The generateScheduledSearchFromPackageTemplate() GraphQL query to generate an unsaved scheduled search from a package scheduled search template.

Syntax

Below is the syntax for the generateScheduledSearchFromPackageTemplate() query field:

graphql
generateScheduledSearchFromPackageTemplate(
      input: GenerateScheduledSearchFromPackageTemplateInput!
   ): UnsavedScheduledSearch!

The input datatype, GenerateScheduledSearchFromPackageTemplateInput is to give the data for generating an unsaved scheduled search object from a library package template. Below is an example using this query field:

Raw
graphql
query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: "company-http", 
            packageId: "http-packers@1.23",
            templateName: "standard-aggregatealert-template"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  generateScheduledSearchFromPackageTemplate( ^
    input: {viewName: \"company-http\",  ^
            packageId: \"http-packers@1.23\", ^
            templateName: \"standard-aggregatealert-template\"} ^
  ) { ^
    name,  ^
    description, ^
    queryString, enabled, ^
    schedule, timeZone, ^
    actions { ^
      id, name, isAllowedToRun ^
    }     ^
  } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  generateScheduledSearchFromPackageTemplate(
    input: {viewName: \"company-http\", 
            packageId: \"http-packers@1.23\",
            templateName: \"standard-aggregatealert-template\"}
  ) {
    name, 
    description,
    queryString, enabled,
    schedule, timeZone,
    actions {
      id, name, isAllowedToRun
    }    
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Given Datatypes

The given datatype, GenerateScheduledSearchFromPackageTemplateInput has only a few parameters. They're listed here:

Table: GenerateScheduledSearchFromPackageTemplateInput

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 18, 2024
packageIdVersionedPackageSpecifieryes The unique identifier of the package with which the scheduled search was installed. VersionedPackageSpecifier is a scalar.
templateNamestringyes The name of the scheduled search template in the package.
viewNameRepoOrViewNameyes The name of the view of the scheduled search. RepoOrViewName is a scalar.

Returned Datatypes

For UnsavedScheduledSearch, there are several possible values returned, which are listed below:

Table: UnsavedScheduledSearch

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Oct 7, 2024
actions[Action]yes A lList of IDs for actions to fire on query result. See Action.
backfillLimitintegeryes User-defined limit, which caps the number of missed searches to backfill (e.g., in the event of a shutdown).
descriptionstring  A description of the scheduled search.
enabledbooleanyes Whether the scheduled search is enabled.
endstringyes End of the relative time interval for the query.
labels[string]yes Labels attached to the scheduled search.
namestringyes The name of the scheduled search.
queryStringstringyes The LogScale query to execute.
schedulestringyes The cron pattern describing the schedule on which to execute the query.
startstringyes Start of the relative time interval for the query.
timeZonestringyes The time zone of the schedule. Currently, this field supports only UTC offsets (e.g., 'UTC', 'UTC-01' or 'UTC+12:45').