generateAlertFromTemplate()

API Stability Long-Term

A yaml template can contain plenty of data, including the details for an alert. You can use the generateAlertFromTemplate() query field to extract the data for creating an alert. You'll then need to use the createAlert() mutation field to create one.

Syntax

graphql

generateAlertFromTemplate(
      input: GenerateAlertFromTemplateInput!
   ): UnsavedAlert

For the input, you'll have to give the view or repository name, and provide the yaml template from which you want to extract the alert. For the results, you can request whatever you need to create a new alert (e.g., the query string, any actions). See the Return Datatype section for more possibilities.

Example

The example below queries LogScale with this query field:

Raw

graphql

query {
  generateAlertFromTemplate(
    input: {viewName: "company-http", 
            yamlTemplate: "xxxx"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  generateAlertFromTemplate( ^
    input: {viewName: \"company-http\",  ^
            yamlTemplate: \"xxxx\"} ^
  ) { ^
    name,  ^
    description, ^
    queryString, ^
    enabled, ^
    actions { ^
      id, name, isAllowedToRun ^
    }     ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  generateAlertFromTemplate(
    input: {viewName: \"company-http\", 
            yamlTemplate: \"xxxx\"}
  ) {
    name, 
    description,
    queryString,
    enabled,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Given Datatype

For the given datatype, you'll need to specify the view or repository name and provide the yaml template from which you want to get the alert. The parameters for that are described in the table below:

Table: GenerateAlertFromTemplateInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 18, 2024
viewName	RepoOrViewName	yes	`Long-Term`	The name of the view of the alert. RepoOrViewName is a scalar.
yamlTemplate	YAML	yes	`Long-Term`	The yaml specification of the alert. YAML is a scalar.

Returned Datatype

For the results, you can request what you need to create a new alert. At a minimum, you'll need the query string. You might want to look at any actions contained in the template, although you might want to change them to your needs. Below is a list of your choices:

Table: UnsavedAlert

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Apr 3, 2025
actions	[Action]	yes	`Long-Term`	A list of unique identifiers for actions to fire on query result. See Action.
description	string		`Long-Term`	A description of the alert.
enabled	boolean	yes	`Long-Term`	Whether the alert is enabled.
labels	[string]	yes	`Long-Term`	Labels attached to the alert.
name	string	yes	`Long-Term`	The name of the alert.
queryStart	string	yes	`Long-Term`	Start of the relative time interval for the query.
queryString	string	yes	`Long-Term`	The LogScale query to execute.
throttleField	string		`Long-Term`	The field on which to throttle.
throttleTimeMillis	long	yes	`Long-Term`	Throttle time in milliseconds.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes