Summary

The validateQuery() GraphQL query is used to check that a query compiles. If not, it can returns error messages and other diagnostic information.

API Stability Preview

Syntax

graphql
validateQuery(
     queryString: string!,
     isLive: boolean,
     version: LanguageVersionEnum!,
     arguments: [QueryArgument]
   ): QueryValidationResult!

For the input, you would have to give the query string to validate, indicate whether it is live, specify the language version, and any query arguments. See the Input Parameters section for details.

For the results, you can know if the query is valid. If it's not, you can get diagnostic information, including any messages and types (e.g., an error, warning, or hint). See the Returned Datatype for more.

Example

Raw
graphql
query {
  validateQuery(queryString:"host=localhost",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  validateQuery(queryString:\"host=localhost\", ^
                version: legacy, isLive: false) ^
  {isValid, diagnostics{severity, message, code}} ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  validateQuery(queryString:\"host=localhost\",
                version: legacy, isLive: false)
  {isValid, diagnostics{severity, message, code}}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Input Parameters

For the input, you would have to provide the query string to validate, indicate whether it is live, specify the language version (see second table below), and any query arguments (see third table).

Table: Input Parameters & Datatypes

Parameter Type Required Default Description
This table contains all input parameters for this query. Since some of the parameters use special datatypes, additional tables for them are included below.
arguments [QueryArgument]     Any argument of the query. See table below.
isLive boolean     Whether query is live.
queryString string yes   The query string.
version LanguageVersionEnum yes   The version of the LogScale query language to use. See table below.

This special datatype is used to provide the language version that would be used for executing the query to be validated.

Table: LanguageVersionEnum Enum Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 29, 2025
federated1boolean  Long-TermIndicates if Federated version of the LogScale query is used.
filteralertboolean  DeprecatedThis has no effect and is no longer used internally. It will be removed at the earliest in version 1.189.
legacyboolean  Long-TermWhether legacy LogScale query language is used.
xdr1boolean  Long-TermWhether XDR1 is used.
xdrdetects1boolean  Long-TermWhether XDR Detects 1 query language is used.

The other special datatype is for providing any query arguments, which are given in name and value pairs — as you can see in the table below:

Table: QueryArgument Input Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 19, 2024
namestringyes PreviewThe name of the query argument.
valuestringyes PreviewThe value fo the query argument.

Returned Values

For the results, you can know if the query is valid. If it's not, you can drill down diagnostic information, which can include a message and the severity level (e.g., an error, warning, or hint). The choices are listed in the table below, but you'll have to click on the datatype it includes to get more details:

Table: QueryValidationResult Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 2, 2024
diagnostics[QueryDiagnostic]yes PreviewA diagnostic message from query validation. See QueryDiagnostic. This is a preview for internal testing and subject to change.
isValidbooleanyes PreviewWhether query is valid. For internal testing.

The datatype above uses another datatype for more diagnostic details. For your convenience, the table for that sub-datatype is included here:

Table: QueryDiagnostic Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 2, 2024
codestringyes PreviewThe code returned for the diagnostic. This is a preview for internal testing.
messagestringyes PreviewThe message for the query diagnostic. This is a preview for internal testing.
severitySeverityyes PreviewThe severity of the diagnostic. See Severity.