The proxyOrganization() GraphQL query used to proxy query through a specific organization. This is a root operation.

For more information on organization settings, see the Organization Settings documentation page.

Syntax

Below is the syntax for the proxyOrganization() query field:

graphql
proxyOrganization(
    organizationId: string!
  ): Query!

For the input, you'll need to enter the organization's unique identifier. For the returned datatype, you have to enter the query you want to execute through the proxy for the organization given. This may seem confusing, so look at the example below:

Raw
graphql
query {
  proxyOrganization(organizationId: "SINGLE_ORGANIZATION_ID")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: "crowdstrike.com")
        {username, email, displayName}
     }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\") ^
     {users( ^
        orderBy: {userField: USERNAME, order: ASC},  ^
        search: \"crowdstrike.com\") ^
        {username, email, displayName} ^
     } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  proxyOrganization(organizationId: \"SINGLE_ORGANIZATION_ID\")
     {users(
        orderBy: {userField: USERNAME, order: ASC}, 
        search: \"crowdstrike.com\")
        {username, email, displayName}
     }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

This example is using the query field, users() to get a list of users for the organization.

There's no Returned Datatypes section for this query field because what you enter is any of the many GraphQL queries.