generateAggregateAlertFromPackageTemplate()

API Stability Long-Term

The generateAggregateAlertFromPackageTemplate() GraphQL query field can generate an unsaved aggregate alert from a package alert template.

For more information on aggregate alerts, see the Aggregate alerts documentation page.

Syntax

Below is the syntax for the generateAggregateAlertFromPackageTemplate() query field:

graphql

generateAggregateAlertFromPackageTemplate(
     input: GenerateAggregateAlertFromPackageTemplateInput!
   ): UnsavedAggregateAlert

Below is an example of how this query field might be used:

Raw

graphql

query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: "company-http", 
            packageId: "http-packers@1.23",
            templateName: "standard-aggregatealert-template"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  generateAggregateAlertFromPackageTemplate( ^
    input: {viewName: \"company-http\",  ^
            packageId: \"http-packers@1.23\", ^
            templateName: \"standard-aggregatealert-template\"} ^
  ) { ^
    name,  ^
    description, ^
    throttleField, ^
    actions { ^
      id, name, isAllowedToRun ^
    }     ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  generateAggregateAlertFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

At this point, there may not be many or there may not be any packages with aggregate alert templates. So there are no results shown here and you may not find a use for this query field at this time.

Given Datatypes

For GenerateAggregateAlertFromPackageTemplateInput, there are only a few parameters. They're listed in the table here:

Table: GenerateAggregateAlertFromPackageTemplateInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 18, 2024
packageId	VersionedPackageSpecifier	yes	`Long-Term`	The unique identifier of the package of the aggregate alert template. VersionedPackageSpecifier is a scalar.
templateName	string	yes	`Long-Term`	The name of the aggregate alert template in the package.
viewName	RepoOrViewName	yes	`Long-Term`	Name of the view of the aggregate alert. RepoOrViewName is a scalar.

Returned Datatypes

The UnsavedAggregateAlert datatype has several parameters, some with their own datatypes. Below is a list of them along a description of each:

Table: UnsavedAggregateAlert

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 4, 2024
actions	[Action]	yes	`Long-Term`	List of actions to fire on query result. See Action.
description	string		`Long-Term`	Description of the aggregate alert.
enabled	boolean	yes	`Long-Term`	Flag indicating whether the aggregate alert is enabled.
labels	[string]	yes	`Long-Term`	Labels attached to the aggregate alert.
name	string	yes	`Long-Term`	Name of the aggregate alert.
queryString	string	yes	`Long-Term`	The LogScale query to execute.
queryTimestampType	QueryTimestampType	yes	`Long-Term`	Timestamp type to use for a query. See QueryTimestampType.
searchIntervalSeconds	long	yes	`Long-Term`	The search interval in seconds.
throttleField	string		`Long-Term`	A field on which to throttle. Used only with throttleTimeSeconds.
throttleTimeSeconds	long	yes	`Long-Term`	The throttle time in seconds.
triggerMode	TriggerMode	yes	`Long-Term`	The mode used for triggering the alert. See TriggerMode.

GraphQL Queries

GraphQL API Stability

GraphQL Groups

GraphQL Mutations

GraphQL Datatypes