The generateAlertFromTemplate()
Below is the syntax for the
generateAlertFromTemplate()
generateAlertFromTemplate(
input : GenerateAlertFromTemplateInput!
) : UnsavedAlert!
For input, you would replace
GenerateAlertFromTemplateInput in the syntax
with data for generating an unsaved alert object from a yaml
template. For the returned datatype,
UnsavedAlert enter a list of parameters you
would like values See the Given and the Returned Datatype sections
that follow the example below:
Show:
Raw Mac OS or Linux (curl) Mac OS or Linux (curl) One-line Windows Cmd and curl Windows Powershell and curl Perl Python Node.js
Raw query {
generateAlertFromTemplate(
input : { viewName : "company-http" ,
yamlTemplate : "xxxx" }
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
} Mac OS or Linux (curl) curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d @- << EOF
{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}
EOFMac OS or Linux (curl) One-line curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d @- << EOF
{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}
EOFWindows Cmd and curl curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
-H "Authorization: Bearer $TOKEN" ^
-H "Content-Type: application/json" ^
-d @'{"query" : "query { ^
generateAlertFromTemplate( ^
input: {viewName: \"company-http\", ^
yamlTemplate: \"xxxx\"} ^
) { ^
name, ^
description, ^
queryString, ^
enabled, ^
actions { ^
id, name, isAllowedToRun ^
} ^
} ^
}" ^
} 'Windows Powershell and curl curl.exe -X POST
-H "Authorization: Bearer $TOKEN "
-H "Content-Type: application/json"
-d '{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}'
"$YOUR_LOGSCALE_URL /graphql" Perl
use HTTP::Request;
use LWP;
my $INGEST_TOKEN = "TOKEN" ;
my $uri = '$YOUR_LOGSCALE_URL/graphql' ;
my $json = '{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}' ;
my $req = HTTP::Request->new("POST" , $uri );
$req->header("Authorization" => "Bearer $TOKEN" );
$req->header("Content-Type" => "application/json" );
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content" },"\n" ;Python
import requests
url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}'''
resp = requests.post(url,
data = mydata,
headers = {
"Authorization" : "Bearer $TOKEN" ,
"Content-Type" : "application/json"
}
)
print (resp.text)Node.js const https = require ('https' );
const data = JSON .stringify (
{"query" : "query {
generateAlertFromTemplate(
input: {viewName: \"company-http\",
yamlTemplate: \"xxxx\"}
) {
name,
description,
queryString,
enabled,
actions {
id, name, isAllowedToRun
}
}
}"
}
);
const options = {
hostname : '$YOUR_LOGSCALE_URL/graphql' ,
path : '/graphql' ,
port : 443 ,
method : 'POST' ,
headers : {
'Content-Type' : 'application/json' ,
'Content-Length' : data.length ,
Authorization : 'BEARER ' + process.env .TOKEN ,
'User-Agent' : 'Node' ,
},
};
const req = https.request (options, (res ) => {
let data = '' ;
console .log (`statusCode: ${res.statusCode} ` );
res.on ('data' , (d ) => {
data += d;
});
res.on ('end' , () => {
console .log (JSON .parse (data).data );
});
});
req.on ('error' , (error ) => {
console .error (error);
});
req.write (data);
req.end ();
The given datatype
GenerateAlertFromTemplateInput
For UnsavedAlert , there are several possible
values returned. They're listed and described below:
Table: UnsavedAlert
Parameter Type Required Default Stability Description Some arguments may be required, as indicated in the Required Table last updated: Apr 3, 2025 actions[Action yes Long-TermA list of IDs for actions to fire on query result. See Action descriptionstring Long-TermA description of the alert. enabledboolean yes Long-TermWhether the alert is enabled. labels[string] yes Long-TermLabels attached to the alert. namestring yes Long-TermThe name of the alert. queryStartstring yes Long-TermStart of the relative time interval for the query. queryStringstring yes Long-TermThe LogScale query to execute. throttleFieldstring Long-TermThe field on which to throttle. throttleTimeMillislong yes Long-TermThrottle time in milliseconds.
