generateAggregateAlertFromTemplate()

API Stability Long-Term

The generateAggregateAlertFromTemplate() GraphQL query field can generate an unsaved aggregate alert from a yaml template.

For more information on aggregate alerts, see the Aggregate alerts documentation page.

Syntax

Below is the syntax for the generateAggregateAlertFromTemplate() query field:

graphql

generateAggregateAlertFromTemplate(
     input: GenerateAggregateAlertFromTemplateInput!
   ): UnsavedAggregateAlert!

Below is an example of how this query field might be used:

Raw

graphql

query {
  generateAggregateAlertFromTemplate(
    input: {viewName: "company-http", 
            yamlTemplate: "favorite-yaml-template"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  generateAggregateAlertFromTemplate( ^
    input: {viewName: \"company-http\",  ^
            yamlTemplate: \"favorite-yaml-template\"} ^
  ) { ^
    name,  ^
    description, ^
    throttleField, ^
    actions { ^
      id, name, isAllowedToRun ^
    }     ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  generateAggregateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"favorite-yaml-template\"}
  ) {
    name, 
    description,
    throttleField,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Given Datatypes

For GenerateAggregateAlertFromTemplateInput, there are a couple of parameters. Below is a list of them along with a description of each:

Table: GenerateAggregateAlertFromTemplateInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 18, 2024
viewName	RepoOrViewName	yes	`Long-Term`	The name of the view of the aggregate alert. RepoOrViewName is a scalar.
yamlTemplate	YAML	yes	`Long-Term`	The yaml specification of the aggregate alert. YAML is a scalar.

Returned Datatypes

The returned datatype UnsavedAggregateAlert has several parameters. Below is a list of them along with a description of each:

Table: UnsavedAggregateAlert

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 4, 2024
actions	[Action]	yes	`Long-Term`	List of actions to fire on query result. See Action.
description	string		`Long-Term`	Description of the aggregate alert.
enabled	boolean	yes	`Long-Term`	Flag indicating whether the aggregate alert is enabled.
labels	[string]	yes	`Long-Term`	Labels attached to the aggregate alert.
name	string	yes	`Long-Term`	Name of the aggregate alert.
queryString	string	yes	`Long-Term`	The LogScale query to execute.
queryTimestampType	QueryTimestampType	yes	`Long-Term`	Timestamp type to use for a query. See QueryTimestampType.
searchIntervalSeconds	long	yes	`Long-Term`	The search interval in seconds.
throttleField	string		`Long-Term`	A field on which to throttle. Used only with throttleTimeSeconds.
throttleTimeSeconds	long	yes	`Long-Term`	The throttle time in seconds.
triggerMode	TriggerMode	yes	`Long-Term`	The mode used for triggering the alert. See TriggerMode.

GraphQL Queries

GraphQL API Stability

GraphQL Groups

GraphQL Mutations

GraphQL Datatypes