proxyOrganization()

The proxyOrganization() GraphQL query used to proxy query through a specific organization. This is a root operation.

For more information on organization settings, see the Organization Settings documentation page.

Syntax

Below is the syntax for the proxyOrganization() query field:

graphql

proxyOrganization(
    organizationId: string!
  ): Query!

For the input, you'll need to enter the organization's unique identifier. For the returned datatype, you have to enter the query you want to execute through the proxy for the organization given. This may seem confusing, so look at the example below:

Raw

graphql

query {
  proxyOrganization(organizationId: "SINGLE_ORGANIZATION_ID")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: "crowdstrike.com")
        {username, email, displayName}
     }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\") ^
     {users( ^
        orderBy: {userField: USERNAME, order: ASC},  ^
        search: \"crowdstrike.com\") ^
        {username, email, displayName} ^
     } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

This example is using the query field, users() to get a list of users for the organization.

There's no Returned Datatypes section for this query field because what you enter is any of the many GraphQL queries.

GraphQL Queries

GraphQL Mutation Fields

GraphQL Datatypes

proxyOrganization()

Syntax

Enter search term