API Stability Long-Term

The updateVictorOpsAction() GraphQL mutation is used to update a VictorOps action in LogScale.

For more information on VictorOps actions, see the Action Type: VictorOps (Splunk On-Call) documentation page. You may also want to look at the Actions page for related information.

Syntax

Below is the syntax for the updateVictorOpsAction() mutation field:

graphql
updateVictorOpsAction(
     input: UpdateVictorOpsAction!
   ): VictorOpsAction!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  updateVictorOpsAction( input:
       { viewName: "humio",
         id: "abc123",
         name: "my-victory-act",
         messageType: "CRITICAL",
         notifyUrl: "https://victorops.company.com",
         useProxy: false
      } )
  { id }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateVictorOpsAction( input: ^
       { viewName: \"humio\", ^
         id: \"abc123\", ^
         name: \"my-victory-act\", ^
         messageType: \"CRITICAL\", ^
         notifyUrl: \"https://victorops.company.com\", ^
         useProxy: false ^
      } ) ^
  { id } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateVictorOpsAction( input:
       { viewName: \"humio\",
         id: \"abc123\",
         name: \"my-victory-act\",
         messageType: \"CRITICAL\",
         notifyUrl: \"https://victorops.company.com\",
         useProxy: false
      } )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "updateVictorOpsAction": {
      "id": "abc123"
    }
  }
}

Given Datatypes

UpdateVictorOpsAction has several parameters that may be given. Below is a list of them along with a description of each:

Table: UpdateVictorOpsAction

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 23, 2024
idstringyes Long-TermThe unique identifier of the action.
messageTypestringyes Long-TermType of the VictorOps message to make.
namestringyes Long-TermThe name of the action.
notifyUrlstringyes Long-TermVictorOps webhook URL where to send the request.
useProxybooleanyes Long-TermDefines whether the action should use the configured proxy to make web requests.
viewNamestringyes Long-TermThe name of the view of the action.

Returned Datatypes

The returned datatype VictorOpsAction has many parameters. Below is a list of them along with a description of each:

Table: VictorOpsAction

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 11, 2025
allowedActions[AssetAction]yes Short-TermA list of allowed asset actions. See AssetAction . This is a preview and subject to change.
createdInfoAssetCommitMetadata  Long-TermMetadata related to the creation of the action. See AssetCommitMetadata.
displayNamestringyes Long-TermThe display name of the action.
idstringyes Long-TermThe unique identifier of the action.
isAllowedToRunbooleanyes Long-TermWhether action is disabled — usually because of a security policy.
labels[string]  PreviewAny labels associated with the action.
messageTypestringyes Long-TermThe type of VictorOps message.
modifiedInfoAssetCommitMetadata  Long-TermMetadata related to the latest modification of the action. See AssetCommitMetadata.
namestringyes Long-TermThe name of the action.
notifyUrlstringyes Long-TermVictorOps webhook URL where to send the request.
packagePackageInstallation  Long-TermThe package, if there is one, of which the action is part. See PackageInstallation.
packageIdVersionedPackageSpecifier  Long-TermThe unique identifier of the package of the aggregate alert template. VersionedPackageSpecifier is a scalar.
requiresOrganizationOwnedQueriesPermissionToEditbooleanyes Long-TermTrue if this action is used by triggers, where the query is run by the organization. If true, the OrganizationOwnedQueries permission is required to edit the action.
resourcestringyes Short-TermThe resource identifier for the action.
useProxybooleanyes Long-TermWhether the action should use the configured proxy to make web requests.
yamlTemplateYAMLyes Long-TermA template that can be used to recreate the action. YAML is a scalar.