blockedQueries()

API Stability	`Long-Term`

The blockedQueries() GraphQL query fetches the list of blocked query patterns.

For more information on blocking queries, see the Blocking Queries documentation page.

Syntax

Below is the syntax for the blockedQueries() query field:

graphql

blockedQueries(
      clusterWide: boolean, 
      includeBlockedQueriesForDeletedOrganizations: boolean
   ): [BlockedQuery!]!

For clusterWide, indicate whether to return all blocked queries within the cluster. This requires the ManageCluster permission. For includeBlockedQueriesForDeletedOrganizations, say whether to include blocked queries for organizations that have been deleted. The default for both of these is false.

Below is an example of this query field with a few values requested:

Show:

graphql

query {
	blockedQueries {
    id, type, pattern
  }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
	blockedQueries { ^
    id, type, pattern ^
  } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
	blockedQueries {
    id, type, pattern
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "blockedQueries": [
      {
        "id": "z97vfV6EvCVquFIvHtYfULB2",
        "type": "REGEX",
        "pattern": "#type=humio"
      },
      {
        "id": "zrHTMPHsLgkJnLsUq0nv0TQt",
        "type": "REGEX",
        "pattern": "#type=testerroo"
      }
    ]
  }
}

Notice that the example above requests three values, separated by commas. Since there were two blocked queries, two sets of values were returned, each in square brackets.

Returned Datatypes

The returned datatype BlockedQuery has several parameters. Below is a list of them along with a description of each:

Table: BlockedQuery

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 24, 2024
`expiresAt`	datetime		`Long-Term`	The date and time in which any matching queries will cease to be blocked.
`expiresInMilliseconds`	integer		`Long-Term`	The amount of milliseconds until any matching queries won't be blocked.
`id`	string	yes	`Long-Term`	The unique identifier of the blocked query.
`limitedToOrganization`	boolean	yes	`Long-Term`	Whether the blocked query should be limited to the organization.
`organization`	`Organization`		`Long-Term`	The organization associated with the view, if any. See `Organization`.
`pattern`	string	yes	`Long-Term`	The exact or regular expression pattern used to match queries to block.
`type`	`BlockedQueryMatcherType`	yes	`Long-Term`	How the pattern should be matched (e.g., as a regular expression). See `BlockedQueryMatcherType`.
`unblockAllowed`	boolean	yes	`Long-Term`	Whether the current user is allowed to unblock the query.
`view`	`View`		`Long-Term`	The related view, if any. See `View`.

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes

blockedQueries()

Syntax

Returned Datatypes

Enter search term