updateFdrFeed()

API Stability Long-Term

The updateFdrFeed() GraphQL mutation may be used to update an FDR feed with the supplied changes. Note that the input fields to this method, apart from id and repositoryName, only need to be supplied if the field should be changed.

Similar to this mutation, there is also updateFdrFeedControl(). To add a new FDR feed, you would use the createFdrFeed() mutation. To test an FDR feed, you could use the testFdrFeed() mutation. To delete a feed, use the deleteFdrFeed() mutation.

Hide Query Example

Show FDR Feed Query

To get information on a repository's FDR feed, you can use the repository() query:

graphql

query {
     repository( name: "humio" )
      { fdrFeed { id, name, enabled, clientId },
        fdrFeedControl { id, maxNodes, fileDownloadParallelism } } 
   }

For more information on FDR ingest feeds, see Ingesting FDR Data into a Repository.

Syntax

graphql

updateFdrFeed(
      input: UpdateFdrFeed!
   ): FdrFeed!

Example

Below is an example of how this mutation field might be used:

Raw

graphql

mutation {
  updateFdrFeed( input:
     { repositoryName: "humio",
       id: "abc123",
       enabled: true
     } 
  )
  { id }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateFdrFeed( input: ^
     { repositoryName: \"humio\", ^
       id: \"abc123\", ^
       enabled: true ^
     }  ^
  ) ^
  { id } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateFdrFeed( input:
     { repositoryName: \"humio\",
       id: \"abc123\",
       enabled: true
     } 
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "updateFdrFeed": {
      "id": "abc123"
    }
  }
}

Given Datatype

For the input datatype, you'll have to give the name of the repository and the unique identifier of the FDR feed, along with whatever parameters you want to update. The table below lists them:

Table: UpdateFdrFeed

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 23, 2024
clientId	string		`Long-Term`	The AWS client unique identifier of the FDR feed.
clientSecret	string		`Long-Term`	The AWS client secret for the FDR feed.
description	UpdateDescription		`Long-Term`	The description of the FDR feed. See UpdateDescription.
enabled	boolean		`Long-Term`	Whether ingest from the FDR feed is enabled.
id	string	yes	`Long-Term`	The unique identifier of the FDR feed.
name	string		`Long-Term`	The name of the FDR feed.
parser	string		`Long-Term`	The unique identifier or name of the parser that should be used to parse the FDR data. Use the FDR parser from the crowdstrike/fdr package, which can be referred to as \"crowdstrike/fdr:FDR\".
repositoryName	string	yes	`Long-Term`	The name of the repository of the FDR feed.
s3Identifier	string		`Long-Term`	The AWS S3 identifier of the FDR feed.
sqsUrl	string		`Long-Term`	The AWS SQS queue URL of the FDR feed.

Returned Datatype

With this returned datatype, you can get the unique identifier for the FDR feed and the parser it uses. You can use them with other mutations and queries. You can also get AWS identifiers and URL. Below are the available parameters:

Table: FdrFeed

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 25, 2024
clientId	string	yes	`Long-Term`	The AWS client identifier of the FDR feed.
description	string		`Long-Term`	A description of the FDR feed.
enabled	boolean	yes	`Long-Term`	Whether ingest from the FDR feed is enabled.
id	string	yes	`Long-Term`	Unique identifier of the FDR feed.
name	string	yes	`Long-Term`	Name of the FDR feed.
parserId	string	yes	`Long-Term`	The unique identifier of the parser that is used to parse the FDR data.
s3Identifier	string	yes	`Long-Term`	The AWS S3 identifier of the FDR feed.
sqsUrl	string	yes	`Long-Term`	The AWS SQS queue URL of the FDR feed.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes

updateFdrFeed()

Syntax

Example

Given Datatype

Returned Datatype

Enter search term