of each:

Table: UpdateFdrFeed

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
clientIdstring  Long-TermThe AWS client unique identifier of the FDR feed.
clientSecretstring  Long-TermThe AWS client secret for the FDR feed.
descriptionUpdateDescription  Long-TermThe description of the FDR feed. See UpdateDescription.
enabledboolean  Long-TermWhether ingest from the FDR feed is enabled.
idstringyes Long-TermThe unique identifier of the FDR feed.
namestring  Long-TermThe name of the FDR feed.
parserstring  Long-TermThe unique identifier or name of the parser that should be used to parse the FDR data. Use the FDR parser from the crowdstrike/fdr package, which can be referred to as \"crowdstrike/fdr:FDR\".
repositoryNamestringyes Long-TermThe name of the repository of the FDR feed.
s3Identifierstring  Long-TermThe AWS S3 identifier of the FDR feed.
sqsUrlstring  Long-TermThe AWS SQS queue URL of the FDR feed.

Returned Datatypes

The returned datatype FdrFeed has several parameters. Below is a list of them along with a description of each:

Table: FdrFeed

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 25, 2024
clientIdstringyes Long-TermThe AWS client identifier of the FDR feed.
descriptionstring  Long-TermA description of the FDR feed.
enabledbooleanyes Long-TermWhether ingest from the FDR feed is enabled.
idstringyes Long-TermUnique identifier of the FDR feed.
namestringyes Long-TermName of the FDR feed.
parserIdstringyes Long-TermThe unique identifier of the parser that is used to parse the FDR data.
s3Identifierstringyes Long-TermThe AWS S3 identifier of the FDR feed.
sqsUrlstringyes Long-TermThe AWS SQS queue URL of the FDR feed.