queryAnalysis()

API Stability	`Preview`

The queryAnalysis() GraphQL query to analyze a given query. This is a preview and subject to changes.

Syntax

Below is the syntax for the queryAnalysis() query field:

graphql

queryAnalysis(
      queryString: string!, 
      languageVersion: LanguageVersionEnum!, 
      isLive: boolean!, viewName: string
   ): queryAnalysis!

For the input, the only special datatype is for languageVersion. See the LanguageVersionEnum for a list of choices (e.g.,legacy). For the return parameters, see the Returned Datatype section here. Below is an example of how this query field might be used:

Show:

graphql

query {
  queryAnalysis(
     queryString: "host:localhost", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:"humio")
  {filterPart, isAggregate, isSinglePhase}
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  queryAnalysis( ^
     queryString: \"host:localhost\",  ^
     languageVersion: legacy,  ^
     isLive: true,  ^
     viewName:\"humio\") ^
  {filterPart, isAggregate, isSinglePhase} ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  queryAnalysis(
     queryString: \"host:localhost\", 
     languageVersion: legacy, 
     isLive: true, 
     viewName:\"humio\")
  {filterPart, isAggregate, isSinglePhase}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "queryAnalysis": {
      "filterPart": "host:localhost",
      "isAggregate": false,
      "isSinglePhase": true
    }
  }
}

Returned Datatypes

For queryAnalysis, there are a few parameters. Below is a list of them along with a description of each:

Table: queryAnalysis

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 18, 2025
`filterPart`	string	yes	`Preview`	The query string up to the first aggregator.
`drilldowns`	drilldowns	yes	`Preview`	The number associated with the type of page. See `drilldowns`.
`isAggregate`	boolean	yes	`Preview`	Whether the query contains an aggregator.
`isSinglePhase`	boolean	yes	`Preview`	Whether the query doesn't contain a join-like function.
`isValidFilterAlertQuery`	boolean	yes	`Preview`	Checks if a query is fit for use for a filter alert. This is deprecated and is no longer used internally. It will be removed in version 1.207. Use instead analyzeQuery, `suggestedAlertType`.

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes

queryAnalysis()

Syntax

Returned Datatypes

Enter search term